Skip to main content

How to install DIG in Windows Machine

DIG is a domain query tool and a part of BIND package of ISC.
Using dig is very simple in Linux but is little bit tricky to use the same in Windows.

I have tried to do the same and sharing you the steps which i follow for configuring the dig in my windows machine.


How to install dig in Windows :-

1. Create a folder for dig (eg: C:\dig)

2. Download the latest version (currently which is 9.8.5-P2) of BIND software from here (ZIP format)

3. Extract the .zip file and copy the dig.* and *.dll files in the folder created in step 1

4. Add the folder in the Environment Variables path settings (Right click on My Computer --> click on Properties --> Advance System Settings --> Environmental Variables --> Path )


Use dig more efficiently (using .digrc) :-

dig gives lot of information in its output which may not be useful in most of cases (and may be annoying for some of us). To cut short the dig output to show you only the answer section, you need to give lot of parameters to instruct dig.

     
C:\Users\kansal>dig india.gov.in any +nostats +nocomments +nocmd +noquestion +recurse    
                                                                                                                                              
  india.gov.in.           84      IN      AAAA    2001:4408:5200::a464:38bf                                 
  india.gov.in.           853     IN      A       164.100.56.191                                                       
  india.gov.in.           853     IN      NS      ns2.nic.in.                                                               
  india.gov.in.           853     IN      NS      ns1.nic.in.                                                               
  india.gov.in.           853     IN      NS      ns10.nic.in.                                                             
  india.gov.in.           853     IN      NS      ns7.nic.in.       

Now to give lot of parameters in every query string is not feasible (especially to Windows guys who believe in using mouse more than keyword :) ).          

After going through the dig man page, i found  a b'ful solution to get rid of entering parameters every time.

Create a file and named it as ".digrc", and add the required parameters in that file.
dig command will read the parameters from that file and concatenate the o/p based on the parameters based in '.digrc' file.                                                                                                                         



I create a file ".digrc" in C:\dig\ folder. Now the problem is how to tell dig to where to find the .digrc file.

Solution of this is too simple. Just create a 'home' variable and add a value "C:\dig\" for the same.


Now to just check whether everything is working or not as per desired -






Bingo :) we get the desired output without giving  the required parameters.

P.S.- Bind 9.9.5 is the latest version of Bind which is in ESV (Extended Support Version). In this version, normal bind 9.9.5 dig utility wait continuously for indefinite period of time after query through dig command in Windows OS and user have to use Ctrl+C for getting the prompt again. This is a bug in Bind 9.9.5 dig tool which got hits when dig tool is used separately in windows environment (i.e., when only dig tool is used in Windows).
This bug has been rectified in Bind 9.9.5-W1 version which can be downloaded from here.


Popular posts from this blog

Flaw in ServerKeyExchange messages of TLS Protocol

Here we will discuss the flaw in the ServerKeyExchange messages of the TLS protocol which caused the Logjam attack over TLS while using Diffie-Hellman Key Exchange. Before SSLv3, we don't use to authenticate the ServerKeyExchange messages where server negotiates with client regarding usage of cipersuite and parameters. From onwards SSLv3, TLS send the signed message where it mention about parameters it will use but remain silent over ciphersuite. Or in other words, signed portion contains parameters but not contain information about ciphersuite the server will going to use. Now just to remind you, the difference between DH and DH-EXPORT is the size of parameters only. So how to use this flaw - If the server supports DH-EXPORT, an attacker (Men-in-the-Middle) can edit the negotiation sent by the client (even if client doesn't support DH-EXPORT), and replace the list of client supported ciphersuite with DH-EXPORT only. The server will in turn send back a

Identity PSK ( iPSK)

With the evolution of IoT (Internet of Things), devices that connect wirelessly have increased many folds. From webcams, Smartwatches, fitness bands, firestick, Alexa, Google Home, and many more.., everything is going wireless for connectivity and so does the security threat. The main concern with IoT devices is the unavailability of the full wireless protocol stack (and in the majority of devices, support of 802.1x is not available). So, previously we only have the WPA-PSK option for connecting the IoT devices.  In WPA*-PSK (WPA or WPA2) WLAN, a Pre-Shared Key (PSK) is configured and distributed to all the clients that connect to the WLAN. This leads to PSK leakage, and it can be accessible to unauthorized users (due to the nature of common PSK across all the devices).  Therefore, there was a need to provision unique PSK or Multiple PSK per SSID. Identity-PSKs are unique pre-shared keys created for clients/groups on the same WLAN. Features of iPSK:-   1.Unique PSK for individual Cli