Troubleshooting DNS with dig

Seminar conducted by Andreas Taudte from honest consulting GmbH: - Slides - Recording

Why not ping


dig = Domain Information Groper

Name-To-Address Mapping

dig @2606:4700:4700::64 AAAA

Address-To-Name Mapping

dig @2606:4700:4700::64 -x 2001:4f8:1:f::66

Digging Recursive DNS

dig @2606:4700:4700::64 MX +nostat +noquestion +noadditional +noauthority +noedns

Digging authoritative DNS

dig @2606:4700:4700::64 MX +nostat +noquestion +noadditional +noauthority +noedns +norecurse

Digging for stats

dig @ NS +noquestion +noadditional +noauthority +noanswer +noedns +norecurse

;; Query time: 415msec

Digging for zone transfer

dig @2001:db8:b00b::53 axfr

Digging the internet protocol (IPv4)

dig AAAA -4 +noall +noadditional

Digging the Internet Protocol (IPv6)

dig AAAA -6 +noall +additional

Digging specific port

dig @ AAAA -p 9876 +noall +answer

Digging Internationalized Domain Names (IDN)

dig AAA +nostats +noauthority +norecurse +noedns
dig `idn --quiet -a` AAAA +nostats +noauthority +norecurse +noedns +noadditional

Reply Size Test

dig +short TXT

Digging DNSSEC (against authoritative)

dig @2001:500:60::30 MX +nostat +noquestion +noadditional +noauthority +norecurse +dnssec

Digging DNSSEC (against recursive)

dig @2001:500:60::30 MX +nostat +noquestion +noadditional +noauthority +dnssec

Name Server Identifier (NSID) - Multiple Name Servers share single IP Address (anycast, load balancing)

dig @2620:fe::fe aaaa +nostat +noquestion +noadditional +noauthority +nsid

Digging on the iphone: isc-dig:

Book Recommendations