How to use dig command to debug DNS query in Linux ?

dig and nslookup tools are most commonly used to test DNS settings.

nslookup is available on MS Windows, and dig is mostly used on Linux.

We prefer to use dig command to test the DNS settings since it provides much more details than nslookup command.

Lets first understand these commands and then look how to go ahead with troubleshooting.

1. NSLOOKUP Command

a. Basic Syntax

$ nslookup google.com
Server:		17.76.1.51
Address:	17.76.1.51#53

Non-authoritative answer:
Name:	google.com
Address: 216.58.197.46
$ 
### In the above output, 216.58.197.46 is the IP address of google.com.
### 17.76.1.51 is the nameserver or DNS server configured on local system.
### "Non-authoritative answer:" determines the result is from cache.

[root@nglinux ~]# nslookup saketjain.com
Server:		17.76.1.51
Address:	17.76.1.51#53

Non-authoritative answer:
Name:	saketjain.com
Address: 104.152.168.40

b. Extended Options
We can get all details from nslookup command using “-all” keyword.
There are many other options like “?” for help, ls, view, etc however these are available in windows and not in linux.

$ nslookup -all google.com

Set options:
  novc			nodebug		nod2
  search		recurse
  timeout = 0		retry = 3	port = 53	ndots = -1
  querytype = A       	class = IN
  srchlist = 
Server:		17.76.1.51
Address:	17.76.1.51#53

Non-authoritative answer:
Name:	google.com
Address: 216.58.197.46
$

Troubleshooting through nslookup
We can change the nameserver through “server” command and can check the results.

[root@nglinux ~]# nslookup 
> server 8.8.8.8
Default server: 8.8.8.8
Address: 8.8.8.8#53
> google.com

 

2. DIG Command
dig (domain information groper) is a network administration CLI tool for querying DNS(Domain Name System) servers.
dig is a very useful tool for troubleshooting network issues and can work in interactive command line mode or in batch mode.

dig command is provided by bind package on RHEL/CentOS systems i.e. main DNS package.

Dig command Output

[root@nglinux ~]# dig saketjain.com
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6 <<>> saketjain.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48233
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;saketjain.com.			IN	A

;; ANSWER SECTION:
saketjain.com.		14400	IN	A	104.152.168.40

;; Query time: 752 msec
;; SERVER: 17.76.1.51#53(17.76.1.51)
;; WHEN: Mon Aug  6 19:25:45 2018
;; MSG SIZE  rcvd: 47

[root@nglinux ~]# 

We can see above the detailed output of dig command:
a. ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48233
The 4th line above is helpful to identify the status of answer, it is encounter an ERROR or NOERROR.

b. "QUESTION SECTION:" tells us the query sent to DNS server.

c. "ANSWER SECTION:" gives us the real result i.e. IP address of saketjain.com host i.e. answer to A query.

d. SERVER argument in last 3rd line tells us which DNS server was queried by the system for this look up.

Test: Query from another DNS server

$ dig google.com

; <<>> DiG 9.10.6 <<>> google.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49745
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;google.com.			IN	A

;; ANSWER SECTION:
google.com.		114	IN	A	216.58.197.46

;; Query time: 490 msec
;; SERVER: 17.76.1.51#53(17.76.1.51)
;; WHEN: Mon Aug 06 19:34:48 PDT 2018
;; MSG SIZE  rcvd: 55

$ dig @test-dhcp2.ngelinux.com google.com

; <<>> DiG 9.10.6 <<>> @test-dhcp2.ngelinux.com google.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14097
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;google.com.			IN	A

;; ANSWER SECTION:
google.com.		121	IN	A	216.58.195.78

;; Query time: 266 msec
;; SERVER: 17.28.71.5#53(17.28.71.5)
;; WHEN: Mon Aug 06 19:34:59 PDT 2018
;; MSG SIZE  rcvd: 55
$ 

If you observe above output, you will find there are two different IP addresses provided by both DNS server.

Seems interesting, similarly you can troubleshoot if any DNS host is replying back to your query or not and helps us to troubleshoot the issues.

Leave a Reply

Your email address will not be published.