Linux and Unix dig Command Examples

I am a new Linux/Unix command line user. How do I use dig command line utility to query DNS (Domain Name System) servers on Linux and Unix-like operating systems? How do I use dig command to find the IP address of a host name or host Name of an IP address?





ADVERTISEMENTS



Performs DNS lookups. Find host addresses, IP address, mail exchanges (MX), CNAMEs, name servers, and more. Verify ISP DNS server and Internet connectivity. Verify spam, blacklisting records and more.

Linux and Unix dig Command Examples

Use dig command for DNS lookup and to query DNS name servers for various resource record.

Syntax

The dig command is primarily used to query DNS servers. It is a useful tool for network troubleshooting. It is popular due to its, andover host command . The Linux and Unix dig command fundamentally used for the following purposes:

The basic syntax:

dig Hostname

dig DomaiNameHere

dig @DNS-server-name Hostname

dig @DNS-server-name IPAddress

dig @DNS-server-name Hostname|IPAddress type

Where:

DNS-server-name – The name or IP address of the name server to query (such as 8.8.8.8 or ns1.cyberciti.biz). If no DNS-server-name is provided, the dig command will use the /etc/resolv.conf file and use name servers listed there. Hostname|IPAddress – The name of the resource record that is to be looked up using DNS-server-name. type – Set the type of query such as A, MX, NS and more.

List of DNS record types

Before you use the dig command you should aware of common types of resource records of the DNS. Here are most common resource records:

Type Purpose Examples A IPv4 IP address 192.168.1.5 or 75.126.153.206 AAAA IPv6 IP address 2607:f0d0:1002:51::4 CNAME Canonical name record (Alias) s0.cyberciti.org is an alias

for d2m4hyssawyie7.cloudfront.net MX Email server host names smtp.cyberciti.biz or mx1.nixcraft.com NS Name (DNS) server names ns1.cyberciti.biz or ns-243.awsdns-30.com PTR Pointer to a canonical name.

Mostly used for implementing reverse DNS lookups 82.236.125.74.in-addr.arpa SOA Authoritative information about a DNS zone see below TXT Text record see below

By default, dig command looks for A records only. Let us see Linux and Unix dig command examples in details.

dig command examples

To find the IP address of the host www.cyberciti.biz , type:

dig www.cyberciti.biz

Sample outputs:



Understanding dig command output

The above is simple query for a single host called www.cyberciti.biz. The dig command displays lots of information. Let us try to understand the default dig command output:

The questions section displays query type. By default query is for A (Internet address). In this example, I am using dig command to find out an IP address of www.cyberciti.biz. Next, you get the answer to your query in answer section – the address of www.cyberciti.biz is 75.126.153.206. The final section of the dig command contains statistics (stats section) about the query such as name server names, query time and more.

How do I query a different nameserver such as ns1.example.com?

Type the following command:

dig @ns1.example.com Hostname

dig @ns1.example.com IPAddress

dig @ns1.yahoo.com yahoo.com

dig @clay.ns.cloudflare.com www.cyberciti.biz

dig @ns-1652.awsdns-14.co.uk. www.nixcraft.com

Sample outputs (note 205.251.198.116 in the stats section):

; <<>> DiG 9.11.5-P4-5.1ubuntu2.1-Ubuntu <<>> @ns-1652.awsdns-14.co.uk. www.nixcraft.com ; (2 servers found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62751 ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 1 ;; WARNING: recursion requested but not available ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;www.nixcraft.com. IN A ;; ANSWER SECTION: www.nixcraft.com. 86400 IN A 72.14.186.145 ;; AUTHORITY SECTION: nixcraft.com. 86400 IN NS ns- 1287 .awsdns- 32 .org. nixcraft.com. 86400 IN NS ns- 1652 .awsdns- 14 .co.uk. nixcraft.com. 86400 IN NS ns- 475 .awsdns- 59 .com. nixcraft.com. 86400 IN NS ns- 761 .awsdns- 31 .net. ;; Query time: 74 msec ;; SERVER: 205.251.198.116#53(205.251.198.116) ;; WHEN: Wed Apr 08 22:59:43 IST 2020 ;; MSG SIZE rcvd: 198 ; <<>> DiG 9.11.5-P4-5.1ubuntu2.1-Ubuntu <<>> @ns-1652.awsdns-14.co.uk. www.nixcraft.com ; (2 servers found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62751 ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 1 ;; WARNING: recursion requested but not available ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;www.nixcraft.com. IN A ;; ANSWER SECTION: www.nixcraft.com. 86400 IN A 72.14.186.145 ;; AUTHORITY SECTION: nixcraft.com. 86400 IN NS ns-1287.awsdns-32.org. nixcraft.com. 86400 IN NS ns-1652.awsdns-14.co.uk. nixcraft.com. 86400 IN NS ns-475.awsdns-59.com. nixcraft.com. 86400 IN NS ns-761.awsdns-31.net. ;; Query time: 74 msec ;; SERVER: 205.251.198.116#53(205.251.198.116) ;; WHEN: Wed Apr 08 22:59:43 IST 2020 ;; MSG SIZE rcvd: 198

