Linux dig command is a powerful tool for DNS (Domain Name System) lookup and troubleshooting. For VPS (Virtual Private Server) users, it’s important to understand how to leverage this command for many tasks, from checking DNS records to automating DNS monitoring. This guide takes you through using dig, Introduction from the basic to the more advanced usage with examples.
1. What is Linux Dig Command?
Linux dig command (Domain Information Groper) is part of the DNS utility suite on Unix-based systems. It helps VPS users query DNS servers for important domain data, such as IP addresses, mail servers, and other DNS records. This tool can assist in troubleshooting DNS issues, verifying DNS record changes, and more.
2. Installing the Linux dig Command
For Debian/Ubuntu:
sudo apt update
sudo apt install dnsutils
For Alma Linux/Rocky Linux:
sudo yum install bind-utils
For Fedora:
sudo dnf install bind-utils
Verifying the Installation:
Make sure dig is available by running:
dig -v
This command will output the version of dig if it is installed correctly. Seeing version information, such as DIG 9.x.x-<distribution info>, indicates that the tool is ready for use. If this command does not produce any output or returns an error, you may need to install dnsutils or bind-utils, depending on your distribution, as detailed in the installation steps in the guide.
3. Basic Syntax of Linux dig Command
The general structure for using dig is as follows:
dig [domain] [query-type]
- [domain]: The domain you want to query (e.g., example.com).
- [query-type]: Specifies the type of DNS record (e.g., A, MX, NS).
By default, dig performs an A record query if no query type is provided.
4. Common Linux dig Command Examples
Querying A Records
In order to obtain the IP address referred to by a domain, we need to query the A record. An A record maps a domain to its corresponding IPv4 address. To perform this query, use the following command:
dig example.com A
Put your domain of interest in the place where example.com is. We will get the domain’s (queried) IPv4 address in the answer section and confirm which IP is used at the moment. This command serves as a DNS configuration verification command, a tool to verify connectivity issues and see if a given domain is resolving to the right server or IP address on your VPS.
Querying MX Records:
The right way to find out where to send the mail for a domain is by querying MX records. The MX records are the records that tell the mail servers what to do when an email is sent to that domain. To query these records, run:
dig example.com MX
Replace example.com with your desired domain. The response will include a list of mail servers along with their priority levels. The server with the lowest number has the highest priority for email delivery. This command is helpful for checking if the correct mail servers are set up, helping in mail configuration and troubleshooting email delivery issues.
It retrieves the mail exchange records, including server details and priority levels.
Querying NS Records
To find the nameservers handling a domain’s DNS records, querying NS records is essential. NS (Name Server) records indicate which servers are authoritative for the domain’s DNS settings. To perform this query, use the following command:
dig example.com NS
Replace example.com with the domain you want to check. The output will display the authoritative nameservers that are currently responsible for managing the DNS records of the specified domain. This command is valuable for verifying that the correct nameservers are in place, giving proper DNS management and troubleshooting delegation issues.
It is useful when verifying which servers hold the authoritative DNS data for a domain.
5. Detailed Examples for VPS Management
Verifying Domain Propagation
DNS changes often take some time to propagate globally due to caching at various levels of the internet infrastructure. To check if your recent DNS changes have been updated and are being recognized externally, you can query a specific public DNS server. Run the following command:
dig @8.8.8.8 example.com A
Replace example.com with your domain. The @8.8.8.8 is a Google public DNS server, which you can use to check how a public resolver looks at your DNS records. It will help us to confirm that your changes are present on the local network or network DNS cache, giving us a broader visibility.
Specifying a public DNS server (e.g., Google’s 8.8.8.8, Cloudflare’s WARP 1.1.1.1) shows whether the DNS change has propagated externally.
Checking Reverse DNS Lookup
Reverse DNS (RDNS) lookup is the process of converting an IP address back to a domain name, which is especially important for mail server validation to prevent emails from being marked as spam. To check the reverse DNS of an IP address, use the following command:
dig -x 192.0.2.1
Replace 192.0.2.1 with the IP address you need to check. The output will show the PTR (Pointer) record, which maps the IP to the corresponding domain name if configured correctly. This verification helps check that the reverse DNS setup aligns with forward DNS, contributing to reliable email deliverability and server credibility.
