2

By default when DNS servers do not respond dig does not show any information about the queries being sent. I can use the +qr option to see each query being sent:

$ dig +qr archive.ubuntu.com

; <<>> DiG 9.16.1-Ubuntu <<>> +qr archive.ubuntu.com
;; global options: +cmd
;; Sending:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21059
;; flags: rd ad; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: ec2af2d60803b6a5
;; QUESTION SECTION:
;archive.ubuntu.com.            IN      A

;; QUERY SIZE: 59

Unfortunately I still do not see the information I need most - the IP address the query is being sent to and ideally the port number too. Is it possible to make dig to show this information?

I can see this information for failed TCP connections but I would really like to see it failed UDP queries too.

$ dig +tcp archive.ubuntu.com
;; Connection to 172.29.128.1#53(172.29.128.1) for archive.ubuntu.com failed: timed out.
pabouk - Ukraine stay strong
  • 246
  • 1
  • 7
  • 14
  • The port number is always 53, and the IP address should be the same for UDP or TCP so why not leverage the one from TCP error message? I did not see any option or way to achieve what you want specifically with `dig`. – Patrick Mevzek Mar 16 '22 at 16:25

1 Answers1

1

Since the version 9.15.4 of ISC BIND released in 2019-09, dig supports YAML output which contains the DNS server's protocol, address and port.

Example of extracting the values using yq:

dig +yaml www.seznam.cz | yq -r '.[] | select(.type=="MESSAGE") | .message |
    [.socket_protocol, .response_address, .response_port] | @tsv'

UDP     172.31.112.1    53

Example of different way of formatting the output:

dig +yaml www.seznam.cz | yq -r '.[] | select(.type=="MESSAGE") | .message |
    "\(.response_address):\(.response_port)"'

172.31.112.1:53
pabouk - Ukraine stay strong
  • 246
  • 1
  • 7
  • 14