Linux / UNIX: DNS Lookup Command

by on November 8, 2010 · 5 comments· LAST UPDATED November 9, 2010

in

How do I perform dns lookup under Linux or UNIX or Apple OS X operating systems without using 3rd party web sites for troubleshooting DNS usage?

You can use any one of the following dns lookup utility under Linux / UNIX. You can skip all 3rd party websites and use the following to debug your dns servers and lookup issues:

[a] host command - DNS lookup utility.

[b] dig command - DNS lookup utility.

Both commands will allow you to get answer to various dns queries such as the IP address (A), mail exchanges (MX), name servers (NS), text annotations (TXT), or ANY (all) type.

host DNS Lookup Examples

host command is a simple utility for performing DNS lookups. It is normally used to convert names to IP addresses and vice versa. When no arguments or options are given, host command displays a short summary of its command line arguments and options. The syntax is as follows:

host example.com
host -t TYPE example.com
host -t a example.com

Task: Find Out the Domain IP

$ host -t a cyberciti.biz
Sample outputs:

cyberciti.biz has address 75.126.153.206

Task: Find Out the Domain Mail Server

$ host -t mx cyberciti.biz
Sample outputs:

cyberciti.biz mail is handled by 2 CYBERCITI.BIZ.S9A2.PSMTP.com.
cyberciti.biz mail is handled by 3 CYBERCITI.BIZ.S9B1.PSMTP.com.
cyberciti.biz mail is handled by 4 CYBERCITI.BIZ.S9B2.PSMTP.com.
cyberciti.biz mail is handled by 1 CYBERCITI.BIZ.S9A1.PSMTP.com.

Task: Find Out the Domain Name Servers

$ host -t ns cyberciti.biz
Sample outputs:

cyberciti.biz name server ns2.nixcraft.net.
cyberciti.biz name server ns1.nixcraft.net.
cyberciti.biz name server ns5.nixcraft.net.
cyberciti.biz name server ns4.nixcraft.net.

Task: Find Out the Domain TXT Recored (e.g., SPF)

$ host -t txt cyberciti.biz
Sample outputs:

cyberciti.biz descriptive text "v=spf1 a mx ip4:74.86.48.99 ip4:74.86.48.98 ip4:74.86.48.102 ip4:74.86.48.101 ip4:74.86.48.100 ip4:72.26.218.170 ip4:93.89.92.12 ip4:180.92.186.178 include:_spf.google.com ~all"

Task: Find Out the Domain CNAME Record

$ host -t cname files.cyberciti.biz
Sample outputs:

files.cyberciti.biz is an alias for files.cyberciti.biz.edgesuite.net.

Task: Find Out the Domain SOA Record

$ host -t soa cyberciti.biz
Sample outputs:

cyberciti.biz has SOA record ns1.nixcraft.net. vivek.nixcraft.com. 2008072353 10800 3600 604800 3600

Task: Query Particular Name Server

Query ns2.nixcraft.net:
$ host cyberciti.biz ns2.nixcraft.net
Sample outputs:

Using domain server:
Name: ns2.nixcraft.net
Address: 75.126.168.152#53
Aliases:
cyberciti.biz has address 75.126.153.206
cyberciti.biz has IPv6 address 2607:f0d0:1002:51::4
cyberciti.biz mail is handled by 3 CYBERCITI.BIZ.S9B1.PSMTP.com.
cyberciti.biz mail is handled by 4 CYBERCITI.BIZ.S9B2.PSMTP.com.
cyberciti.biz mail is handled by 1 CYBERCITI.BIZ.S9A1.PSMTP.com.
cyberciti.biz mail is handled by 2 CYBERCITI.BIZ.S9A2.PSMTP.com.

Task: Display All Information About Domain Records and Zone

You need to pass the -a (all) option and asking host command to make a query of type ANY:
$ host -a cyberciti.biz
OR
$ host -t any cyberciti.biz
Sample outputs:

