Making Full Use Of ‘Dig’ In Linux

Mattias Geniar, Monday, September 1, 2008 - last modified: Wednesday, September 2, 2015

Dig (domain information groper) is to Linux, what nslookup is to Windows. Be it just a bit more powerful. Here are just some of possibilities in using it, to query different nameservers, query for specific nameserver records (A, AAAA, MX, CNAME, TXT), and so on.

The table of contents

Installing dig

First of, a little "How To Install Dig".

If you're running a redhat based release (centos, fedora, red hat), you can use yum.

yum install bind-utils

For anything Debian based, there's apt-get.

apt-get install bind-utils

(And for those who use Gentoo, there's 'emerge bind-tools')

Basic usage of dig

Now let's get started. There's the basic usage of dig, to get the output of the nameserver records of a certain domain, using your currently configured nameservers (/etc/resolv.conf). This will most likely query your ISP's nameserver(s), or the ones provided to you by your company.

Here's the command to issue: dig . This will start a query to retrieve the nameserver records for the domain "".

$ dig

; <<>> DiG 9.3.4-P1 <<>>
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48084
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 1

;          IN      A

;; ANSWER SECTION:   78003   IN      CNAME       78003   IN      A

;; AUTHORITY SECTION:       78003   IN      NS

;; ADDITIONAL SECTION:    78003   IN      A

;; Query time: 9 msec
;; WHEN: Fri Aug 29 20:06:27 2008
;; MSG SIZE  rcvd: 101

This will teach use quite a few things, right of the bat. It's peanut-butter-analyze-time!

;          IN      A

The question section actually just copies our request to the nameserver. We ask it to tell us which A record belongs to the hostname "". This is the default query that is being launched if you provide no other options with the dig command, other than a hostname.

;; ANSWER SECTION:   78144   IN      CNAME       78144   IN      A

This tells us that "" is a CNAME record, that refers to the hostname "" . "" in return, is an A record that points to the IP address

This kind of configuration is usually accomplished by defining 1 A record that points to an IP address, and a catch-all CNAME " *" that refer to that specific A record. It saves you a lot of time if you ever decide to move a website, since you'll only need to update 1 IP address (defined in the A record), and not several -- defined in more seperate A records.

;; AUTHORITY SECTION:       78003   IN      NS

The NS record-type learns us which machine is in charge of this domain, in this case it's the server located at "". The nameserver at that address is the authoritative name server, and will be queried when someone tries to locate the domain "".

;; ADDITIONAL SECTION:    78003   IN      A

This then tells us that the authoritative nameserver "" is located at the IP address By default, the additional section will perform a lookup for the host listed in the authority section.

More info, less output: +short

If that output is all a bit much, if you just want to do a simple lookup, you can shorten it by supplying the +short parameter.

$ dig +short

A very cool trick is to use both the +short +noshort flags at the same time. It gives you all the necessary info, on a single line.

$ dig +short +noshort    3134  IN  A

To make this more easier to use, add an alias in your .bashrc file.

alias dig='dig +short +noshort'

Now you can just use dig, and get the short output.

$ dig    3007  IN  A


Use dig to query for a specific record

Now, on to more specific things. Say you want to query your current nameservers, for the MX record of a domain? You can easily do this by defining the type of record in the dig command. Just add "MX" at the end, to query for the MX records.

$ dig MX
;; ANSWER SECTION:   77269   IN      CNAME       17124   IN      MX      10


The actual reply to your request, lies in the ANSWER SECTION (shown in bold). It tells you that the MX record points to "", and that it has a priority of 10. Since there's only 1 MX record defined, the priority doesn't mean much here.

If there are several MX records, it means more than 1 mailserver is configured to receive mail for this domain. The priority given will determine in which order they are contacted to deliver the e-mail. The mailserver with the lowest priority will be contacted first.

If multiple MX records exist with the same priority, they'll be contacted "at random". This technique is called Round Robin and often used to spread the load amongst 2 or more mailservers, without requiring some sort of loadbalancer.

Query a specific nameserver

You can also use dig to query other nameserver, and see what information they hold about a domain. It can help you bypass the (sometimes lengthy) DNS updates of your ISP, and see if the nameservers are configured properly.

$ dig

Using the @ , you can specify which nameserver you want to ask your query to. In this case, we're asking "" to tell us where "" points to.

This allows for certain combinations of course, what if we want to see the MX records of a domain, ask that query to a different nameserver than our defaults (defined in /etc/resolv.conf) and only display the short reply?

$ dig MX +short

Just tick all parameters right after each other. This'll query the nameserver "" for the MX records of the domain, and the +short parameter tells us to not overload us with information, but only display the short result.

Reverse DNS with dig

You can also use dig to query for the reverse DNS records (PTR records) on an IP address. To do so, use the -x flag.

$ dig -x
... 2495 IN  PTR

Flags used by dig output

And in case you've noticed, every time we perform a lookup of a domain through dig, there's some extra information in the header of the output (right before the actual answer of our query is displayed).

$ dig

; <<>> DiG 9.3.4-P1 <<>>
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21271
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 1

The flags are useful here. But what do those flags in DNS terms mean?

  • AA: Authorative Answer: the nameserver that answered the query is the authorative (responsible) nameserver for that domain. Record shown in this query are those that will be known throughout the world.
  • RD: Recursion Desired (see example below).
  • RA: Recursion Available.
  • QR: Query Response: the answer we received seems pretty reasonable, and could be real.

Query the root nameservers

And to show the "recursion" meaning, in DNS terms, here's the nameserver query for the domain "", when asked to one of the Root Servers.

$ dig

; <<>> DiG 9.3.4-P1 <<>>
; (2 servers found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4954
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 9, ADDITIONAL: 10

;          IN      A

be.                     172800  IN      NS
be.                     172800  IN      NS
be.                     172800  IN      NS
be.                     172800  IN      NS
be.                     172800  IN      NS
be.                     172800  IN      NS
be.                     172800  IN      NS
be.                     172800  IN      NS
be.                     172800  IN      NS

Loads of information there ... First of, the "authority section" tells us the root nameservers for the .BE top level domain. These nameservers should be queried for the correct nameserver lookup. The flag "rd" means "recursion desired", and tells us we should consult one of the authoritative nameservers given -- because the root nameserver cannot tell us the answer.

I think I'll leave it at that ... there's lots more to cover about dig, and DNS in general, but I guess if you made it this far through the explanation -- you should at least deserve a tap on the shoulder. Congratulations! :-)

Hi! My name is Mattias Geniar. I'm a Support Manager at Nucleus Hosting in Belgium, a general web geek, public speaker and podcaster. Currently working on DNS Spy. Follow me on Twitter as @mattiasgeniar.

I respect your privacy and you won't get spam. Ever.
Just a weekly newsletter about Linux and open source.

SysCast podcast

In the SysCast podcast I talk about Linux & open source projects, interview sysadmins or developers and discuss web-related technologies. A show by and for geeks!

cron.weekly newsletter

A weekly newsletter - delivered every Sunday - for Linux sysadmins and open source users. It helps keeps you informed about open source projects, Linux guides & tutorials and the latest news.

Share this post

Did you like this post? Will you help me share it on social media? Thanks!


Kim Monday, January 19, 2009 at 16:53

Lookup Name Servers of a website using this free online tool at:


Zhann Wednesday, September 2, 2015 at 13:43

Reverse DNS function I have in my zshrc:

  dug() { dig +short -x $(dig +short $1) }

Works as you’d expect:

   ~ $ dug


Leave a Reply

Your email address will not be published. Required fields are marked *