This tutorial will use the DIG Command in Linux using real examples. The DIG Command is a command line DNS diagnostic tool that retrieves various DNS properties such as DNS records, IP address, or hostname properties. DIG Command is useful for network troubleshooting and can operate based on command line options and flag arguments or by reading requests from an operating system file. The DIG command is used by system administrators daily, and the command with examples will be explained in the next paragraphs.
We will use Ubuntu 24.04 OS for this blog post, but you can choose any Linux distro. It is up to you. Let’s get started!
Table of Contents
Prerequisites
- A server running Ubuntu 24.04 or any Linux OS (CentOS, Debian, or AlmaLinux)
- User privileges: root or non-root user with sudo privileges
System Update
Before we start with any commands we will update the system packages to their latest versions available. To do that execute the following command:
sudo apt update -y && sudo apt upgrade -y
DIG Installation
On a Linux system, the DIG command is usually installed by default and that can be checked with the following command:
dig -v
You should get the following output:
root@host:~# dig -v DiG 9.18.28-0ubuntu0.24.04.1-Ubuntu
If you by some chance do not receive this output, then you can try to install dig with the following commands:
sudo apt install dnsutils -y
Syntax of the DIG Command
The basic syntax of the dig command is the following:
dig [server] [name] [type]
The actual examples will be shown in the following paragraphs.
Return all records
To return all records of the hostname in our example “google.com” execute the command below:
dig google.com any
You should get the following output:
root@host:~# dig google.com any ; DiG 9.18.28-0ubuntu0.24.04.1-Ubuntu google.com any ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46602 ;; flags: qr rd ra; QUERY: 1, ANSWER: 30, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 65494 ;; QUESTION SECTION: ;google.com. IN ANY ;; ANSWER SECTION: google.com. 248 IN A 209.85.200.113 google.com. 248 IN A 209.85.200.139 google.com. 248 IN A 209.85.200.101 google.com. 248 IN A 209.85.200.100 google.com. 248 IN A 209.85.200.138 google.com. 248 IN A 209.85.200.102 google.com. 248 IN AAAA 2607:f8b0:4001:c16::8b google.com. 248 IN AAAA 2607:f8b0:4001:c16::66 google.com. 248 IN AAAA 2607:f8b0:4001:c16::8a google.com. 248 IN AAAA 2607:f8b0:4001:c16::71 google.com. 3548 IN TXT "docusign=05958488-4752-4ef2-95eb-aa7ba8a3bd0e" google.com. 3548 IN TXT "MS=E4A68B9AB2BB9670BCE15412F62916164C0B20BB" google.com. 21548 IN NS ns3.google.com. google.com. 3548 IN TXT "onetrust-domain-verification=de01ed21f2fa4d8781cbc3ffb89cf4ef" google.com. 3548 IN TXT "google-site-verification=wD8N7i1JTNTkezJ49swvWW48f8_9xveREV4oB-0Hf5o" google.com. 21548 IN NS ns4.google.com. google.com. 21548 IN CAA 0 issue "pki.goog" google.com. 21548 IN NS ns1.google.com. google.com. 3548 IN TXT "google-site-verification=TV9-DBe4R80X4v0M4U_bd_J9cpOJM0nikft0jAgjmsQ" google.com. 21548 IN HTTPS 1 . alpn="h2,h3" google.com. 3548 IN TXT "cisco-ci-domain-verification=479146de172eb01ddee38b1a455ab9e8bb51542ddd7f1fa298557dfa7b22d963" google.com. 248 IN MX 10 smtp.google.com. google.com. 3548 IN TXT "facebook-domain-verification=22rm551cu4k0ab0bxsw536tlds4h95" google.com. 3548 IN TXT "globalsign-smime-dv=CDYX+XFHUw2wml6/Gb8+59BsH31KzUr6c1l2BPvqKX8=" google.com. 8 IN SOA ns1.google.com. dns-admin.google.com. 698728253 900 900 1800 60 google.com. 21548 IN NS ns2.google.com. google.com. 3548 IN TXT "v=spf1 include:_spf.google.com ~all" google.com. 3548 IN TXT "docusign=1b0a6754-49b1-4db5-8540-d2c12664b289" google.com. 3548 IN TXT "google-site-verification=4ibFUgB-wXLQ_S7vsXVomSTVamuOXBiVAzpR5IZ87D0" google.com. 3548 IN TXT "apple-domain-verification=30afIBcvSuDV2PLX" ;; Query time: 24 msec ;; SERVER: 127.0.0.53#53(127.0.0.53) (TCP) ;; WHEN: Fri Dec 06 10:42:23 CST 2024 ;; MSG SIZE rcvd: 1285
