Dig

digDig is a powerful Linux tool and today I’ll demonstrate some useful everyday examples including a reverse lookup, zone transfer, and how to find the SOA (start of authority) in a zone file.

So what is dig?

«dig (domain information groper) is a flexible tool for interrogating DNS name servers.»

A simple example

How to find the IP address (A record) associated with a domain:

Which outputs:

75.127.99.28

Reverse lookup example

How to find the domain name associated with an IP address:

Which outputs:

zoe.asmallorange.com.

(For more information remove +short)

Zone transfer example

First, find the name server to query:

Which outputs:

ns1.asmallorange.com.
ns2.asmallorange.com.

Then:

Which outputs:

; <<>> DiG 9.3.4-P1 <<>> -t axfr @ns1.asmallorange.com tomhayman.co.uk
; (1 server found)
;; global options:  printcmd
; Transfer failed.

But the transfer failed!  This is normally due to security settings on the name server.  Sometimes you can request this to be removed, although most providers prevent it.

However, some organisations allow this behaviour.  One of them is Wikipedia

So if we try the process again:

Which outputs:

ns0.wikimedia.org.

Then:

Which outputs:

; <<>> DiG 9.3.4-P1 <<>> -t axfr @ns0.wikimedia.org wikipedia.org
; (1 server found)
;; global options:  printcmd
wikipedia.org.          86400   IN      SOA     ns0.wikimedia.org. hostmaster.wikimedia.org. 2010082803 43200 7200 1209600 3600
wikipedia.org.          3600    IN      A       208.80.152.2
wikipedia.org.          86400   IN      NS      ns0.wikimedia.org.
wikipedia.org.          86400   IN      NS      ns1.wikimedia.org.
wikipedia.org.          86400   IN      NS      ns2.wikimedia.org.
wikipedia.org.          3600    IN      MX      50 lists.wikimedia.org.

(N.B. I used head to output the first 10 lines only as wikipedia.org has thousands of CNAME’s)

Start of authority (SOA) example

Find the SOA record in a zone file:

Which outputs:

wikipedia.org.          1589 IN A 208.80.152.2
wikipedia.org.          84389 IN NS ns0.wikimedia.org.
wikipedia.org.          84389 IN SOA ns0.wikimedia.org. hostmaster.wikimedia.org. (
2010082803 ; serial
43200      ; refresh (12 hours)
7200       ; retry (2 hours)
1209600    ; expire (2 weeks)
3600       ; minimum (1 hour)
)
wikipedia.org.          1589 IN MX 50 lists.wikimedia.org.

Dig can do a lot more than the examples I’ve illustrated today.  You can build some useful scripts with it too, which I’ll demonstrate at another time.