dig – Advanced DNS Lookup

What is dig?

Definition: dig (Domain Information Groper) is a command-line tool used for advanced DNS querying, diagnostics, and troubleshooting.

Purpose & Advantages:

Provides detailed DNS record information and full response structure.
Preferred over nslookup for in-depth analysis and scripting.
Displays complete query/response data, including DNS flags, authorities, and additional records.

Role in DNS Querying and Troubleshooting

Diagnose DNS resolution issues.
Inspect DNS records (A, MX, CNAME, etc.).
Analyze DNSSEC validation and authority.
Test propagation and integrity of DNS zones.

Basic dig Command Usage

Query an A Record (default)
```
dig example.com
```
Key Output: IP address of the domain in the ANSWER section.
Query Other DNS Record Types
```
dig example.com MX
```
```
dig example.com NS
```
```
dig example.com TXT
```
Returns mail exchangers, name servers, or TXT records for the domain.
Query Using a Specific DNS Server
```
dig @8.8.8.8 example.com
```
Queries Google DNS for the record.

Understanding dig Output

Section	Description
HEADER	Status flags (QR, AA, RD, RA) and return code (NOERROR, NXDOMAIN, etc.)
QUESTION	The original DNS query sent.
ANSWER	The requested DNS records (e.g., A, MX, etc.).
AUTHORITY	Authoritative name servers for the domain.
ADDITIONAL	Extra info, e.g., IP addresses for listed name servers.

$ dig example.com

; <<>> DiG 9.16.1-Ubuntu <<>> example.com
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4578
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3

;; QUESTION SECTION:
;example.com.            IN    A

;; ANSWER SECTION:
example.com.     299     IN    A    93.184.216.34

;; AUTHORITY SECTION:
example.com.     172799  IN    NS   a.iana-servers.net.
example.com.     172799  IN    NS   b.iana-servers.net.

;; ADDITIONAL SECTION:
a.iana-servers.net.   3600  IN  A   199.43.135.53
b.iana-servers.net.   3600  IN  A   199.43.133.53

Query Types Supported

Type	Use
A	IPv4 address
AAAA	IPv6 address
MX	Mail Exchange
NS	Name Server
PTR	Reverse DNS
CNAME	Canonical Name (alias)
SOA	Start of Authority
TXT	Text (SPF, DKIM, site verif.)
SRV	Service Locator

Reverse DNS Lookup (PTR):

dig -x 8.8.8.8

Using dig Options and Flags

Option	Function	Example
+short	Short, script-friendly output	dig example.com +short
+trace	Traces DNS path from root servers	dig example.com +trace
+noall +answer	Only ANSWER section	dig example.com +noall +answer
+tcp	Forces TCP instead of UDP	dig example.com +tcp
@dns_server	Use a specific DNS server	dig @1.1.1.1 example.com

Zone Transfer Requests (AXFR)

dig @ns1.example.com example.com AXFR

Attempts to download the full DNS zone (rarely permitted for security reasons).
Security Note: Most production DNS servers block zone transfers to prevent data leakage.

Specifying Ports and Timeout

dig @8.8.8.8 example.com -p 5353

dig example.com +timeout=5

Batch Mode

Query multiple domains from a file:

dig -f domains.txt

Comparisons with Other Tools

Feature	dig	nslookup	host
Purpose	Advanced DNS diagnostics & scripting	Basic DNS queries/troubleshooting	Simple forward/reverse lookups
Detail Level	Very detailed	Basic	Minimal
Scripting	Excellent (+short, batch)	Limited	Limited
DNSSEC Support	Full	Partial	Some
Zone Transfer (AXFR)	Yes (if allowed)	No	Yes

Troubleshooting DNS Issues with dig

+trace: See where queries fail along the DNS hierarchy.
Check DNSSEC validation: look for the ad (Authenticated Data) flag.
Test record propagation and TTLs in the ANSWER section.

Using dig in Scripts and Automation

+short for output parsing: dig example.com +short
Parse dig output in shell scripts for health checks, monitoring, or bulk lookups.

Sample Troubleshooting Flow (with dig)

Check A record:
```
dig www.example.com
```
Try alternate server:
```
dig @1.1.1.1 www.example.com
```
Trace query path:
```
dig www.example.com +trace
```
Check mail server:
```
dig example.com MX
```
Reverse lookup:
```
dig -x 8.8.8.8
```
Check authoritative NS:
```
dig example.com NS
```

Exam Tips and Key Points

Be able to identify and explain HEADER, QUESTION, ANSWER, AUTHORITY, ADDITIONAL sections.
Use +short for scripts, +trace for root-to-authority troubleshooting, @ to specify DNS server.
Recognize zone transfer security implications.
Know how to test different record types and interpret TTLs.
Understand how to troubleshoot step-by-step using dig output.

