'dig' - Notes

Install:

sudo yum install bind-utils
sudo apt-get install dnsutil
sudo apk add bind-tools

 

Query for a specific record type or types:

dig bbc.co.uk A
dig bbc.co.uk AAAA
dig bbc.co.uk DNSKEY
dig bbc.co.uk MX
dig bbc.co.uk NS
dig bbc.co.uk SOA
dig bbc.co.uk TXT
dig bbc.co.uk A AAAA MX NS TXT # Multiple types works on Linux but not on Mac

 

Query for all record types:

dig bbc.co.uk all

 

Suppress all output with +noall and then enable only the query response output with +answer, dig defaults to A record type queries:

dig bbc.co.uk +noall +answer
dig bbc.co.uk +noall +answer MX

 

Only print the record value each record returned:

dig bbc.co.uk +short AAAA
dig +short -x 1.1.1.1

 

Trace the DNS query from the DNS root servers down:

dig -x 8.8.8.8 +trace

 

Perform a reverse DNS lookup:

dig -x 8.8.8.8 +short

 

Query against a specific DNS server:

dig @1.1.1.1 bbc.co.uk

 

Dig using a specific port:

dig @localhost -p 53 www.google.de

 

Check DNSSEC:

# Get the zone signing key (record 256) and key signing key (record 257) for a domain
dig DNSKEY 53bits.co.uk  @127.0.0.1 -p 5353

# Get the hash of the DNSKEY
dig DS 53bits.co.uk @127.0.0.1 -p 5353

# Get a record under this domain
dig AAAA null.53bits.co.uk @127.0.0.1 -p 5353

# Get the signature of the RRset under this domain (made with the ZSK) which contains the previous AAAA record (an others):
dig RRSIG null.53bits.co.uk @127.0.0.1 -p 5353

 

---