Replace 192.0.2.1 with your server’s IP. The output will display the PTR record if configured.
Troubleshooting DNS Issues
To track how a query resolves through the DNS hierarchy, you can use the +trace option with the Linux dig command. This method follows the query from the root DNS servers down to the authoritative servers step by step, revealing each stage of the resolution process. To perform this, run:
dig example.com +trace
Replace example.com with your domain. You will see how the request travels from one end of the DNS hierarchy to the other, beginning from the root servers through the TLD servers to the authoritative nameservers. It proves especially helpful for diagnosing DNS resolution issues and pinpointing potential problems at various levels of the DNS chain.
The +trace option helps locate potential issues by following the path from the root servers to the authoritative servers.
6. Advanced Options and Linux dig Command
Linux dig command offers a wide range of additional options that refine the results for deeper insights:
Using the +trace Option
The Linux dig command allows us to add the +trace option to display the whole path a query goes through the DNS hierarchy from the root servers all the way down to the final authoritative server. It gives you a detailed breakdown of how the DNS request is being resolved so that it tells you where something may be wrong.
To use this option, run:
dig example.com +trace
Replace example.com with your domain of interest. The output shows each stage of the query, including root DNS servers, TLD (Top-Level Domain) servers, and the authoritative name servers. It is especially beneficial for diagnosing complex DNS issues and gaining insight into the resolution process.
It shows the sequence of servers queried and aids in identifying potential DNS resolution issues.
Extracting Specific Sections of the Output
To narrow down the output of the Linux dig command and display only the relevant sections, you can use specific modifiers such as +noall and +answer. These options help in decluttering the output and focusing on the essential information.
dig example.com A +noall +answer
- +noall: Suppresses all sections except those you explicitly request.
- +answer: Displays only the answer section, which shows the query result.
This command outputs only the answer section of the DNS query, making it easier to read and analyze. It’s particularly useful when scripting or when you need quick insights without the extra data.
It displays only the answer section, providing a cleaner output.
The +short Option
The +short option in the Linux dig command streamlines output by displaying only the essential response data, typically an IP address or hostname, without additional information like query details or headers. It is ideal for quick lookups when only the main result is needed. For example, running dig example.com A +short will return just the IP addresses associated with the domain, simplifying parsing in scripts or when you need to review results at a glance. This option is highly efficient for administrators who frequently query DNS records and require clean, concise outputs for analysis or automation.
dig example.com A +short
This command is Great for quick checks when only the IP address is needed.
The +stats Option
The +stats option in the Linux dig command provides detailed statistics related to the DNS query performed. When you use dig example.com A +stats, the output includes metadata such as the query time, the server that responded, the size of the response in bytes, and the time it took to receive the response. This information is beneficial for troubleshooting DNS performance and understanding how long queries take and from which server they are resolved. Network administrators often use this to monitor and evaluate the efficiency and health of DNS queries, ensuring that their DNS configurations are performing optimally.
dig example.com A +stats
The statistics include query time, server information, and more, which is helpful for performance analysis.
The +dnssec Option
The +dnssec option in the Linux dig command is used to include DNS Security Extensions (DNSSEC) data in the query response. So, when you run a shell command like ‘dig example.com A +dnssec’, it returns Resource Records related to DNSSEC, RRSIG’s, for example, to prove that they actually did say something authentic and the integrity of the DNS response. This option is essential for administrators who need to validate that DNS responses haven’t been tampered with and are genuinely from the authoritative source. By leveraging +dnssec, users can see that their DNS queries are protected against common security threats like cache poisoning and man-in-the-middle attacks.
dig example.com A +dnssec
It displays DNSSEC-related records, verifying data integrity.
