Linux and Unix dig Command Examples

last updated in Categories , , , ,
dig-command

I am a new Linux/Unix command line user. How do I use dig command line utility to query DNS (Domain Name System) servers on Linux and Unix-like operating systems? How do I use dig command to find the IP address of a host name or host Name of an IP address?

The dig command is primarily used to query DNS servers. It is a useful tool for network troubleshooting. It is popular due to its flexibility, simple to use, and crystal clear output over host command. The Linux and Unix dig command fundamentally used for the following purposes:


  1. Performs DNS lookups.
  2. Find host addresses, IP address, mail exchanges (MX), CNAMEs, name servers, and more.
  3. Verify ISP DNS server and Internet connectivity.
  4. Verify spam, blacklisting records and more.

Linux and Unix dig Command Examples

Use dig command for DNS lookup and to query DNS name servers for various resource record.

Syntax

The basic syntax:
dig Hostname
dig DomaiNameHere
dig @DNS-server-name Hostname
dig @DNS-server-name IPAddress
dig @DNS-server-name Hostname|IPAddress type

Where:

  1. DNS-server-name – The name or IP address of the name server to query (such as 8.8.8.8 or ns1.cyberciti.biz). If no DNS-server-name is provided, the dig command will use the /etc/resolv.conf file and use name servers listed there.
  2. Hostname|IPAddress – The name of the resource record that is to be looked up using DNS-server-name.
  3. type – Set the type of query such as A, MX, NS and more.

List of DNS record types

Before you use the dig command you should aware of common types of resource records of the DNS. Here are most common resource records:

Type Purpose Examples
A IPv4 IP address 192.168.1.5 or 75.126.153.206
AAAA IPv6 IP address 2607:f0d0:1002:51::4
CNAME Canonical name record (Alias) s0.cyberciti.org is an alias
for d2m4hyssawyie7.cloudfront.net
MX Email server host names smtp.cyberciti.biz or mx1.nixcraft.com
NS Name (DNS) server names ns1.cyberciti.biz or ns-243.awsdns-30.com
PTR Pointer to a canonical name.
Mostly used for implementing reverse DNS lookups
82.236.125.74.in-addr.arpa
SOA Authoritative information about a DNS zone see below
TXT Text record see below

By default, dig command looks for A records only. Let us see Linux and Unix dig command examples in details.

dig command examples

To find the IP address of the host www.cyberciti.biz, type:
dig www.cyberciti.biz
Sample outputs:

Fig. 01: The default dig command output
Fig. 01: The default dig command output

Understanding dig command output

The above is simple query for a single host called www.cyberciti.biz. The dig command displays lots of information. Let us try to understand the default dig command output:

  1. The questions section displays query type. By default query is for A (Internet address). In this example, I am using dig command to find out an IP address of www.cyberciti.biz.
  2. Next, you get the answer to your query in answer section – the address of www.cyberciti.biz is 75.126.153.206.
  3. The final section of the dig command contains statistics (stats section) about the query such as name server names, query time and more.

How do I query a different nameserver such as ns1.example.com?

Type the following command:
dig @ns1.example.com Hostname
dig @ns1.example.com IPAddress
dig @ns1.yahoo.com yahoo.com
dig @clay.ns.cloudflare.com www.cyberciti.biz
dig @ns-1652.awsdns-14.co.uk. www.nixcraft.com

Sample outputs (note 205.251.198.116 in the stats section):

; <<>> DiG 9.11.5-P4-5.1ubuntu2.1-Ubuntu <<>> @ns-1652.awsdns-14.co.uk. www.nixcraft.com
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62751
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.nixcraft.com.		IN	A

;; ANSWER SECTION:
www.nixcraft.com.	86400	IN	A	72.14.186.145

;; AUTHORITY SECTION:
nixcraft.com.		86400	IN	NS	ns-1287.awsdns-32.org.
nixcraft.com.		86400	IN	NS	ns-1652.awsdns-14.co.uk.
nixcraft.com.		86400	IN	NS	ns-475.awsdns-59.com.
nixcraft.com.		86400	IN	NS	ns-761.awsdns-31.net.

