In this article, we will see 20 dig command examples in Linux. dig, also known as domain internet groper is a free and open source tool for querying the domain name system(DNS). It is very commonly used for performing DNS lookups to retrieve various DNS records such as A (address), MX (mail exchange), NS (name server), TXT (text), CNAME (canonical name), and AAAA (IPv6 address). It is also very frequently used by network and system administrators for troubleshooting various DNS issues. You can also use dig to perform reverse DNS lookups which means you can query an IP address to find out the domain name associated with it.
It has lot of other options and features available which can be effectively used in both command line as well as in shell script. Here we will see few of the important examples of dig command that can be helpful in querying DNS records of any given domain.
Also Read: How to Install whois utility on Ubuntu 20.04
To check currently installed dig utility version, you can run dig -v command as shown below.
cyberithub@ubuntu:~$ dig -v DiG 9.16.1-Ubuntu
You can check dns record of any domain by running dig command. Here we are checking all the records of domain example.com using dig example.com command as shown below.
cyberithub@ubuntu:~$ dig example.com ; <<>> DiG 9.16.1-Ubuntu <<>> example.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11063 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 65494 ;; QUESTION SECTION: ;example.com. IN A ;; ANSWER SECTION: example.com. 10614 IN A 93.184.216.34 ;; Query time: 28 msec ;; SERVER: 127.0.0.53#53(127.0.0.53) ;; WHEN: Sat Nov 18 22:17:15 IST 2023 ;; MSG SIZE rcvd: 56
If you are looking for the IP Address of a domain then you can use +short option with dig command. For example, here we are looking for the IP Address of example.com using dig +short example.com command as shown below.
cyberithub@ubuntu:~$ dig +short example.com 93.184.216.34
If you want to query the A record (IPv4) of a domain then you have to use dig A command. In our below example, we are querying the A record of domain example.com using dig example.com A command as shown below.
cyberithub@ubuntu:~$ dig example.com A ; <<>> DiG 9.16.1-Ubuntu <<>> example.com A ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57305 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 65494 ;; QUESTION SECTION: ;example.com. IN A ;; ANSWER SECTION: example.com. 7057 IN A 93.184.216.34 ;; Query time: 4 msec ;; SERVER: 127.0.0.53#53(127.0.0.53) ;; WHEN: Sat Nov 18 22:19:38 IST 2023 ;; MSG SIZE rcvd: 56
Just like A record, if you are looking to query AAAA (IPv6) record of a domain then you have to use dig AAAA syntax. In below example, we are querying AAAA record of domain google.com using dig google.com AAAA command as shown below.
cyberithub@ubuntu:~$ dig google.com AAAA ; <<>> DiG 9.16.1-Ubuntu <<>> google.com AAAA ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25789 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 65494 ;; QUESTION SECTION: ;google.com. IN AAAA ;; ANSWER SECTION: google.com. 142 IN AAAA 2404:6800:4009:812::200e ;; Query time: 36 msec ;; SERVER: 127.0.0.53#53(127.0.0.53) ;; WHEN: Sat Nov 18 22:22:52 IST 2023 ;; MSG SIZE rcvd: 67
If you are looking to perform reverse DNS lookup on an IP address then you have to use dig -x syntax. In below example, we are performing reverse dns lookup on google ip address 8.8.8.8 using dig -x 8.8.8.8 command as shown below.
cyberithub@ubuntu:~$ dig -x 8.8.8.8 ; <<>> DiG 9.16.1-Ubuntu <<>> -x 8.8.8.8 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22545 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 65494 ;; QUESTION SECTION: ;8.8.8.8.in-addr.arpa. IN PTR ;; ANSWER SECTION: 8.8.8.8.in-addr.arpa. 48607 IN PTR dns.google. ;; Query time: 24 msec ;; SERVER: 127.0.0.53#53(127.0.0.53) ;; WHEN: Sun Nov 19 09:19:11 IST 2023 ;; MSG SIZE rcvd: 73
If you want to query about a domain through some specific DNS Server then you have to use dig @ syntax. In below example, we are querying about domain example.com through dns server 8.8.8.8 as shown below.
cyberithub@ubuntu:~$ dig @8.8.8.8 example.com ; <<>> DiG 9.16.1-Ubuntu <<>> @8.8.8.8 example.com ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28720 ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 512 ;; QUESTION SECTION: ;example.com. IN A ;; ANSWER SECTION: example.com. 5318 IN A 93.184.216.34 ;; Query time: 660 msec ;; SERVER: 8.8.8.8#53(8.8.8.8) ;; WHEN: Sun Nov 19 09:20:37 IST 2023 ;; MSG SIZE rcvd: 56
If you are looking to retrieve MX record of a domain then you have to use dig MX command. In below example, we are retrieving MX record of domain example.com using dig example.com MX command as shown below.
