Quick Tips #4: Dig Command

Using the dig command to troubleshoot DNS problems.

The package dnsutils provides the dig command (Debian based OS). For Red Hat Based OS, install bind-utils.

Debian OS Based:

apt install dnsutils

Red Hat OS Based:

yum install dnsutils

Basic Commands

Basically the dig command resolves a DNS name. It is similar to the nslookup command.

We have too much information here. Let's see the main information:

That is the part where your device asks your DNS server: What is the IPv4 address for google.com?

Here is the answer from your DNS Server: The IPv4 for google.com is 172.217.162.110.

Lastly, we have some information for troubleshooting/audit.

Query time: How long the query lasted.

Server: Which DNS server was used.

When: Date/Time

MSG Size rcvd: Size of the message received from the DNS Server

If you are not sure if you have problemas with your DNS Server provided by your ISP, you can query another DNS server. Just use the character @.

Look at the end of the result.

SERVER: 8.8.8.8

You just want to know the IP address? Simplify the result:

The default query is for an A record. We have many DNS records. You can check here:

List of DNS record types

If you want to know a different record, just mention it anywhere on the command.

Bonus!

There is a parameter to transfer a zone from a domain. It is a simple, and stupid, vulnerability on a DNS server which should be avoided by sysadmins.

You can check it on a well known domain that allows you to test the command. The zonetransfer.me domain.

All the records were downloaded by a simple command. It can show confidential URLs and like I said before, should be avoided. Zone transfers should be done only between DNS servers in a cluster.

That’s it! I hope it can help you.

See ya!