Dig DNS Commands

Por /

The dig command (Domain Information Groper) is a versatile and powerful utility for querying DNS servers and retrieving various types of DNS records.
Its flexibility and detailed, customizable output make it an ideal choice.

Common dig Commands

Domain Description
dig domain.com Performs a default A record lookup for the domain.
dig domain.com A Retrieves the IPv4 address (A record) associated with the domain.
dig domain.com AAAA Retrieves the IPv6 address (AAAAA record) associated with the domain.
dig domain.com MX Finds the mail servers (MX records) responsible for the domain.
dig domain.com NS Identifies the authoritative name servers for the domain.
dig domain.com TXT Retrieves any TXT records associated with the domain.
dig domain.com CNAME Retrieves the canonical name (CNAME) record for the domain.
dig domain.com SOA Retrieves the start of authority (SOA) record for the domain. domain.
dig @1.1.1.1 domain.com Specifies a specific nameserver to query; in this case, 1.1.1.1
dig +trace domain.com Displays the full DNS resolution path.
dig -x 192.168.1.1 Performs a reverse lookup on the IP address 192.168.1.1 to find the associated hostname. You may need to specify a nameserver.
dig +short domain.com Provides a short, concise answer to the query.
dig +noall +answer domain.com Displays only the answer section of the query output.
dig domain.com ANY Retrieves all available DNS records for the domain (Note: many DNS servers ignore ANY queries to reduce load and prevent abuse, per RFC 8482 ).

Tips

Caution: Some servers may detect and block excessive DNS queries.

Be careful and respect rate limits.

Always obtain permission before performing a full DNS scan on a target.

Looking up DNS

Jesuslopez@htb[/htb]$ dig google.com

; <<>> DiG 9.18.24-0ubuntu0.22.04.1-Ubuntu <<>> google.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16449
;; flags: qr rd ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: Recursion requested but not available

;; QUESTION SECTION:
;google.com. IN A

;; ANSWER SECTION:
google.com. 0 IN A 142.251.47.142

;; Query time: 0 msec
;; SERVER: 172.23.176.1#53(172.23.176.1) (UDP)
;; WHEN: Thu Jun 13 10:45:58 SAST 2024
;; MSG SIZE rcvd: 54

This result is the output of a DNS query using the `dig` command for the `google.com` domain. The command was run on a system running DiG and version 9.18.24-0ubuntu0.22.04.1-Ubuntu.
The output can be divided into four key sections:

  1. Header
    • ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16449: This line indicates the query type ( QUERY), the success status ( NOERROR), and a unique identifier ( 16449) for this specific query.
      • ;; flags: qr rd ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0: This describes the flags in the DNS header:
        • qr: Query Response flag: Indicates that this is a response.
        • rd: Recursion Desired flag: Indicates that recursion was requested.
        • ad: Data Authentic flag: Indicates that the resolver considers the data to be authentic.
        • The remaining numbers indicate the number of entries in each section of the DNS response: 1 question, 1 answer, 0 authority records, and 0 additional records.
    • ;; WARNING: recursion requested but not available: This indicates that recursion was requested, but the server does not support it.
  2. Question Section
    • google.com. IN A: This line specifies the question: “What is the purpose of the IPv4 address (A record) google.com?”
  3. Answer Section
    • google.com. 0 IN A 142.251.47.142: This is the response to the question Query. Indicates that the IP address associated with google.com is 142.251.47.142. The ‘0‘ represents the TTL (time to live), which indicates how long the result can be cached before being refreshed.
  4. Footer
    • ;; Query time: 0 msec: This shows the time it took for the query to process and receive the response (0 milliseconds).
    • ;; SERVER: 172.23.176.1#53(172.23.176.1) (UDP): This identifies the DNS server that provided the response and the protocol used (UDP).
    • ;; WHEN: Thu Jun 13 10:45:58 SAST 2024: This is the timestamp when the query was made.
    • ;; MSG SIZE rcvd: 54: This indicates the size of the DNS message received (54 bytes).

An opt pseudosection can sometimes exist in a dig query. This is due to DNS extension mechanisms (EDNS), which enable additional features such as larger message sizes and DNSSEC support for DNS security extensions.

If you just want the answer to the question, without any other information, you can dig it using +short:

Jesuslopez@htb[/htb]$ dig +short hackthebox.com

104.18.20.126
104.18.21.126

You might also be interested in 2 – DNS server enumeration port 53

Leave a Comment

Your email address will not be published. Required fields are marked *

Copyright © 2025 JPRHACK | Contact

Some content on this blog is inspired by challenges from platforms like Hack The Box. All explanations are written originally for educational and personal learning purposes.

Scroll to Top