;; Query time: 74 msec
;; SERVER: 205.251.198.116#53(205.251.198.116)
;; WHEN: Wed Apr 08 22:59:43 IST 2020
;; MSG SIZE  rcvd: 198

How do I select the DNS query type?

dig will let you query types. The basic syntax is:

dig Hostname|IPAddress type
dig @ns-server-here Hostname|IPAddress type
dig Hostname|IPAddress type
dig [+options] @ns-server-here Hostname|IPAddress type

Here are most common examples of dns lookups.

Find the IP address (A) of a Hostname

dig www.cyberciti.biz A
dig @ns-1075.awsdns-06.org www.cyberciti.biz A
dig +short www.cyberciti.biz A

Sample outputs:

75.126.153.206

Find the hostname of an IP address

dig 74.125.236.167

Find the MX (mail exchanges) of a domain/host name

dig cyberciti.biz MX
dig @ns-1075.awsdns-06.org cyberciti.biz MX
dig +short cyberciti.biz MX

Sample outputs:

1 aspmx.l.google.com.
10 aspmx2.googlemail.com.
10 aspmx3.googlemail.com.
5 alt1.aspmx.l.google.com.
5 alt2.aspmx.l.google.com.

Find the NS (name servers) of a domain name

dig cyberciti.biz NS
dig @ns-1075.awsdns-06.org cyberciti.biz NS
dig +short cyberciti.biz NS

Sample outputs:

ns-1075.awsdns-06.org.
ns-1947.awsdns-51.co.uk.
ns-243.awsdns-30.com.
ns-866.awsdns-44.net.

Find the TXT (text annotations) of a domain name

dig google.com TXT
dig +short google.com TXT
dig @8.8.8.8 google.com TXT

Sample outputs:

; <<>> DiG 9.8.3-P1 <<>> google.com TXT
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24961
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;google.com.			IN	TXT

;; ANSWER SECTION:
google.com.		3590	IN	TXT	"v=spf1 include:_spf.google.com ip4:216.73.93.70/31 ip4:216.73.93.72/31 ~all"

;; Query time: 29 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Mon Jan 13 17:41:00 2014
;; MSG SIZE  rcvd: 116

ANY query i.e. try all queries to get as much as information possible

You can also try ANY query as follows:
dig cyberciti.biz ANY
dig +short cyberciti.biz ANY
dig @8.8.8.8 cyberciti.biz ANY

Sample outputs:

; <<>> DiG 9.8.3-P1 <<>> @8.8.8.8 cyberciti.biz ANY
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54232
;; flags: qr rd ra; QUERY: 1, ANSWER: 12, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;cyberciti.biz.			IN	ANY

;; ANSWER SECTION:
cyberciti.biz.		236	IN	A	75.126.153.206
cyberciti.biz.		21536	IN	NS	ns-1075.awsdns-06.org.
cyberciti.biz.		21536	IN	NS	ns-1947.awsdns-51.co.uk.
cyberciti.biz.		21536	IN	NS	ns-243.awsdns-30.com.
cyberciti.biz.		21536	IN	NS	ns-866.awsdns-44.net.
cyberciti.biz.		836	IN	SOA	ns-1075.awsdns-06.org. awsdns-hostmaster.amazon.com. 1 7200 900 1209600 86400
cyberciti.biz.		3536	IN	MX	1 aspmx.l.google.com.
cyberciti.biz.		3536	IN	MX	10 aspmx2.googlemail.com.
cyberciti.biz.		3536	IN	MX	10 aspmx3.googlemail.com.
cyberciti.biz.		3536	IN	MX	5 alt1.aspmx.l.google.com.
cyberciti.biz.		3536	IN	MX	5 alt2.aspmx.l.google.com.
cyberciti.biz.		21536	IN	AAAA	2607:f0d0:1002:51::4

;; Query time: 31 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Mon Jan 13 17:43:28 2014
;; MSG SIZE  rcvd: 406

Show the SOA records for DNS zone name

The syntax is as follows for the Unix dig command examples:
dig cyberciti.biz SOA
dig @8.8.8.8 cyberciti.biz SOA

Sample outputs:

; <<>> DiG 9.8.3-P1 <<>> @8.8.8.8 cyberciti.biz SOA
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;cyberciti.biz.			IN	SOA

;; ANSWER SECTION:
cyberciti.biz.		894	IN	SOA	ns-1075.awsdns-06.org. awsdns-hostmaster.amazon.com. 1 7200 900 1209600 86400

;; Query time: 28 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Mon Jan 13 17:44:29 2014
;; MSG SIZE  rcvd: 116

OR try:
dig cyberciti.biz +nssearch
Sample outputs:

SOA ns-1075.awsdns-06.org. awsdns-hostmaster.amazon.com. 1 7200 900 1209600 86400 from server 205.251.196.51 in 66 ms.
SOA ns-1075.awsdns-06.org. awsdns-hostmaster.amazon.com. 1 7200 900 1209600 86400 from server 205.251.199.155 in 68 ms.
SOA ns-1075.awsdns-06.org. awsdns-hostmaster.amazon.com. 1 7200 900 1209600 86400 from server 205.251.192.243 in 79 ms.
SOA ns-1075.awsdns-06.org. awsdns-hostmaster.amazon.com. 1 7200 900 1209600 86400 from server 205.251.195.98 in 141 ms.

How do I perform a reverse DNS lookups?

To map addresses to names (reverse lookups), pass the -x option as follows:
dig -x ip-address-here
dig @ns-name-server -x ip-address-here
dig -x 75.126.153.206
dig +short -x 75.126.153.206

Sample outputs:

www.cyberciti.biz.

How do I get a long or short answer?

To get a short answer pass the +short option as follows:
dig +short query
dig +short cyberciti.biz NS
dig @8.8.8.8 +short cyberciti.biz NS

By default dig shows a long answer. You can pass the following additional options to get a fined tuned answer:
dig +multiline +noall +answer +nocmd cyberciti.biz ANY
Sample outputs:

Fig.02: Getting a long ans useful answer about a domain name
Fig.02: Getting a long ans useful answer about a domain name

Batch mode: Read host names from a file

First create a text file as follow with number of queries, one per line using cat command:

cat > lookup.txt
+short yahoo.com mx
+short google.com mx
+short cyberciti.biz mx

Pass the -f lookup.txt option makes dig operate in batch mode:
dig -f /path/to/lookup.txt
dig -f lookup.txt

Sample outputs:

Fig.03: Doing a bulk/batch dns lookups using dig command
Fig.03: Doing a bulk/batch dns lookups using Unix dig Command Examples

Debug tip: Trace dns path

You can force Unix dig command to follow the delegation path from the root name servers for the name being looked up. The syntax is:
dig +trace cyberciti.biz
dig +short +trace cyberciti.biz
dig +short +trace s0.cyberciti.org

Sample outputs:

Fig.04: Tracing of the delegation path from the root name servers
Fig.04: Tracing of the delegation path from the root name servers

Find out TTL (Time to Live) value for DNS records

Time to live (TTL) is a mechanism that limits the lifetime of dns records in the Domain Name System (DNS). It is set by an authoritative DNS server for particular resource record. The TTL is set in seconds and it is used by caching (recursive) dns server to speed up dns name resolution. The syntax is as follows to find out TTL:
dig +nocmd +noall +answer +ttlid a example.com
dig +nocmd +noall +answer +ttlid A www.cyberciti.biz

Sample outputs:

Fig.05: Finding TTL value using dig command
Fig.05: Finding TTL value using dig command

Set IPv4 or IPv6 query transport mode

Pass the -4 option forces dig to only use IPv4 query transport:
dig -4 query ...
Pass the -6 option forces dig to only use IPv6 query transport:
dig -6 query ..

How to specify port number for dns query

By default the dig command uses the default port TCP or UDP 53 to send the query. We can send queries on a non-standard port number such as 5053 as follows:
dig -p {PORT} query
dig -p 53 @1.1.1.1 www.cyberciti.biz
dig -p 5053 www.cyberciti.biz @127.0.0.1
dig +short -p 5053 nixcraft.com @127.0.0.1

Linux and Unix dig Command Examples
The default behavior is to use UDP port # 53. We can use the +[no]tcp flag to control TCP or UDP protcols. Please note that all AXFR queries always use TCP:
dig +tcp query @ns1
dig +tcp www.cyberciti.biz @8.8.8.8
dig +tcp www.cyberciti.biz @fay.ns.cloudflare.com

dig command options

Here is the summary of all important options of the dig command on Linux or Unix-like operating systems:

Command line option Usage
-x dot-notation shortcut for reverse lookups
-i use IP6.INT for IPv6 reverse lookups
-f filename Batch mode
-b address[#port] Bind to source address/port
-p port Specify port number
-q name Specify query name
-t type Specify query type
-c class Specify query class
-k keyfile Specify tsig key file
-y [hmac:]name:key Specify named base64 tsig key
-4 Use IPv4 query transport only
-6 Use IPv6 query transport only
-m Enable memory usage debugging

dig command query options

dig command has a number of query options. Each query option is identified by a keyword preceded by a plus sign (+). Some keywords set or reset an option. These may be preceded by the string no to negate the meaning of that keyword. Other keywords assign values to options like the timeout interval. They have the form +keyword=value. The query options are:

Option Usage
+[no]vc TCP mode
+[no]tcp TCP mode, alternate syntax
+time=### Set query timeout [5]
+tries=### Set number of UDP attempts [3]
+retry=### Set number of UDP retries [2]
+domain=### Set default domainname
+bufsize=### Set EDNS0 Max UDP packet size
+ndots=### Set NDOTS value
+edns=### Set EDNS version
+[no]search Set whether to use searchlist
+[no]showsearch Search with intermediate results
+[no]defname Ditto
+[no]recurse Recursive mode
+[no]ignore Don’t revert to TCP for TC responses.
+[no]fail Don’t try next server on SERVFAIL
+[no]besteffort Try to parse even illegal messages
+[no]aaonly Set AA flag in query +[no]aaflag
+[no]adflag Set AD flag in query
+[no]cdflag Set CD flag in query
+[no]cl Control display of class in records
+[no]cmd Control display of command line
+[no]comments Control display of comment lines
+[no]question Control display of question
+[no]answer Control display of answer
+[no]authority Control display of authority
+[no]additional Control display of additional
+[no]stats Control display of statistics
+[no]short Disable everything except shortform of answer
+[no]ttlid Control display of ttls in records
+[no]all Set or clear all display flags
+[no]qr Print question before sending
+[no]nssearch Search all authoritative nameservers
+[no]identify ID responders in short answers
+[no]trace Trace delegation down from root
+[no]dnssec Request DNSSEC records
+[no]nsid Request Name Server ID
+[no]multiline Print records in an expanded format
+[no]onesoa AXFR prints only one soa record

Related media

This tutorials is also available in a quick video format:

See also

Conclusion

We seen many Linux and Unix dig command examples. See bind docs here for more info.

Category List of Unix and Linux commands
File Managementcat
Network Utilitiesdighostip
Package Managerapkapt
Processes Managementbgchrootdisownfgjobskillkillallpwdxtimepidofpstree
Searchingwhereiswhich
User Informationidgroupslastlastcommlognameuserswwhowhoamilid/libuser-lidmembers

ADVERTISEMENTS

Posted by: Vivek Gite

The author is the creator of nixCraft and a seasoned sysadmin, DevOps engineer, and a trainer for the Linux operating system/Unix shell scripting. Get the latest tutorials on SysAdmin, Linux/Unix and open source topics via RSS/XML feed or weekly email newsletter.

Start the discussion at www.nixcraft.com

Historical Comment Archive

3 comment

    Still, have a question? Get help on our forum!