Dig( Domain Information Groper)是一个功能强大的命令行工具,可以用于DNS 记录查询。使用 dig 命令,可以查询各种 DNS 记录的信息,包括:主机名称记录(A、AAAA)、邮件交换记录(MX)和别名记录(CNAME)等等。
sudo apt install dnsutils
sudo yum install bind-utils
dig [@global-server][domain] [q-type][q-class] {q-opt} {global-d-opt} host [@local-server] {local-d-opt} [ host [@local-server] {local-d-opt} [...]]
is in the Domain Name System
is one of (in,hs,ch,...) [default: in]
is one of (a,any,mx,ns,soa,hinfo,axfr,txt,...) [default:a]
(Use ixfr=version for type ixfr)
(use IPv4 query transport only)
(use IPv6 query transport only)
-b address[#port] (bind to source address/port)
-c class (specify query class)
-f filename (batch mode)
-i (use IP6.INT for IPv6 reverse lookups)
-k keyfile (specify tsig key file)
-m (enable memory usage debugging)
-p port (specify port number)
-q name (specify query name)
-t type (specify query type)
-u (display times in usec instead of msec)
-x dot-notation (shortcut for reverse lookups)
-y [hmac:]name:key (specify named base64 tsig key)
d-opt is of the form +keyword[=value], where keyword is:
+[no]aaflag (Set AA flag in query (+[no]aaflag))
+[no]aaonly (Set AA flag in query (+[no]aaflag))
+[no]additional (Control display of additional section)
+[no]adflag (Set AD flag in query (default on))
+[no]all (Set or clear all display flags)
+[no]answer (Control display of answer section)
+[no]authority (Control display of authority section)
+[no]badcookie (Retry BADCOOKIE responses)
+[no]besteffort (Try to parse even illegal messages)
+bufsize=### (Set EDNS0 Max UDP packet size)
+[no]cdflag (Set checking disabled flag in query)
+[no]class (Control display of class in records)
+[no]cmd (Control display of command line)
+[no]comments (Control display of comment lines)
+[no]cookie (Add a COOKIE option to the request)
+[no]crypto (Control display of cryptographic fields in records)
+[no]defname (Use search list (+[no]search))
+[no]dnssec (Request DNSSEC records)
+domain=### (Set default domainname)
+[no]dscp[=###] (Set the DSCP value to ### [0..63])
+[no]edns[=###] (Set EDNS version) [0]
+ednsflags=### (Set EDNS flag bits)
+[no]ednsnegotiation (Set EDNS version negotiation)
+ednsopt=###[:value] (Send specified EDNS option)
+noednsopt (Clear list of +ednsopt options)
+[no]expire (Request time to expire)
+[no]fail (Don't try next server on SERVFAIL)
+[no]header-only (Send query without a question section)
+[no]identify (ID responders in short answers)
+[no]idnout (convert IDN response)
+[no]ignore (Don't revert to TCP for TC responses.)
+[no]keepopen (Keep the TCP socket open between queries)
+[no]mapped (Allow mapped IPv4 over IPv6)
+[no]multiline (Print records in an expanded format)
+ndots=### (Set search NDOTS value)
+[no]nsid (Request Name Server ID)
+[no]nssearch (Search all authoritative nameservers)
+[no]onesoa (AXFR prints only one soa record)
+[no]opcode=### (Set the opcode of the request)
+[no]qr (Print question before sending)
+[no]question (Control display of question section)
+[no]rdflag (Recursive mode (+[no]recurse))
+[no]recurse (Recursive mode (+[no]rdflag))
+retry=### (Set number of UDP retries) [2]
+[no]rrcomments (Control display of per-record comments)
+[no]search (Set whether to use searchlist)
+[no]short (Display nothing except short
form of answer)
+[no]showsearch (Search with intermediate results)
+[no]sigchase (Chase DNSSEC signatures)
+[no]split=## (Split hex/base64 fields into chunks)
+[no]stats (Control display of statistics)
+subnet=addr (Set edns-client-subnet option)
+[no]tcp (TCP mode (+[no]vc))
+timeout=### (Set query timeout) [5]
+[no]topdown (Do +sigchase in top-down mode)
+[no]trace (Trace delegation down from root [+dnssec])
+trusted-key=#### (Trusted Key to use with +sigchase)
+tries=### (Set number of UDP attempts) [3]
+[no]ttlid (Control display of ttls in records)
+[no]ttlunits (Display TTLs in human-readable units)
+[no]unknownformat (Print RDATA in RFC 3597 "unknown" format)
+[no]vc (TCP mode (+[no]tcp))
+[no]zflag (Set Z flag in query)
global d-opts and servers (before host name) affect all queries.
local d-opts and servers (after host name) affect only that lookup.
-h (print help and exit)
-v (print version and exit)
dig命令的第一个参数,可以关闭版本输出输出
<<>> DiG 9.11.3-1ubuntu1.3-Ubuntu <<>> www.xuxuehua.com
# dig www.xuxuehua.com ; <<>> DiG 9.11.3-1ubuntu1.3-Ubuntu <<>> www.xuxuehua.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39238 ;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 65494 ;; QUESTION SECTION: ;www.xuxuehua.com. IN A ;; ANSWER SECTION: www.xuxuehua.com. 405 IN CNAME xuxuehua.github.io. xuxuehua.github.io. 3405 IN A 185.199.108.153 xuxuehua.github.io. 3405 IN A 185.199.110.153 xuxuehua.github.io. 3405 IN A 185.199.109.153 xuxuehua.github.io. 3405 IN A 185.199.111.153 ;; Query time: 0 msec ;; SERVER: 127.0.0.53#53(127.0.0.53) ;; WHEN: Fri Jan 04 05:06:51 UTC 2019 ;; MSG SIZE rcvd: 141
# dig +nocmd www.xuxuehua.com ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49281 ;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 65494 ;; QUESTION SECTION: ;www.xuxuehua.com. IN A ;; ANSWER SECTION: www.xuxuehua.com. 427 IN CNAME xuxuehua.github.io. xuxuehua.github.io. 3427 IN A 185.199.108.153 xuxuehua.github.io. 3427 IN A 185.199.110.153 xuxuehua.github.io. 3427 IN A 185.199.109.153 xuxuehua.github.io. 3427 IN A 185.199.111.153 ;; Query time: 0 msec ;; SERVER: 127.0.0.53#53(127.0.0.53) ;; WHEN: Fri Jan 04 05:06:28 UTC 2019 ;; MSG SIZE rcvd: 141