Using dig (DNS Lookup) on Linux

dig is the CLI you reach for when something's off with DNS — checking records, debugging resolvers, or just confirming what a domain points to. Here's a tour of the bits I actually use day-to-day.

Installing dig

First, check whether dig is installed and what version you're on:

bash

1dig -v

Sample output:

bash

1root@linuxpedi:~# dig -v2DiG 9.16.1-Ubuntu

If it's missing, install it for your distro:

Ubuntu / Debian:

bash

1apt install dnsutils

CentOS / Fedora:

bash

1yum install bind-utils

Reading dig output

Once it's installed, the simplest invocation is just the domain:

bash

1dig linuxpedi.com

bash

1; <<>> DiG 9.16.1-Ubuntu <<>> linuxpedi.com2;; global options: +cmd3;; Got answer:4;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26845;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 167;; OPT PSEUDOSECTION:8; EDNS: version: 0, flags:; udp: 654949;; QUESTION SECTION:10;linuxpedi.com.                 IN      A1112;; ANSWER SECTION:13linuxpedi.com.          271     IN      A       34.141.144.1431415;; Query time: 0 msec16;; SERVER: 127.0.0.53#53(127.0.0.53)17;; WHEN: Fri Sep 03 16:12:32 +03 202118;; MSG SIZE  rcvd: 58

Walking through the output section by section:

The first line shows the dig version and the domain being queried. The second line shows the global options (just cmd by default).

bash

1; <<>> DiG 9.16.1-Ubuntu <<>> linuxpedi.com2;; global options: +cmd

If you don't want this in the output, add +nocmd — it has to be the first option after dig.

The next block is the technical metadata about the response. The header shows the opcode (what dig did) and the status of that operation. In this case, the status is NOERROR, meaning the DNS query came back without issues.

bash

1;; Got answer:2;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 371593;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 5

You can hide this with +nocomments.

The QUESTION SECTION echoes the query you sent. By default dig asks for the A record.

bash

1;; QUESTION SECTION:2;linuxpedi.com.                 IN      A

+noquestion turns this off.

The ANSWER SECTION is the actual response. Since we asked for the A record by default, that's what we get back. (An A record maps a domain to an IPv4 address.)

bash

1;; ANSWER SECTION:2linuxpedi.com.          271     IN      A       34.141.144.143

You almost never want to hide this, but +noanswer is there if you do.

The last block is query stats:

bash

1;; Query time: 0 msec2;; SERVER: 127.0.0.53#53(127.0.0.53)3;; WHEN: Fri Sep 03 16:12:32 +03 20214;; MSG SIZE  rcvd: 58

Useful flags

+short — just the IP, nothing else. Great for scripting:

bash

1root@linuxpedi:~# dig linuxpedi.com +short234.141.144.143

+noall +answer — keep just the ANSWER section, drop the rest:

bash

1root@linuxpedi:~# dig linuxpedi.com +noall +answer2linuxpedi.com.          19      IN      A       34.141.144.143

@<server> — query a specific resolver instead of the system default. Handy for sanity-checking against Google DNS or Cloudflare:

bash

1dig linuxpedi.com @8.8.8.8

Querying different record types

CNAME:

bash

1dig +nocmd mail.google.com cname +noall +answer

bash

1root@linuxpedi:~# dig +nocmd mail.google.com cname +noall +answer2mail.google.com.        21600   IN      CNAME   googlemail.l.google.com.

TXT:

bash

1dig +nocmd linuxpedi.com txt +noall +answer

bash

1root@linuxpedi:~# dig +nocmd linuxpedi.com txt +noall +answer2linuxpedi.com.          14400   IN      TXT     "v=spf1 redirect=_spf.yandex.net"3linuxpedi.com.          14400   IN      TXT     "yandex-verification: 58dc73d576a09a54"4linuxpedi.com.          14400   IN      TXT     "google-site-verification=uuG-tMzOMkBPCl4iWB38PqrCYBOyqwUmbFte1dQ7M8g"

MX (mail):

bash

1dig +nocmd linuxpedi.com mx +noall +answer

bash

1root@linuxpedi:~# dig +nocmd linuxpedi.com mx +noall +answer2linuxpedi.com.          14400   IN      MX      10 mx.yandex.net.

NS (nameserver):

bash

1dig +nocmd linuxpedi.com ns +noall +answer

bash

1root@linuxpedi:~# dig +nocmd linuxpedi.com ns +noall +answer2linuxpedi.com.          21600   IN      NS      ns1.dns-parking.com.3linuxpedi.com.          21600   IN      NS      ns2.dns-parking.com.

All records at once with any:

bash

1dig +nocmd sametkum.com any +noall +answer

bash

1root@linuxpedi:~# dig +nocmd sametkum.com any +noall +answer2sametkum.com.           14400   IN      A       185.224.138.163sametkum.com.           21600   IN      NS      ns1.hostinger.web.tr.4sametkum.com.           21600   IN      NS      ns2.hostinger.web.tr.5sametkum.com.           21600   IN      NS      ns3.hostinger.web.tr.6sametkum.com.           21600   IN      NS      ns4.hostinger.web.tr.7sametkum.com.           21600   IN      SOA     ns1.hostinger.web.tr. dns.hostinger.com. 2019031200 28800 7200 604800 864008sametkum.com.           14400   IN      MX      10 mx1.hostinger.web.tr.9sametkum.com.           900     IN      TXT     "google-site-verification=PxYATQZ-vM5fVP02aQ8VYPIBvnPjpGYRT8TUbVxWVj8"10sametkum.com.           900     IN      TXT     "v=spf1 include:_spf.mail.hostinger.com ~all"11sametkum.com.           14400   IN      AAAA    2a02:4780:8:263:0:1b50:5833:512sametkum.com.           14400   IN      CAA     0 issue "comodoca.com"13sametkum.com.           14400   IN      CAA     0 issue "digicert.com"14sametkum.com.           14400   IN      CAA     0 issue "globalsign.com"15sametkum.com.           14400   IN      CAA     0 issue "letsencrypt.org"16sametkum.com.           14400   IN      CAA     0 issue "sectigo.com"17sametkum.com.           14400   IN      CAA     0 issuewild "comodoca.com"18sametkum.com.           14400   IN      CAA     0 issuewild "digicert.com"19sametkum.com.           14400   IN      CAA     0 issuewild "globalsign.com"20sametkum.com.           14400   IN      CAA     0 issuewild "letsencrypt.org"21sametkum.com.           14400   IN      CAA     0 issuewild "sectigo.com"