dig
Table of Contents

dig

Dig( Domain Information Groper)是一个功能强大的命令行工具,可以用于DNS 记录查询。使用 dig 命令,可以查询各种 DNS 记录的信息,包括:主机名称记录(A、AAAA)、邮件交换记录(MX)和别名记录(CNAME)等等。

Installation

Ubuntu

sudo apt install dnsutils

Centos

sudo yum install bind-utils

Usage

dig [@global-server][domain] [q-type][q-class] {q-opt}
            {global-d-opt} host [@local-server] {local-d-opt}
            [ host [@local-server] {local-d-opt} [...]]

Options

domain

is in the Domain Name System

q-class

is one of (in,hs,ch,...) [default: in]

q-type

is one of (a,any,mx,ns,soa,hinfo,axfr,txt,...) [default:a]
​ (Use ixfr=version for type ixfr)

q-opt

-4

(use IPv4 query transport only)

-6

(use IPv6 query transport only)
​ -b address[#port] (bind to source address/port)
​ -c class (specify query class)
​ -f filename (batch mode)
​ -i (use IP6.INT for IPv6 reverse lookups)
​ -k keyfile (specify tsig key file)
​ -m (enable memory usage debugging)
​ -p port (specify port number)
​ -q name (specify query name)
​ -t type (specify query type)
​ -u (display times in usec instead of msec)
​ -x dot-notation (shortcut for reverse lookups)
​ -y [hmac:]name:key (specify named base64 tsig key)
​ d-opt is of the form +keyword[=value], where keyword is:
​ +[no]aaflag (Set AA flag in query (+[no]aaflag))
​ +[no]aaonly (Set AA flag in query (+[no]aaflag))
​ +[no]additional (Control display of additional section)
​ +[no]adflag (Set AD flag in query (default on))
​ +[no]all (Set or clear all display flags)
​ +[no]answer (Control display of answer section)
​ +[no]authority (Control display of authority section)
​ +[no]badcookie (Retry BADCOOKIE responses)
​ +[no]besteffort (Try to parse even illegal messages)
​ +bufsize=### (Set EDNS0 Max UDP packet size)
​ +[no]cdflag (Set checking disabled flag in query)
​ +[no]class (Control display of class in records)
​ +[no]cmd (Control display of command line)
​ +[no]comments (Control display of comment lines)
​ +[no]cookie (Add a COOKIE option to the request)
​ +[no]crypto (Control display of cryptographic fields in records)
​ +[no]defname (Use search list (+[no]search))
​ +[no]dnssec (Request DNSSEC records)
​ +domain=### (Set default domainname)
​ +[no]dscp[=###] (Set the DSCP value to ### [0..63])
​ +[no]edns[=###] (Set EDNS version) [0]
​ +ednsflags=### (Set EDNS flag bits)
​ +[no]ednsnegotiation (Set EDNS version negotiation)
​ +ednsopt=###[:value] (Send specified EDNS option)
​ +noednsopt (Clear list of +ednsopt options)
​ +[no]expire (Request time to expire)
​ +[no]fail (Don't try next server on SERVFAIL)
​ +[no]header-only (Send query without a question section)
​ +[no]identify (ID responders in short answers)
​ +[no]idnout (convert IDN response)
​ +[no]ignore (Don't revert to TCP for TC responses.)
​ +[no]keepopen (Keep the TCP socket open between queries)
​ +[no]mapped (Allow mapped IPv4 over IPv6)
​ +[no]multiline (Print records in an expanded format)
​ +ndots=### (Set search NDOTS value)
​ +[no]nsid (Request Name Server ID)
​ +[no]nssearch (Search all authoritative nameservers)
​ +[no]onesoa (AXFR prints only one soa record)
​ +[no]opcode=### (Set the opcode of the request)
​ +[no]qr (Print question before sending)
​ +[no]question (Control display of question section)
​ +[no]rdflag (Recursive mode (+[no]recurse))
​ +[no]recurse (Recursive mode (+[no]rdflag))
​ +retry=### (Set number of UDP retries) [2]
​ +[no]rrcomments (Control display of per-record comments)
​ +[no]search (Set whether to use searchlist)
​ +[no]short (Display nothing except short
​ form of answer)
​ +[no]showsearch (Search with intermediate results)
​ +[no]sigchase (Chase DNSSEC signatures)
​ +[no]split=## (Split hex/base64 fields into chunks)
​ +[no]stats (Control display of statistics)
​ +subnet=addr (Set edns-client-subnet option)
​ +[no]tcp (TCP mode (+[no]vc))
​ +timeout=### (Set query timeout) [5]
​ +[no]topdown (Do +sigchase in top-down mode)
​ +[no]trace (Trace delegation down from root [+dnssec])
​ +trusted-key=#### (Trusted Key to use with +sigchase)
​ +tries=### (Set number of UDP attempts) [3]
​ +[no]ttlid (Control display of ttls in records)
​ +[no]ttlunits (Display TTLs in human-readable units)
​ +[no]unknownformat (Print RDATA in RFC 3597 "unknown" format)
​ +[no]vc (TCP mode (+[no]tcp))
​ +[no]zflag (Set Z flag in query)
​ global d-opts and servers (before host name) affect all queries.
​ local d-opts and servers (after host name) affect only that lookup.
​ -h (print help and exit)
​ -v (print version and exit)

+nocmd

dig命令的第一个参数,可以关闭版本输出输出

<<>> DiG 9.11.3-1ubuntu1.3-Ubuntu <<>> www.xuxuehua.com

# dig www.xuxuehua.com

; <<>> DiG 9.11.3-1ubuntu1.3-Ubuntu <<>> www.xuxuehua.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39238
;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;www.xuxuehua.com.      IN  A

;; ANSWER SECTION:
www.xuxuehua.com.   405 IN  CNAME   xuxuehua.github.io.
xuxuehua.github.io. 3405    IN  A   185.199.108.153
xuxuehua.github.io. 3405    IN  A   185.199.110.153
xuxuehua.github.io. 3405    IN  A   185.199.109.153
xuxuehua.github.io. 3405    IN  A   185.199.111.153

;; Query time: 0 msec
;; SERVER: 127.0.0.53#53(127.0.0.53)
;; WHEN: Fri Jan 04 05:06:51 UTC 2019
;; MSG SIZE  rcvd: 141

# dig +nocmd www.xuxuehua.com
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49281
;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;www.xuxuehua.com.      IN  A

;; ANSWER SECTION:
www.xuxuehua.com.   427 IN  CNAME   xuxuehua.github.io.
xuxuehua.github.io. 3427    IN  A   185.199.108.153
xuxuehua.github.io. 3427    IN  A   185.199.110.153
xuxuehua.github.io. 3427    IN  A   185.199.109.153
xuxuehua.github.io. 3427    IN  A   185.199.111.153

;; Query time: 0 msec
;; SERVER: 127.0.0.53#53(127.0.0.53)
;; WHEN: Fri Jan 04 05:06:28 UTC 2019
;; MSG SIZE  rcvd: 141