Linux Commands

How to Install and Use DIG on Debian 9

The full form of DIG is Domain Information Groper. It is a command line utility for network administrators.The domain name we use such as google.com, linuxhint.com etc are possible because of DNS (Domain Name System) servers. DIG is used to query the DNS server, mainly to troubleshoot the DNS server. With DIG, you can check many things like the name server of a particular domain, the mail servers of a particular domain and many more information.

DIG is mainly used by DNS server administrators to verify whether the DNS server is working correctly.

In this article, I will show you how to install DIG on Debian 9 and use DIG. Let’s get started.

Installing DIG on Debian 9:

DIG is a part of dnsutils package. DIG is not installed by default on Debian 9 Stretch. The good news is that it is really easy to install as it is available in the official package repository of Debian 9.

First update the APT package repository cache with the following command:

$ sudo apt update

The APT package repository cache should be updated.

Now install dnsutils package with the following command:

$ sudo apt install dnsutils

Now press y and then press <Enter>.

dnsutils should be installed.

Now to check whether the dig command is available and working correctly, run the following command:

$ dig -v

As you can see, dig is available and working correctly.

In the next sections, I will show you how to use dig.

Basics of dig:

The basic usage of dig command is to lookup a DNS address. By default, on Debian 9, dig uses the /etc/resolv.conf file to find out which DNS server to use.

This is what the /etc/resolv.conf file looks like. To change the DNS server, just change the IP address of the nameserver as marked in the screenshot below. In my case, it is 192.168.10.1, which is the IP address of my router.

Now to use dig to lookup the DNS information of the DNS name of google.com, run the following command:

$ dig google.com

As you can see, a lot of DNS data is printed on the screen. The marked section shows that the domain name google.com has these IP addresses. A domain name can have multiple IP addresses. It is mainly used for the load balancing purpose.

If you scroll down, you will see the how many milliseconds you needed (Query time) to resolve the domain name google.com. In my case, it was 71 milliseconds (msec). It varies depending on your geographical location and the name server you used.

You can also see which name server was used for the query. In my case, it is the name server in my /etc/resolv.conf, which is 192.168.10.1. The port of the DNS server is by default is 53.

The DNS response size or MSG SIZE is 931 bytes as you can see. These are important information that you may need to troubleshoot or test your DNS server configurations.

That’s basically how you use dig. In the next sections, I will show you different things you can do with dig.

Changing Name Server:

When you’re testing your DNS server, you may not want to set it in the /etc/resolv.conf until you know it works for sure. You can tell dig which name server to use as follows:

$ dig @nameserver google.com

NOTE: Replace nameserver with the DNS server that you want dig to use.

Let’s say, we want dig to use the DNS server 192.168.2.1, then the command would be:

$ dig @192.168.2.1 google.com

As you can see, the same information is returned. The Query time is now 13 milliseconds, and the SERVER is changed to 192.168.2.1. The MSG SIZE is also 124 bytes.

Dig the MX Records with dig:

You can find the MX records (used in email servers) of a domain name with dig with the following command:

$ dig @192.168.2.1 google.com MX

As you can see in the marked section of the screenshot below, these are the email addresses associated with the domain google.com.

Dig the NS records using dig:

You can find the name servers associated with the domain name google.com with dig with the following command:

$ dig @192.168.2.1 google.com NS

As you can see in the marked section of the screenshot below, these are the name servers associated with the domain google.com.

Dig All the Information About a Domain Name with dig:

You can find out all the information about a domain name google.com with dig with the following command:

$ dig @192.168.2.1 google.com any

As you can see, all the DNS records (A, AAAA, MX, NS, TXT, SOA etc) for google.com is printed on the screen.

dig Short Output:

All the dig commands we ran earlier printed a lot of information in a nicely formatted text. But if you would rather see a short output, just add +short at the end of your dig command as follows:

$ dig @192.168.2.1 google.com any +short

As you can see, only the DNS records are printed. You have to determine which is what in this list as it has no indication as to which is an A record, which is an MX record etc. But if you look closely for a little bit, you will be able to figure out which is what record very easily. For example, all the IPv4 addresses are A records. All the IPv6 addresses are AAAA records. All the lines that start with a number and then a Fully Qualified Domain Name (FQDN) are MX records. All the lines that have text between quotes are TXT records. All the lines that start with ns*.google.com are NS records.

A line that has two FQDN and 5 numbers separated by space (ns1.google.com. dns-admin.google.com. 210455048 900 900 1800 60) is a SOA record.

Getting Help with dig:

dig command has a lot of options. It is out of the scope of this article to show them all. You can run the following command to find out what options are available and what they do:

$ dig -h

dig Help:

So that’s how you install and use dig on Debian 9 Stretch. Thanks for reading this article.

About the author

Shahriar Shovon

Freelancer & Linux System Administrator. Also loves Web API development with Node.js and JavaScript. I was born in Bangladesh. I am currently studying Electronics and Communication Engineering at Khulna University of Engineering & Technology (KUET), one of the demanding public engineering universities of Bangladesh.