dig is the current diagnostic DNS diagostic tool of preference but as previously noted is not always widely available. You may still need to use nslookup.
dig has both a command line and a batch mode (no interactive mode like nslookup). In general the command line of dig is more powerful than nslookup (even allowing multiple queries in a single line) and the batchmode makes running check files a breeze. dig offers a daunting array of options but the following are simple examples:
# get the A record for any record without a label # but will always return the SOA record for the domain dig example.com # get the MX record for the domain dig example.com mx # get the A record for the host dig www.example.com # get all domain records if allowed dig example.com axfr # get all records with no label for the domain dig example.com any # typically returns SOA, NS, MX and domain SPF if defined
The following is the generic dig command format:
dig [@dns] domain [[-c ]q-type] [[-t ]q-class] [+q-opt] [-d-opt] [%comment]
Note: In general dig uses a mixture of positional/contextual arguments and identified options (i.e. identified with a option value @, -, +) to keep simple queries - simple! There are times when it is necessary to disambiguate the q-type and q-class option and to cover this case both can be specified in an identified option format (see examples).
Parameters in bone-chilling detail:
Parameter | Value | Description |
dns | - | optional name or IP address (IPv4 or IPv6 format) of the DNS server to be used for the query. Default is defined in /etc/resolv.conf for *nix systems. If present must be preceded by commercial at (@) e.g.
dig @192.168.2.53 www.example.com |
domain | - | name or IP address (IPv4 or IPv6 format) of the target - may be a host or domain name depending on context (see examples). |
q-type | a any axfr hinfo mx ns soa srv wks |
Defines the type of record to return. May be optionally preceded with -t in the identified option format. Most values are self explanatory but to get a full listing of all the domain records use the axfr option. This feature may be disallowed by the allow-transfer BIND9 option in which case the command will fail with Connection refused. |
q-class | in any hesiod chaos |
in is the default option. May be optionally preceded with -c in the identified option format. NB any is a valid option for both q-type and q-class and to ensure the correct value is used (to disambiguate in the jargon) always specify both q-type and q-class when using this format e.g.:
# this will get any record for class IN only dig example.com any # this will get any record for any class dig example.com any anyAlternatively you can use an identified option format with -c for q-class and -t for q- type. When the identified option format is used the parameter order not important e.g. dig -c any -t any example.comSee d-opt below for identified option format |
q-opt | All these options are preceded with a plus (+) and control how the resulting DNS query operates. Multiple values may appear in a single command. Many of the values are the same as nslookup. Many of the values have an abbreviation - its is shown in parenthesis after the command e.g. addit (ad). In this case ad is the abbreviation for addit. | |
domain=name | Replaces the default domain name. | |
[no]aaonly | Controls whether to use authoritative query only. Default = noaaonly. | |
[no]addit | Controls whether to print additional information. Default = addit/ad. | |
[no]answer | Controls whether to print answer section. Default = answer/an. | |
[no]author | Controls whether to print authoritative section. Default = author/au. | |
[no]cl | Controls whether to print class information. Default = nocl. | |
[no]cmd | Controls whether to echo valid arguments. Default = cmd. | |
[no]d2 | Controls the voluminous diagnostic level. Default = nod2. | |
[no]debug | Controls the diagnostic level. Default = nodebug. | |
[no]defname | Controls substitution of default domain if no periods in domain name. Default = defname. | |
[no]dnssec | Controls whether to set the DNSSEC OK bit in the OPT pseudo header. Default = nodnssec/nodn. | |
[no]header | Print header flags. Default = header/he. | |
[no]Header | print basic header. Default = Header/H. | |
[no]ignore | Controls whether to ignore truncation errors. Default = noignore. | |
[no]ko | Controls whether the virtual connection is kept open or not. Only valid with vc. Default = noko. | |
[no]primary | Controls where to use or not the primary dns. Default = noprimary. | |
[no]ques | Controls whether to print question section. Default = ques/qu. | |
[no]qr | Controls whether to print outgoing query. Default = noqr. | |
[no]recurse | Controls recursive query behaviour. Default = recurse. | |
[no]reply | Controls whether to print a reply. Default = reply/rep. | |
[no]search | Controls use of the srchlist (see explanation of relationship between search and defname). Default = search. | |
