Tutorial

How to Retrieve DNS Information Using Dig

How to Retrieve DNS Information Using Dig

dig is a command-line DNS diagnostic tool from BIND. It retrieves and displays various DNS properties of a hostname or IP address, such as its DNS records and authoritative name servers.

Installing dig

You can install dig on most operating systems by downloading the latest version of BIND 9 from BIND’s website, or from the command line using a package manager. Click your operating system’s tab below to view instructions on how to install dig.

Windows

To install dig for Windows, go to BIND’s website and download the most current version of BIND 9. Extract the downloaded file and double-click the BINDinstall icon in the newly created directory.

On the BIND 9 Installer screen, verify that the target directory is set to C:\Program Files\ISC BIND 9 (or C:\Program Files (x86)\ISC BIND 9 if you are using an x86 architecture) and select the Tools Only check box. Then click Install.

Once you’ve installed BIND 9, you need to add BIND to your system’s paths to make dig available from the command line. To add the path to your system, open the Windows Control Panel and then open your System Properties. In the Advanced tab, click Environment Variables.

Under System Variables, select the Path variable and then click Edit.

In the Edit environment variable screen, click New and enter the new path C:\Program Files\ISC BIND 9\bin (or C:\Program Files (x86)\ISC BIND 9 if you are using an x86 architecture). Once you’ve added the path, click OK.

In the Edit Variables window, click OK. In the System properties window, click OK.

Once you’ve added the path variable, open a new Command Prompt window and verify dig’s installation by running the dig -v command. dig should return version information about itself. If the command returns anything other than version information, verify your path variable configuration.

macOS

dig is usually installed by default on macOS systems and you can access it from the Terminal command line with no additional installation. Run the dig -v command in Terminal to verify dig’s installation. If the command returns anything other than dig’s version information, you need to install BIND.

To install BIND on macOS using Homebrew, first verify Homebrew’s installation by running the following command:

brew -v

If the command returns anything other than brew’s version information, you may need to install Homebrew.

To install Homebrew, use the following command:

/usr/bin/ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"

Once you’ve installed Homebrew, use the following command to install BIND:

brew install bind

Once you’ve installed BIND, run the dig -v command again to verify dig’s installation.

Linux

dig is usually installed by default on Linux systems and you can accessed it from the command line with no additional installation. Run the dig -v command to verify dig’s installation. If the command returns anything other than dig’s version information, you may need to install dnsutils.

To install dnsutils on Linux using apt-get, run the following commands:

sudo apt-get update
sudo apt-get install dnsutils

Once you’ve installed dnsutils, run the dig -v command again to verify dig’s installation.

Common dig Commands

Below are some common dig commands to retrieve DNS information about a hostname. You can run any of the following examples in a terminal to see the output:

Command Example Description
dig <hostname> dig example.com Returns the A records found at a hostname.
dig <hostname> any dig example.com any Returns all records for a hostname, including NS and SOA records.
dig @<name server address> <hostname> <record type> dig @ns1.digitalocean.com example.com MX Queries a hostname’s name server directly instead of your ISP’s resolver. Include the record type parameter to retrieve records of a specific type at a hostname. DigitalOcean’s name server addresses are: ns1.digitalocean.com, ns2.digitalocean.com, and ns3.digitalocean.com
dig <hostname> <record type> dig example.com NS Only returns the records of a specified type at a hostname.
dig <hostname> +short dig example.com +short Only returns the IP addresses for all A records at a hostname.
dig <hostname> +trace dig example.com +trace Adding +trace instructs dig to resolve the query from the root name server and return information from each server queried in the delegation chain.

dig commands return one or multiple sections of information about the hostname’s DNS records depending on the syntax of your query. In the example below, dig returned results for the query dig example.com:

; <<>> DiG 9.10.6 <<>> example.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50169
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 5

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION
;example.com.			IN	A

;; ANSWER SECTION:
example.com.		6108	IN	A	93.184.216.34

;; AUTHORITY SECTION:
example.com.		52437	IN	NS	b.iana-servers.net.
example.com.		52437	IN	NS	a.iana-servers.net.

;; ADDITIONAL SECTION:
a.iana-servers.net.	195	IN	A	199.43.135.53
a.iana-servers.net.	195	IN	AAAA	2001:500:8f::53
b.iana-servers.net.	195	IN	A	199.43.133.53
b.iana-servers.net.	195	IN	AAAA	2001:500:8d::53

The most relevant sections for users tend to be the following:

  • Question Section: A reaffirmation of the query made to the DNS. In the example above, dig queried the hostname example.com and requested information about the hostname’s A records.

  • Answer Section: The records returned by the query. The answer section usually contains the most relevant information for dig users. In the example above, dig returned the A record for the IP address 204.13.248.106.

  • Authority Section: The authoritative name servers that host the hostname’s records. This can be helpful in verifying a hostname’s current delegation. For more information about how to delegate your hostname to point at DigitalOcean’s name servers, see our community tutorial.

  • Additional Section: Any extra information the resolver may have passed along with the answer. In the example above, the resolver passed along the IP addresses for example.com’s name servers in addition to the answer of the original query.

Thanks for learning with the DigitalOcean Community. Check out our offerings for compute, storage, networking, and managed databases.

Learn more about our products

About the authors
Default avatar
dbrian

author


Default avatar

staff technical writer

hi! i write do.co/docs now, but i used to be the senior tech editor publishing tutorials here in the community.


Still looking for an answer?

Ask a questionSearch for more help

Was this helpful?
 
Leave a comment


This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Try DigitalOcean for free

Click below to sign up and get $200 of credit to try our products over 60 days!

Sign up

Join the Tech Talk
Success! Thank you! Please check your email for further details.

Please complete your information!

Featured on Community

Get our biweekly newsletter

Sign up for Infrastructure as a Newsletter.

Hollie's Hub for Good

Working on improving health and education, reducing inequality, and spurring economic growth? We'd like to help.

Become a contributor

Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.

Welcome to the developer cloud

DigitalOcean makes it simple to launch in the cloud and scale up as you grow — whether you're running one virtual machine or ten thousand.

Learn more