Show Menu
Cheatography

fhstp-dig Cheat Sheet (DRAFT) by

This is a draft cheat sheet. It is a work in progress and is not finished yet.

Syntax

dig [@server] name [type] [class] [options]

List specific resource record types

Base Syntax:
dig fhstp.a­c.at type 
Authority Record
dig fhstp.a­c.at SOA
IPv4 addres­s(-es)
dig fhstp.a­c.at A
IPv6 addres­s(-es)
dig fhstp.a­c.at AAAA
Canonical Records
dig fhstp.a­c.at CNAME
Mail eXchangers
dig fhstp.a­c.at MX
Standard Reverse Lookup
dig 2.69.2­19.9­1.i­n-­add­r.arpa PTR
Simple Reverse Lookup
dig -x fhstp.a­c.at
Caveat: If you forget to configure MX records for an object, most mail servers will try to deliver messages to the A record associated to the host.

Who do we talk to?

Local v4 resolver
dig -4 fhstp.a­c.at
Local v6 resolver
dig -6 fhstp.a­c.at
Defined v4 resolver
dig -4 @<d­nss­erv­er> fhstp.a­c.at
Defined v6 resolver
dig -6 @<d­nss­erv­er> fhstp.a­c.at
<dn­sse­rve­r> - either a name or an IP address of an resolver or the DNS server who is author­itative for the query
 

Output sections

HEADER
dig command version, options used, type of operation, status of the operation, message id.
QUESTION
This is your input - the query you sent to the DNS.
ANSWER
Column 2: TTL (cache time) in seconds; Column 3: Class (IN=In­ternet, CH=Chaos, HS=Hes­iod); Column 4: Resource Record Type (A, NS, CNAME, MX, PTR...); Column 5: The content of the resource record (IP, Name, Text...).
AUTHORITY
The DNS servers that have the authority to answer the query (in form of NS records).
ADDITIONAL
This section carries resource records that are attached to help you avoid additional queries or even bootstrap certain zones (Glue records).

Sneaky stuff

Request an AXFR zone transfer
dig fhstp.tech AXFR
Request BIND version
dig @farns­wor­th.lab versio­n.bind CHAOS TXT
 

Output modifiers

Example:
dig fhstp.a­c.at +foo
+dnssec
Also request associated DNSSEC records
+short
Only show the "­pur­e" answer
+norecurse
Don't ask the resolver to recurse (a.k.a.: "­ite­rative query")
+tcp / +notcp
Use / do not use TCP for this query
+multiline
Display longer records in a more human-­rea­dable fashion

Response Codes

0
NOERR
No error :-)
1
FORMERR
Unable to understand query
2
SERVFAIL
Server problem
3
NXDOMAIN
Domain does not exist
4
NOTIMPL
Query not implem­ented
5
REFUSED
Query not allowed
If the verifi­cation of a DNSSEC signed answer fails, this also results in
SERVFAIL

Response Flags

AA
Author­itative Answer
TC
Truncated
RD
Recursion Desired
RA
Recursion Available
AD
Authen­ticated Data (DNSSEC)
CD
Checking Disabled