Questions about this topic? Sign up to ask in the talk tab.

Dig

From NetSec
Jump to: navigation, search

DIG, short for Domain Information Groper ) is a command line tool used to query DNS servers. it is much more advanced than nslookup. it is useful for verifying and troubleshooting DNS problems, as well as performing more advanced queries such a DNS zone transfer.

Usage

It has many command-line arguments, but the most basic usage is just this:

$ dig www.blackhatacademy.org

; <<>> DiG 9.7.3 <<>> www.blackhatacademy.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18813
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 1

;; QUESTION SECTION:
;www.blackhatacademy.org.       IN      A

;; ANSWER SECTION:
www.blackhatacademy.org. 300    IN      A       199.27.135.55
www.blackhatacademy.org. 300    IN      A       173.245.61.144

;; AUTHORITY SECTION:
blackhatacademy.org.    86400   IN      NS      vera.ns.cloudflare.com.
blackhatacademy.org.    86400   IN      NS      ed.ns.cloudflare.com.

;; ADDITIONAL SECTION:
vera.ns.cloudflare.com. 85741   IN      A       173.245.58.147

;; Query time: 99 msec
;; SERVER: 91.227.204.227#53(91.227.204.227)
;; WHEN: Sat May  5 10:20:51 2012
;; MSG SIZE  rcvd: 142

This query shows information about the domains' A, the nameservers, and the TTL (Time To Live) of said records.

Dig will use the nameserver specified in /etc/resolv.conf by default, but the @ argument can be used to specify a different one:


$dig www.blackhatacademy.org @google-public-dns-a.google.com

; <<>> DiG 9.7.3 <<>> www.blackhatacademy.org @google-public-dns-a.google.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49676
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;www.blackhatacademy.org.       IN      A

;; ANSWER SECTION:
www.blackhatacademy.org. 300    IN      A       173.245.61.144
www.blackhatacademy.org. 300    IN      A       199.27.135.55

;; Query time: 59 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Sun May  6 09:24:38 2012
;; MSG SIZE  rcvd: 73


Protip: +short can be used at the end of a command to only output the desired result, without any other information:


$dig www.blackhatacademy.org +short
199.27.135.55
173.245.61.144

Dig can also be used to query other types of records, eg. MX, TXT, AAAA, NS, SRV by just specifying the record type after the domain.

$ dig google.com MX

; <<>> DiG 9.7.3 <<>> google.com MX
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42491
;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 4, ADDITIONAL: 9

;; QUESTION SECTION:
;google.com.                    IN      MX

;; ANSWER SECTION:
google.com.             600     IN      MX      20 alt1.aspmx.l.google.com.
google.com.             600     IN      MX      30 alt2.aspmx.l.google.com.
google.com.             600     IN      MX      40 alt3.aspmx.l.google.com.
google.com.             600     IN      MX      50 alt4.aspmx.l.google.com.
google.com.             600     IN      MX      10 aspmx.l.google.com.

$ dig google.com TXT

; <<>> DiG 9.7.3 <<>> google.com TXT
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59863
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 4

;; QUESTION SECTION:
;google.com.                    IN      TXT

;; ANSWER SECTION:
google.com.             3600    IN      TXT     "v=spf1 include:_netblocks.google.com ip4:216.73.93.70/31 ip4:216.73.93.72/31 ~all"
$dig ipv6.google.com AAAA +short
ipv6.l.google.com.
2a00:1450:4016:801::1014

Additional commands

  • +nocomments – Turn off the comment lines
  • +noauthority – Turn off the authority section
  • +noadditional – Turn off the additional section
  • +noall - Turn off all sections
  • +nostats – Turn off the stats section
  • +noanswer – Turn off the answer section
  • +trace - Trace the nameservers the queries are going to
  • +answer - Turn on the answer section
  • -x - perform a reverse lookup
  • -axfr - perform a DNS zone transfer. Note this is commonly disables by nameservers due to security reasons
$ dig www.blackhatacademy.org +trace
.                       255411  IN      NS      a.root-servers.net.
.                       255411  IN      NS      e.root-servers.net.
.                       255411  IN      NS      h.root-servers.net.
.                       255411  IN      NS      g.root-servers.net.
.                       255411  IN      NS      b.root-servers.net.
.                       255411  IN      NS      c.root-servers.net.
.                       255411  IN      NS      i.root-servers.net.
.                       255411  IN      NS      j.root-servers.net.
.                       255411  IN      NS      f.root-servers.net.
.                       255411  IN      NS      l.root-servers.net.
.                       255411  IN      NS      d.root-servers.net.
.                       255411  IN      NS      k.root-servers.net.
.                       255411  IN      NS      m.root-servers.net.
;; Received 384 bytes from 91.227.204.227#53(91.227.204.227) in 42 ms

org.                    172800  IN      NS      d0.org.afilias-nst.org.
org.                    172800  IN      NS      a0.org.afilias-nst.info.
org.                    172800  IN      NS      b2.org.afilias-nst.org.
org.                    172800  IN      NS      c0.org.afilias-nst.info.
org.                    172800  IN      NS      b0.org.afilias-nst.org.
org.                    172800  IN      NS      a2.org.afilias-nst.info.
;; Received 443 bytes from 192.33.4.12#53(c.root-servers.net) in 32 ms

blackhatacademy.org.    86400   IN      NS      ed.ns.cloudflare.com.
blackhatacademy.org.    86400   IN      NS      vera.ns.cloudflare.com.
;; Received 94 bytes from 199.19.54.1#53(b0.org.afilias-nst.org) in 28 ms

www.blackhatacademy.org. 300    IN      A       173.245.61.144
www.blackhatacademy.org. 300    IN      A       199.27.135.55
;; Received 73 bytes from 173.245.59.111#53(ed.ns.cloudflare.com) in 24 ms


.digrc

A file can be created in the users' home directory called .digrc to store default commands, which will automatically be used with each query

 
$ cat ~/.digrc
+noall +answer

And now each query will only output the answer section unless specified otherwise.

$ dig www.blackhatacademy.org
www.blackhatacademy.org. 300    IN      A       173.245.61.144
www.blackhatacademy.org. 300    IN      A       199.27.135.55