Software for Good Logo
Insights / September 17, 2015

Digging into`dig`: An Intro

By Kevin Bullock

First in a three-part series. Read parts two and three

While debugging an issue with ElastiCache for the Star Tribune, I had a chance to use a public Internet research tool that not many people know about: The global DNS system.

Research tool? Yes, although most everyone thinks of DNS as a new-fangled form of Yellow Pages that slavishly translates memorable domain names like cuteoverload.com, dowebsitesneedtolookexactlythesameineverybrowser.com, and softwareforgood.com into their corresponding IP addresses, it’s actually quite a clever public, distributed database to which we all have access.

The command-line tools necessary to explore this database are probably already present on whatever computer you’re using, namely: dig(1). Here’s how to get started.

Let your fingers do the walking

Let’s do some basic DNS queries in a terminal, like your browser would do when you type in a URL:

 $ dig google.com

 ; <<>> DiG 9.8.3-P1 <<>> google.com
 ;; global options: +cmd
 ;; Got answer:
 ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38752
 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

 ;; QUESTION SECTION:
 ;google.com. IN A

 ;; ANSWER SECTION:
 google.com. 266 IN A 216.58.216.206

 ;; Query time: 137 msec
 ;; SERVER: 8.8.8.8#53(8.8.8.8)
 ;; WHEN: Fri Jul 31 15:26:17 2015
 ;; MSG SIZE rcvd: 44

(Note there’s no apt-get install or brew install step there: dig comes pre-installed on OS X and most Linux distributions. Even on Windows, the similar nslookup tool is available in the command shell.)

There’s a lot of good detail there if you want to sort through it, but let’s focus in a little bit. dig has many querying and formatting options listed in its manpage, which lets you turn on and off various parts of the output shown above. To see only the IP address that gets returned, you can use +short, but I often want to see the entire answer line as shown above. For this, I turn off all the output except for that section:

    $ dig +noall +answer google.com
    google.com.		300	IN	A	216.58.216.238

That’s the basic usage, and enough information to get started. Next week I’ll explain what ‘300’, ‘IN’, and ‘A’ mean, and why they matter for your deployments.