published on

Using Dig

Sometime back, I stumbled across this command that helps you lookup your public IP address from the terminal:

dig +short myip.opendns.com @resolver1.opendns.com

and it sent me down a fun rabbit hole of the dig command. Here are some things I found:

What's dig?

dig - short for Domain Information Groper - provides a nice CLI to find DNS/DNS-related information about a domain name, a server or just an address. It comes as part of the dnsutils package

Setting up

Chances of dig being installed before-hand on your system are pretty slim, though you could check with:

which dig

If it's not present, it can easily be installed using your distro's package manager viz:

Debian/Ubuntu: sudo apt install dnsutils

ArchLinux/Arch-based distros: sudo pacman -S bind-tools

CentOS/Fedora: sudo yum install bind-utils

Dig-ging in

Using dig is as simple as running:

dig mchl.xyz

The above command results in the following:

; <<>> DiG 9.11.3-1ubuntu1.11-Ubuntu <<>> mchl.xyz
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50289
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;mchl.xyz.                      IN      A

;; ANSWER SECTION:
mchl.xyz.               20      IN      A       134.209.226.211

;; Query time: 1226 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon Dec 30 12:17:19 WAT 2019
;; MSG SIZE  rcvd: 53

That's quite verbose, let's tone it down with:

dig mchl.xyz +short

Now, we get:

134.209.226.211

which is really the IP address of the domain mchl.xyz.

Getting Specific Record Type

You can specify the record type you want to dig such as the NS (Name Server), A (IP address), MX (Mail Exchange) records and you'd get only the matching result. For instance, the following gives us the NS records for mchl.xyz

dig mchl.xyz NS

; <<>> DiG 9.11.3-1ubuntu1.11-Ubuntu <<>> mchl.xyz ns
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49605
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;mchl.xyz.                      IN      NS

;; ANSWER SECTION:
mchl.xyz.               2827    IN      NS      dns1.p07.nsone.net.
mchl.xyz.               2827    IN      NS      dns4.p07.nsone.net.
mchl.xyz.               2827    IN      NS      dns2.p07.nsone.net.
mchl.xyz.               2827    IN      NS      dns3.p07.nsone.net.

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon Dec 30 12:30:11 WAT 2019
;; MSG SIZE  rcvd: 126

while this gives us the MX servers for github.com

dig github.com MX

; <<>> DiG 9.11.3-1ubuntu1.11-Ubuntu <<>> GITHUB.COM MX
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60722
;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;GITHUB.COM.                    IN      MX

;; ANSWER SECTION:
GITHUB.COM.             3600    IN      MX      10 ALT3.ASPMX.L.GOOGLE.COM.
GITHUB.COM.             3600    IN      MX      5 ALT1.ASPMX.L.GOOGLE.COM.
GITHUB.COM.             3600    IN      MX      5 ALT2.ASPMX.L.GOOGLE.COM.
GITHUB.COM.             3600    IN      MX      10 ALT4.ASPMX.L.GOOGLE.COM.
GITHUB.COM.             3600    IN      MX      1 ASPMX.L.GOOGLE.COM.

;; Query time: 1175 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon Dec 30 12:31:00 WAT 2019
;; MSG SIZE  rcvd: 154

Reverse DNS (rDNS) Lookup

Given an IP address, dig can find the associated domain name when used with the -x flag (indicating a reverse lookup) Here is an example:

dig -x 146.112.62.105 +short

and the result is:

www.opendns.com.
opendns.com.

NB: DNS isn't always two ways i.e, that a domain points to an IP address doesn't always mean that IP address will resolve to the same domain name, or even resolve to any domain name at all unless it is explicitly set up to do that via a corresponding PTR record.

Finding your public IP address

Using dig combined with a pre-configured server, you can find your public IP address over DNS, as opposed to the HTTP mechanism employed by “IP-finder” webistes. Remember how our first example gave us the IP address of the domain, some servers are instead configured to respond with the originating IP address - which is your network public IP address. For example, the command below queries the OpenDNS “myip” server:

dig +short myip.opendns.com @resolver1.opendns.com

and gives the result below on my local network:

41.203.73.121

We can achieve same thing using Google's DNS server like so:

dig TXT o-o.myaddr.l.google.com @ns1.google.com +short

Conclusion

The dig command is a really handy tool if you're looking to troubleshoot or simply dive into DNS stuff, In case you want to go deeper, here are some resources: