Computers-it. Checking DNS records with dig.

Checking DNS records with the command dig

DNS stands for Domain Name System and resolves domain names into ip-addresses.

There are 3 main records that DNS holds for each domain - A, CNAME and MX records

The A record holds the ip-address for the domain, the CNAME record holds one or more aliases for the same computer and the MX is the Mail Exchange record and is used to tell mail servers how to route email for this domain.

The command dig is used for querying DNS and is very useful for troubleshooting DNS issues

To query the record for a domain use dig with the domain as the parameter, for example typing the following

dig www.computers-it.com

will query the DNS server listed in your resolv.conf file and display the A records for www.computers-it.com, the output that is returned from the DNS server will be something like the following

; <<>> DiG 9.3.2 <<>> www.computers-it.com
[1]  ;; global options:  printcmd
[2]  ;; Got answer:
[3]  ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20738
[4]  ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

[5]  ;; QUESTION SECTION:
[6]  ;www.computers-it.com.          IN      A

[7]  ;; ANSWER SECTION:
[8]  www.computers-it.com.   10800   IN      A       87.106.118.144

[9]  ;; AUTHORITY SECTION:
[10] computers-it.com.       172800  IN      NS      ns60.1and1.co.uk.
[11] computers-it.com.       172800  IN      NS      ns59.1and1.co.uk.

[12] ;; ADDITIONAL SECTION:
[13] ns59.1and1.co.uk.       8228    IN      A       195.20.224.84
[14] ns60.1and1.co.uk.       60725   IN      A       212.227.123.78

[15] ;; Query time: 126 msec
[16] ;; SERVER: 193.33.234.3#53(193.33.234.3)
[17] ;; WHEN: Fri Feb  6 13:27:26 2009
[18] ;; MSG SIZE  rcvd: 135

The numbering at the beginning of each line is there to help with the explanation and are not part of the output.

The lines beginning with ;; are comments.

Line [1] shows the version of dig (9.3.2), plus the command line options (www.computers-it.com).

Line [2] gives the query options (printcmd) which just means print these top two lines.

Lines [3] and [4] display the header of the response it received from the DNS server with its various options.
opcode: QUERY shows that this was a standard query, and status: NOERROR shows there were no errors.
The flags displayed on line [4] have the following meaning: qr = query, rd = recursion desired, ra = recursion available.

Lines [5] and [6] are the question section and show us details of the query, in this case the A record (ip-address) of www.computers-it.com and that it is in the internet class denoted by IN.

Lines [7] and [8] are the answer section and show that www.computers-it.com has the ip-address 87.106.118.144 .

Lines [9], [10] and [11] are the authority section and show which name servers (NS) have authority for this domain and can provide an authoritative answer. In this case there are two such servers ns60.1and1.co.uk and ns59.1and1.co.uk .

Lines [12], [13], [14] are the additional section and display the ip-addresses for each of the name servers in the authority section.

Lastly lines [15] to [18] provide some stats about the query, the time it took, the ip-address of the server the query originated from, the date and time of the query and the size of the query.