Using dig for DNS Queries

Product Design

Using dig for DNS Queries

Using dig for DNS Queries

Objective

Learn how to use dig (Domain Information Groper), a command-line tool, to query DNS servers for detailed information about domains, records, and DNS configurations. This lab explores various options for troubleshooting and reconnaissance.

Prerequisites

  1. Linux or macOS with dig Installed:
    • Verify if dig is installed by typing: 
      dig -v
    • If not installed, add the dnsutils package: 
      sudo apt update && sudo apt install dnsutils
  2. Basic Understanding of DNS:
    • Familiarity with DNS record types such as A, MX, NS, CNAME, and TXT.
  3. Target Domain:
    • Identify a domain to query (e.g., example.com).

Step 1: Basic dig Usage

  1. Query a domain for its A record: 
    dig <domain>
    • Replace <domain> with the target domain (e.g., google.com).
  2. Analyze the output:
    • QUESTION SECTION: Displays the queried domain.
    • ANSWER SECTION: Contains the IP address or other requested data.
    • Query time: Shows how long the request took.
    • Server: Indicates which DNS server answered the query.

    Example Output:

    ; <<>> DiG 9.16.1-Ubuntu <<>> google.com
;; global options: +cmd
;; QUESTION SECTION:
;google.com.            IN      A

;; ANSWER SECTION:
google.com.     299     IN      A       142.250.72.14

Step 2: Querying Specific DNS Records

  1. Request an MX record (Mail Exchange): 
    dig <domain> MX

    Example:

    dig example.com MX
  2. Request a NS record (Name Server): 
    dig <domain> NS
  3. Request a CNAME record (Canonical Name): 
    dig <domain> CNAME
  4. Request a TXT record (Text): 
    dig <domain> TXT

    Insight: TXT records often include verification keys for SPF, DKIM, and other security configurations.

Step 3: Using Reverse DNS Lookup

  1. Perform a reverse lookup to find the hostname for an IP: 
    dig -x <ip_address>
    • Replace <ip_address> with the target IP (e.g., 8.8.8.8).

    Example Output:

    ;; ANSWER SECTION:
8.8.8.8.in-addr.arpa.   3600    IN      PTR     dns.google.

    Tip: Reverse DNS lookups help identify domains associated with specific IPs.

Step 4: Querying a Specific DNS Server

  1. Specify a custom DNS server: 
    dig <domain> @<dns_server>
    • Replace <dns_server> with a public or private DNS server (e.g., 8.8.8.8 for Google DNS).

    Example:

    dig example.com @8.8.8.8
  2. Compare results from different DNS servers to identify discrepancies.

Step 5: Advanced dig Options

  1. Enable Verbose Output:
    • Use the +short option to display concise results: 
      dig <domain> +short
    • Example: 
      dig google.com +short
142.250.72.14
  2. View the Entire DNS Response:
    • Include additional sections of the DNS response: 
      dig <domain> +all
  3. Trace the Query Path:
    • Use +trace to follow the query from root servers to the authoritative server: 
      dig <domain> +trace

    Insight: Tracing helps diagnose propagation and resolution issues.

  4. Specify Output Format:
    • Use +json to get results in JSON format: 
      dig <domain> +json

Step 6: Automating Multiple Queries

  1. Use a shell script to query multiple domains: 
    for domain in example.com google.com yahoo.com; do
    dig $domain +short
done
    • Replace the list of domains with your own targets.
  2. Save the results to a file: 
    dig <domain> +short > results.txt

Step 7: Troubleshooting DNS Issues

  1. No Response:
    • Ensure the DNS server is reachable using ping or traceroute.
    • Specify a different DNS server with @<dns_server>.
  2. Incorrect Records:
    • Use +trace to verify the authoritative server’s response.
  3. Propagation Issues:
    • DNS changes may take time to propagate. Query multiple servers to verify updates.
  4. Timeouts:
    • Increase the timeout value using: 
      dig <domain> +timeout=<seconds>

Additional Tips and Insights

  1. Public DNS Servers:
    • Use reliable DNS servers for queries:
      • Google: 8.8.8.8 and 8.8.4.4
      • Cloudflare: 1.1.1.1
      • OpenDNS: 208.67.222.222
  2. Combine Tools:
    • Use dig alongside nslookup or online DNS tools for cross-verification.
  3. Understand TTL:
    • Time-to-Live (TTL) values in responses indicate how long the record is cached.
  4. Security Considerations:
    • Be cautious when querying sensitive domains or sharing query results.

Key Takeaways

  1. dig is a powerful tool for querying DNS records, troubleshooting, and gathering domain intelligence.
  2. Understanding its options and outputs enables effective DNS analysis.
  3. Use dig responsibly and ensure proper permissions when performing reconnaissance or troubleshooting.
Ty Fisher
Ty Fisher
Cybersecurity Specialist | SOC Analyst

Explore Next

Using nslookup for DNS Queries

Other Projects