Introduction
The commanddig(Domain Information Groper) is an essential tool for system administrators and network professionals in Linux. It allows to perform DNS consultations in a detailed and flexible way, exceeding simpler utilities such asnslookuporhost. Its origin in the BIND package gives you a precision and wealth of options that make it the de facto standard for the diagnosis of domain names.
What's dig?
Dig is part of the BIND (Berkeley Internet Name Domain) package and is in charge of questioning name servers for information on DNS records, such as A, AAAA, MX, TXT, CNAME, NS, SRV and many others. Its output can be customised by various options, making it a powerful ally to purify name resolution problems, validate zone configurations and automate tasks by scripts.
Installation
In most Linux distributions,digcomes pre-installed. If not available, simply install the corresponding package:
- Debian / Ubuntu:
sudo apt-get install dnsutils - Hat / CentOS Network:
sudo yum install bind-utils - Fedora:
sudo dnf install bind-utils - Arch Linux:
sudo pacman -S bind-tools
Basic consultations
A simple query is run by indicating the name to solve:
dig example.comThis returns the response section with the default A record, along with the question, authority and additional section. Each section includes useful information such as life time (TTL), class (IN) and type of registration.
Advanced consultations
Dig offers multiple lags that allow to tune the query:
+short: shows only the answer, ideal for scripts.+trace: shows the complete path from the roots to the authoritarian server, showing each step of the delegation.+json: (available in recent versions) generates JSON output for easy program processing.@servidor: specifies the DNS server to be consulted, for example@8.8.8.8or@1.1.1.1.tipo: indicates the type of registration, asMX,TXT,ANYorSRV.+noall +answer: removes all sections except the response section, useful for obtaining clean data.+retry=N: defines how many reattempts in case of timeout.+timeout=N: sets the waiting time in seconds for each consultation.
Practical examples
Some common uses:
- Get only the IP address:
dig +short example.comdig example.com MX +shortdig +trace example.comdig @1.1.1.1 example.com TXT +jsondig example.com ANY +noall +answerdig example.com AAAA +short | grep -v '^;'for s in 8.8.8.8 1.1.1.1 9.9.9.9; do dig @$s example.com +short +time=1 +tries=1; doneCombine dig with other tools
The dig power is amplified when used with text processing tools:
- awk: to extract specific fields, for example TTL:
dig example.com +noall +answer | awk '{print $2}' - sort -u: get a unique list of records:
dig example.com TXT +short | sort -u - jq(for JSON output): process the JSON output of dig:
dig @1.1.1.1 example.com +json | jq '.Answer[] | select(.type=="A") | .data'
Good practices and constraints
Although dig is very versatile, it is important to take into account some considerations:
- Avoid consultations
ANYon production servers, as they can generate large responses and be used in amplification attacks. - Use the flags
+retryand+timeoutto avoid indefinite waiting in unstable networks. - Prefer trusted DNS servers (such as those of your ISP or known public resolution) when you undertake external consultations.
- In automation scripts, always check the return code (
$?) and handles cases of empty response or error. - Note that some answers may be truncated by the size of the UDP package; in such cases, dig will use TCP automatically again if specified
+vc.
Conclusion
Domaindiggives you precise control over DNS consultations, facilitating problem diagnosis, configuration verification and task automation through your concise and structured output options. Whether you need a simple record, a complete layout or a JSON output for integration with other tools,digremains the choice tool in any Linux environment.