The +multiline Option
The +multiline option in the Linux dig command enhances the readability of the output by formatting it into a structured, easy-to-read format. Instead of displaying resource records on a single line, using dig example.com, A +multiline breaks the data into multiple lines with indentation, making complex DNS records, such as those with long TXT entries or DNSSEC information, clearer and more understandable. This format is particularly helpful for analyzing and understanding detailed DNS responses without the clutter of compact, single-line outputs. Administrators use +multiline for reviewing records in a way that highlights unique record fields and improves overall transparency.
dig example.com TXT +multiline
It arranges complex records, like TXT, in a format that is easier to read.
The +all Option
The +all option in the Linux dig command is used to display the complete output of a DNS query, including all available sections like question, answer, authority, and additional records. By running dig example.com A +all, you receive detailed and comprehensive information about the query, including details about the server, query time, and full header information. This option is useful when an in-depth examination of the DNS response is needed for thorough analysis or troubleshooting, as it provides a full overview of what the DNS server returns. Network administrators rely on +all for diagnosing complex DNS issues and understanding the full context of DNS queries.
dig example.com A +all
It is useful for thorough DNS inspection.
Combining Options
Combining options in the Linux dig command allows for highly customized and efficient DNS query outputs tailored to specific needs. For example, you can dig example.com A +short +stats to display only the main result while also showing statistics about the query. This combination provides a streamlined view of the IP address with query performance data. Mixing options like +dnssec +multiline offers both security validation and improved readability in one command. This flexibility helps network administrators obtain exactly the information they need in one command, making it easier to script, analyze, or troubleshoot DNS queries with precision.
dig example.com A +noall +answer +comments
It displays just the answer section along with explanatory comments.
Querying Specific Port
To query a specific port using the Linux dig command, use the -p flag followed by the desired port number. By default, dig queries the DNS server on port 53, but sometimes custom DNS servers or testing scenarios require a different port. For example, you can use dig @example.com -p 53 A example.com to send a query to port 53 instead of the default. It is especially useful for diagnosing DNS services on non-standard ports or working with custom configurations and DNS resolvers. The -p option provides flexibility for testing and validating DNS responses from alternative port setups.
dig @8.8.8.8 example.com A -p 53
It performs a DNS query on port 53, which is beneficial in specialized setups.
Using Dig with IPv6
When dealing with IPv6, you can include the -6 option to state that the query should be sent over an IPv6 connection with dig. The Linux dig command -[6] example.xyz A forces a DNS query to be transmitted in IPv6 format rather than the default IPv4. In particular, given that many environments have IPv6 enabled, testing connectivity and DNS resolution is especially important, or you want to verify that all your utilities and applications are compatible with IPv6 only networks. Network administrators use the -6 option to verify that DNS servers and configuration are working with IPv6 queries to help support IPv6 transition and troubleshoot IPv6-specific issues.
dig -6 example.com AAAA
This queries using IPv6 and returns IPv6 address records.
7. Creating Custom Dig Scripts for VPS Automation
Automating dig with Bash scripts can simplify domain management:
#!/bin/bash
domains=("example1.com" "example2.com" "example3.com")
for domain in "${domains[@]}"
do
echo "A record for $domain:"
dig "$domain" A +short
done
Save the script as check_a_records.sh, make it executable, and run:
chmod +x check_a_records.sh
./check_a_records.sh
This script outputs the A records for multiple domains.
8. Best Practices for Using Dig on Your VPS
- Use External DNS Servers for Checks: Verify propagation and external status by querying public DNS servers like 8.8.8.8 (Google) or 1.1.1.1 (Cloudflare).
- Automate with Scripts: Integrate dig automation scripts for consistent monitoring and alerts.
- Combine Options for Clarity: Use modifiers like +short or +answer for focused results.
Example Automation Check:
dig example.com A +short | grep -q "198.51.100.1" || echo "IP mismatch for example.com"
This checks if the A record matches 198.51.100.1 and prints a message if there’s a discrepancy.
9. Conclusion
Mastering dig gives users the ability to perform DNS lookups, troubleshoot issues, and automate tasks. With options ranging from simple queries to complex command combinations, dig is an invaluable tool in managing DNS for VPS hosting.
About the writer
Vinayak Baranwal wrote this article. Use the provided link to connect with Vinayak on LinkedIn for more insightful content or collaboration opportunities.