Dig Tutorial

First and foremost, what the heck is Dig? Dig is an acronym for “domain internet groper”.  Dig is a useful tool for webmasters and system administrators, it can be used to query DNS servers and fix DNS related issues.  Dig is a part of the BIND DNS software.

There are many beneficial and useful ways to use dig.  Do you ever find yourself needing to make changes to DNS records, but aren’t sure how to verify your changes?

Check out the following breakdown of a dig query.

Type the following dig query into your Terminal and follow along!

dig www.no-ip.com

This query will call on the A record for the domain name www.no-ip.com.

So, lets dive into this a little deeper and explain what each part of the response means…

The first two lines tell us the version of dig that is being used, in my case, i am using version 9.4.3-P3, the command line parameters (www.no-ip.com) and the query options (printcmd). The printcmd options means that the command section (the name of these first two lines) is printed. You can disable this response by using the option +nocmd.

; <<>> DiG 9.4.3-P3 <<>> www.no-ip.com
;; global options: printcmd

Next, dig tells you the response that it collected from the DNS server. The answer received was (opcode: QUERY) and that the response contains 1 part in the answer section, 5 parts in the authority section and 6 parts in the additional section. Just before those responses you will see “flags”.  Flags state certain things about the DNS server and its response.

-qr (query response) simply means this is a response to a query
-rd (recursion desired) means that the incoming query requested recursive  support
-ra (recursion available) means that the responding server supports recursive queries

;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55423
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 5, ADDITIONAL: 6

The question section is next. This section just states what I queried, in this case, I queried the A record of www.no-ip.com and it is in the Internet class or IN.

;www.no-ip.com.                       IN                  A

The answer section follows; it adds the IP address of www.no-ip.com, and it also names all of the NS records that are authoritative for the domain.

www.no-ip.com.    60          IN                  A    
no-ip.com. 50531              IN                  NS             ns2.no-ip.com.
no-ip.com. 50531              IN                  NS             ns4.no-ip.com.
no-ip.com. 50531              IN                  NS             ns5.no-ip.com.
no-ip.com. 50531              IN                  NS             ns3.no-ip.com.
no-ip.com. 50531              IN                  NS             ns1.no-ip.com.

The additional section lists the IP addresses of all of the NS records, along with what type of record they are.

ns1.no-ip.com. 7702             IN                  A  
ns1.no-ip.com. 128              IN                  AAAA         2620:0:2e60::33
ns4.no-ip.com. 128              IN                  A  
ns2.no-ip.com. 79306            IN                  A  
ns5.no-ip.com. 79306            IN                  A  
ns3.no-ip.com. 19260            IN                  A  

The last section just gives stats about the query: how long it took, the IP address it was queried from and how large the message was.  You can disable this reply by using the +nostats option.

;; Query time: 48 msec
;; WHEN: Fri Apr  8 11:22:02 2011
;; MSG SIZE  rcvd: 245

Using dig can help you troubleshoot your DNS related issues.  How often do you use dig?