Returning an A record
If we want to return the A record of the hostname we can execute the following command:
dig google.com
You will get the following output:
root@host:~# dig google.com ; DiG 9.18.28-0ubuntu0.24.04.1-Ubuntu google.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1549 ;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 65494 ;; QUESTION SECTION: ;google.com. IN A ;; ANSWER SECTION: google.com. 211 IN A 142.250.10.100 google.com. 211 IN A 142.250.10.139 google.com. 211 IN A 142.250.10.113 google.com. 211 IN A 142.250.10.101 google.com. 211 IN A 142.250.10.102 google.com. 211 IN A 142.250.10.138 ;; Query time: 3 msec ;; SERVER: 127.0.0.53#53(127.0.0.53) (UDP) ;; WHEN: Fri Dec 06 10:43:47 CST 2024 ;; MSG SIZE rcvd: 135
Return the SOA record
To return the SOA (Start of Authority) record you need to execute the following command:
dig google.com SOA
You should get the following output:
root@host:~# dig google.com SOA ; DiG 9.18.28-0ubuntu0.24.04.1-Ubuntu google.com SOA ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24276 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 65494 ;; QUESTION SECTION: ;google.com. IN SOA ;; ANSWER SECTION: google.com. 43 IN SOA ns1.google.com. dns-admin.google.com. 698728253 900 900 1800 60 ;; Query time: 10 msec ;; SERVER: 127.0.0.53#53(127.0.0.53) (UDP) ;; WHEN: Fri Dec 06 10:44:17 CST 2024 ;; MSG SIZE rcvd: 89
Querying an authoritative name server
If we want to get information about the authoritative name servers for DNS queries about the domain we can execute the following command:
dig @ns1.google.com google.com
We should receive the following output:
root@host:~# dig @ns1.google.com google.com ; DiG 9.18.28-0ubuntu0.24.04.1-Ubuntu @ns1.google.com google.com ; (2 servers found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25216 ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; WARNING: recursion requested but not available ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 512 ;; QUESTION SECTION: ;google.com. IN A ;; ANSWER SECTION: google.com. 300 IN A 172.217.0.174 ;; Query time: 25 msec ;; SERVER: 216.239.32.10#53(ns1.google.com) (UDP) ;; WHEN: Fri Dec 06 10:45:45 CST 2024 ;; MSG SIZE rcvd: 55
Tracing the DNS path
Tracing the DNS path means that we can follow the DNS query from the local computer or server to the authoritative name server. To trace the DNS path execute the following command:
dig google.com +trace
You will receive output similar to this
root@host:~# dig google.com +trace ; DiG 9.18.28-0ubuntu0.24.04.1-Ubuntu google.com +trace ;; global options: +cmd . 7057 IN NS h.root-servers.net. . 7057 IN NS f.root-servers.net. . 7057 IN NS b.root-servers.net. . 7057 IN NS c.root-servers.net. . 7057 IN NS l.root-servers.net. . 7057 IN NS m.root-servers.net. . 7057 IN NS g.root-servers.net. . 7057 IN NS d.root-servers.net. . 7057 IN NS e.root-servers.net. . 7057 IN NS a.root-servers.net. . 7057 IN NS k.root-servers.net. . 7057 IN NS i.root-servers.net. . 7057 IN NS j.root-servers.net. ;; Received 239 bytes from 127.0.0.53#53(127.0.0.53) in 1 ms com. 172800 IN NS e.gtld-servers.net. com. 172800 IN NS b.gtld-servers.net. com. 172800 IN NS a.gtld-servers.net. com. 172800 IN NS d.gtld-servers.net. com. 172800 IN NS i.gtld-servers.net. com. 172800 IN NS f.gtld-servers.net. com. 172800 IN NS j.gtld-servers.net. com. 172800 IN NS k.gtld-servers.net. com. 172800 IN NS c.gtld-servers.net. com. 172800 IN NS g.gtld-servers.net. com. 172800 IN NS h.gtld-servers.net. com. 172800 IN NS l.gtld-servers.net. com. 172800 IN NS m.gtld-servers.net. com. 86400 IN DS 19718 13 2 8ACBB0CD28F41250A80A491389424D341522D946B0DA0C0291F2D3D7 71D7805A com. 86400 IN RRSIG DS 8 1 86400 