How do I select the DNS query type?

dig will let you query types. The basic syntax is:

dig Hostname | IPAddress type dig @ ns-server-here Hostname | IPAddress type dig Hostname | IPAddress type dig [ +options ] @ ns-server-here Hostname | IPAddress type dig Hostname|IPAddress type dig @ns-server-here Hostname|IPAddress type dig Hostname|IPAddress type dig [+options] @ns-server-here Hostname|IPAddress type

Here are most common examples of dns lookups.

Find the IP address (A) of a Hostname

dig www.cyberciti.biz A

dig @ns-1075.awsdns-06.org www.cyberciti.biz A

dig +short www.cyberciti.biz A

Sample outputs:

75.126.153.206

Find the hostname of an IP address

dig 74.125.236.167

Find the MX (mail exchanges) of a domain/host name

dig cyberciti.biz MX

dig @ns-1075.awsdns-06.org cyberciti.biz MX

dig +short cyberciti.biz MX

Sample outputs:

1 aspmx.l.google.com. 10 aspmx2.googlemail.com. 10 aspmx3.googlemail.com. 5 alt1.aspmx.l.google.com. 5 alt2.aspmx.l.google.com.

Find the NS (name servers) of a domain name

dig cyberciti.biz NS

dig @ns-1075.awsdns-06.org cyberciti.biz NS

dig +short cyberciti.biz NS

Sample outputs:

ns-1075.awsdns-06.org. ns-1947.awsdns-51.co.uk. ns-243.awsdns-30.com. ns-866.awsdns-44.net.

Find the TXT (text annotations) of a domain name

dig google.com TXT

dig +short google.com TXT

dig @8.8.8.8 google.com TXT

Sample outputs:

; <<>> DiG 9.8.3-P1 <<>> google.com TXT ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24961 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;google.com. IN TXT ;; ANSWER SECTION: google.com. 3590 IN TXT "v=spf1 include:_spf.google.com ip4:216.73.93.70/31 ip4:216.73.93.72/31 ~all" ;; Query time: 29 msec ;; SERVER: 8.8.8.8#53(8.8.8.8) ;; WHEN: Mon Jan 13 17:41:00 2014 ;; MSG SIZE rcvd: 116 ; <<>> DiG 9.8.3-P1 <<>> google.com TXT ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24961 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;google.com. IN TXT ;; ANSWER SECTION: google.com. 3590 IN TXT "v=spf1 include:_spf.google.com ip4:216.73.93.70/31 ip4:216.73.93.72/31 ~all" ;; Query time: 29 msec ;; SERVER: 8.8.8.8#53(8.8.8.8) ;; WHEN: Mon Jan 13 17:41:00 2014 ;; MSG SIZE rcvd: 116

ANY query i.e. try all queries to get as much as information possible

You can also try ANY query as follows:

dig cyberciti.biz ANY

dig +short cyberciti.biz ANY

dig @8.8.8.8 cyberciti.biz ANY



Sample outputs:

