Troubleshooting DNS with dig

Seminar conducted by Andreas Taudte from honest consulting GmbH: - Slides - Recording

Why not ping

dig

dig = Domain Information Groper

Name-To-Address Mapping

dig @2606:4700:4700::64 isc.org. AAAA

Address-To-Name Mapping

dig @2606:4700:4700::64 -x 2001:4f8:1:f::66

Digging Recursive DNS

dig @2606:4700:4700::64 isc.org. MX +nostat +noquestion +noadditional +noauthority +noedns

Digging authoritative DNS

dig @2606:4700:4700::64 isc.org. MX +nostat +noquestion +noadditional +noauthority +noedns +norecurse

Digging for stats

dig @129.78.64.2 sydney.edu.au. NS +noquestion +noadditional +noauthority +noanswer +noedns +norecurse
[...]

;; Query time: 415msec

Digging for zone transfer

dig @2001:db8:b00b::53 isc.org. axfr

Digging the internet protocol (IPv4)

dig isc.org AAAA -4 +noall +noadditional

Digging the Internet Protocol (IPv6)

dig isc.org AAAA -6 +noall +additional

Digging specific port

dig @192.168.8.92 isc.org AAAA -p 9876 +noall +answer

Digging Internationalized Domain Names (IDN)

dig bjorn-jurgen.isc.org AAA +nostats +noauthority +norecurse +noedns
dig `idn --quiet -a bjorn-jurgen.isc.org.` AAAA +nostats +noauthority +norecurse +noedns +noadditional

Reply Size Test

dig +short rs.dns-oarc.net TXT

Digging DNSSEC (against authoritative)

dig @2001:500:60::30 MX +nostat +noquestion +noadditional +noauthority +norecurse +dnssec

Digging DNSSEC (against recursive)

dig @2001:500:60::30 MX +nostat +noquestion +noadditional +noauthority +dnssec

Name Server Identifier (NSID) - Multiple Name Servers share single IP Address (anycast, load balancing)

dig @2620:fe::fe isc.org aaaa +nostat +noquestion +noadditional +noauthority +nsid

Digging on the iphone: isc-dig: https://apps.apple.com/us/app/isc-dig/id1115648880

Book Recommendations