Trying "cyberciti.biz"
;; Truncated, retrying in TCP mode.
Trying "cyberciti.biz"
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34079
;; flags: qr rd ra; QUERY: 1, ANSWER: 14, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;cyberciti.biz.			IN	ANY
;; ANSWER SECTION:
cyberciti.biz.		3423	IN	AAAA	2607:f0d0:1002:51::4
cyberciti.biz.		3600	IN	SOA	ns1.nixcraft.net. vivek.nixcraft.com. 2008072353 10800 3600 604800 3600
cyberciti.biz.		3600	IN	TXT	"v=spf1 a mx ip4:74.86.48.99 ip4:74.86.48.98 ip4:74.86.48.102 ip4:74.86.48.101 ip4:74.86.48.100 ip4:72.26.218.170 ip4:93.89.92.12 ip4:180.92.186.178 include:_spf.google.com ~all"
cyberciti.biz.		3600	IN	MX	2 CYBERCITI.BIZ.S9A2.PSMTP.com.
cyberciti.biz.		3600	IN	MX	3 CYBERCITI.BIZ.S9B1.PSMTP.com.
cyberciti.biz.		3600	IN	MX	4 CYBERCITI.BIZ.S9B2.PSMTP.com.
cyberciti.biz.		3600	IN	MX	1 CYBERCITI.BIZ.S9A1.PSMTP.com.
cyberciti.biz.		2805	IN	A	75.126.153.206
cyberciti.biz.		3423	IN	NS	ns2.nixcraft.net.
cyberciti.biz.		3423	IN	NS	ns5.nixcraft.net.
cyberciti.biz.		3423	IN	NS	ns1.nixcraft.net.
cyberciti.biz.		3423	IN	NS	ns4.nixcraft.net.
cyberciti.biz.		84092	IN	RRSIG	NSEC 8 2 86400 20101125013720 20101026010313 50568 biz. OjDv09mccTZR2bYCl4D57QcnNEkBq6bNEa20ExsI6NC2sI9pmiKLnq+w UnCYxWMnkMi7WNXwIhhUWtNhV48X3wJGj1Mufrhq8MnO25JIcRE6UJF2 y12TTZHHE0UJV6HSkw1sac3XlZKXLi/oSvE/IXTsdj2SckPh+pMlaieQ jAA=
cyberciti.biz.		84092	IN	NSEC	CYBERCITIZEN.biz. NS RRSIG NSEC
Received 749 bytes from 192.168.1.254#53 in 0.1 ms

Task: Use IPv6 Query Transport

Test your dns lookup using IPv6 query transport (you must have IPV6 based connectivity including IPv6 enabled resolving name servers):

$ host -6 cyberciti.biz
$ host -6 -a cyberciti.biz
$ host -6 cyberciti.biz ns1.nixcraft.net
$ host -6 -t ns cyberciti.biz ns3.nixcraft.net

Sample outputs:

Using domain server:
Name: ns3.nixcraft.net
Address: 2001:48c8:10:1::2#53
Aliases:
cyberciti.biz name server ns2.nixcraft.net.
cyberciti.biz name server ns4.nixcraft.net.
cyberciti.biz name server ns5.nixcraft.net.
cyberciti.biz name server ns1.nixcraft.net.

Task: Reverse IP Lookup

Type the command:
$ host {IP-Address-Here}
$ host 75.126.153.206
Sample outputs:

206.153.126.75.in-addr.arpa domain name pointer www.cyberciti.biz.

Task: Get TTL Information

Type the command as follows:
$ host -v -t {TYPE} {example.com}
$ host -v -t a cyberciti.biz
$ host -v -t a i.hexindia.net
Sample outputs:

Trying "cyberciti.biz"
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17431
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 7
;; QUESTION SECTION:
;cyberciti.biz.			IN	A
;; ANSWER SECTION:
cyberciti.biz.		1866	IN	A	75.126.153.206
;; AUTHORITY SECTION:
cyberciti.biz.		3850	IN	NS	NS1.NIXCRAFT.NET.
cyberciti.biz.		3850	IN	NS	NS4.NIXCRAFT.NET.
cyberciti.biz.		3850	IN	NS	NS5.NIXCRAFT.NET.
cyberciti.biz.		3850	IN	NS	NS2.NIXCRAFT.NET.
;; ADDITIONAL SECTION:
NS1.NIXCRAFT.NET.	85669	IN	A	72.26.218.170
NS1.NIXCRAFT.NET.	85689	IN	AAAA	2001:48c8:7::2
NS2.NIXCRAFT.NET.	85669	IN	A	75.126.168.152
NS2.NIXCRAFT.NET.	85669	IN	AAAA	2607:f0d0:1002:51::3
NS4.NIXCRAFT.NET.	85669	IN	A	93.89.92.12
NS4.NIXCRAFT.NET.	85669	IN	AAAA	2a01:348:0:15:5d59:50c:0:1
NS5.NIXCRAFT.NET.	85669	IN	AAAA	2001:48c8:10:1::2
Received 291 bytes from 10.0.80.11#53 in 2 ms

If you run the same command again, you’ll notice that the TTL number (1866) reduced.

dig DNS Lookup Examples

dig (domain information groper) or host command is a flexible tool for interrogating DNS name servers. It performs DNS lookups and displays the answers that are returned from the name server(s) that were queried. Most DNS administrators use dig to troubleshoot DNS problems because of its flexibility, ease of use and clarity of output. hos dns lookup tool have less functionality than dig.