20241219050000 20241206040000 61050 . iGr5ntnlDqRtjHWnHm5Yb1q2kfqlYkRSdpCWkMySfCvkh6r/nCnHI5Ex 1cKBchueEmUbFCJ3OS6f1IvbOHZOFuWaAGUlU6Cwf9fi3GiFQ2HXf19J i20BNgewl1yFZmdZmlhLFkyMIwQ5FBV2j8IvPaz2VaQRF+gmUp3GeiJZ D9yJE+DKPlk1ypJtgazBX84OpzagU97a2F2CV0yFVF8xtiI/coVJVA5j 4LHPF+ycXi2ot5+sD0S9ZzTbgCIeWZE0+1Bd8DiXcHt1QPnUlxIsUj+k uwFN1sv9ifwkq9h7Y3IZZE6oCMksah0qlOcXpJ9bDhUuYWlKEJNDj9H7 brEkDA== ;; Received 1170 bytes from 192.203.230.10#53(e.root-servers.net) in 1 ms google.com. 172800 IN NS ns2.google.com. google.com. 172800 IN NS ns1.google.com. google.com. 172800 IN NS ns3.google.com. google.com. 172800 IN NS ns4.google.com. CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 900 IN NSEC3 1 1 0 - CK0Q3UDG8CEKKAE7RUKPGCT1DVSSH8LL NS SOA RRSIG DNSKEY NSEC3PARAM CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 900 IN RRSIG NSEC3 13 2 900 20241210002643 20241202231643 29942 com. ZPTbLhdFM8mLHiQtP96boZkcbQGI1vsZXJiuPAmApU9cYv7LMDAcphdK P4huP5ivFGQ5AmNpH2IhgfxSgvZRUw== S84BOR4DK28HNHPLC218O483VOOOD5D8.com. 900 IN NSEC3 1 1 0 - S84BR9CIB2A20L3ETR1M2415ENPP99L8 NS DS RRSIG S84BOR4DK28HNHPLC218O483VOOOD5D8.com. 900 IN RRSIG NSEC3 13 2 900 20241211014942 20241204003942 29942 com. 74JpkoKJZTrolBn3CynjxFeH858/x61hnBZmadI2lYRrh0ks9O5GXL4W +AZ4eoswzTA41tvGaaRLQ12UDPhkdg== ;; Received 644 bytes from 192.33.14.30#53(b.gtld-servers.net) in 27 ms ;; UDP setup with 2001:4860:4802:38::a#53(2001:4860:4802:38::a) for google.com failed: network unreachable. ;; UDP setup with 2001:4860:4802:32::a#53(2001:4860:4802:32::a) for google.com failed: network unreachable. google.com. 300 IN A 172.217.0.174 ;; Received 55 bytes from 216.239.38.10#53(ns4.google.com) in 25 ms
Other DIG commands
There are plenty of DIG commands that you can use to gain different information here is a list of some of them:
dig google.com +nocmd - show only the main results dig google +nocmd +noall +answer +nocomments - To hide comments dig -x 142.250.31.139 - Reverse DNS lookup dig google.com +short - Returning only the IP addresses for all A records at a hostname dig google.com MX - Returns the MX record of the domain
DIG Command in more detail
If you want to get more information about the DIG command, you can execute the following command in your terminal:
man dig
The output will be massive, with all the detailed info about the DIG command.
DIG(1) BIND 9 DIG(1)
NAME
dig - DNS lookup utility
SYNOPSIS
dig [@server] [-b address] [-c class] [-f filename] [-k filename] [-m] [-p port#] [-q name] [-t type] [-v] [-x addr] [-y [hmac:]name:key] [ [-4] | [-6] ] [name] [type]
[class] [queryopt...]
dig [-h]
dig [global-queryopt...] [query...]
DESCRIPTION
dig is a flexible tool for interrogating DNS name servers. It performs DNS lookups and displays the answers that are returned from the name server(s) that were queried.
Most DNS administrators use dig to troubleshoot DNS problems because of its flexibility, ease of use, and clarity of output. Other lookup tools tend to have less function‐
ality than dig.
Although dig is normally used with command-line arguments, it also has a batch mode of operation for reading lookup requests from a file. A brief summary of its com‐
mand-line arguments and options is printed when the -h option is given. The BIND 9 implementation of dig allows multiple lookups to be issued from the command line.
That was it. You learned some basic and essential DIG commands on Linux OS. You learned how to retrieve any data for some domain easily. Of course, if you have an issue with the command, you can always contact our technical support, and our admins will help you with it immediately. You must sign up for one of our Linux VPS hosting plans and submit a support ticket. We are available 24/7.
If you liked this post about the DIG command, please share it with your friends or leave a comment down below.