Dig is a powerful Linux tool and today I’ll demonstrate some useful everyday examples including a reverse lookup, zone transfer, and how to find the SOA (start of authority) in a zone file.

So what is dig?

man dig

«dig (domain information groper) is a flexible tool for interrogating DNS name servers.»

A simple example

How to find the IP address (A record) associated with a domain:

dig tomhayman.co.uk +short

Which outputs:

75.127.99.28

Reverse lookup example

How to find the domain name associated with an IP address:

dig -x 75.127.99.28 +short

Which outputs:

zoe.asmallorange.com.

(For more information remove +short)

Zone transfer example

First, find the name server to query:

dig ns tomhayman.co.uk +short

Which outputs:

ns1.asmallorange.com.
ns2.asmallorange.com.

Then:

dig -t axfr @ns1.asmallorange.com tomhayman.co.uk

Which outputs:

; <<>> DiG 9.3.4-P1 <<>> -t axfr @ns1.asmallorange.com tomhayman.co.uk
; (1 server found)
;; global options:  printcmd
; Transfer failed.

But the transfer failed!  This is normally due to security settings on the name server.  Sometimes you can request this to be removed, although most providers prevent it.

However, some organisations allow this behaviour.  One of them is Wikipedia

So if we try the process again:

dig ns wikipedia.org +short

Which outputs:

ns0.wikimedia.org.

Then:

dig -t axfr @ns0.wikimedia.org wikipedia.org | head -n 10

Which outputs:

; <<>> DiG 9.3.4-P1 <<>> -t axfr @ns0.wikimedia.org wikipedia.org
; (1 server found)
;; global options:  printcmd
wikipedia.org.          86400   IN      SOA     ns0.wikimedia.org. hostmaster.wikimedia.org. 2010082803 43200 7200 1209600 3600
wikipedia.org.          3600    IN      A       208.80.152.2
wikipedia.org.          86400   IN      NS      ns0.wikimedia.org.
wikipedia.org.          86400   IN      NS      ns1.wikimedia.org.
wikipedia.org.          86400   IN      NS      ns2.wikimedia.org.
wikipedia.org.          3600    IN      MX      50 lists.wikimedia.org.

(N.B. I used head to output the first 10 lines only as wikipedia.org has thousands of CNAME’s)

Start of authority (SOA) example

Find the SOA record in a zone file:

dig +nocmd wikipedia.org any +multiline +noall +answer

Which outputs:

wikipedia.org.          1589 IN A 208.80.152.2
wikipedia.org.          84389 IN NS ns0.wikimedia.org.
wikipedia.org.          84389 IN SOA ns0.wikimedia.org. hostmaster.wikimedia.org. (
2010082803 ; serial
43200      ; refresh (12 hours)
7200       ; retry (2 hours)
1209600    ; expire (2 weeks)
3600       ; minimum (1 hour)
)
wikipedia.org.          1589 IN MX 50 lists.wikimedia.org.

Dig can do a lot more than the examples I’ve illustrated today.  You can build some useful scripts with it too, which I’ll demonstrate at another time.