Wiki

10 DNS questions solved with DIG

Dig (domain information groper) is a powerful network administration command-line tool for querying DNS name servers. It is a part of the BIND domain name server software suite and supports IDN (Internationalized Domain Name) queries.
Here are the ten most used command lines with dig that will help you to understand better your domain's management.

1. How to find the website's IP address?

The result will show the IP address of your website. (Using +short escapes all the unecessary output lines and shows you only the desired subject).
Open Terminal and type, as follow:

Command Line:
$ dig example.com +short

Output:
1.2.3.4

2. How to find the name servers, responsible for your domain?

This will show you where the DNS zone is hosted and with how many name servers the domain is associated.

Command Line:

$ dig NS example.com +short

Output:
ns1.example.com.
ns2.example.com.
ns3.example.com.
ns4.example.com.

3.What is the delegation path to your DNS Zone?

With using dig +trace, the queries shows directly the path from the root servers to your DNS Zone.

Command Line:
$ dig example.com +trace

Output:
; <<>> DiG 9.9.5-3ubuntu0.7-Ubuntu <<>> example.com +trace
;; global options: +cmd
. 3493 IN NS a.root-servers.net.
. 3493 IN NS b.root-servers.net.
. 3493 IN NS c.root-servers.net.
. 3493 IN NS d.root-servers.net.
. 3493 IN NS e.root-servers.net.
. 3493 IN NS f.root-servers.net.
. 3493 IN NS g.root-servers.net.
. 3493 IN NS h.root-servers.net.
. 3493 IN NS i.root-servers.net.
. 3493 IN NS j.root-servers.net.
. 3493 IN NS k.root-servers.net.
. 3493 IN NS l.root-servers.net.
. 3493 IN NS m.root-servers.net.
;; Received 397 bytes from 127.0.1.1#53(127.0.1.1) in 466 ms

com. 172800 IN NS a.gtld-servers.net.
com. 172800 IN NS b.gtld-servers.net.
com. 172800 IN NS c.gtld-servers.net.
com. 172800 IN NS d.gtld-servers.net.
com. 172800 IN NS e.gtld-servers.net.
com. 172800 IN NS f.gtld-servers.net.
com. 172800 IN NS g.gtld-servers.net.
com. 172800 IN NS h.gtld-servers.net.
com. 172800 IN NS i.gtld-servers.net.
com. 172800 IN NS j.gtld-servers.net.
com. 172800 IN NS k.gtld-servers.net.
com. 172800 IN NS l.gtld-servers.net.
com. 172800 IN NS m.gtld-servers.net.
;; Received 734 bytes from 192.203.230.10#53(e.root-servers.net) in 496 ms

example.com. 172800 IN NS ns2.example.com.
example.com. 172800 IN NS ns1.example.com.
example.com. 172800 IN NS ns3.example.com.
example.com. 172800 IN NS ns4.example.com.
;; Received 660 bytes from 192.55.83.30#53(m.gtld-servers.net) in 229 ms

example.com. 300 IN A 1.2.3.4
example.com. 300 IN NS ns1.example.com
example.com. 300 IN NS ns2.example.com
example.com. 300 IN NS ns3.example.com
example.com. 300 IN NS ns4.example.com
;; Received 44 bytes from 216.239.34.10#53(ns2.example.com) in 40 ms

4. Which is the responsible mail server for your domain?

It can be checked by using the following example:

Command Line:
$ dig MX example.com +short

Output:
1 ASPMX.L.GOOGLE.COM.
5 ALT1.ASPMX.L.GOOGLE.COM.
5 ALT2.ASPMX.L.GOOGLE.COM.
10 ALT3.ASPMX.L.GOOGLE.COM.
10 ALT4.ASPMX.L.GOOGLE.COM.

5.With which IP address a domain name is assciated with?

It can be seen thanks to the PTR Records. While the A record associate a domain name with an IP address, the PTR Record associated IP address with a domain name.

Command Line:
$ dig -x 1.2.3.4

Output:
example.com

6. Which are the name servers, responsible for the TLDs (top-level domains)?

To check them, use the following command line:

Command Line:
dig NS com +short

Output:
j.gtld-servers.net.
a.gtld-servers.net.
i.gtld-servers.net.
d.gtld-servers.net.
f.gtld-servers.net.
b.gtld-servers.net.
h.gtld-servers.net.
e.gtld-servers.net.
m.gtld-servers.net.
k.gtld-servers.net.
c.gtld-servers.net.
g.gtld-servers.net.
l.gtld-servers.net.

7. How to check if your DNS zone is synchonized over all authoritative name servers?

Open Terminal and type, as follow:

Command Line:
$ dig example.com +nssearch

Output:
SOA ns1.example.com. dns-admin.example.com. 2016042102 7200 1800 1209600 300 from server ns3.example.com in 14 ms.
SOA ns1.example.com. dns-admin.example.com. 2016042102 7200 1800 1209600 300 from server ns2.example.com in 22 ms.
SOA ns1.example.com. dns-admin.example.com. 2016042102 7200 1800 1209600 300 from server ns4.example.com in 88 ms.
SOA ns1.example.com. dns-admin.example.com. 2016042102 7200 1800 1209600 300 from server ns1.example.com in 125 ms.

8. How can I check when the cache of an answer will expire?

Open terminal and type the following command line:

Command Line:
$ dig example.com +noall +answer

Output:
;; global options: +cmd
example.com. 109 IN A 1.2.3.4
example.com. 109 IN A 1.2.3.4;; ->>HEADERexample.com. 109 IN A 1.2.3.4
example.com. 109 IN A 1.2.3.4

As you can see, the results is shown in the second column. In this case it is 109 seconds.

9. How to check is a zone existing on a name server?

Open terminal and type the following command line:

Command Line:
$ dig SOA example.com @ns1.example.com

The results are shown in the header of the output. If the domain exists, the answer is, as follow:

;; ->>HEADER<

*Understanding the statuses:
NOERROR - the zone exists
NXDOMAIN - non-existent domain
REFUSED - the name server refuses to perform the operation

10. How to check which value is in cache in a given resolver?

Open Terminal and type the command line. 

Command Line:
$ dig example.com @8.8.8.8

Output:
;; global options: +cmd
;; Got answer:
;; ->>HEADER<;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;google.com. IN A

;; ANSWER SECTION:
example.com. 300 IN A 1.2.3.4
example.com. 300 IN A 1.2.3.4
example.com. 300 IN A 1.2.3.4
example.com. 300 IN A 1.2.3.4
example.com. 300 IN A 1.2.3.4
example.com. 300 IN A 1.2.3.4

Cookies help us deliver our services. By using our services, you agree to our use of cookies. Learn more