LINUXMAKER, OpenSource, Tutorials

The Dig HowTo

How is dig used to query DNS name servers?

Just as the nslookup command, dig (domain information groper) on Linux, Unix macOS, and Windows is a command that queries information from DNS servers. DNS means "Domain Name Service" and is used to convert IP addresses into domains or vice versa. dig is the more modern alternative to nslookup. It dispenses with the interactive operating mode of nslookup. And it provides more comprehensive query capabilities for virtually all candidate DNS information. Dig is part of the open source distribution BIND v9.x of the ISC (BIND-tools).
Since dig is now part of all Linux distributions, you no longer need to compile dig yourself. For example, dig is already packaged in the following Linux distributions: dnsutils (Debian), bind-utils (Red Hat, Fedora), and bind-tools (Gentoo).
How to configure a BIND name server is described here.

What the standard Dig output tells us

The simplest query is for a single host. By default, dig is already quite talkative. In all likelihood, not all information is needed in the standard output. Since it makes sense to know about their meaningfulness, here follows a documented query.


This command line call from dig retrieves information about the host at

<<>> DiG 9.11.2-5-Debian <<>>
;; global options: +cmd

The opening section of the dig output says something about the version used (9.11.2) and the global options that are set (in this case +cmd). This part of the output can be suppressed with the option +nocmd, so in this way:

dig +nocmd

;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62145
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

At this point, dig provides some technical details about the DNS server's response. This section of the output can be switched on or off with the option +[no]comments. Disabling comments will also disable many section headings!

dig +nocomments
dig +comments
; EDNS: version: 0, flags:; udp: 4096
; .                 IN      A

In the Question sector dig reminds us of our request. The standard query refers to an Internet address (A). This can also be switched on or off with the option +[no]question.

;; ANSWER SECTION:            60      IN      A
;; Query time: 48 msec
;; WHEN: Sun Jan 21 10:44:44 CET 2018
;; MSG SIZE  rcvd: 56

The answer then provides the answer sector. The IP address of is Again, this section of the output can be turned off with the +[no]answer option, although it makes no sense, as that is the key piece of information.


The "Authority" section provides information about which DNS servers can provide an authoritative response to our request. In this case, has three name servers. This section can also be deactivated or activated with the option +[no]authority.

 ;; ADDITIONAL SECTION: 171551 IN A 2351 IN A 2351 IN AAAA 2001:4f8:0:2::15

The additional section usually contains the IP addresses of the DNS servers listed in the Authority section. This section of the output can be activated/deactivated with the option +[no]additional.

 ;;  Abfragezeit: 2046 ms
 ;;  SERVER: # 53 (
 ;;  WANN: Fr 27. August 08.22.26 2004
 ;;  MSG-Größe rcvd: 173

This final section of the output contains some statistics about the query. It can also be disabled or enabled with the +[no]stats option.