Dig: Difference between revisions
Jump to navigation
Jump to search
Created page with "= dig = '''dig''' (Domain Information Groper) is a powerful command-line DNS lookup tool used to query DNS name servers and retrieve resource records. It is commonly used in reconnaissance to resolve hostnames, enumerate DNS records, test custom name servers, and analyze DNS responses in detail. == <span id="options"></span>Common Options == === Basic Queries === {| class="wikitable" ! Option !! Description |- | <code>A</code> || Query IPv4 address record..." |
|||
| Line 50: | Line 50: | ||
=== <span id="ex-a"></span>Query A Record === | === <span id="ex-a"></span>Query A Record === | ||
<syntaxhighlight lang="bash"> | <syntaxhighlight lang="bash"> | ||
# Query IPv4 address record | |||
dig A example.com | dig A example.com | ||
# Output: | |||
example.com. 300 IN A 93.184.216.34 | |||
</syntaxhighlight> | </syntaxhighlight> | ||
''[[#options|↑ Options]]'' | ''[[#options|↑ Options]]'' | ||
| Line 56: | Line 60: | ||
=== <span id="ex-aaaa"></span>Query AAAA Record === | === <span id="ex-aaaa"></span>Query AAAA Record === | ||
<syntaxhighlight lang="bash"> | <syntaxhighlight lang="bash"> | ||
# Query IPv6 address record | |||
dig AAAA example.com | dig AAAA example.com | ||
# Output: | |||
example.com. 300 IN AAAA 2606:2800:220:1:248:1893:25c8:1946 | |||
</syntaxhighlight> | </syntaxhighlight> | ||
''[[#options|↑ Options]]'' | ''[[#options|↑ Options]]'' | ||
| Line 62: | Line 70: | ||
=== <span id="ex-mx"></span>Query MX Records === | === <span id="ex-mx"></span>Query MX Records === | ||
<syntaxhighlight lang="bash"> | <syntaxhighlight lang="bash"> | ||
# Query mail exchange records | |||
dig MX example.com | dig MX example.com | ||
# Output: | |||
example.com. 300 IN MX 10 mail.example.com. | |||
</syntaxhighlight> | </syntaxhighlight> | ||
''[[#options|↑ Options]]'' | ''[[#options|↑ Options]]'' | ||
| Line 68: | Line 80: | ||
=== <span id="ex-ns"></span>Query Name Servers === | === <span id="ex-ns"></span>Query Name Servers === | ||
<syntaxhighlight lang="bash"> | <syntaxhighlight lang="bash"> | ||
# Query authoritative name servers | |||
dig NS example.com | dig NS example.com | ||
# Output: | |||
example.com. 300 IN NS b.iana-servers.net. | |||
example.com. 300 IN NS a.iana-servers.net. | |||
</syntaxhighlight> | </syntaxhighlight> | ||
''[[#options|↑ Options]]'' | ''[[#options|↑ Options]]'' | ||
| Line 74: | Line 91: | ||
=== <span id="ex-cname"></span>Query CNAME Record === | === <span id="ex-cname"></span>Query CNAME Record === | ||
<syntaxhighlight lang="bash"> | <syntaxhighlight lang="bash"> | ||
# Query canonical name (alias) record | |||
dig CNAME www.example.com | dig CNAME www.example.com | ||
# Output: | |||
www.example.com. 300 IN CNAME example.com. | |||
</syntaxhighlight> | </syntaxhighlight> | ||
''[[#options|↑ Options]]'' | ''[[#options|↑ Options]]'' | ||
| Line 80: | Line 101: | ||
=== <span id="ex-soa"></span>Query SOA Record === | === <span id="ex-soa"></span>Query SOA Record === | ||
<syntaxhighlight lang="bash"> | <syntaxhighlight lang="bash"> | ||
# Query Start of Authority record | |||
dig SOA example.com | dig SOA example.com | ||
# Output: | |||
example.com. 300 IN SOA sns.dns.icann.org. noc.dns.icann.org. 2017042745 7200 3600 1209600 3600 | |||
</syntaxhighlight> | </syntaxhighlight> | ||
''[[#options|↑ Options]]'' | ''[[#options|↑ Options]]'' | ||
| Line 86: | Line 111: | ||
=== <span id="ex-txt"></span>Query TXT Records === | === <span id="ex-txt"></span>Query TXT Records === | ||
