Dig command (Domain Information Groper) is one of the most popular DNS testing tools. You can use it to troubleshoot your DNS and make sure everything works fine. You can try it on Linux, Mac OS, and Windows. For this demonstration, we will use a random old laptop with the latest version of Linux Mint (19.1). Linux Mint is based on Ubuntu Linux. Many old laptops can get a new life as a diagnostic tool.
How to install the dig command on Linux?
First, let’s check if you already have the dig command installed. You can do that by opening the terminal and writing dig -v. If you have it, your computer will show a message similar to this one:
DiG 9.11.3-1ubuntu1.7-Ubuntu.
Many new Linux distros have it pre-installed. In case you don’t have it, you will get the following message:
dig command not found
For Linux Mint, Ubuntu and other Ubuntu-based Linux distributions you can use the following command:
sudo apt install dnsutils
If you are using Fedora or CentOS you should use:
sudo yum install bind-utils
And for Arch Linux users:
sudo pacman -S bind-tools
Understanding the dig command
Let’s start with a simple example to understand it. We will use google.com for the testing. You can try it directly with your domain, by simply replacing google.com with your domain.
dig google.com
The first line will inform you about the version of the dig command and the second about the global option.
After that, you will get technical information provided by the DNS nameserver. The header shows you what did you do and was it successful. If there is “NOERROR” that there was no problem.
You will see the answer for the EDNS.
Following line shows that by default you are requesting the A record.
You will get the answer for the A record – the correspondent IP address and you will get statistic about the query.
More dig command examples:
dig google.com +short
This will show you just the IP address without any additional information.
dig google.com MX
You can query different types of records like the mail exchanger ones. MX records show the responsible mail server for accepting emails.
dig google.com SOA
SOA – the start of authority, shows the authoritative DNS server.
dig google.com TTL
TTL – time to live. It shows how long the data should be kept. You can read more about TTL HERE.
dig google.com +nocomments +noquestion +noauthority +noadditional +nostats
Only answer query. Use it if you don’t want to receive extra information.
dig google.com ANY +noall +answer
Query all types of DNS records. It will show all the different types of DNS records.
dig -x 172.217.1.142
Reverse DNS lookup. You can also do the opposite and check the IP address. The rDNS is used for verification. The result will be a PTR record that verifies the nameserver.
dig @8.8.8.8 +trace google.com
Trace DNS Path. It will show the whole route that a DNS query takes. Every hop from a server to server. It can show you where exactly server is not working.
11 dig -p 5300 google.com
Specify Port Number. If you have changed the standard port 53 to another for increased security, you can make a dig command to check if it is working correctly.
Now you know the basics of the dig command on Linux. You can start experimenting by yourself.
You can get some additional information about the dig command and a few more options to try in our Wiki.
We can recommend you a few more tools that can be useful for your DNS diagnostic Nslookup, Traceroute and Ping.
Sources used:
Linuxize.com https://linuxize.com/post/how-to-use-dig-command-to-query-dns-in-linux/
Tecmint.com https://www.tecmint.com/10-linux-dig-domain-information-groper-commands-to-query-dns/