[no]stats | Controls whether to display stats. Default = stats/st. | |
[no]trunc | Controls whether to truncate origin from names. Default = trunc/tr. | |
[no]ttlid | Controls whether to print TTL. Default = ttlid/tt. | |
[no]vc | Controls whether to use TCP (vc) or UDP (novc). Default = novc. | |
pfand=# | Bitwise AND print flags with # (octal/hex/decimal). | |
pfdef | Set default print flags. | |
pfmin | Set to minimal default print flags. | |
pfor=# | Bitwise OR print flags with # (octal/hex/decimal). | |
pfset=# | Set print flags as # (octal/hex/decimal). | |
retry=num | Controls the number of query retries. | |
time=secs | Controls the query timeout period. Default = 4 secs. | |
d-opt | These options control how dig operates and are preceded with a minus (-). Multiple options may appear in a single command line. | |
-c | indicates a q-class argument follows (this is the identified option format) and can be used as a convenience or to disambiguate from the same q-type options. | |
-envsav | save variables to the file defined by the environment variable LOCALDEF or DIG.env in the current working directory if LOCALDEF not set. | |
-f filename | specifies a file containing batch commands. Any options specified on the command line will be in effect during the batch run i.e. they are global). Lines beginning with ';' or '#' or '\n' are ignored | |
-k dir:key | Sign the key with TSIG key in dir. | |
-p port | changes the port used for queries to port (default is 53). | |
-P | causes a ping to be issued to the dns being used. | |
-T secs | time in seconds between executing lines in a batch file (using option -f above) | |
-t | indicates a q-type argument follows (this is the identified argument format). | |
-x | specifies that inverse notation is being used i.e.:
# this will fail NXDOMAIN (not found) dig 192.168.2.53 # instead use dig -x 192.168.2.53 # OR if you are a masochist! dig 53.2.168.192.in-addr.arpa ptr |
# simple host lookup - defaults to an A RR dig www.example.com # or could have been written as - order important dig www.example.com a # identified option format - order not important dig -t a www.example.com # use the dns at 192.168.2.224 for the query dig @192.168.2.224 www.example.com a # use the dns at ns1.example.com for the query dig @ns1.example.com www.example.com a # reverse map query - returns PTR RR dig -x 192.168.2.224
# simple domain lookup - returns any A RR without a label # even if none present will return the domain SOA RR dig www.example.com # quick domain lookup # return all RR without labels - typically gets SOA, NS, MX # and domain SPF if present dig example.com any # identified option format - order not important dig -t any example.com # use the dns at 192.168.2.224 for the query dig @192.168.2.224 example.com any # use the dns at ns1.another.com for the query dig @ns1.another.com example.com a
You can issue multiple queries per command line - as long as each query is clearly identified (or disambiguated).
# multiple domain lookup - returns non-label RRs for both domains dig example.com any another.com any # multiple domain lookup - returns A RR for first and non-label RRs # for second domains dig example.com another.com any # multiple domain lookup - returns non-label RRs for first domains # and A RR for second dig example.com any another.com # if you start with one format you must be consistent # - this fails on the second query dig example.com -t any another.com any # but this works dig example.com -t any another.com -t any # and yes this works dig example.com any another.com any yetanother.com any # and so does this dig www.example.com www.another.com fred.yetanother.com
Problems, comments, suggestions, corrections (including broken links) or something to add? Please take the time from a busy life to 'mail us' (at top of screen), the webmaster (below) or info-support at zytrax. You will have a warm inner glow for the rest of the day.
Contents
tech info
guides home
dns articles
intro
contents
1 objectives
big picture
2 concepts
3 reverse map
4 dns types
quickstart
5 install bind
6 samples
reference
7 named.conf
8 zone records
operations
9 howtos
10 tools
11 trouble
programming
12 bind api's
security
13 dns security
bits & bytes
15 messages
resources
notes & tips
registration FAQ
dns resources
dns rfcs
change log
This work is licensed under a
Creative Commons License.
If you are happy it's OK - but your browser is giving a less than optimal experience on our site. You could, at no charge, upgrade to a W3C STANDARDS COMPLIANT browser such as Firefox
Search
Share
Page
Resources
Systems
FreeBSD
NetBSD
OpenBSD
DragonFlyBSD
Linux.org
Debian Linux
Software
LibreOffice
OpenOffice
Mozilla
GitHub
GNU-Free SW Foundation
get-dns
Organizations
Open Source Initiative
Creative Commons
Misc.
Ibiblio - Library
Open Book Project
Open Directory
Wikipedia
Site
Copyright © 1994 - 2025 ZyTrax, Inc. All rights reserved. Legal and Privacy |
site by zytrax hosted by javapipe.com |
web-master at zytrax Page modified: January 20 2022. |