in Resources

4 Vital Dig Command Examples to Know as Sysadmin or Developer


DNS issues remain an Achilles heel – when your domain stops resolving sites go dark regardless of how perfect the backend code is. Studies show DNS misconfigurations trigger over 33% of website outages and cost enterprises over $100,000 annually from lost productivity and revenue. Yet DNS remains a blackbox for many technical pros.

Mastering vital dig commands delivers insight into this critical infrastructure quickly. Keep reading as we crack open its secrets.

DNS Recap – The Phonebook of the Internet

Before digging into debug commands, let‘s recap how DNS works:

DNS is essentially a giant phonebook mapping domain names to IP addresses. Much like looking up a person‘s number, your browser relies on this hierarchy of DNS servers to fetch the IP “phone number” tied to a domain like example.com.

I encourage attempting to sketch DNS architecture from memory. Understanding these foundations allows intelligently tracking issues with dig.

Enter Dig – DNS Lookup and Debugging

Dig is a flexible DNS interrogation tool for querying nameservers directly from the command line. No clicking around required. It comes bundled with BIND (Berkley Internet Name Daemon), the most widely used DNS software.

While GUI tools seem easier, dig commands shine by providing raw access to DNS data quickly. As issues arise, these script-friendly diagnostic superpowers become indispensable.

Let‘s uncover some dig incantations that should be in every tech pro‘s spellbook.

Check Domain IP Addresses

Finding the IP mapped to a domain is a common first step when sites won‘t load:

dig domainname

For example, resolving mcngmarketing.com:

dig mcngmarketing.com

; <<>> DiG 9.18.1 <<>> mcngmarketing.com  
;; global options: +cmd   
;; Got answer:        
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19544
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; QUESTION SECTION:
;mcngmarketing.com.              IN      A

;; ANSWER SECTION:  
mcngmarketing.com.   293     IN      A       172.67.170.69
mcngmarketing.com.   293     IN      A       172.67.169.174

;; Query time: 51 msec             
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Thu Jan 12 15:37:31 EST 2023
;; MSG SIZE  rcvd: 72

Focus on the ANSWER SECTION with the A records resolving to two IP addresses. This verifies DNS is correctly mapping traffic.

We can condense output using +short: 

dig mcngmarketing.com +short
172.67.170.69
172.67.169.174

Easy as pie!

Query Record Types Like MX, NS, CNAME

Along with A records, dig resolves other record types including:

  • NS: Nameservers
  • MX: Mail Exchangers
  • TXT: Text Records
  • CNAME: Canonical Name Records

The syntax is:

dig domainname type +short

To find the nameservers for mcngmarketing.com: 

dig mcngmarketing.com ns +short  

tara.ns.cloudflare.com
hugo.ns.cloudflare.com

And MX records mapping mail:

dig mcngmarketing.com mx +short   

10 alt3.aspmx.l.google.com  
1 aspmx.l.google.com    
10 alt4.aspmx.l.google.com  
5 alt2.aspmx.l.google.com
5 alt1.aspmx.l.google.com

Isolating specific record types simplifies determining ifresolution issues are localized or impacting different records.

Trace the Full DNS Lookup Journey

Ever wanted to visually map the hierarchy of nameservers involved in domain lookup?

The +trace option diagrams the full recursive DNS request journey from root nameservers down to your domain‘s authoritatives: 

dig mcngmarketing.com +trace

.                       515047  IN      NS      m.root-servers.net
.                       515047  IN      NS      b.root-servers.net

(output truncated...)

com.                    172800  IN      NS      a.gtld-servers.net  
com.                    172800  IN      NS      b.gtld-servers.net

mcngmarketing.com.          85745   IN      NS      tara.ns.cloudflare.com  
mcngmarketing.com.          85745   IN      NS      hugo.ns.cloudflare.com

;; Received 503 bytes from  172.67.170.69#53(f.root-servers.net) in 142 ms

This exposes where lookups fail or suspicious redirects occur.

Reverse DNS Lookups

PTR records map IP addresses back to hostnames. Reverse lookups query these records to uncover associated domain names.

dig -x ipaddress

Let‘s try tying 172.67.170.69 back to a domain:

dig -x 172.67.170.69   

;; QUESTION SECTION:  
69.170.67.172.in-addr.arpa. IN      PTR

;; ANSWER SECTION:
69.170.67.172.in-addr.arpa. 120 IN PTR   server-172-67-170-69.mia04.contaboserver.net.

Voila! Reverse lookups expose hostnames of rogue IPs.

Query Specific Nameservers

Dig defaults to your system nameservers. But you can override this to check other DNS providers with: 

dig @nameserver domain

For example:

dig @8.8.8.8 mcngmarketing.com mx

;; SERVER: 8.8.8.8#53(8.8.8.8) (Google DNS)

Isolating variables this way simplifies determining if issues stem from misbehaving nameservers versus network interruptions.

Digging Deeper

This just scratches the surface of vital dig incantations for your DNS debug toolkit:

+noall +answer Condenses output to just answer section
+subnet=x.x.x Filters query source by subnet
type=TXT Constrains search by record type

I highly recommend Dan Misener‘s Practical Dig Tutorial for even deeper dives.

Why Sharpen Dig Skills Now?

I hope this overview convinces you to start wielding dig. Mastering dig commands pays dividends through clearer troubleshooting and reduced DNS blindspots.

Downtime is costly – over 33% caused by DNS issues. Become a DNS blackbelt before catastrophe strikes, not during the outage autopsy.

Next time someone asks "Is DNS Down?" you‘ll smile and reach for the dig – ready to isolate the issue in seconds.

AlexisKestler

Written by Alexis Kestler

A female web designer and programmer - Now is a 36-year IT professional with over 15 years of experience living in NorCal. I enjoy keeping my feet wet in the world of technology through reading, working, and researching topics that pique my interest.