Show Menu
Cheatography
  1. Home >
  2. Software >

dig Cheat Sheet Cheat Sheet by

The dig command, short for domain information groper, is a powerful network tool for querying domain name system (DNS) servers. It helps diagnose and resolve DNS-related problems, essential for maintaining network stability and performance. Based on https://www.hostinger.com/tutorials/how-to-use-the-dig-command-in-linux/ and https://cheatography.com/creo/cheat-sheets/fhstp-dig/

Troubl­esh­ooting DNS issues

Check the DNS resolution by verifying if a domain name resolves correctly:
 
dig exampl­e.com
Ensure the domain’s name servers are correctly config­ured:
 
dig exampl­e.com NS
Identify where DNS resolution might be failing by tracing the entire DNS lookup path:
 
dig exampl­e.com +trace
Verify the DNSSEC settings to see if the RRSIG records are present:
 
dig exampl­e.com +dnssec
Make sure that an IP address resolves to the correct domain name:
 
dig -x 93.184.216.34
To fix specific services like email, check the relevant DNS records. For example:
 
dig exampl­e.com MX
Pay attention to each output and make sure the ANSWER sections are correct.

Monitoring DNS propag­ation

Use the @server option to query a specific DNS server, such as Google’s public DNS server:
 
dig @8.8.8.8 exampl­e.com
Query different DNS servers to compare their responses. For Cloudf­lare’s server, run:
 
dig @1.1.1.1 exampl­e.com
If the ANSWER sections from different servers match, the DNS changes have propagated succes­sfully. Otherwise, some servers may still need to update their records. You can check the propag­ation status period­ically.

Perfor­mance testing

Measuring DNS response times is essential for assessing your DNS servers’ perfor­mance. This lets you identify slowdowns or issues affecting your network’s speed and reliab­ility.
Run the basic dig command. Focus on the output’s Query time field, which indicates the time taken to get a DNS server response:
 
dig exampl­e.com
Query different DNS servers to compare their response times. This helps identify which servers are performing better:
 
dig @1.1.1.1 exampl­e.com
 
dig @8.8.8.8 exampl­e.com
Use the +stats option for additional statistics about query times and server details:
 
dig exampl­e.com +stats

Examples

 

Syntax

dig [server] [name] [type]

dig command options

+short
Displays only the most relevant inform­ation, such as the IP address for an A record
+noall
Suppresses all sections of the output except those explicitly requested
+answer
Shows only the answer section of the output. Typically used with +noall
+trace
Performs a complete trace of the DNS resolution process from the root servers down to the author­itative servers.
@server
Specifies a different DNS server to query instead of the default one
-x
Performs a reverse DNS lookup, transl­ating an IP address to a domain name
+multi
Formats the output to be more human-­rea­dable, which is useful when dealing with multiple DNS records
+nocmd
Omits the initial command line from the output, showing only the results
+stats
Shows the statistics section, which includes query time and server details
 

List specific resource record types

Base Syntax
Authority Record
IPv4 addres­­s(-es)
IPv6 addres­­s(-es)
Canonical Records
Mail eXchangers
 
dig google.com MX
Standard Reverse Lookup
 
dig 2.69.2­­19.9­­1.i­­n-­­ad­d­r.arpa PTR
Simple Reverse Lookup
Caveat: If you forget to configure MX records for an object, most mail servers will try to deliver messages to the A record associated to the host.
  

Response Codes

0
 
NOERR
No error
1
 
FORMERR
Unable to understand query
2
 
SERVFAIL
Server problem
3
 
NXDOMAIN
Domain does not exist
4
 
NOTIMPL
Query not implem­­ented
5
 
REFUSED
Query not allowed
If the verifi­­cation of a DNSSEC signed answer fails, this also results in 
SERVFAIL

Output sections

HEADER
dig command version, options used, type of operation, status of the operation, message id.
QUESTION
This is your input - the query you sent to the DNS.
ANSWER
Column 2: TTL (cache time) in seconds; Column 3: Class (IN=In­­te­rnet, CH=Chaos, HS=Hes­­iod); Column 4: Resource Record Type (A, NS, CNAME, MX, PTR...); Column 5: The content of the resource record (IP, Name, Text...)
AUTHORITY
The DNS servers that have the authority to answer the query (in form of NS records).
ADDITIONAL
This section carries resource records that are attached to help you avoid additional queries or even bootstrap certain zones (Glue records).
       
 

Metadata

  • Languages:
  • Published: 16th January, 2025

Comments

No comments yet. Add yours below!

Add a Comment

Your Comment

Please enter your name.

    Please enter your email address

      Please enter your Comment.

          Related Cheat Sheets

          dig Cheat Sheet
          DevOps Troubleshooting Study Guide Cheat Sheet