Dig is a powerful tool, as you have already learned in Chapters 1, "DNS Concepts," and 2, "DNS in Practice." The following is the most general command-line syntax for Dig: dig [@server] domain [<query-type>] [<query-class>] [+<query-option>] [-<dig-option>] [%comment] Behind this inoffensive command line, Dig hides more options than you can shake a stick at. Dig requires that you think about what kind of record you want retrieved and that you stop to think about the correct name to look up. A tool such as host will gladly look up 192.168.55.3 for you, understanding that you want the PTR record of 3.55.168.192.in-addr.arpa. Dig will not, and its default record type is A. In addition, dig -h will print usage information. Dig is documented extensively in its man page, but let's examine each command-line term here:
Query TypeThe query type is the type of record you want. If omitted, it is set to a, which causes you to get an A record back (if any of them match the domain name). The following are some of the record types:
For a complete list of record types, see Chapter 13, "Resource Records." Query OptionsQuery options affect the processing of queries in nameservers and in Dig. Their format is as follows: +keyword[=value] Table 5.1 shows the keywords available and their values.
Dig OptionsThe query options are not the end of it; several more Dig options exist:
Dig Batch FilesDig can process queries in batches. After you realize this, some of the options in Dig's feature set make more sense. After a Dig or query option is set, it is persistent, or sticky, and you need a way to reset it. You can use the +ko option to keep a TCP connection open for several queries. The following is an example of a batch file: www.penguin.bv. A +pfmin +ko +vc ns.penguin.bv. A The first line executes the given query. The options given on it are persistent, so +pfmin will be in force for the next query as well. If, sometime later in the batch file, you want to reset the print flags, just specify +pfdef. The previous batch file results in this output: $ dig -f dig-batch ;; res options: init usevc recurs defnam styopn dnsrch ;; got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19036 ;; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1 ;; QUERY SECTION: ;; www.penguin.bv, type = A, class = IN ;; ANSWER SECTION: www.penguin.bv. 1w2d7h33m20s IN A 192.168.55.3 ;; res options: init usevc recurs defnam styopn dnsrch ;; got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19039 ;; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1 ;; QUERY SECTION: ;; ns.penguin.bv, type = A, class = IN ;; ANSWER SECTION: ns.penguin.bv. 1w2d7h33m20s IN A 192.168.55.2 As you can see, two queries were sent and answered, with somewhat reduced output for each query. Dig can clearly be used for much more complex batch jobs; this was just an example. Dig's OutputNot all Dig output is easy to read. Consider the following: 1 $ dig www.penguin.bv. 2 3 ; <<>> DiG 8.2 <<>> www.penguin.bv. 4 ;; res options: init recurs defnam dnsrch 5 ;; got answer: 6 ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4 7 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1 8 ;; QUERY SECTION: 9 ;; www.penguin.bv, type = A, class = IN 10 11 ;; ANSWER SECTION: 12 www.penguin.bv. 1w2d7h33m20s IN A 192.168.55.3 13 14 ;; AUTHORITY SECTION: 15 penguin.bv. 1w2d7h33m20s IN NS ns.penguin.bv. 16 penguin.bv. 1w2d7h33m20s IN NS ns.herring.bv. 17 18 ;; ADDITIONAL SECTION: 19 ns.penguin.bv. 1w2d7h33m20s IN A 192.168.55.2 20 21 ;; Total query time: 7 msec 22 ;; FROM: lookfar to SERVER: default -- 127.0.0.1 23 ;; WHEN: Fri Apr 21 00:04:16 2000 24 ;; MSG SIZE sent: 32 rcvd: 116 On line 3, Dig repeats the command-line options, parsed and digested. Line 4 summarizes the query options set. By this, you can tell that the previous query is recursive. The names used on this line is the same as on the command line. On line 6 you find the query status, which should read NOERROR. However, if you see SERVFAIL, a problem is indicated. On line 7 these flags can occur:
In DNS the structures of queries and answers are more or less the same. Low-level code can tell which is which by the qr flag. The aa flag is set in answers where the contents of the ANSWER SECTION are authoritative, which means that either it was directly out of a zone for which the server was authoritative or a cache server got the answer from such a server on your behalf. Therefore, if the answer is out of a cache, the aa flag is not set. In Chapter 1 you learned that the first Dig query for www.amazon.com has the aa flag set, whereas the second does not. This is because the second query was answered out of the local DNS cache. The tc flag warns queries that a answer that was transported over UDP was truncated. Answers over UDP connections are limited to an MTU usually about 1,500 bytes. If your query has many answers, this might not be enough even if DNS answers are very tightly coded and compressed. In such a case, using a TCP connection and specifying +vc should help. The ra and rd flags are symmetrical. The rd flag is used by queries to indicate that recursion is desired (that they want the server to do the work for them). Most DNS clients set this flag, but most nameservers don't. The ra flag, on the other hand, indicates whether the server was willing to recurse for you. Root servers are typically not willing to recurse, whereas your local nameserver typically is willing to recurse. Still using the previous code example, notice that line 7 contains the number of records in each section of the answer one record in the query, one in the answer, two in the authority section, and one in the additional section. On lines 8 19, you first see the query, and then on line 11, you see the contents of the answer, which has three parts. You know the size of each part it consists of from the record counts on line 7. The ANSWER SECTION contains the direct answer to the query you issued. Conversely, the AUTHORITY SECTION contains the NS records of the zone, which tell you which servers are authoritative for it. If you have a caching server, this is good information to have for later. The ADDITIONAL SECTION contains any additional records the nameserver thought might be handy. This almost always contains A records for MX or NS records occurring earlier in the answer. The STATS SECTION is the last section. It contains information about when the query was sent, from where it was sent, to which server it was sent, and how much time it took to get the answer. This can be indicative of line load, latency, packet loss, and many other things. Using DigBut I was supposed to tell you how you use Dig. Of course, you have already seen Dig being wielded in Chapter 1. If you go back and look at the commands in that chapter, you should be able to understand them this time around. Here is a Dig command you would not have been able to come up with based on any documentation I know. I learned it by "word of Usenet": $ dig CHAOS version.bind TXT ; <<>> DiG 8.2 <<>> CHAOS version.bind TXT ;; res options: init recurs defnam dnsrch ;; got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUERY SECTION: ;; version.bind, type = TXT, class = CHAOS ;; ANSWER SECTION: VERSION.BIND. 0S CHAOS TXT "8.2.2-P5" ;; Total query time: 54 msec ;; FROM: lookfar to SERVER: default -- 127.0.0.1 ;; WHEN: Fri Apr 21 00:30:45 2000 ;; MSG SIZE sent: 30 rcvd: 63 This code tells you what version of BIND I was running on April 21, 2000. Some DNS servers either do not implement this or have the version string set to wouldn't you like to know or something similar for reasons of security. |