2.5K

The dig (Domain Information Groper) command is a powerful DNS troubleshooting tool used to query name servers and retrieve detailed information about domain records such as A, MX, NS, TXT, SOA, and more.

System administrators widely use dig to diagnose DNS issues, verify domain configurations, and trace DNS resolution paths.

What is the DIG Command?

The dig command queries DNS servers and displays how a domain name resolves to an IP address.

Basic Example

dig live.com

This command returns:

• DNS query status
• Answer section (IP address)
• Query time
• DNS server used for resolution

By default, dig queries your system’s configured resolver, meaning the results may come from cached DNS data.

Querying a Specific Nameserver

To bypass cached results and get authoritative DNS information, query the domain’s nameserver directly:

dig @ns1.msft.net live.com

This provides real-time data directly from the authoritative DNS server.

Understanding Root Name Servers

Running dig without arguments displays root DNS servers:

dig

Root nameservers store information about Top-Level Domains (TLDs) such as:

• .com
• .net
• .org
• country domains like .us

They do not store individual domain records but instead point to the next DNS level.

Finding TLD Nameservers

To locate nameservers responsible for a TLD:

dig us NS

This lists authoritative nameservers managing the .us domain zone.

Reverse DNS Delegation Process

DNS resolution follows a hierarchical structure:

1. Root nameservers
2. TLD nameservers
3. Domain nameservers
4. Final DNS records

Example:

dig @a.cctld.us linux.us NS

This retrieves nameservers responsible for the domain.

Checking SOA (Start of Authority) Record

The SOA record contains essential DNS zone details:

dig @ns1.webhost.us linux.us SOA

SOA includes:

• Primary nameserver
• Administrator email
• Serial number
• Refresh and retry intervals

Common DIG Record Lookups

1. Check A Record

dig +short @ns1.webhost.us www.linux.us A

Returns the domain’s IP address.

2. Check MX Record (Mail Server)

dig +short @ns1.webhost.us linux.us MX

Displays mail server configuration.

3. Check SPF Record

dig +short @ns1.google.com google.com TXT

Used to verify sender authorization for email delivery.

4. Check DKIM / DomainKey Record

dig +short @ns1.yahoo.com _domainkey.yahoo.com TXT

Helps validate email authenticity.

Tracing DNS Resolution Path

Similar to traceroute for networks, dig can trace DNS delegation using:

dig google.com +trace

This command shows:

• Root servers contacted
• TLD nameservers
• Authoritative domain nameservers
• Final DNS resolution result

It provides complete visibility into how DNS queries travel across the internet.

Why DIG is Important

Using dig helps administrators:

• Troubleshoot DNS propagation issues
• Verify domain configurations
• Validate email authentication records
• Identify incorrect DNS delegation
• Diagnose website accessibility problems

Conclusion

The dig command is an essential utility for DNS analysis and debugging. From simple record lookups to full DNS trace analysis, it offers precise insight into how domains resolve across global DNS infrastructure.

If you require help, contact SupportPRO Server Admin