; <<>> DiG 9.8.3-P1 <<>> @8.8.8.8 cyberciti.biz ANY ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54232 ;; flags: qr rd ra; QUERY: 1, ANSWER: 12, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;cyberciti.biz. IN ANY ;; ANSWER SECTION: cyberciti.biz. 236 IN A 75.126.153.206 cyberciti.biz. 21536 IN NS ns- 1075 .awsdns-06.org. cyberciti.biz. 21536 IN NS ns- 1947 .awsdns- 51 .co.uk. cyberciti.biz. 21536 IN NS ns- 243 .awsdns- 30 .com. cyberciti.biz. 21536 IN NS ns- 866 .awsdns- 44 .net. cyberciti.biz. 836 IN SOA ns- 1075 .awsdns-06.org. awsdns-hostmaster.amazon.com. 1 7200 900 1209600 86400 cyberciti.biz. 3536 IN MX 1 aspmx.l.google.com. cyberciti.biz. 3536 IN MX 10 aspmx2.googlemail.com. cyberciti.biz. 3536 IN MX 10 aspmx3.googlemail.com. cyberciti.biz. 3536 IN MX 5 alt1.aspmx.l.google.com. cyberciti.biz. 3536 IN MX 5 alt2.aspmx.l.google.com. cyberciti.biz. 21536 IN AAAA 2607 :f0d0: 1002 : 51 :: 4 ;; Query time: 31 msec ;; SERVER: 8.8.8.8#53(8.8.8.8) ;; WHEN: Mon Jan 13 17:43:28 2014 ;; MSG SIZE rcvd: 406 ; <<>> DiG 9.8.3-P1 <<>> @8.8.8.8 cyberciti.biz ANY ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54232 ;; flags: qr rd ra; QUERY: 1, ANSWER: 12, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;cyberciti.biz. IN ANY ;; ANSWER SECTION: cyberciti.biz. 236 IN A 75.126.153.206 cyberciti.biz. 21536 IN NS ns-1075.awsdns-06.org. cyberciti.biz. 21536 IN NS ns-1947.awsdns-51.co.uk. cyberciti.biz. 21536 IN NS ns-243.awsdns-30.com. cyberciti.biz. 21536 IN NS ns-866.awsdns-44.net. cyberciti.biz. 836 IN SOA ns-1075.awsdns-06.org. awsdns-hostmaster.amazon.com. 1 7200 900 1209600 86400 cyberciti.biz. 3536 IN MX 1 aspmx.l.google.com. cyberciti.biz. 3536 IN MX 10 aspmx2.googlemail.com. cyberciti.biz. 3536 IN MX 10 aspmx3.googlemail.com. cyberciti.biz. 3536 IN MX 5 alt1.aspmx.l.google.com. cyberciti.biz. 3536 IN MX 5 alt2.aspmx.l.google.com. cyberciti.biz. 21536 IN AAAA 2607:f0d0:1002:51::4 ;; Query time: 31 msec ;; SERVER: 8.8.8.8#53(8.8.8.8) ;; WHEN: Mon Jan 13 17:43:28 2014 ;; MSG SIZE rcvd: 406

Show the SOA records for DNS zone name

The syntax is as follows for the Unix dig command examples:

dig cyberciti.biz SOA

dig @8.8.8.8 cyberciti.biz SOA

Sample outputs:

; <<>> DiG 9.8.3-P1 <<>> @8.8.8.8 cyberciti.biz SOA ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;cyberciti.biz. IN SOA ;; ANSWER SECTION: cyberciti.biz. 894 IN SOA ns- 1075 .awsdns-06.org. awsdns-hostmaster.amazon.com. 1 7200 900 1209600 86400 ;; Query time: 28 msec ;; SERVER: 8.8.8.8#53(8.8.8.8) ;; WHEN: Mon Jan 13 17:44:29 2014 ;; MSG SIZE rcvd: 116 ; <<>> DiG 9.8.3-P1 <<>> @8.8.8.8 cyberciti.biz SOA ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;cyberciti.biz. IN SOA ;; ANSWER SECTION: cyberciti.biz. 894 IN SOA ns-1075.awsdns-06.org. awsdns-hostmaster.amazon.com. 1 7200 900 1209600 86400 ;; Query time: 28 msec ;; SERVER: 8.8.8.8#53(8.8.8.8) ;; WHEN: Mon Jan 13 17:44:29 2014 ;; MSG SIZE rcvd: 116

OR try:

dig cyberciti.biz +nssearch

Sample outputs:

SOA ns-1075.awsdns-06.org. awsdns-hostmaster.amazon.com. 1 7200 900 1209600 86400 from server 205.251.196.51 in 66 ms. SOA ns-1075.awsdns-06.org. awsdns-hostmaster.amazon.com. 1 7200 900 1209600 86400 from server 205.251.199.155 in 68 ms. SOA ns-1075.awsdns-06.org. awsdns-hostmaster.amazon.com. 1 7200 900 1209600 86400 from server 205.251.192.243 in 79 ms. SOA ns-1075.awsdns-06.org. awsdns-hostmaster.amazon.com. 1 7200 900 1209600 86400 from server 205.251.195.98 in 141 ms.

How do I perform a reverse DNS lookups?

To map addresses to names (reverse lookups), pass the -x option as follows:

dig -x ip-address-here

dig @ns-name-server -x ip-address-here

dig -x 75.126.153.206

dig +short -x 75.126.153.206

Sample outputs:

www.cyberciti.biz.

How do I get a long or short answer?

