Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [dig]

dig is a command-line client to make queries against DNS servers, the Internet name servers.

dig is a command-line client that allows you to make queries against DNS servers, which are servers that provide the Internet name service. While querying DNS servers is part of most Internet based applications (like web browsers, chat clients, email tools and so forth), those queries are done by the clients in the background, and without any user intervention. dig allows you to make such queries explicitly from the command-line. This is usually interesting for people that maintain DNS servers and want to test them, or network administrators that want to inspect name resolution in a particular network.

dig is part of the BIND software package, which runs on POSIX platforms, but ports to the Windows platform exist. An alternative tool is nslookup, but dig is usually preferred for its better configurability and scriptability.

This tag should be added to questions that explicitly refer to the dig tool and its workings. Related tags are dns, nslooup, domain-name and bind.

Further information:

223 questions
1
vote
3 answers

How to avoid DNS spoofing for DNS lookup

I am trying to find a way to obtain the real ip addresse(s) for a domain name. I'm working on a router doing traffic shaping with the use of iptables and tc. I then need to setup iptables rules for marking packets coming from certain domains, using…
Mulot
  • 484
  • 5
  • 10
1
vote
0 answers

Dig +trace not working, while +notrace works

I am trying to troubleshoot some DNS issues and I am starting by trying to trace my DNS lookups using dig +trace. Im getting some weird results. If do a normal dig to my unbound resolver. dig @192.168.20.1 +notrace pfsense.org I get a normal…
Marc Henning
  • 11
  • 1
  • 2
1
vote
0 answers

Is there a way to force dig to query an authoritative server?

I often find myself doing: dig www.example.com @$(dig NS example.com +short | head -n 1) It's a bit like doing a dig +trace www.example.com but starting from the NS of example.com instead of starting from a root, so it's faster and less verbose,…
Mandark
  • 251
  • 1
  • 2
  • 8
1
vote
0 answers

Why is ADDITIONAL SECTION missing from my dig response?

I have a couple bind servers recently upgraded to Ubuntu 16.04 (from 14.04). Cron runs dig . ns once a day to grab an updated list of Root servers used in the bind configuration. The script run by cron checks for ADDTIONAL SECTION in the output to…
Server Fault
  • 3,714
  • 12
  • 54
  • 89
1
vote
1 answer

Why does my website's locally retrieved name server appear different from one retrieved online?

My website is not resolving correctly, so I checked the name server via nslookup in PowerShell and see bodis.com. Then I checked online, hoping I checked the same name server, and see domaincontrol.com. Why the discrepancy? Aren't both lookups…
zylstra
  • 153
  • 7
1
vote
2 answers

How to enable dig to show status codes?

With default options dig shows the return status for a DNS query in the comment ;; ->>HEADER<<- ... status: NXDOMAIN: ubuntu:~$ dig hosted-by.myinternetservices.com. ; <<>> DiG 9.11.3-1ubuntu1.2-Ubuntu <<>> hosted-by.myinternetservices.com. ;;…
pabouk - Ukraine stay strong
  • 246
  • 1
  • 7
  • 14
1
vote
1 answer

Why can't 1.1.1.1 resolve a certain name (SERVFAIL)?

I've noticed that the cloudflare nameserver can't resolve certain DNS-names and replies with a SERVFAIL. However, when I run the dig command, I still get a reply. Why is that? $ dig sdo.gsfc.nasa.gov @1.1.1.1 ; <<>> DiG 9.11.4-4-Debian <<>>…
kernash
  • 27
  • 1
1
vote
2 answers

Network Scan, Filtering for Top Level Domain

Greetings, I have a list of 2 /24s worth of IP addresses in seperate text files. What I am interested in doing is finding a way to resolve the hosts of these IP addresses and filter out to display only the top level domain. for example; 192.168.1.1…
Nick O'Neil
  • 1,771
  • 11
  • 10
1
vote
2 answers

Strange DNS host name response

I've recently experienced an XML-RPC attack vs wordpress from a pair of machines for which dig -x returns a very very odd looking result: ;; ANSWER SECTION: 54.249.96.191.in-addr.arpa. 60 IN PTR DEDICATED.SERVER. I've never seen a TLD named…
Gus
  • 127
  • 2
  • 11
1
vote
2 answers

dig (and other tools) only returning A records

I've been trying to work out why the PHP getmxrr() and checkdnsrr() methods do not return successfully for working domains in a number of vagrant VMs that I use. When looking into this further I tried using simple dig commands and I only get an…
Peter Ward
  • 31
  • 4
1
vote
1 answer

Perform authoritative DNS A record lookup with single command?

To get the authoritative A record for the apex of a domain I'm using: $ nslookup -q=ns example.com Server: 194.168.4.100 Address: 194.168.4.100#53 Non-authoritative answer: example.com nameserver = a.iana-servers.net. example.com nameserver…
AJP
  • 143
  • 1
  • 7
1
vote
0 answers

Why is DNS lookup slow to specific domains only?

We're running Windows DNS servers, but they are not authoritative. So we point to caching servers as forwarders. That said, for the following two domains we get a rather long delay in DNS lookup IF the domain hasn't already been cached to our…
Grimzly
  • 86
  • 4
1
vote
2 answers

How to return only empty or "problematic" DNS records for bulk queries

When doing a bulk input of records, I want to verify that I put each in its correct location by doing a bulk query with dig. Dig will spit out all positive results with: dig +noall +answer or dig +short And it gets even closer as noted in an…
Watki02
  • 587
  • 2
  • 12
  • 22
1
vote
1 answer

Performing DNS queries starting with one of the root servers using dig command

I am having trouble understanding the question for my network assignment. The question states: Discover the sequence of DNS servers your local DNS server with empty cache goes through when it find the IP address of www.case.edu by performing a…
Daniel Kobe
  • 313
  • 2
  • 3
  • 8
1
vote
0 answers

In a BIND.. Weird DNS issue

I have now somehow replicated a weird issue with one of my DNS zones on two different servers and with two different versions of ISC BIND. I have a sub-domain delegated to my server. The first time this issue reared its ugly head was for an A…
David Hornsby
1 2 3
14 15