Linux常用命令-dig

命令

dig

描述

DNS lookup utility
DNS查询工具

用法

1
2
3
dig [@global-server] [domain] [q-type] [q-class] {q-opt}
{global-d-opt} host [@local-server] {local-d-opt}
[ host [@local-server] {local-d-opt} [...]]

选项

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
Options:
domain 域名,支持多个
q-class is one of (in,hs,ch,...) [default: in]
q-type is one of (a,any,mx,ns,soa,hinfo,axfr,txt,...) [default:a]
(Use ixfr=version for type ixfr)
q-opt is one of:
-4 使用IPv4查询
-6 使用IPv6查询
-b address[#port] 绑定源地址/端口
-c class 指定查询类型
-f filename 批量查询,指定域名文件
-i 使用IP6.INT进行IPv6反向查找
-k keyfile 指定tsig密钥文件
-m (enable memory usage debugging)
-p port 指定端口
-q name 指定查询名称
-t type 指定类型
-u 查询时间显示为微秒,默认为毫秒
-x dot-notation 反向查找的快捷方式
-y [hmac:]name:key 指定命名的base64 tsig密钥

d-opt is of the form +keyword[=value], where keyword is:
+[no]aaflag (Set AA flag in query (+[no]aaflag))
+[no]aaonly (Set AA flag in query (+[no]aaflag))
+[no]additional (Control display of additional section)
+[no]adflag (Set AD flag in query (default on))
+[no]all (Set or clear all display flags)
+[no]answer (Control display of answer section)
+[no]authority (Control display of authority section)
+[no]badcookie (Retry BADCOOKIE responses)
+[no]besteffort (Try to parse even illegal messages)
+bufsize=### (Set EDNS0 Max UDP packet size)
+[no]cdflag (Set checking disabled flag in query)
+[no]class (Control display of class in records)
+[no]cmd (Control display of command line)
+[no]comments (Control display of comment lines)
+[no]cookie (Add a COOKIE option to the request)
+[no]crypto (Control display of cryptographic fields in records)
+[no]defname (Use search list (+[no]search))
+[no]dnssec (Request DNSSEC records)
+domain=### (Set default domainname)
+[no]dscp[=###] (Set the DSCP value to ### [0..63])
+[no]edns[=###] (Set EDNS version) [0]
+ednsflags=### (Set EDNS flag bits)
+[no]ednsnegotiation (Set EDNS version negotiation)
+ednsopt=###[:value] (Send specified EDNS option)
+noednsopt (Clear list of +ednsopt options)
+[no]expire (Request time to expire)
+[no]fail (Don't try next server on SERVFAIL)
+[no]header-only (Send query without a question section)
+[no]identify (ID responders in short answers)
+[no]idnin (Parse IDN names)
+[no]idnout (Convert IDN response)
+[no]ignore (Don't revert to TCP for TC responses.)
+[no]keepopen (Keep the TCP socket open between queries)
+[no]mapped (Allow mapped IPv4 over IPv6)
+[no]multiline (Print records in an expanded format)
+ndots=### (Set search NDOTS value)
+[no]nsid (Request Name Server ID)
+[no]nssearch (Search all authoritative nameservers)
+[no]onesoa (AXFR prints only one soa record)
+[no]opcode=### (Set the opcode of the request)
+[no]qr (Print question before sending)
+[no]question (Control display of question section)
+[no]rdflag (Recursive mode (+[no]recurse))
+[no]recurse (Recursive mode (+[no]rdflag))
+retry=### (Set number of UDP retries) [2]
+[no]rrcomments (Control display of per-record comments)
+[no]search (Set whether to use searchlist)
+[no]short (Display nothing except short
form of answer)
+[no]showsearch (Search with intermediate results)
+[no]sigchase (Chase DNSSEC signatures)
+[no]split=## (Split hex/base64 fields into chunks)
+[no]stats (Control display of statistics)
+subnet=addr (Set edns-client-subnet option)
+[no]tcp (TCP mode (+[no]vc))
+timeout=### (Set query timeout) [5]
+[no]topdown (Do +sigchase in top-down mode)
+[no]trace (Trace delegation down from root [+dnssec])
+trusted-key=#### (Trusted Key to use with +sigchase)
+tries=### (Set number of UDP attempts) [3]
+[no]ttlid (Control display of ttls in records)
+[no]ttlunits (Display TTLs in human-readable units)
+[no]unknownformat (Print RDATA in RFC 3597 "unknown" format)
+[no]vc (TCP mode (+[no]tcp))
+[no]zflag (Set Z flag in query)
global d-opts and servers (before host name) affect all queries.
local d-opts and servers (after host name) affect only that lookup.

注意

dig命令需要额外的软件包,centos系统为bind-utils软件包,ubuntu系统下为dnsutils软件包

示例

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
$ dig -v
DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.7

# 默认显示13台根域名服务器
$ dig
; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.7 <<>>
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48000
;; flags: qr rd ra; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;. IN NS

;; ANSWER SECTION:
. 5 IN NS e.root-servers.net.
. 5 IN NS j.root-servers.net.
. 5 IN NS i.root-servers.net.
. 5 IN NS l.root-servers.net.
. 5 IN NS f.root-servers.net.
. 5 IN NS a.root-servers.net.
. 5 IN NS c.root-servers.net.
. 5 IN NS d.root-servers.net.
. 5 IN NS k.root-servers.net.
. 5 IN NS m.root-servers.net.
. 5 IN NS g.root-servers.net.
. 5 IN NS h.root-servers.net.
. 5 IN NS b.root-servers.net.