<syntaxhighlight lang="bash"> | <syntaxhighlight lang="bash"> | ||
# Query text records | |||
dig TXT example.com | dig TXT example.com | ||
# Output: | |||
example.com. 300 IN TXT "v=spf1 -all" | |||
</syntaxhighlight> | </syntaxhighlight> | ||
''[[#options|↑ Options]]'' | ''[[#options|↑ Options]]'' | ||
| Line 92: | Line 121: | ||
=== <span id="ex-@"></span>Use Specific DNS Server === | === <span id="ex-@"></span>Use Specific DNS Server === | ||
<syntaxhighlight lang="bash"> | <syntaxhighlight lang="bash"> | ||
# Query A record using Google's DNS server | |||
dig @8.8.8.8 A example.com | dig @8.8.8.8 A example.com | ||
# Output: | |||
example.com. 300 IN A 93.184.216.34 | |||
</syntaxhighlight> | </syntaxhighlight> | ||
''[[#options|↑ Options]]'' | ''[[#options|↑ Options]]'' | ||
| Line 98: | Line 131: | ||
=== <span id="ex-short"></span>Simplified Output === | === <span id="ex-short"></span>Simplified Output === | ||
<syntaxhighlight lang="bash"> | <syntaxhighlight lang="bash"> | ||
# Return only the IP address | |||
dig +short A example.com | dig +short A example.com | ||
# Output: | |||
93.184.216.34 | |||
</syntaxhighlight> | </syntaxhighlight> | ||
''[[#options|↑ Options]]'' | ''[[#options|↑ Options]]'' | ||
| Line 104: | Line 141: | ||
=== <span id="ex-noall"></span>Show Only Answer Section === | === <span id="ex-noall"></span>Show Only Answer Section === | ||
<syntaxhighlight lang="bash"> | <syntaxhighlight lang="bash"> | ||
# Suppress all sections except the answer | |||
dig +noall +answer A example.com | dig +noall +answer A example.com | ||
# Output: | |||
example.com. 300 IN A 93.184.216.34 | |||
</syntaxhighlight> | </syntaxhighlight> | ||
''[[#options|↑ Options]]'' | ''[[#options|↑ Options]]'' | ||
| Line 110: | Line 151: | ||
=== <span id="ex-timeout"></span>Set Timeout === | === <span id="ex-timeout"></span>Set Timeout === | ||
<syntaxhighlight lang="bash"> | <syntaxhighlight lang="bash"> | ||
# Set DNS query timeout to 2 seconds | |||
dig +timeout=2 A example.com | dig +timeout=2 A example.com | ||
# Output: | |||
example.com. 300 IN A 93.184.216.34 | |||
</syntaxhighlight> | </syntaxhighlight> | ||
''[[#options|↑ Options]]'' | ''[[#options|↑ Options]]'' | ||
| Line 116: | Line 161: | ||
=== <span id="ex-retries"></span>Set Number of Retries === | === <span id="ex-retries"></span>Set Number of Retries === | ||
<syntaxhighlight lang="bash"> | <syntaxhighlight lang="bash"> | ||
# Limit query retries to 1 attempt | |||
dig +tries=1 A example.com | dig +tries=1 A example.com | ||
# Output: | |||
example.com. 300 IN A 93.184.216.34 | |||
</syntaxhighlight> | </syntaxhighlight> | ||
''[[#options|↑ Options]]'' | ''[[#options|↑ Options]]'' | ||
| Line 122: | Line 171: | ||
=== <span id="ex-tcp"></span>Force TCP Query === | === <span id="ex-tcp"></span>Force TCP Query === | ||
<syntaxhighlight lang="bash"> | <syntaxhighlight lang="bash"> | ||
# Force DNS query over TCP | |||
dig +tcp A example.com | dig +tcp A example.com | ||
# Output: | |||
example.com. 300 IN A 93.184.216.34 | |||
</syntaxhighlight> | </syntaxhighlight> | ||
''[[#options|↑ Options]]'' | ''[[#options|↑ Options]]'' | ||
Latest revision as of 23:36, 29 May 2025
dig[edit | edit source]
dig (Domain Information Groper) is a powerful command-line DNS lookup tool used to query DNS name servers and retrieve resource records. It is commonly used in reconnaissance to resolve hostnames, enumerate DNS records, test custom name servers, and analyze DNS responses in detail.