cyberithub@ubuntu:~$ dig example.com MX ; <<>> DiG 9.16.1-Ubuntu <<>> example.com MX ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35233 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 65494 ;; QUESTION SECTION: ;example.com. IN MX ;; ANSWER SECTION: example.com. 86400 IN MX 0 . ;; Query time: 244 msec ;; SERVER: 127.0.0.53#53(127.0.0.53) ;; WHEN: Sun Nov 19 09:22:08 IST 2023 ;; MSG SIZE rcvd: 55
If you are looking to retrieve NS record of a domain then you have to use dig NS command. In below example, we are retrieving NS record of domain example.com using dig example.com NS command as shown below.
cyberithub@ubuntu:~$ dig example.com NS ; <<>> DiG 9.16.1-Ubuntu <<>> example.com NS ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42797 ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 65494 ;; QUESTION SECTION: ;example.com. IN NS ;; ANSWER SECTION: example.com. 48185 IN NS a.iana-servers.net. example.com. 48185 IN NS b.iana-servers.net. ;; Query time: 228 msec ;; SERVER: 127.0.0.53#53(127.0.0.53) ;; WHEN: Sun Nov 19 09:23:06 IST 2023 ;; MSG SIZE rcvd: 88
DNSSEC, short for Domain Name System Security Extensions, is a suite of extensions to DNS that adds a layer of security to the domain name resolution process. If you are looking to retrieve DNSSEC information of a domain then you have to use dig +dnssec command. In below example, we are querying the DNSSEC information of domain example.com using dig example.com +dnssec command as shown below.
cyberithub@ubuntu:~$ dig example.com +dnssec ; <<>> DiG 9.16.1-Ubuntu <<>> example.com +dnssec ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29803 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags: do; udp: 65494 ; OPT=5: 05 07 08 0a 0d 0e 0f (".......") ; OPT=6: 01 02 04 ("...") ; OPT=7: 01 (".") ;; QUESTION SECTION: ;example.com. IN A ;; ANSWER SECTION: example.com. 53817 IN A 93.184.216.34 ;; Query time: 24 msec ;; SERVER: 127.0.0.53#53(127.0.0.53) ;; WHEN: Sun Nov 19 10:10:08 IST 2023 ;; MSG SIZE rcvd: 79
If you are looking to trace the delegation of domain then you have to use +trace option. In below example, we are tracing the DNS Delegation of domain example.com using dig +trace example.com command as shown below.
cyberithub@ubuntu:~$ dig +trace example.com
; <<>> DiG 9.16.1-Ubuntu <<>> +trace example.com
;; global options: +cmd
. 399219 IN NS k.root-servers.net.
. 399219 IN NS l.root-servers.net.
. 399219 IN NS m.root-servers.net.
. 399219 IN NS a.root-servers.net.
. 399219 IN NS b.root-servers.net.
. 399219 IN NS c.root-servers.net.
. 399219 IN NS d.root-servers.net.
. 399219 IN NS e.root-servers.net.
. 399219 IN NS f.root-servers.net.
. 399219 IN NS g.root-servers.net.
. 399219 IN NS h.root-servers.net.
. 399219 IN NS i.root-servers.net.
. 399219 IN NS j.root-servers.net.
..........................................
If you want to check SOA record of a domain then you have to use dig SOA command. In below example, we are checking the SOA record of domain example.com using dig example.com SOA command as shown below.
cyberithub@ubuntu:~$ dig example.com SOA ; <<>> DiG 9.16.1-Ubuntu <<>> example.com SOA ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62634 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 65494 ;; QUESTION SECTION: ;example.com. IN SOA ;; ANSWER SECTION: example.com. 3600 IN SOA ns.icann.org. noc.dns.icann.org. 2022091367 7200 3600 1209600 3600 ;; Query time: 260 msec ;; SERVER: 127.0.0.53#53(127.0.0.53) ;; WHEN: Sun Nov 19 11:10:57 IST 2023 ;; MSG SIZE rcvd: 96
If you want to know detail information about a domain, say for example.com in our case then you can use dig example.com +noall +answer +stats command as shown below. Here are the different options used with dig command:-
cyberithub@ubuntu:~$ dig example.com +noall +answer +stats example.com. 50522 IN A 93.184.216.34 ;; Query time: 20 msec ;; SERVER: 127.0.0.53#53(127.0.0.53) ;; WHEN: Sun Nov 19 11:12:10 IST 2023 ;; MSG SIZE rcvd: 56
To query TXT records of a domain, you have to run dig TXT command. In below example, we are querying the TXT record of domain example.com using dig example.com TXT command as shown below.
cyberithub@ubuntu:~$ dig example.com TXT ; <<>> DiG 9.16.1-Ubuntu <<>> example.com TXT ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32676 ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 65494 ;; QUESTION SECTION: ;example.com. IN TXT ;; ANSWER SECTION: example.com. 50524 IN TXT "wgyf8z8cgvm2qmxpnbnldrcltvk4xqfn" example.com. 50524 IN TXT "v=spf1 -all" ;; Query time: 20 msec ;; SERVER: 127.0.0.53#53(127.0.0.53) ;; WHEN: Sun Nov 19 11:15:16 IST 2023 ;; MSG SIZE rcvd: 109
If you are looking to query CNAME (canonical name) record of a domain then you have to use dig CNAME command. In below example, we are querying CNAME of domain example.com using dig example.com CNAME command as shown below.