To get a short answer pass the +short option as follows:

dig +short query

dig +short cyberciti.biz NS

dig @8.8.8.8 +short cyberciti.biz NS

By default dig shows a long answer. You can pass the following additional options to get a fined tuned answer:

dig +multiline +noall +answer +nocmd cyberciti.biz ANY

Sample outputs:



Batch mode: Read host names from a file

First create a text file as follow with number of queries, one per line using cat command:

cat > lookup.txt +short yahoo.com mx +short google.com mx +short cyberciti.biz mx

Pass the -f lookup.txt option makes dig operate in batch mode:

dig -f /path/to/lookup.txt

dig -f lookup.txt

Sample outputs:



Debug tip: Trace dns path

You can force Unix dig command to follow the delegation path from the root name servers for the name being looked up. The syntax is:

dig +trace cyberciti.biz

dig +short +trace cyberciti.biz

dig +short +trace s0.cyberciti.org

Sample outputs:



Find out TTL (Time to Live) value for DNS records

Time to live (TTL) is a mechanism that limits the lifetime of dns records in the Domain Name System (DNS). It is set by an authoritative DNS server for particular resource record. The TTL is set in seconds and it is used by caching (recursive) dns server to speed up dns name resolution. The syntax is as follows to find out TTL:

dig +nocmd +noall +answer +ttlid a example.com

dig +nocmd +noall +answer +ttlid A www.cyberciti.biz

Sample outputs:



Set IPv4 or IPv6 query transport mode

Pass the -4 option forces dig to only use IPv4 query transport:

dig -4 query ...

Pass the -6 option forces dig to only use IPv6 query transport:

dig -6 query ..

How to specify port number for dns query

By default the dig command uses the default port TCP or UDP 53 to send the query. We can send queries on a non-standard port number such as 5053 as follows:

dig -p {PORT} query

dig -p 53 @1.1.1.1 www.cyberciti.biz

dig -p 5053 www.cyberciti.biz @127.0.0.1

dig +short -p 5053 nixcraft.com @127.0.0.1



+[no]tcp

dig +tcp query @ns1

dig +tcp www.cyberciti.biz @8.8.8.8

dig +tcp www.cyberciti.biz @fay.ns.cloudflare.com

dig command options

The default behavior is to use UDP port # 53. We can use theflag to control TCP or UDP protcols. Please note that all AXFR queries always use TCP:

Here is the summary of all important options of the dig command on Linux or Unix-like operating systems:

Command line option Usage -x dot-notation shortcut for reverse lookups -i use IP6.INT for IPv6 reverse lookups -f filename Batch mode -b address[#port] Bind to source address/port -p port Specify port number -q name Specify query name -t type Specify query type -c class Specify query class -k keyfile Specify tsig key file -y [hmac:]name:key Specify named base64 tsig key -4 Use IPv4 query transport only -6 Use IPv6 query transport only -m Enable memory usage debugging

dig command query options

dig command has a number of query options. Each query option is identified by a keyword preceded by a plus sign ( + ). Some keywords set or reset an option. These may be preceded by the string no to negate the meaning of that keyword. Other keywords assign values to options like the timeout interval. They have the form +keyword=value . The query options are:

Option Usage +[no]vc TCP mode +[no]tcp TCP mode, alternate syntax +time=### Set query timeout [5] +tries=### Set number of UDP attempts [3] +retry=### Set number of UDP retries [2] +domain=### Set default domainname +bufsize=### Set EDNS0 Max UDP packet size +ndots=### Set NDOTS value +edns=### Set EDNS version +[no]search Set whether to use searchlist +[no]showsearch Search with intermediate results +[no]defname Ditto +[no]recurse Recursive mode +[no]ignore Don’t revert to TCP for TC responses. +[no]fail Don’t try next server on SERVFAIL +[no]besteffort Try to parse even illegal messages +[no]aaonly Set AA flag in query +[no]aaflag +[no]adflag Set AD flag in query +[no]cdflag Set CD flag in query +[no]cl Control display of class in records +[no]cmd Control display of command line +[no]comments Control display of comment lines +[no]question Control display of question +[no]answer Control display of answer +[no]authority Control display of authority +[no]additional Control display of additional +[no]stats Control display of statistics +[no]short Disable everything except shortform of answer +[no]ttlid Control display of ttls in records +[no]all Set or clear all display flags +[no]qr Print question before sending +[no]nssearch Search all authoritative nameservers +[no]identify ID responders in short answers +[no]trace Trace delegation down from root +[no]dnssec Request DNSSEC records +[no]nsid Request Name Server ID +[no]multiline Print records in an expanded format +[no]onesoa AXFR prints only one soa record

Related media

This tutorials is also available in a quick video format:

See also

dig(1) command man page

Resource Record (RR) TYPEs

Conclusion

We seen many Linux and Unix dig command examples. See bind docs here for more info.



Category List of Unix and Linux commands File Management cat Network Utilities dig • host • ip • Package Manager apk • apt Processes Management bg • chroot • disown • fg • jobs • kill • killall • pwdx • time • pidof • pstree Searching whereis • which User Information id • groups • last • lastcomm • logname • users • w • who • whoami • lid/libuser-lid • members