System Administrators do a hell of a job every time. Even the most basic sysadmin job requirement of being on-call 24/7 is something I appreciate beyond limits. But we aren’t here to dive into their job profiles; instead, check their weapon of choice to troubleshoot DNS issues.
What are Dig Commands?
Short for Domain Information Groper, Dig commands are one of the fastest methods to query DNS servers about what’s working and what isn’t. You can check the server IP address, name servers, mail exchange, inquire TTL, etc., with easy-to-remember texts. Before starting with a few basic dig commands, please check if you have dig utilities installed: This should return with the result indicating the dig version, like this: If you don’t get a similar response, you need to install Dig utilities first. For people using Ubuntu and Debian, type: And use: …if you are on CentOS or RHEL. Next, run dig -v to ensure the installation went smoothly. Finally, jump to the following sections to check out a few Dig commands to help you as a sysadmin.
Check the IP address
This is one of the simplest where we check the server IP address underpinning a domain name. dig geekflare.com is the iteration we’ll begin with. The first important thing is the status: NOERROR in the Got answer section at the top. This tells us it went well without any issues. But the information for which we made this query is the server IP address. It’s mentioned in the Answer section 172.66.40.93 (the primary server) and 172.66.43.163 (the fail-safe). In addition, your original query statement sits under the Question section. The last section gives a few statistics about the query. But that’s an awful lot of information, not needed every time. Ergo, you can fetch a cleaner response to this query by entering: Here we deny everything by the +noall, only to allow the expected answer with the +answer. One can get an even more brief response by using: This was the basic query returning the DNS A record; let’s see a few more.
Find specific DNS records
Nameservers, the authoritative DNS server for a domain, can be found by the ns variable. Similarly, the mx variable responds with the mail servers along with their priorities. In the same fashion, txt, aaaa, cname, etc., can be used as dig command variables to return different DNS records.
Trace DNS
As evident by the heading, Trace DNS checks the path from the root nameservers, authoritative nameservers, up to the domain IP address. Alternatively, you can get a short answer by using +short or +noall +answer variables.
Reverse DNS lookup
Reverse DNS lookup reveals the PTR record associated with the IP address. It’s the opposite of a DNS A record and matches the IP addresses to the domain name. However, there will be no answer section if a domain name has no DNS PTR record. The command at play here is dig -x IP address. As you can see, the domain name in the Answer section, media-router-fp74.prod.media.vip.bf1.yahoo.com/, is linked with its primary IP address 74.6.143.26. And visiting this URL will actually send you to the Yahoo search homepage. However, this may not be true for all web hosts; in some cases, these ugly, long URLs don’t resolve anything.
Querying Specific DNS Servers
Sometimes you want to ping a specific server for DNS queries. One can easily achieve that by adding @DNS server IP address, choosing any DNS server for a particular query. You can verify this in the stats section, which mentions Server: 1.1.1.1, which belongs to Cloudflare. Similarly, one can query Google DNS servers (8.8.8.8):
Let’s Dig it Up ⛏️
As the name speaks, these are used to dig out DNS information and identify related problems. Dig commands are usually fast at work and easy to memorize. Not to mention, you can also install dig utilities on Mac and Windows, making them universal in their application. PS: While you’re here, it would be criminal not to introduce you to the Geekflare Sysadmin library, a one-stop solution hub for your sysadmin headaches.