Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

🏠 Back to Blog

dig

dig (Domain Information Groper) is a flexible command-line tool for querying DNS name servers. It performs DNS lookups and displays the answers returned from the queried name servers.

Basic Syntax

dig [@server] [name] [type] [options]

Common Query Types

TypeDescription
AIPv4 address
AAAAIPv6 address
MXMail exchange records
NSName server records
TXTText records
CNAMECanonical name (alias)
SOAStart of Authority
PTRPointer record (reverse DNS)
SRVService record
ANYAll available records
AXFRZone transfer

Basic Queries

# Simple A record lookup
dig example.com

# Query specific record type
dig example.com MX
dig example.com NS
dig example.com TXT
dig example.com AAAA

# Query all record types
dig example.com ANY

Using Specific DNS Server

# Query using a specific DNS server
dig @8.8.8.8 example.com
dig @1.1.1.1 example.com

# Query the authoritative nameserver directly
dig @ns1.example.com example.com

Output Control

# Short answer only
dig example.com +short

# Detailed output with comments
dig example.com +comments

# No additional info (cleaner output)
dig example.com +noall +answer

# Show all sections
dig example.com +noall +answer +authority +additional

# Show query time and server info
dig example.com +stats

Zone Transfers (AXFR)

# Attempt zone transfer
dig AXFR @ns1.example.com example.com

# Zone transfer with TCP
dig AXFR example.com @ns1.example.com +tcp

Reverse DNS Lookups

# Reverse lookup
dig -x 8.8.8.8

# Short reverse lookup
dig -x 8.8.8.8 +short

Trace DNS Resolution

# Trace the delegation path from root
dig example.com +trace

# Trace without following CNAMEs
dig example.com +trace +nodnssec

Batch Queries

# Query multiple domains from file
dig -f domains.txt

# Query multiple domains with same options
dig -f domains.txt +short

DNSSEC Queries

# Request DNSSEC records
dig example.com +dnssec

# Show DNSSEC validation
dig example.com +dnssec +multiline

# Query DNSKEY records
dig example.com DNSKEY +short

Useful Options

OptionDescription
+shortDisplay only the answer
+noallClear all display flags
+answerShow answer section
+authorityShow authority section
+additionalShow additional section
+traceTrace delegation from root
+tcpUse TCP instead of UDP
+dnssecRequest DNSSEC records
+multilineVerbose multi-line output
+nocmdDon’t show dig command line
+nocommentsDon’t show comment lines
+nostatsDon’t show statistics
-xReverse lookup
-fRead queries from file
-pSpecify port number
-4Use IPv4 only
-6Use IPv6 only

Subdomain Enumeration

# Query for specific subdomain
dig www.example.com
dig mail.example.com
dig ftp.example.com

# Check for wildcard DNS
dig randomnonexistent.example.com

Troubleshooting Examples

# Check if DNS server is responding
dig @8.8.8.8 google.com +short

# Check TTL values
dig example.com +noall +answer +ttlid

# Query with timeout and retries
dig example.com +time=2 +tries=3

# Check SOA for zone info
dig example.com SOA +short

# Verify MX records
dig example.com MX +noall +answer

Security Testing

# Test for open resolver
dig @target-ip example.com

# Check for zone transfer vulnerability
dig AXFR @ns1.target.com target.com

# Enumerate DNS version (if exposed)
dig @ns1.target.com version.bind TXT CHAOS
dig @ns1.target.com hostname.bind TXT CHAOS

Output Parsing Examples

# Get just IP addresses
dig example.com +short

# Get nameservers only
dig example.com NS +short

# Get MX records with priority
dig example.com MX +noall +answer | awk '{print $5, $6}'