Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [dig]

dig is a command-line client to make queries against DNS servers, the Internet name servers.

dig is a command-line client that allows you to make queries against DNS servers, which are servers that provide the Internet name service. While querying DNS servers is part of most Internet based applications (like web browsers, chat clients, email tools and so forth), those queries are done by the clients in the background, and without any user intervention. dig allows you to make such queries explicitly from the command-line. This is usually interesting for people that maintain DNS servers and want to test them, or network administrators that want to inspect name resolution in a particular network.

dig is part of the BIND software package, which runs on POSIX platforms, but ports to the Windows platform exist. An alternative tool is nslookup, but dig is usually preferred for its better configurability and scriptability.

This tag should be added to questions that explicitly refer to the dig tool and its workings. Related tags are dns, nslooup, domain-name and bind.

Further information:

215 questions
238
votes
10 answers

List all DNS records in a domain using dig?

My company runs an internal DNS for mycompany.example There is a machine on the network that I need to find, but I’ve forgotten its name. If I could see a list, it would probably jog my memory. How can I list all of the domain records for…
Runcible
  • 2,955
  • 3
  • 22
  • 15
146
votes
5 answers

Force dig to resolve without using cache

I'm wondering if there is a way to query a DNS server and bypass caching (with dig). Often I change a zone on the DNS server and I want to check if it resolves correctly from my workstation. But since the server caches resolved requests, I often get…
Daniel
  • 2,877
  • 5
  • 20
  • 24
127
votes
4 answers

How can I see Time-To-Live (TTL) for a DNS record?

I would like to see the Time-To-Live (TTL) value for a CNAME record. I have access to dig (on Apple Mac OS X), which gives me an answer like this: % dig host.example.gov <*SNIP*> ;; ANSWER SECTION: host.example.gov. 43200 IN CNAME …
Stefan Lasiewski
  • 22,949
  • 38
  • 129
  • 184
79
votes
4 answers

dig show only answer

I want dig only to show the answer of my query. Normally, it prints out alot of additional info like this: ;; <<>> DiG 9.7.3 <<>> google.de ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55839 ;; flags: qr…
Zulakis
  • 4,191
  • 14
  • 44
  • 75
38
votes
6 answers

Why can host and nslookup resolve a name but dig cannot?

Can anyone tell me why this is happening? I can resolve a hostname using host and/or nslookup but forward lookups do not work with dig; reverse lookups do: musashixxx@box:~$ host someserver someserver.somenet.internal has address…
musashiXXX
  • 481
  • 1
  • 4
  • 7
33
votes
3 answers

Is dig +trace always accurate?

When the accuracy of a DNS cache is in question, dig +trace tends to be the recommended way of determining the authoritative answer for an internet facing DNS record. This seems to be particularly useful when also paired with +additional, which also…
Andrew B
  • 31,858
  • 12
  • 90
  • 128
28
votes
4 answers

sed replace all tabs and spaces with a single space

I got a string like the following: test.de. 1547 IN SOA ns1.test.de. dnsmaster.test.de. 2012090701 900 1000 6000 600 now I want to replace all the tabs/spaces inbetween the records with just a single space so I can easily use…
Zulakis
  • 4,191
  • 14
  • 44
  • 75
23
votes
2 answers

SOA and Primary NS record (DNS)

The brunt of the question is this -- What is the relationship between the primary nameserver specified in the SOA record and the nameservers specified in the NS records. How are these things linked? When I query most websites, I get…
scraft3613
  • 470
  • 1
  • 4
  • 12
18
votes
3 answers

What are all the flags in a dig response?

dig responses return flags in the comments section: $ dig example.com +noall +comments ; <<>> DiG 9.8.3-P1 <<>> example.com +noall +comments ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29045 ;; flags:…
Edward Loveall
  • 317
  • 1
  • 3
  • 10
17
votes
2 answers

DNS Server Responses and Timeouts

We're experiencing a frustrating problem on our LAN. Periodically, DNS queries to our ISP nameservers timeout forcing a 5 second delay. Even if I bypass /etc/resolv.conf by using a direct dig to one of our DNS servers, I still encounter the…
dmourati
  • 24,720
  • 2
  • 40
  • 69
17
votes
2 answers

What's the difference between `dig` and `host` when querying a specific name-server?

I was using this command to verify if I'd set things up correctly with a DNS provider: host hostname.example.com ns1.example-nameserver.com As far as I can tell, this asks ns1.example-nameserver.com to look up hostname.example.com and reports the…
jhabbott
  • 291
  • 1
  • 3
  • 8
14
votes
2 answers

How do I ask "dig" to only return the IP from a CNAME record?

The dig +short command (such as described in "dig show only answer") is great for batch processing names into IP addresses. It does a simple job and does it well. Unfortunately when there's a CNAME even +short isn't short enough. For example: $ dig…
Steve Bonds
  • 874
  • 2
  • 10
  • 19
13
votes
1 answer

Dig timeout option don't work

When I try either of these commands they do not stop after 5 seconds: $ dig +time=5 @hii.com hello.me -or- $ dig @hii.com hello.me +time=5 What is the correct way to use this option?
sg552
  • 389
  • 3
  • 4
  • 11
12
votes
4 answers

DNS searching with wildcards?

Anything like nslookup or dig offer the ability to search based on something contained in the name ... like a wildcard search or something? I'm trying to make a little script with a GUI wrapper for our helpdesk team. Ideally, I'd like them to be…
TryTryAgain
  • 1,112
  • 4
  • 22
  • 40
12
votes
2 answers

How is my DNSSEC enabled domain still serving a tiny number of NXDOMAIN response codes?

I enabled DNSSEC on my primary domain about a week ago. It's not a major website or anything -- just my personal domain name that I use for email and the like (TLD: com; DNSSEC algorithm 13; authoritative DNS provider: Cloudflare). Over the last 24…
Collin
  • 141
  • 9
1
2 3
14 15