dig

I normally go to webs like dnsstuff to find the IP address of a domain. But since I found this command, I think I'll stop visiting them so often!

An example is worth one thousand words:


sole@courgette:~$ dig google.com

; <<>> DiG 9.5.1-P2 <<>> google.com
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15808
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;google.com.            IN    A

;; ANSWER SECTION:
google.com.        239    IN    A    74.125.53.100
google.com.        239    IN    A    74.125.45.100
google.com.        239    IN    A    74.125.67.100

;; Query time: 12 msec
;; SERVER: 208.67.222.222#53(208.67.222.222)
;; WHEN: Thu Oct 22 09:50:01 2009
;; MSG SIZE  rcvd: 76

By default it returns type A DNS records, which are the ones for translating domain names to IP addresses. But you can also ask it to retrieve other record types. For example, for retrieving every record that it can find:


sole@courgette:~$ dig -t ANY google.com

; <<>> DiG 9.5.1-P2 <<>> -t ANY google.com
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15253
;; flags: qr rd ra; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;google.com.            IN    ANY

;; ANSWER SECTION:
google.com.        175    IN    A    74.125.45.100
google.com.        175    IN    A    74.125.67.100
google.com.        175    IN    A    74.125.53.100
google.com.        807    IN    MX    10 google.com.s9a1.psmtp.com.
google.com.        807    IN    MX    10 google.com.s9a2.psmtp.com.
google.com.        807    IN    MX    100 smtp1.google.com.
google.com.        807    IN    MX    10 google.com.s9b1.psmtp.com.
google.com.        807    IN    MX    10 google.com.s9b2.psmtp.com.
google.com.        807    IN    MX    100 smtp2.google.com.
google.com.        171315    IN    NS    ns1.google.com.
google.com.        171315    IN    NS    ns2.google.com.
google.com.        171315    IN    NS    ns3.google.com.
google.com.        171315    IN    NS    ns4.google.com.

;; Query time: 14 msec
;; SERVER: 208.67.222.222#53(208.67.222.222)
;; WHEN: Thu Oct 22 09:51:05 2009
;; MSG SIZE  rcvd: 326

There it shows now the name servers (NS column) and the mail servers (MX column) too.

Go play around with its options and see what you can find. Of course this is very raw and could do with a bit of makeover, but it's a command line option and there are lots of pages/scripts out there who use dig as its base for a more attractive result. But for what I usually need this is more than enough.

Something to note is that these results are taken from your current DNS cache. I.e. let's say you've changed the DNS values for a domain and want to make sure that the changes have been applied... then do not expect this tool to show instant changes, because the results would still be in your DNS cache. You either reset your router or wait until the cache expires and your query shows the updated results. And of course you also have to wait until the change propagates :)

I didn't have to install any new package for running this program, I guess it comes by default with ubuntu. But I haven't investigated it either :D

Happy digging! ;)