dig - Linux Command - Unix Command

The domain information groper—a utility called dig—is a flexible tool for interrogating Domain Name System name servers. It performs DNS lookups and displays the answers that are returned from the name server. Most DNS administrators use dig to troubleshoot DNS problems because of its flexibility, ease of use and clarity of output. Other lookup tools tend to have less functionality than dig.

Although dig is normally used with command-line arguments, it also offers a batch mode of operation for reading lookup requests from a file.

The dig command takes the following general forms:

dig [ @server ] [ -b address ] [ -c class ] [ -f filename] [ -k filename ] [ -p port# ] [ -t type ] [ -x addr ] [ -yname:key ] [ name ] [ type ] [ class ] [ queryopt... ]
dig [ -h ]
dig [ global-queryopt... ] [ query... ]

A typical invocation of dig looks like:

dig @server name type 

where server is the name or IP address of the name server to query—an IPv4 address in dotted-decimal notation or an IPv6 address in colon-delimited notation. When the supplied server argument is a hostname, dig resolves that name before querying that name server. The reply from the name server that responds is displayed.

The name element specifies the resource record of interest, whereas type indicates what type of query is required—ANY, A, MX, SIG, etc. Type can be any valid query type. If no type argument is supplied, dig will perform a lookup for an A record.

The -b option sets the source IP address of the query to address. This value must be a valid address on one of the host's network interfaces.

The default query class (IN for internet) is overridden by the -c option. Class is any valid class, such as HS for Hesiod records or CH for CHAOSNET records.

The -f option makes dig operate in batch mode by reading a list of lookup requests to process from the file filename. The file contains any number of queries, one per line. Each entry in the file should be organised in the same way they would be presented as queries to dig using the command-line interface.

If a non-standard port number is to be queried, use the -p option. Port# is the port number that dig will send its queries instead of the standard DNS port number 53. This option would be used to test a name server that has been configured to listen for queries on a non-standard port number.

The -t option sets the query type to type. It can be any valid query type which is supported in BIND9. The default query type A, unless the -x option is supplied to indicate a reverse lookup.

Reverse lookups—mapping addresses to names—are simplified by the -x option. Addr is an IPv4 address in dotted-decimal notation, or a colon-delimited IPv6 address. When this option is used, there is no need to provide the name, class and type arguments. 

To sign the DNS queries sent by dig and their responses using transaction signatures, specify a TSIG key file using the -k option. You can also specify the TSIG key itself on the command line using the -y option; name is the name of the TSIG key and key is the actual key. The key is a base-64 encoded string, typically generated by dnssec-keygen.

Each query option is identified by a keyword preceded by a plus sign (+). Some keywords set or reset an option; these may be preceded by the string no to negate the meaning of that keyword. Other keywords assign values to options like the timeout interval. They have the form +keyword=value.