Commands

Dig Command in Linux Explained

Dig command in Linux is commonly used for retrieving the DNS information of a remote server. Learn how to use the dig command and understand its output.

Helder
Helder

The ‘dig’ command is commonly used among system/network administrators in Linux. It is an acronym for ‘Domain Information Groper’ and it’s intended to query the DNS of a given server and allows to know the answers from the queried domain servers.

Let’s see how the command works and how to understand its output:

Image
dig command execution

The very first line outputs the version of the program (9.11.3) and indicates from where to where it is the query being launched. In this case it’s from my ubuntu machine to linuxhandbook.com server.

Then it displays the answer obtained by the (domain) server. It displays the address that the name linuxhandbook.com in an A record type is being pointed. This could be or could be not be the IP address of the server, because if something uses a DNS firewall or a “façade” server for security purposes or filter, we would see that first, but this is not the case with linuxhandbook.com server. In many cases, dig is good enough to find the IP address of a website.

Lastly it will give stats about the query, which can be useful if we are assessing the speed involved in the query.

OK, but what is the usage or value of the Dig command?

Well, in reality it is useful depending on what type of information you are looking for. Keep in mind you have to know a little bit about DNS first, like what type of DNS records exist and what are they used for.

A common example would be to know where does a particular domain hosts its emails. In this case:

Image 1
using dig to know what’s the mx record of a domain

We try to ‘dig’ the MX record for the domain microsoft.com, as we would like to know where it is hosted. We see it replies it is:

microsoft-com.mail.protection.outlook.com.

This is Microsoft’s email protection service, which they use to protect anything coming in and coming out of the domain microsoft.com via email, and this way prevent viruses, trojans, spam, etc.

What if I want to know more about an IP?

That’s another usage of the ‘dig’ command. If you pass it like this:

Image 2
dig an IP

You can then know more about an specific IP. In this case, we used linuxhandbook.com’s reported IP with the “-x” and it replied saying that IP belongs to cloudwayapps.com which is part of Cloudways service, the current hosting company for our linuxhandbook.com website.

Multiple digging

You can even use it to ‘dig’ several domains at the same time, by simply putting the list of domains you wish to know more information about:

Image 3
dig multiple domains

In conclusion, the ‘dig’ command allows you to basically drill down information about a particular domain and/or IP, and know more about its DNS settings. The combination of options is the most important part and basically you can always use the man pages for the command to know more about the different operators and what they can give you. I simplified the most commonly usages but there is plenty to dig for in this command!



Join the conversation.