# 默认查询域名CNAME记录和A记录,并显示扩展信息
$ dig www.baidu.com
; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.7 <<>> www.baidu.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32698
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;www.baidu.com. IN A

;; ANSWER SECTION:
www.baidu.com. 5 IN CNAME www.a.shifen.com.
www.a.shifen.com. 5 IN A 110.242.68.4
www.a.shifen.com. 5 IN A 110.242.68.3

;; Query time: 6 msec
;; SERVER: 192.168.80.2#53(192.168.80.2)
;; WHEN: Tue Oct 26 20:13:48 CST 2021
;; MSG SIZE rcvd: 90

# 查询CNAME记录,-t可以省略
$ dig -t cname www.baidu.com
$ dig cname www.baidu.com
;; QUESTION SECTION:
;www.baidu.com. IN CNAME

;; ANSWER SECTION:
www.baidu.com. 5 IN CNAME www.a.shifen.com.

# 指定DNS服务器
$ dig @223.5.5.5 www.aliyun.com
; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.7 <<>> @223.5.5.5 www.aliyun.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20672
;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;www.aliyun.com. IN A

;; ANSWER SECTION:
www.aliyun.com. 18 IN CNAME www-jp-de-intl-adns.aliyun.com.
www-jp-de-intl-adns.aliyun.com. 18 IN CNAME www-jp-de-intl-adns.aliyun.com.gds.alibabadns.com.
www-jp-de-intl-adns.aliyun.com.gds.alibabadns.com. 18 IN CNAME na61-na62.wagbridge.alibaba.aliyun.com.
na61-na62.wagbridge.alibaba.aliyun.com. 18 IN CNAME na61-na62.wagbridge.alibaba.aliyun.com.gds.alibabadns.com.
na61-na62.wagbridge.alibaba.aliyun.com.gds.alibabadns.com. 18 IN A 203.119.211.244

;; Query time: 6 msec
;; SERVER: 223.5.5.5#53(223.5.5.5)
;; WHEN: Tue Oct 26 20:41:29 CST 2021
;; MSG SIZE rcvd: 226

# 查询多个域名
$ more domain
www.baidu.com
www.aliyun.com
$ dig -f domain
...
;; QUESTION SECTION:
;www.baidu.com. IN A

;; ANSWER SECTION:
www.baidu.com. 5 IN CNAME www.a.shifen.com.
www.a.shifen.com. 5 IN A 110.242.68.3
www.a.shifen.com. 5 IN A 110.242.68.4

;; QUESTION SECTION:
;www.aliyun.com. IN A

;; ANSWER SECTION:
www.aliyun.com. 5 IN CNAME www-jp-de-intl-adns.aliyun.com.
www-jp-de-intl-adns.aliyun.com. 5 IN CNAME www-jp-de-intl-adns.aliyun.com.gds.alibabadns.com.
www-jp-de-intl-adns.aliyun.com.gds.alibabadns.com. 5 IN CNAME na61-na62.wagbridge.alibaba.aliyun.com.
na61-na62.wagbridge.alibaba.aliyun.com. 5 IN CNAME na61-na62.wagbridge.alibaba.aliyun.com.gds.alibabadns.com.
na61-na62.wagbridge.alibaba.aliyun.com.gds.alibabadns.com. 5 IN A 203.119.214.114
...

# 定制显示内容
$ dig +noall +answer www.baidu.com
www.baidu.com. 5 IN CNAME www.a.shifen.com.
www.a.shifen.com. 5 IN A 110.242.68.3
www.a.shifen.com. 5 IN A 110.242.68.4

$ dig +noall +short www.baidu.com
www.a.shifen.com.
110.242.68.3
110.242.68.4

$ dig +noall +stats www.baidu.com
;; Query time: 6 msec
;; SERVER: 192.168.80.2#53(192.168.80.2)
;; WHEN: Tue Oct 26 20:27:06 CST 2021
;; MSG SIZE rcvd: 90

# 显示多行信息,类似bind配置格式. 注意以下命令的选项位置不能变,+nocmd必须在域名之前
$ dig +nocmd baidu.com any +multiline +noall +answer
baidu.com. 159 IN SOA dns.baidu.com. sa.baidu.com. (
2012144885 ; serial
300 ; refresh (5 minutes)
300 ; retry (5 minutes)
2592000 ; expire (4 weeks 2 days)
7200 ; minimum (2 hours)
)
baidu.com. 159 IN MX 20 mx1.baidu.com.
baidu.com. 159 IN MX 10 mx.maillb.baidu.com.
baidu.com. 159 IN MX 15 mx.n.shifen.com.
baidu.com. 159 IN MX 20 mx50.baidu.com.
baidu.com. 159 IN MX 20 jpmx.baidu.com.
baidu.com. 159 IN MX 20 usmx01.baidu.com.
baidu.com. 159 IN TXT "google-site-verification=GHb98-6msqyx_qqjGl5eRatD3QTHyVB6-xQ3gJB5UwM"
baidu.com. 159 IN TXT "v=spf1 include:spf1.baidu.com include:spf2.baidu.com include:spf3.baidu.com include:spf4.baidu.com a mx ptr -all"
baidu.com. 159 IN A 220.181.38.148
baidu.com. 159 IN A 220.181.38.251
baidu.com. 159 IN NS dns.baidu.com.
baidu.com. 159 IN NS ns3.baidu.com.
baidu.com. 159 IN NS ns7.baidu.com.
baidu.com. 159 IN NS ns2.baidu.com.
baidu.com. 159 IN NS ns4.baidu.com.

# 追踪解析路径
$ dig www.baidu.com +trace

# 查看bind服务器的版本
$ dig @x.x.x.x CHAOS TXT version.bind