Troubleshooting DNS with dig

Using the dig (domain information groper) command, you can query the specific DNS servers and specific records on those servers.

Installing Dig

You may already have dig installed. To find out, run the following command in a terminal window:

	which dig

If you receive a message that the system couldn't find dig, it's easy to install.

Ubuntu and Debian

For Ubuntu, Debian, and other distributions that use the apt package manager, run:

	sudo aptitude install dnsutils

CentOS, Red Hat, Fedora

For CentOS, Red Hat, Fedora, and other distributions using the yum package manager, run:

	sudo yum install bind-utils

Dig Basics

The basics of the dig command are very simple. Let's start looking at the DNS records for Googleâ„¢:

# dig

The response from this command is similar to the following:

	; <<>> DiG 9.3.4 <<>>
	;; global options:  printcmd
	;; Got answer:
	;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10147
	;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 4, ADDITIONAL: 4

	;                    IN      A

	;; ANSWER SECTION:             103     IN      A             103     IN      A             103     IN      A

	;; AUTHORITY SECTION:             71923   IN      NS             71923   IN      NS             71923   IN      NS             71923   IN      NS

	;; ADDITIONAL SECTION:         300836  IN      A         300836  IN      A         300836  IN      A         300836  IN      A

	;; Query time: 1 msec
	;; WHEN: Mon Oct  8 09:41:18 2007
	;; MSG SIZE  rcvd: 212

Take it a section at a time and the output is actually very informative and easy to navigate:

  • HEADER - Contains general information about the query.
  • QUESTION SECTION - Lists the queried record.
  • ANSWER SECTION - Lists the servers that responded to the domain along with the IP addresses.
  • AUTHORITY SECTION - Lists the name servers being used by
  • ADDITIONAL SECTION - Lists the IP addresses of the name servers found in the Authority section.

Cached Information

The information in the ANSWER is derived from the cache of the local DNS servers. The caching of records is determined by the TTL set for the record. If a record has a TTL of 24 hours, then other name servers will only look for a new record once a day. However, if you lower the TTL to 5 minutes at least 24 hours in advance of making changes, other name servers will retreive a new recrod every 5 minutes.

Making a Direct Query

You can also query the DNS server directly. Look at the Authority section in the Google output above. It lists four name servers and you can query one of them directly. For example:

	# dig

Notice that the specified name server must be prefixed with the @ symbol.

The output is the same, but notice the HEADER:

	; <<>> DiG 9.3.4 <<>>

You are now directly querying the name server, which will show any changes made that had not been fully propagated.

This is the key to checking any DNS changes you've made in the Cloud Control Panel. Querying the records directly will show the changes before they are fully propagated.

Querying Records

To query a record, append the desired record type (for example MX) to the query:

# dig MX

The dig query responds with the following answer:

	;              IN     MX

	;; ANSWER SECTION:         10800  IN     MX     10         10800  IN     MX     10         10800  IN     MX     10         10800  IN     MX     10

You can do this with any type of record by appending the record type to the command. For example, enter the following to query for NS records only:

	# dig NS

For More Information on dig, enter the following command to display the dig man page:

	# man dig

Related Information

Learn More About DNS

© 2015 Rackspace US, Inc.

Except where otherwise noted, content on this site is licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Unported License

See license specifics and DISCLAIMER