dig (domain information groper) 指令是在做 DNS 查詢時常見的指令

這邊整理一下這個指令的用法與解讀

這邊是基本的 dig output

我們看的資訊大致分成幾塊

• HEADER
• QUESTION SECTION
• ANSWER SECTION
• AUTHORITY SECTION
• ADDITIONAL SECTION
• OTHERS

Flags:

• AA: Authoritative Answer
• TC: Truncation
• RD: Recursion Desired, set in a query and copied into the response if the recursive is supported
• RA: Recursion Available, if set, denotes recursive query support is available
• AD: Authenticated Data, for DNSSEC Only, indicates that the data was authenticated
• CD: Checking Disable, for DNSSEC Only, disable checking at the receiving server
• QR: Receive a query response

Status:

• NOERR: No Error
• FORMERR: Format Error, Unable to understand the query, also know as usage error
• SERVFAIL: Name server problem, this could an high security issue
• NXDOMAIN: Domain name does not exist
• NOTIMPL: Not implemented
• REFUSED: Refused, e.g. refused zone transfer request

這邊就是我們 Query 詢問的內容

這邊是 Query 得到的回答

這邊則是列出了提供這些 records 資訊的 DNS Server

這邊會列出一些額外的 DNS 資訊

$ dig @server name type

• @Server 是欲詢問的 DNS Server，可以是 Host name 或 IP，如果是 Host name，dig 會先詢問查出 IP。如果沒指定 @Server，則會使用 /etc/resolv.conf 所列的 DNS Server
• name 是欲查詢的 DNS domain name
• type 指 DNS Type，如 ANY, A, MX, SIG 等，預設為 A

• +trace : To see which name servers are being hit
• +short : 省略 HEADER, QUESTION, ADDITIONAL Session 簡化輸出
• -x : To see the reserve/PTR records