Examples

dig @{ns1.example.com} {example.com}
dig @{ns1.example.com} {example.com} {TYPE}
dig cyberciti.biz a
dig cyberciti.biz mx
dig cyberciti.biz ns
dig cyberciti.biz txt
dig @ns1.nixcraft.net cyberciti.biz a

Task: Trace Usage

See how domains are resolved using root servers i.e. turn on tracing of the delegation path from the root name servers for the name being looked up. When tracing is enabled, dig makes iterative queries to resolve the name being looked up. It will follow referrals from the root servers, showing the answer from each server that was used to resolve the lookup:
$ dig +trace cyberciti.biz
Sample outputs:

 <<>> DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5_4.2 <<>> +trace cyberciti.biz
;; global options:  printcmd
.			41219	IN	NS	b.root-servers.net.
.			41219	IN	NS	e.root-servers.net.
.			41219	IN	NS	i.root-servers.net.
.			41219	IN	NS	d.root-servers.net.
.			41219	IN	NS	g.root-servers.net.
.			41219	IN	NS	k.root-servers.net.
.			41219	IN	NS	l.root-servers.net.
.			41219	IN	NS	c.root-servers.net.
.			41219	IN	NS	m.root-servers.net.
.			41219	IN	NS	a.root-servers.net.
.			41219	IN	NS	h.root-servers.net.
.			41219	IN	NS	j.root-servers.net.
.			41219	IN	NS	f.root-servers.net.
;; Received 436 bytes from 10.0.80.11#53(10.0.80.11) in 2 ms
biz.			172800	IN	NS	h.gtld.biz.
biz.			172800	IN	NS	c.gtld.biz.
biz.			172800	IN	NS	e.gtld.biz.
biz.			172800	IN	NS	b.gtld.biz.
biz.			172800	IN	NS	g.gtld.biz.
biz.			172800	IN	NS	a.gtld.biz.
biz.			172800	IN	NS	f.gtld.biz.
;; Received 316 bytes from 192.228.79.201#53(b.root-servers.net) in 34 ms
cyberciti.biz.		7200	IN	NS	NS5.NIXCRAFT.NET.
cyberciti.biz.		7200	IN	NS	NS1.NIXCRAFT.NET.
cyberciti.biz.		7200	IN	NS	NS2.NIXCRAFT.NET.
cyberciti.biz.		7200	IN	NS	NS4.NIXCRAFT.NET.
;; Received 115 bytes from 2001:503:8028:ffff:ffff:ffff:ffff:ff7e#53(h.gtld.biz) in 23 ms
cyberciti.biz.		3600	IN	A	75.126.153.206
cyberciti.biz.		3600	IN	NS	ns4.nixcraft.net.
cyberciti.biz.		3600	IN	NS	ns5.nixcraft.net.
cyberciti.biz.		3600	IN	NS	ns1.nixcraft.net.
cyberciti.biz.		3600	IN	NS	ns2.nixcraft.net.
;; Received 307 bytes from 2001:48c8:10:1::2#53(NS5.NIXCRAFT.NET) in 222 ms

Task: Get Only Short Answer

A quick way to just get the answer is to type the following command:
$ dig +short cyberciti.biz
Sample outputs:

75.126.153.206

Task: Display All Records

$ dig +noall +answer cyberciti.biz any
Sample outputs:

cyberciti.biz.		3490	IN	A	75.126.153.206
cyberciti.biz.		2733	IN	NS	NS2.NIXCRAFT.NET.
cyberciti.biz.		2733	IN	NS	NS1.NIXCRAFT.NET.
cyberciti.biz.		2733	IN	NS	NS4.NIXCRAFT.NET.
cyberciti.biz.		2733	IN	NS	NS5.NIXCRAFT.NET.
cyberciti.biz.		85668	IN	RRSIG	NSEC 8 2 86400 20101125013720 20101026010313 50568 biz. OjDv09mccTZR2bYCl4D57QcnNEkBq6bNEa20ExsI6NC2sI9pmiKLnq+w UnCYxWMnkMi7WNXwIhhUWtNhV48X3wJGj1Mufrhq8MnO25JIcRE6UJF2 y12TTZHHE0UJV6HSkw1sac3XlZKXLi/oSvE/IXTsdj2SckPh+pMlaieQ jAA=
cyberciti.biz.		85668	IN	NSEC	CYBERCITIZEN.biz. NS RRSIG NSEC

Task: Reverse IP Lookup

Type the following command:
$ dig -x +short {IP-Address-here}
$ dig -x 75.126.153.206 +short
Sample outputs

www.cyberciti.biz.