cyberithub@ubuntu:~$ dig example.com CNAME
; <<>> DiG 9.16.1-Ubuntu <<>> example.com CNAME
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38273
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;example.com. IN CNAME
;; Query time: 299 msec
;; SERVER: 127.0.0.53#53(127.0.0.53)
;; WHEN: Sun Nov 19 11:28:58 IST 2023
;; MSG SIZE rcvd: 40
You also have the option to set timeout period during DNS lookups. For example, if you are querying DNS records of domain example.com then you can set timeout period to say 10 secs (in our case) for getting a response using dig example.com +time=10 command as shown below. It will wait for that much time period for a response, after that it will show an error.
cyberithub@ubuntu:~$ dig example.com +time=10
; <<>> DiG 9.16.1-Ubuntu <<>> example.com +time=10
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41423
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;example.com. IN A
;; ANSWER SECTION:
example.com. 6123 IN A 93.184.216.34
;; Query time: 0 msec
;; SERVER: 127.0.0.53#53(127.0.0.53)
;; WHEN: Sun Nov 19 11:30:06 IST 2023
;; MSG SIZE rcvd: 56
You also have the option to set the buffer size for the DNS query message. For example, if you want to set the buffer size to 512 bytes to query the DNS records of domain example.com then you have to use dig +bufsize=512 example.com command as shown below.
cyberithub@ubuntu:~$ dig +bufsize=512 example.com
; <<>> DiG 9.16.1-Ubuntu <<>> +bufsize example.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5644
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;example.com. IN A
;; ANSWER SECTION:
example.com. 23800 IN A 93.184.216.34
;; Query time: 20 msec
;; SERVER: 127.0.0.53#53(127.0.0.53)
;; WHEN: Sun Nov 19 18:30:25 IST 2023
;; MSG SIZE rcvd: 56
EDNS is an extension to the original DNS specification and is used to allow for larger packet sizes, carry additional information, and facilitate new DNS features. If you want to disable this feature during query then you have to use +noedns option. So if you want to query DNS records of example.com from DNS server without using EDNS features then you have to run dig +noedns example.com command as shown below.
cyberithub@ubuntu:~$ dig +noedns example.com
; <<>> DiG 9.16.1-Ubuntu <<>> +noedns example.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38628
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;example.com. IN A
;; ANSWER SECTION:
example.com. 7093 IN A 93.184.216.34
;; Query time: 4 msec
;; SERVER: 127.0.0.53#53(127.0.0.53)
;; WHEN: Sun Nov 19 18:32:12 IST 2023
;; MSG SIZE rcvd: 45
If you want to query about a domain from some specific port then you can mention the port number as shown in below example. Here we are querying about domain example.com from Port number 53 by using dig port=53 example.com command as shown below.
cyberithub@ubuntu:~$ dig port=53 example.com
; <<>> DiG 9.16.1-Ubuntu <<>> port=53 example.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 14520
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;port=53. IN A
;; Query time: 0 msec
;; SERVER: 127.0.0.53#53(127.0.0.53)
;; WHEN: Sun Nov 19 18:34:11 IST 2023
;; MSG SIZE rcvd: 36
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61696
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;example.com. IN A
;; ANSWER SECTION:
example.com. 6974 IN A 93.184.216.34
;; Query time: 3 msec
;; SERVER: 127.0.0.53#53(127.0.0.53)
;; WHEN: Sun Nov 19 18:34:11 IST 2023
;; MSG SIZE rcvd: 56
dig utility also provides the ability to send non-recursive query. In a recursive query, if the server doesn't have the answer, it will query other servers until it finds the information but in case if you want server to return a response only if it has the answer in its cache or is authoritative for the domain then you have to use non-recursive query.
To send a non-recursive query, you can use +norecurse option. For example, here we are using non-recursive query to get information about domain example.com using dig +norecurse example.com command as shown below.
cyberithub@ubuntu:~$ dig +norecurse example.com
; <<>> DiG 9.16.1-Ubuntu <<>> +norecurse example.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 42187
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;example.com. IN A
;; Query time: 0 msec
;; SERVER: 127.0.0.53#53(127.0.0.53)
;; WHEN: Sun Nov 19 18:41:24 IST 2023
;; MSG SIZE rcvd: 40 Canonical’s Kubernetes LTS (Long Term Support) will support FedRAMP compliance and receive at least 12…
Welcome to the Ubuntu Weekly Newsletter, Issue 878 for the week of February 2 –…
At Canonical, we firmly believe that delivering an outstanding, customer-centric support experience is impossible without…
I want to share how to install osTicket v1.14 for Ubuntu 20.04 server. osTicket written…
Now I want to share how to install WordPress on ubuntu 20.04 server. WordPress is…
Now I want to share the DNS server installation process on your Ubuntu 20.04 server.…