Dig

This page describes the dig command line (shell) tool. It is the most versitile, thorough and precise DNS query tool. In other words, this is the one you want, if you're doing DNS queries of any kind.

Defaults:
 * Uses first nameserver listed in /etc/resolv.conf
 * Uses IN class (internet), the overwhelmingly most common
 * Queries for an A record (ex: celery.fudo.org. IN A 24.79.92.118)
 * Not case sensitive. Nothing is, not DNS names, nor the classes or resource record types

Examples
Examples will be used throughout. Here are some gratis ones.

Simplest Query
This query will seek the A resource record for the domain name specified.

Simplest Reverse Query
This query does a reverse lookup on this IP address. The above command is actually translated to this query: ''129.150.163.198.in-addr.arpa. IN PTR''

Classes
The following classes of resource records are currently valid in the DNS:


 * IN - The Internet.
 * CH - CHAOSnet, a LAN protocol created at MIT in the mid-1970s. Rarely used for its historical purpose, but reused for BIND's built-in server information zones, e.g., version.bind.
 * HS - Hesiod, an information service developed by MIT's Project Athena. It is used to share information about various systems databases, such as users, groups, printers and so on.

Resource Records
Resource records are the meat and potatoes of the DNS. It's here where all the real DATA is stored.

Components
The five components of a Resource Record are:


 * owner name - the domain name where the RR is found. (celery.fudo.org.)
 * type - an encoded 16 bit value that specifies the type of the resource record. (A ; TXT)
 * TTL - the time to live of the RR. This field is a 32 bit integer in units of seconds, and is primarily used by resolvers when they cache RRs. The TTL describes how long a RR can be cached before it should be discarded. (3600 - 1 hour)
 * class - an encoded 16 bit value that identifies a protocol family or instance of a protocol. (IN ; CH)
 * RDATA - the resource data. The format of the data is type (and sometimes class) specific. (24.79.92.118; "a txt record")

Example: The top line is a real DNS record. The second line matches the component names below the components.

RR Types
The following are types of valid RRs:


 * A - a host address. In the IN class, this is a 32-bit IP address. Described in RFC 1035.
 * AAAA - IPv6 address. Described in RFC 1886.
 * A6 - IPv6 address. This can be a partial address (a suffix) and an indirection to the name where the rest of the address (the prefix) can be found. Experimental. Described in RFC 2874.
 * AFSDB - location of AFS database servers. Experimental. Described in RFC 1183.
 * APL - address prefix list. Experimental. Described in RFC 3123.
 * CERT - holds a digital certificate. Described in RFC 2538.
 * CNAME - identifies the canonical name of an alias. Described in RFC 1035.
 * DNAME - Replaces the domain name specified with another name to be looked up, effectively aliasing an entire subtree of the domain name space rather than a single record as in the case of the CNAME RR. Described in RFC 2672.
 * GPOS - Specifies the global position. Superseded by LOC.
 * HINFO - identifies the CPU and OS used by a host. Described in RFC 1035.
 * ISDN - representation of ISDN addresses. Experimental. Described in RFC 1183.
 * KEY - stores a public key associated with a DNS name. Described in RFC 2535.
 * KX - identifies a key exchanger for this DNS name. Described in RFC 2230.
 * LOC - for storing GPS info. Described in RFC 1876. Experimental.
 * MX - identifies a mail exchange for the domain. a 16 bit preference value (lower is better) followed by the host name of the mail exchange. Described in RFC 974, RFC 1035.
 * NAPTR - name authority pointer. Described in RFC 2915.
 * NSAP - a network service access point. Described in RFC 1706.
 * NS - the authoritative name server for the domain. Described in RFC 1035.
 * NXT - used in DNSSEC to securely indicate that RRs with an owner name in a certain name interval do not exist in a zone and indicate what RR types are present for an existing name. Described in RFC 2535.
 * PTR - a pointer to another part of the domain name space. Described in RFC 1035.
 * PX - provides mappings between RFC 822 and X.400 addresses. Described in RFC 2163.
 * RP - information on persons responsible for the domain. Experimental. Described in RFC 1183.
 * RT - route-through binding for hosts that do not have their own direct wide area network addresses. Experimental. Described in RFC 1183.
 * SIG - ("signature") contains data authenticated in the secure DNS. Described in RFC 2535.
 * SOA - identifies the start of a zone of authority. Described in RFC 1035.
 * SRV - information about well known network services (replaces WKS). Described in RFC 2782.
 * TXT - text records. Described in RFC 1035.
 * WKS - information about which well known network services, such as SMTP, that a domain supports. Historical.
 * X25 - representation of X.25 network addresses. Experimental. Described in RFC 1183.

Query for ANY RR type
This query specifies the IN class, and the ANY record type, which requests to match all existing resource record types.

Query for HINFO RR
This query asks for the HINFO resource record for celery, which is it's CPU, RAM and OS type.

Query for TXT RR
This query looks for TXT resource records, which are free-form text notes. Also used for SPF records, currently, but SPF has stalled...

Query for MX RR
This query looks for the MX resoure record for a particular domain name. The MX record specifies a "mail exchanger", that is, a server that handles email.

Query for SRV RR
This query asks for SRV resource records, which are designed to be service locators. That is, the query is phrased so that you're asking for the XMPP-client service (AKA jabber) via TCP for the domain name fudo.org. This is the standard method for jabber, so that messages for reaper@fudo.org can be directed to a server with any name, for example, "panther.fudo.org". The server can have backups, and etc, setup.

Query to a different nameserver
These two examples show the same query to different namesevers. The first to ns1.fudo.org (celery), and the second query to ns4.fudo.org (limey). The different responses are a trick used by wikipedia to direct traffic to nearby servers. Limey is in england, which means the answer is different for that server.

Query for version, server-id, and hostname
These queries combine techniques used for querying different nameservers with the CH class (chaos), and the TXT type, for special domain names. These queries must be directed to a particular server, because each server will answer differently based on their internal operation. These names are special, and NOT consistent across the global DNS.

Useful Options
These options can be used on almost every query. They define how the query is conducted, not the contents of it.

+[no]tcp, +[no]vc
This options specifies the use of TCP or UDP directly. +tcp and +vc are the same, vc being the old-fashioned word for 'virtual circuit'. +notcp and +novc mean to use UDP. Default behavior is UDP, with fallback to TCP if query is too large. TCP is default for AXFR and IXFR queries. Both operate on port 53.

+[no]recurse
+[no]recurse sets or unsets the RD (Recursion Desired) bit in queries. Default is on. If recursion is requested, the client is asking the server to try to resove the query on the global internet. The server may or may not honour this request (it's configurable on the server). Turning recursion off asks the server just to answer what it knows (it may know nothing, and redirect you to the roots) and not to bother looking up uncached or unauthoritative records.

+[no]trace
+trace turns on the tracing feature of dig, causing it to send ieterative queries, as a full resolver would, tracing the query from the roots to it's final destination, printing the results of each query.

+[no]search
+[no]search uses the search statement from /etc/resolv.conf to append domain names to the name provided. default is off.