Common Options[edit | edit source]
Basic Queries[edit | edit source]
| Option | Description |
|---|---|
A |
Query IPv4 address record |
AAAA |
Query IPv6 address record |
MX |
Query mail exchange record |
NS |
Query authoritative name servers |
CNAME |
Query canonical name record (alias) |
SOA |
Query start of authority record |
TXT |
Query text records (commonly used for SPF, DKIM, etc.) |
Query Control[edit | edit source]
| Option | Description |
|---|---|
@[SERVER] |
Specify DNS server to query |
+short |
Return simplified output (good for scripts) |
+noall |
Suppress all sections of the output |
+answer |
Show only the answer section |
+timeout=[SEC] |
Set query timeout in seconds |
+tries=[NUM] |
Set number of query attempts |
+tcp |
Use TCP instead of UDP for the query |
+nocomments |
Omit comments from output |
Examples[edit | edit source]
Query A Record[edit | edit source]
# Query IPv4 address record
dig A example.com
# Output:
example.com. 300 IN A 93.184.216.34Query AAAA Record[edit | edit source]
# Query IPv6 address record
dig AAAA example.com
# Output:
example.com. 300 IN AAAA 2606:2800:220:1:248:1893:25c8:1946Query MX Records[edit | edit source]
# Query mail exchange records
dig MX example.com
# Output:
example.com. 300 IN MX 10 mail.example.com.Query Name Servers[edit | edit source]
# Query authoritative name servers
dig NS example.com
# Output:
example.com. 300 IN NS b.iana-servers.net.
example.com. 300 IN NS a.iana-servers.net.Query CNAME Record[edit | edit source]
# Query canonical name (alias) record
dig CNAME www.example.com
# Output:
www.example.com. 300 IN CNAME example.com.Query SOA Record[edit | edit source]
# Query Start of Authority record
dig SOA example.com
# Output:
example.com. 300 IN SOA sns.dns.icann.org. noc.dns.icann.org. 2017042745 7200 3600 1209600 3600Query TXT Records[edit | edit source]
# Query text records
dig TXT example.com
# Output:
example.com. 300 IN TXT "v=spf1 -all"Use Specific DNS Server[edit | edit source]
# Query A record using Google's DNS server
dig @8.8.8.8 A example.com
# Output:
example.com. 300 IN A 93.184.216.34Simplified Output[edit | edit source]
# Return only the IP address
dig +short A example.com
# Output:
93.184.216.34Show Only Answer Section[edit | edit source]
# Suppress all sections except the answer
dig +noall +answer A example.com
# Output:
example.com. 300 IN A 93.184.216.34Set Timeout[edit | edit source]
# Set DNS query timeout to 2 seconds
dig +timeout=2 A example.com
# Output:
example.com. 300 IN A 93.184.216.34Set Number of Retries[edit | edit source]
# Limit query retries to 1 attempt
dig +tries=1 A example.com
# Output:
example.com. 300 IN A 93.184.216.34Force TCP Query[edit | edit source]
# Force DNS query over TCP
dig +tcp A example.com
# Output:
example.com. 300 IN A 93.184.216.34