Skip to main content

Domain Information Groper (DIG) -- DNS Query Tool

DIG is a command-line tool for querying DNS Name Server (similar to nslookup utility available in Windows and host utility). dig utility can be used for querying DNS about the host address (both A and AAAA), name server(NS), mail exchange(MX), Pointer Record(PTR), SOA (Start Of Authority) and others.

DIG is a part of BIND software package ( BIND package is developed and managed by Internet Systems Consortium ISC).

Usage Example :-




1. Ask for a host address :-
dig nkn.in

2. Ask from a specific server :-

dig nkn.in @8.8.8.8

; <<>> DiG 9.8.5-P2 <<>> nkn.in @8.8.8.8
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13527
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;nkn.in.                                IN      A

;; ANSWER SECTION:
nkn.in.                 14103   IN      A       164.100.56.206

;; Query time: 171 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Sat Aug 03 23:22:51 India Standard Time 2013
;; MSG SIZE  rcvd: 40

3. Ask for all the records for a particular domain :-

C:\Users\kansal>dig nkn.in any @8.8.4.4

; <<>> DiG 9.8.5-P2 <<>> nkn.in any @8.8.4.4
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41915
;; flags: qr rd ra; QUERY: 1, ANSWER: 7, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;nkn.in.                                IN      ANY

;; ANSWER SECTION:
nkn.in.                 14390   IN      SOA     nkn.in. nsadmin\@nkn.in. 2013041
601 10800 86400 1209600 14400
nkn.in.                 14390   IN      NS      ns1.nkn.in.
nkn.in.                 14390   IN      NS      ns3.nkn.in.
nkn.in.                 14390   IN      NS      ns2.nkn.in.
nkn.in.                 14390   IN      A       164.100.56.206
nkn.in.                 14390   IN      AAAA    2001:4408:5200::a464:38ce
nkn.in.                 14390   IN      MX      0 mailgw.nic.in.

;; Query time: 159 msec
;; SERVER: 8.8.4.4#53(8.8.4.4)
;; WHEN: Sat Aug 03 23:24:59 India Standard Time 2013
;; MSG SIZE  rcvd: 197

4. Find out the domain's Mail Server :-


C:\Users\kansal>dig nkn.in MX

; <<>> DiG 9.8.5-P2 <<>> nkn.in MX
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50205
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;nkn.in.                                IN      MX

;; ANSWER SECTION:
nkn.in.                 14232   IN      MX      0 mailgw.nic.in.

;; Query time: 63 msec
;; SERVER: 103.8.44.5#53(103.8.44.5)
;; WHEN: Sat Aug 03 23:32:05 India Standard Time 2013
;; MSG SIZE  rcvd: 51


5. Ask for a reverse lookup :-

C:\Users\kansal>dig -x 164.100.2.6

; <<>> DiG 9.8.5-P2 <<>> -x 164.100.2.6
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3471
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;6.2.100.164.in-addr.arpa.      IN      PTR

;; ANSWER SECTION:
6.2.100.164.in-addr.arpa. 82055 IN      PTR     mailgw-hyd.nic.in.

;; Query time: 70 msec
;; SERVER: 103.8.44.5#53(103.8.44.5)
;; WHEN: Sat Aug 03 23:29:52 India Standard Time 2013
;; MSG SIZE  rcvd: 73

6. Check for DNSSEC Validation :-


C:\Users\kansal>
C:\Users\kansal>dig apnic.net +dnssec @8.8.8.8

; <<>> DiG 9.8.5-P2 <<>> apnic.net +dnssec @8.8.8.8
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8543
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 512
;; QUESTION SECTION:
;apnic.net.                     IN      A

;; ANSWER SECTION:
apnic.net.              3600    IN      A       202.12.29.175
apnic.net.              3600    IN      RRSIG   A 8 2 3600 20130903002809 201308
03232809 42189 apnic.net. Q9D9OKv2qfjs33C3yyuAJhkdxy0ytjgAmsXTjVveVGwXqEcL0tEz7g
2f FKM+RykyuqxG/Tq2mxSlBrxgkhvomBLyR9OpCKvYPPST6deR6DWlztOa DIMYZ90gvpqBDGSiSafr
xcvXAr0ZTUgBZcIAtkOpzEpoOa1zP1f6VRVA vMM=

;; Query time: 386 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Sun Aug 04 11:07:27 India Standard Time 2013
;; MSG SIZE  rcvd: 223
7. Trace the DNS Query :-


C:\Users\kansal>dig india.gov.in +trace

; <<>> DiG 9.8.5-P2 <<>> india.gov.in +trace
;; global options: +cmd
.                       31101   IN      NS      l.root-servers.net.
.                       31101   IN      NS      h.root-servers.net.
.                       31101   IN      NS      c.root-servers.net.
.                       31101   IN      NS      g.root-servers.net.
.                       31101   IN      NS      m.root-servers.net.
.                       31101   IN      NS      e.root-servers.net.
.                       31101   IN      NS      b.root-servers.net.
.                       31101   IN      NS      a.root-servers.net.
.                       31101   IN      NS      j.root-servers.net.
.                       31101   IN      NS      d.root-servers.net.
.                       31101   IN      NS      f.root-servers.net.
.                       31101   IN      NS      k.root-servers.net.
.                       31101   IN      NS      i.root-servers.net.
;; Received 228 bytes from 103.8.44.5#53(103.8.44.5) in 1471 ms

in.                     172800  IN      NS      a0.in.afilias-nst.info.
in.                     172800  IN      NS      a1.in.afilias-nst.in.
in.                     172800  IN      NS      a2.in.afilias-nst.info.
in.                     172800  IN      NS      b0.in.afilias-nst.org.
in.                     172800  IN      NS      b1.in.afilias-nst.in.
in.                     172800  IN      NS      b2.in.afilias-nst.org.
in.                     172800  IN      NS      c0.in.afilias-nst.info.
in.                     172800  IN      NS      ns7.cdns.net.
;; Received 495 bytes from 128.63.2.53#53(h.root-servers.net) in 2994 ms

india.gov.in.           86400   IN      NS      ns7.nic.in.
india.gov.in.           86400   IN      NS      ns1.nic.in.
india.gov.in.           86400   IN      NS      ns10.nic.in.
india.gov.in.           86400   IN      NS      ns2.nic.in.
;; Received 107 bytes from 199.7.87.1#53(a0.in.afilias-nst.info) in 757 ms

india.gov.in.           1800    IN      A       164.100.56.191
india.gov.in.           1800    IN      NS      ns2.nic.in.
india.gov.in.           1800    IN      NS      ns1.nic.in.
india.gov.in.           1800    IN      NS      ns10.nic.in.
india.gov.in.           1800    IN      NS      ns7.nic.in.
;; Received 199 bytes from 164.100.14.3#53(ns1.nic.in) in 55 ms


The above output show you how DNS queries works.
In the above query, i ask for "trace" for the india.gov.in domain.

My resolver first goes to "." (Root NameServer) as every resolver knows about Root Servers only. Root NS replies that 'he don't know about india.gov.in' but he knows about 'NS of .in domain'.
Then resolver goes to NS of ".in" domain and ask for india.gov.in, which in turn replies that he only knows about NS of india.gov.in.
Then resolver goes to NS of 'india.gov.in' which in turn replies the desired query answer.




Popular posts from this blog

Availability of 5 GHz WLAN Channels in India under unlicensed band

Availability of 5 GHz WLAN Channels in India under unlicensed band  In India, Wireless Planning and Coordination Wing of Department of Telecom, under Ministry of Communication takes care of licensing of radio frequencies.  In the latest National Frequency allocation plan 2018 (https://dot.gov.in/sites/default/files/NFAP%202018.pdf), Government of India (GoI), exempted the licensing requirements of the following radio frequency ranges for wireless usage and a gazette notification has also published for this (https://dot.gov.in/sites/default/files/License%20Exemption%20in%205%20GHz%20G_S_R_1048%28E%29%20dated%2022nd%20October%2C%202018_0.pdf)  -- 1.  5150-5250 2. 5250-5350 3. 5470-5725 4. 5725-5875 References

Identity PSK ( iPSK)

With the evolution of IoT (Internet of Things), devices that connect wirelessly have increased many folds. From webcams, Smartwatches, fitness bands, firestick, Alexa, Google Home, and many more.., everything is going wireless for connectivity and so does the security threat. The main concern with IoT devices is the unavailability of the full wireless protocol stack (and in the majority of devices, support of 802.1x is not available). So, previously we only have the WPA-PSK option for connecting the IoT devices.  In WPA*-PSK (WPA or WPA2) WLAN, a Pre-Shared Key (PSK) is configured and distributed to all the clients that connect to the WLAN. This leads to PSK leakage, and it can be accessible to unauthorized users (due to the nature of common PSK across all the devices).  Therefore, there was a need to provision unique PSK or Multiple PSK per SSID. Identity-PSKs are unique pre-shared keys created for clients/groups on the same WLAN. Features of iPSK:-   1.Unique PSK for individual Cli

Summary report of APNIC 55 (APRICOT 2023) Meeting held in Manila, Philippines

APNIC Logo The APNIC 55 meeting was held in Manila, Philippines from 20th Feb to 02nd March 2023. The meeting was hosted by PhNOG, The Philippine Network Operators Group (PhNOG) and supported by DOST- Advanced Science and Technology Institute. Every year, APNIC conferences are held twice, the first of each year is held in conjunction with APRICOT and the second one is a standalone conference. The last such meeting held in India was in 2012, APNIC 33 (which was in conjunction with APRICOT 2012).  APNIC 55 meeting was unique in multiple senses –  i. Firstly, because of the possibility of potential hijack [1] [2][3] of the APNIC Executive Council by Cloud Innovation Ltd. / Larus foundation / NRS, the same organizations which have dragged AFRINIC (RIR for African Continent) into the Mauritius supreme court and at one point nearly halted the AFRINIC operations by getting its bank accounts frozen (over 25 lawsuits have been filed against AFRINIC by Cloud Innovation Ltd.). Number