Practice dig Questions

Basic Record Lookup:
Task: Find the IPv4 address of www.cisco.com.
```
dig www.cisco.com
```
Question: What IP(s) are listed in the ANSWER section?
Check for Mail Servers (MX Record):
Task: List all mail servers for gmail.com.
```
dig gmail.com MX
```
Question: What are the MX records and their priorities?
Query Using a Different DNS Server:
Task: Use Cloudflare DNS (1.1.1.1) to query for example.org’s A record.
```
dig @1.1.1.1 example.org
```
Question: Is the response the same as your default DNS?
Trace the Full DNS Resolution Path:
Task: Use trace to follow the query path for www.microsoft.com.
```
dig www.microsoft.com +trace
```
Question: At which hop is the authoritative answer found?
Perform a Reverse DNS Lookup:
Task: Find the PTR record for 8.8.4.4.
```
dig -x 8.8.4.4
```
Question: What is the hostname in the ANSWER section?
Check Name Servers (NS Records):
Task: List authoritative name servers for amazon.com.
```
dig amazon.com NS
```
Question: What NS records are shown?
Use +short for Script-Friendly Output:
Task: Get only the IP address for www.yahoo.com.
```
dig www.yahoo.com +short
```
Question: What is the difference compared to the default output?
Query a TXT Record:
Task: Retrieve all TXT records for google.com.
```
dig google.com TXT
```
Question: Which records are used for SPF, Google site verification, etc.?
Zone Transfer Attempt (if allowed):
Task: Attempt a zone transfer for example.com (most will be refused):
```
dig @ns1.example.com example.com AXFR
```
Question: What response do you get, and why is it important for security?
Find SOA Record (Start of Authority):
Task: Query for SOA record of wikipedia.org.
```
dig wikipedia.org SOA
```
Question: What is the primary master name server and the serial number?

Step-by-Step dig Output Interpretation

Sample Output for dig google.com

; <<>> DiG 9.16.1-Ubuntu <<>> google.com
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51421
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; QUESTION SECTION:
;google.com.      IN  A

;; ANSWER SECTION:
google.com.   299   IN   A   142.250.183.14

;; Query time: 24 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Thu Jul 18 14:30:25 UTC 2024
;; MSG SIZE  rcvd: 55

HEADER: Status: NOERROR (successful lookup), flags indicate recursion desired/available.
QUESTION SECTION: What you asked for.
ANSWER SECTION: Shows the A record (IPv4 address).
SERVER: Which DNS server replied.
Query time: Response speed.

Sample Output for dig gmail.com MX

;; QUESTION SECTION:
;gmail.com.      IN  MX

;; ANSWER SECTION:
gmail.com. 3599  IN  MX  40 alt4.gmail-smtp-in.l.google.com.
gmail.com. 3599  IN  MX  30 alt3.gmail-smtp-in.l.google.com.
gmail.com. 3599  IN  MX  20 alt2.gmail-smtp-in.l.google.com.
gmail.com. 3599  IN  MX  10 alt1.gmail-smtp-in.l.google.com.
gmail.com. 3599  IN  MX  5  gmail-smtp-in.l.google.com.

Five MX records, priorities 5–40 (lower = higher priority mail server).

Sample Output for dig -x 8.8.8.8

;; QUESTION SECTION:
;8.8.8.8.in-addr.arpa. IN PTR

;; ANSWER SECTION:
8.8.8.8.in-addr.arpa. 86399 IN PTR dns.google.

Interpretation: The PTR (reverse DNS) record for 8.8.8.8 is “dns.google.”

Common Exam Tips

Use +short for scripts, +trace for troubleshooting root-to-authority.
Always interpret ANSWER, AUTHORITY, ADDITIONAL for a full picture.
AXFR (zone transfer) should almost always be refused for security—if not, it's a vulnerability!

dig – Advanced DNS Lookup Quiz

1. What is the main purpose of the `dig` tool?

A. Advanced DNS querying, diagnostics, and troubleshooting B. Managing IP routing tables C. Scanning open ports on a server D. Monitoring network bandwidth

Correct answer is A. dig is designed for advanced DNS queries and troubleshooting.

2. Which dig command option would you use to perform a reverse DNS lookup?

A. +trace B. +short C. NS D. -x

Correct answer is D. The -x option queries PTR records for reverse DNS lookups.

3. What section of dig output contains the IP address for a domain?

A. AUTHORITY section B. ANSWER section C. HEADER section D. ADDITIONAL section

Correct answer is B. The ANSWER section lists the requested DNS records like IP addresses.

4. Which dig option would you use for a short, script-friendly output?

A. +short B. +trace C. +noall D. +tcp

Correct answer is A. +short provides concise output suitable for scripting.

5. How do you specify a DNS server to query with dig?

A. dig --dns-server <IP> B. dig -server <IP> C. dig @<IP> D. dig /dns <IP>

Correct answer is C. The @ symbol before an IP specifies the DNS server in dig.

6. What does the dig option `+trace` do?

A. Displays only the ANSWER section B. Uses TCP instead of UDP C. Provides a short output D. Traces the DNS resolution path from root servers

Correct answer is D. +trace follows the entire DNS query path.

7. Which DNS record type is used to identify the authoritative name servers for a domain in dig queries?

A. MX B. NS C. PTR D. CNAME

Correct answer is B. NS records specify authoritative name servers.

8. What is the significance of the AXFR query in dig?

A. Attempts a zone transfer to download the entire DNS zone B. Queries mail exchange servers C. Retrieves TXT records D. Queries for IPv6 addresses

Correct answer is A. AXFR is used to attempt zone transfers, usually blocked for security.

9. Which of these is NOT a typical section in dig command output?

A. HEADER B. QUESTION C. CONNECTION D. AUTHORITY

Correct answer is C. CONNECTION is not a section in dig output.

10. Why might you use `dig +timeout=5`?

A. To query five different DNS servers simultaneously B. To set the query timeout to 5 seconds C. To limit output to 5 records D. To repeat the query 5 times

Correct answer is B. +timeout=5 sets the wait time for query responses to 5 seconds.

← Back to Home