Use the Dig Command in Linux - Doing it right ?

Dig is an acronym for Domain Information Groper that helps in querying DNS Information and as well as troubleshooting the issue related to it. The dig command is the popular command-line network administrative tool that provides information about the name server as well as host address and various DNS records that we query using the command. It is more flexible and a handful that replaces older tools such as nslookup.

Here at LinuxAPT, as part of our Server Management Services, we regularly help our Customers to perform related Server Monitoring qqueries.

In this context, we shall look into the different DNS records like A, AAAA, MX, NS, PTR, TXT, DKIM, and SPF.


How to Install Dig on Linux ?

The dig tool supports various Linux distributions. Below are the commands to install the dig on some popular Linux systems.


To Install in Ubuntu/Debian:

$ sudo apt install dnsutils

To Install in Centos/Fedora:

$ sudo yum install bind-utils

To verify Dig Installation, run the command:

$ dig –v


How to Query Domain 'A' Record ?

By default, the dig command will provide the DNS 'A' Record information, and the following is the output after querying the domain:

$ dig google.com

You will see in the output that the dig command provides four sections. 

In the first section, the first row shows the dig version and domain name we look up to.

The second row shows the option that is used to query the domain which is (+cmd) by default in the current context. Lastly the headers, it is the response that the server provided during queries. In the flags section in header, qr, rd, and ra refer to query, recursion desired, and recursion available respectively which determine answer format.

In the second section, the OPT PSEUDOSECTION shows the advanced data that is used, Extension System for DNS (EDNS), and UDP shows the UDP packet size. The question section shows the query data that the dig command sent where IN refers to the Internet and A refer to the address record we required.

The third section shows the answers to the requested query. The first column shows the server name that the dig command query, the second column shows a set timeframe after which the record is refreshed, the third column shows the class of query, the fourth column shows the DNS record the command query, and the last column shows the ipv4 IP address that is linked with the domain name.

The final section shows the metadata or statistics of the query.


How to Query Domain 'AAAA' Records ?

In order to query DNS records, we need to specify the record type in the command. We can shorten the output by using the +shorts, following is the output of how it worked:

$ dig +short google.com AAAA


How to Query Domain 'NS' Records Displaying Only Answers ?

Here, we will use +noall will clear all display flags which doesn’t give any output, and using the +answer option will output the answer section only:

$ dig google.com 'NS' +noall +answer


How to Query Multiple DNS Records ?

We can query multiple DNS Records using the dig command. Here, we will query A records and TXT records using dig.

$ dig google.com +nocomments yahoo.com +noall +answer


How to Query Domain 'MX' Records ?

The MX refers to a Mail exchange that directs email to a mail server. In the command below we use the +nocomments option to exclude the comments. To lookup, the MX record specifies the record type to MX in the command:

$ dig google.com MX +nocomments


How to Query SPF Record ?

The Sender Policy Framework (SPF) is used to indicate authorized hosts for sending mail to the domain in mail exchange.

$ dig google.com TXT +noall +answer


DKIM Records Lookup

To query DomainKeys Identified Mail (DKIM) we need the selector. It provides a digital signature and encryption key that authenticates email messages.

You need to find out the selector of the domain. If you look at the details of an email sent from google/gmail, you can find out the selector for google. Similarly, you can find other domain selectors. 

To query it we have to execute the command as below. In the output, we can view the DKIM signature published in their DNS record:

$ dig txt 20161025._domainkey.google.com


DNS Reverse Lookup

To look up reverse DNS we need to use the -x option along with the server IP address. In the following example, we use google IP address to lookup it's reverse DNS:

$ dig -x 142.250.182.238 +short


[Need to fix DNS Server errors? We can help you. ]

This article covers how to query various DNS records. The dig command in Linux is used to gather DNS information. It stands for Domain Information Groper, and it collects data about Domain Name Servers. The dig command is helpful for diagnosing DNS problems, but is also used to display DNS information.

By default, dig sends the DNS query to name servers listed in the resolver(/etc/resolv.conf) unless it is asked to query a specific name server.


How to Install Dig on Linux ?

1. On Debian and Ubuntu, run:

$ apt-get install dnsutils

2. On CentOS 7, run the command:

$ yum install bind-utils

3. Once installed, check the version, to make sure the setup was completed successfully:

$ dig -v


Dig Syntax

In its simplest form, the syntax of the dig utility will look like this:

dig [server] [name] [type]


i. [server] – the IP address or hostname of the name server to query.

If the server argument is the hostname then dig will resolve the hostname before proceeding with querying the name server.

It is optional and if you don't provide a server argument then dig uses the name server listed in /etc/resolv.conf.

ii. [name] – the name of the resource record that is to be looked up.

iii. [type] – the type of query requested by dig. For example, it can be an A record, MX record, SOA record or any other types.

By default dig performs a lookup for an A record if no type argument is specified.

Related Posts