Task: Find Domain SOA Record

$ dig +nssearch cyberciti.biz
Sample outputs:

SOA ns1.nixcraft.net. vivek.nixcraft.com. 2008072353 10800 3600 604800 3600 from server ns5.nixcraft.net in 81 ms.
SOA ns1.nixcraft.net. vivek.nixcraft.com. 2008072353 10800 3600 604800 3600 from server ns4.nixcraft.net in 216 ms.
SOA ns1.nixcraft.net. vivek.nixcraft.com. 2008072353 10800 3600 604800 3600 from server ns1.nixcraft.net in 347 ms.
SOA ns1.nixcraft.net. vivek.nixcraft.com. 2008072353 10800 3600 604800 3600 from server ns2.nixcraft.net in 316 ms.

Task: Find Out TTL Value Using dig

$ dig +nocmd +noall +answer {TYPE} {example.com}
$ dig +nocmd +noall +answer a cyberciti.biz
Sample outputs:

cyberciti.biz.		1642	IN	A	75.126.153.206

Run again, enter:
$ dig +nocmd +noall +answer a cyberciti.biz
Sample outputs:

cyberciti.biz.		1629	IN	A	75.126.153.206

See also:

See man page for more information:
man dig
man host



If you would like to be kept up to date with our posts, you can follow us on Twitter, Facebook, Google+, or even by subscribing to our RSS Feed.


Featured Articles:

{ 5 comments… read them below or add one }

1 kiranjith November 9, 2010 at 8:48 am

Cool work…
Love this one…

Reply

2 Prasanth November 9, 2010 at 10:14 am

Good Work! Nice to see all the main DNS troubleshooting commands clubbed in one page. It will be really helpful for the newbies…

PS: Found one typo in the following command:

Task: Get TTL Information


$ host -t -t a cyberciti.biz
$ host -t -t a i.hexindia.net

It should be host -v -t a cyberciti.biz

Reply

3 Vivek Gite November 9, 2010 at 11:11 am

Thanks for the heads up!

Reply

4 Colin Brace November 9, 2010 at 2:02 pm

Super useful, Vivek. I’m definitely bookmarking this page.

FWIW, I find ‘whois IP number’ really useful for determining who owns a given IP number (helpful when tracking abuse). An example:

$ whois 75.126.153.206
[Querying whois.arin.net]
[Redirected to rwhois.softlayer.com:4321]
[Querying rwhois.softlayer.com]
[rwhois.softlayer.com]
%rwhois V-1.5:003fff:00 rwhois.softlayer.com (by Network Solutions, Inc. V-1.5.9.5)
network:Class-Name:network
network:ID:NETBLK-SOFTLAYER.75.126.128.0/19
network:Auth-Area:75.126.128.0/19
network:Network-Name:SOFTLAYER-75.126.128.0
network:IP-Network:75.126.153.200/29
network:IP-Network-Block:75.126.153.200-75.126.153.207
network:Organization;I:SoftLayer Technologies, Inc.
network:Street-Address:1950 Stemmons Freeway Suite 2043
network:City:Dallas
network:State:TX
network:Postal-Code:75207
network:Country-Code:US
network:Tech-Contact;I:sysadmins@softlayer.com
network:Abuse-Contact;I:abuse@softlayer.com
network:Admin-Contact;I:IPADM258-ARIN
network:Created:20070218
network:Updated:20091220
network:Updated-By:ipadmin@softlayer.com

%referral rwhois://root.rwhois.net:4321/auth-area=.
%ok

Reply

5 Cristian November 14, 2010 at 5:55 pm

excelent job !!!

Reply

Leave a Comment

You can use these HTML tags and attributes for your code and commands: <strong> <em> <ol> <li> <u> <ul> <kbd> <blockquote> <pre> <a href="" title="">

Tagged as: , , , , , , , , , , , , , , , , , , ,

Previous Faq:

Next Faq: