Linux常用命令-dig

发表于 2021-10-26 分类于 command

命令

dig

描述

DNS lookup utility
DNS查询工具

用法

1
2
3

dig [@global-server] [domain] [q-type] [q-class] {q-opt}
    {global-d-opt} host [@local-server] {local-d-opt}
    [ host [@local-server] {local-d-opt} [...]]

选项

Options:
domain	 域名,支持多个
q-class  is one of (in,hs,ch,...) [default: in]
q-type   is one of (a,any,mx,ns,soa,hinfo,axfr,txt,...) [default:a]
         (Use ixfr=version for type ixfr)
q-opt    is one of:
         -4                  使用IPv4查询
         -6                  使用IPv6查询
         -b address[#port]   绑定源地址/端口
         -c class            指定查询类型
         -f filename         批量查询,指定域名文件
         -i                  使用IP6.INT进行IPv6反向查找
         -k keyfile          指定tsig密钥文件
         -m                  (enable memory usage debugging)
         -p port             指定端口
         -q name             指定查询名称
         -t type             指定类型
         -u                  查询时间显示为微秒,默认为毫秒
         -x dot-notation     反向查找的快捷方式
         -y [hmac:]name:key  指定命名的base64 tsig密钥

d-opt    is of the form +keyword[=value], where keyword is:
         +[no]aaflag         (Set AA flag in query (+[no]aaflag))
         +[no]aaonly         (Set AA flag in query (+[no]aaflag))
         +[no]additional     (Control display of additional section)
         +[no]adflag         (Set AD flag in query (default on))
         +[no]all            (Set or clear all display flags)
         +[no]answer         (Control display of answer section)
         +[no]authority      (Control display of authority section)
         +[no]badcookie      (Retry BADCOOKIE responses)
         +[no]besteffort     (Try to parse even illegal messages)
         +bufsize=###        (Set EDNS0 Max UDP packet size)
         +[no]cdflag         (Set checking disabled flag in query)
         +[no]class          (Control display of class in records)
         +[no]cmd            (Control display of command line)
         +[no]comments       (Control display of comment lines)
         +[no]cookie         (Add a COOKIE option to the request)
         +[no]crypto         (Control display of cryptographic fields in records)
         +[no]defname        (Use search list (+[no]search))
         +[no]dnssec         (Request DNSSEC records)
         +domain=###         (Set default domainname)
         +[no]dscp[=###]     (Set the DSCP value to ### [0..63])
         +[no]edns[=###]     (Set EDNS version) [0]
         +ednsflags=###      (Set EDNS flag bits)
         +[no]ednsnegotiation (Set EDNS version negotiation)
         +ednsopt=###[:value] (Send specified EDNS option)
         +noednsopt          (Clear list of +ednsopt options)
         +[no]expire         (Request time to expire)
         +[no]fail           (Don't try next server on SERVFAIL)
         +[no]header-only    (Send query without a question section)
         +[no]identify       (ID responders in short answers)
         +[no]idnin          (Parse IDN names)
         +[no]idnout         (Convert IDN response)
         +[no]ignore         (Don't revert to TCP for TC responses.)
         +[no]keepopen       (Keep the TCP socket open between queries)
         +[no]mapped         (Allow mapped IPv4 over IPv6)
         +[no]multiline      (Print records in an expanded format)
         +ndots=###          (Set search NDOTS value)
         +[no]nsid           (Request Name Server ID)
         +[no]nssearch       (Search all authoritative nameservers)
         +[no]onesoa         (AXFR prints only one soa record)
         +[no]opcode=###     (Set the opcode of the request)
         +[no]qr             (Print question before sending)
         +[no]question       (Control display of question section)
         +[no]rdflag         (Recursive mode (+[no]recurse))
         +[no]recurse        (Recursive mode (+[no]rdflag))
         +retry=###          (Set number of UDP retries) [2]
         +[no]rrcomments     (Control display of per-record comments)
         +[no]search         (Set whether to use searchlist)
         +[no]short          (Display nothing except short
                              form of answer)
         +[no]showsearch     (Search with intermediate results)
         +[no]sigchase       (Chase DNSSEC signatures)
         +[no]split=##       (Split hex/base64 fields into chunks)
         +[no]stats          (Control display of statistics)
         +subnet=addr        (Set edns-client-subnet option)
         +[no]tcp            (TCP mode (+[no]vc))
         +timeout=###        (Set query timeout) [5]
         +[no]topdown        (Do +sigchase in top-down mode)
         +[no]trace          (Trace delegation down from root [+dnssec])
         +trusted-key=####   (Trusted Key to use with +sigchase)
         +tries=###          (Set number of UDP attempts) [3]
         +[no]ttlid          (Control display of ttls in records)
         +[no]ttlunits       (Display TTLs in human-readable units)
         +[no]unknownformat  (Print RDATA in RFC 3597 "unknown" format)
         +[no]vc             (TCP mode (+[no]tcp))
         +[no]zflag          (Set Z flag in query)
global d-opts and servers (before host name) affect all queries.
local d-opts and servers (after host name) affect only that lookup.

注意

dig命令需要额外的软件包,centos系统为bind-utils软件包,ubuntu系统下为dnsutils软件包

示例

$ dig -v
DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.7

# 默认显示13台根域名服务器
$ dig
; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.7 <<>>
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48000
;; flags: qr rd ra; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;.				IN	NS

;; ANSWER SECTION:
.			5	IN	NS	e.root-servers.net.
.			5	IN	NS	j.root-servers.net.
.			5	IN	NS	i.root-servers.net.
.			5	IN	NS	l.root-servers.net.
.			5	IN	NS	f.root-servers.net.
.			5	IN	NS	a.root-servers.net.
.			5	IN	NS	c.root-servers.net.
.			5	IN	NS	d.root-servers.net.
.			5	IN	NS	k.root-servers.net.
.			5	IN	NS	m.root-servers.net.
.			5	IN	NS	g.root-servers.net.
.			5	IN	NS	h.root-servers.net.
.			5	IN	NS	b.root-servers.net.

# 默认查询域名CNAME记录和A记录,并显示扩展信息
$ dig www.baidu.com
; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.7 <<>> www.baidu.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32698
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;www.baidu.com.			IN	A

;; ANSWER SECTION:
www.baidu.com.		5	IN	CNAME	www.a.shifen.com.
www.a.shifen.com.	5	IN	A	110.242.68.4
www.a.shifen.com.	5	IN	A	110.242.68.3

;; Query time: 6 msec
;; SERVER: 192.168.80.2#53(192.168.80.2)
;; WHEN: Tue Oct 26 20:13:48 CST 2021
;; MSG SIZE  rcvd: 90

# 查询CNAME记录,-t可以省略
$ dig -t cname www.baidu.com
$ dig cname www.baidu.com
;; QUESTION SECTION:
;www.baidu.com.			IN	CNAME

;; ANSWER SECTION:
www.baidu.com.		5	IN	CNAME	www.a.shifen.com.

# 指定DNS服务器
$ dig @223.5.5.5 www.aliyun.com
; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.7 <<>> @223.5.5.5 www.aliyun.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20672
;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;www.aliyun.com.			IN	A

;; ANSWER SECTION:
www.aliyun.com.		18	IN	CNAME	www-jp-de-intl-adns.aliyun.com.
www-jp-de-intl-adns.aliyun.com.	18 IN	CNAME	www-jp-de-intl-adns.aliyun.com.gds.alibabadns.com.
www-jp-de-intl-adns.aliyun.com.gds.alibabadns.com. 18 IN CNAME na61-na62.wagbridge.alibaba.aliyun.com.
na61-na62.wagbridge.alibaba.aliyun.com.	18 IN CNAME na61-na62.wagbridge.alibaba.aliyun.com.gds.alibabadns.com.
na61-na62.wagbridge.alibaba.aliyun.com.gds.alibabadns.com. 18 IN A 203.119.211.244

;; Query time: 6 msec
;; SERVER: 223.5.5.5#53(223.5.5.5)
;; WHEN: Tue Oct 26 20:41:29 CST 2021
;; MSG SIZE  rcvd: 226

# 查询多个域名
$ more domain
www.baidu.com
www.aliyun.com
$ dig -f domain
...
;; QUESTION SECTION:
;www.baidu.com.			IN	A

;; ANSWER SECTION:
www.baidu.com.		5	IN	CNAME	www.a.shifen.com.
www.a.shifen.com.	5	IN	A	110.242.68.3
www.a.shifen.com.	5	IN	A	110.242.68.4

;; QUESTION SECTION:
;www.aliyun.com.			IN	A

;; ANSWER SECTION:
www.aliyun.com.		5	IN	CNAME	www-jp-de-intl-adns.aliyun.com.
www-jp-de-intl-adns.aliyun.com.	5 IN	CNAME	www-jp-de-intl-adns.aliyun.com.gds.alibabadns.com.
www-jp-de-intl-adns.aliyun.com.gds.alibabadns.com. 5 IN	CNAME na61-na62.wagbridge.alibaba.aliyun.com.
na61-na62.wagbridge.alibaba.aliyun.com.	5 IN CNAME na61-na62.wagbridge.alibaba.aliyun.com.gds.alibabadns.com.
na61-na62.wagbridge.alibaba.aliyun.com.gds.alibabadns.com. 5 IN	A 203.119.214.114
...

# 定制显示内容
$ dig +noall +answer www.baidu.com
www.baidu.com.		5	IN	CNAME	www.a.shifen.com.
www.a.shifen.com.	5	IN	A	110.242.68.3
www.a.shifen.com.	5	IN	A	110.242.68.4

$ dig +noall +short www.baidu.com
www.a.shifen.com.
110.242.68.3
110.242.68.4

$ dig +noall +stats www.baidu.com
;; Query time: 6 msec
;; SERVER: 192.168.80.2#53(192.168.80.2)
;; WHEN: Tue Oct 26 20:27:06 CST 2021
;; MSG SIZE  rcvd: 90

# 显示多行信息,类似bind配置格式. 注意以下命令的选项位置不能变,+nocmd必须在域名之前
$ dig +nocmd baidu.com any +multiline +noall +answer
baidu.com.		159 IN SOA dns.baidu.com. sa.baidu.com. (
				2012144885 ; serial
				300        ; refresh (5 minutes)
				300        ; retry (5 minutes)
				2592000    ; expire (4 weeks 2 days)
				7200       ; minimum (2 hours)
				)
baidu.com.		159 IN MX 20 mx1.baidu.com.
baidu.com.		159 IN MX 10 mx.maillb.baidu.com.
baidu.com.		159 IN MX 15 mx.n.shifen.com.
baidu.com.		159 IN MX 20 mx50.baidu.com.
baidu.com.		159 IN MX 20 jpmx.baidu.com.
baidu.com.		159 IN MX 20 usmx01.baidu.com.
baidu.com.		159 IN TXT "google-site-verification=GHb98-6msqyx_qqjGl5eRatD3QTHyVB6-xQ3gJB5UwM"
baidu.com.		159 IN TXT "v=spf1 include:spf1.baidu.com include:spf2.baidu.com include:spf3.baidu.com include:spf4.baidu.com a mx ptr -all"
baidu.com.		159 IN A 220.181.38.148
baidu.com.		159 IN A 220.181.38.251
baidu.com.		159 IN NS dns.baidu.com.
baidu.com.		159 IN NS ns3.baidu.com.
baidu.com.		159 IN NS ns7.baidu.com.
baidu.com.		159 IN NS ns2.baidu.com.
baidu.com.		159 IN NS ns4.baidu.com.

# 追踪解析路径
$ dig www.baidu.com +trace

# 查看bind服务器的版本
$ dig @x.x.x.x CHAOS TXT version.bind