dig命令是一个 dns 查询工具,类似的还有 nsllokup,nslookup 可以在 Windows 和 unix/Linux 上使用,而dig 只能在 unix/linux 上使用。dig是一个缩写其实是一个缩写,即Domain Information Groper
用法
dig --help
Invalid option: --help
Usage: dig [@global-server] [domain] [q-type] [q-class] {q-opt}
{global-d-opt} host [@local-server] {local-d-opt}
[ host [@local-server] {local-d-opt} [...]]
Use "dig -h" (or "dig -h | more") for complete list of options
用法:dig @dnsserver name querytype
如果你直接 dig 后回车,得到的信息类似如下,在不带任何参数和选项的时候,dig 会向默认的上连 dns 服务器查询.
(根域名)的 NS 记录。
# dig
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6_8.4 <<>>
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52702
;; flags: qr rd ra; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;. IN NS
;; ANSWER SECTION:
. 261640 IN NS k.root-servers.net.
. 261640 IN NS f.root-servers.net.
. 261640 IN NS j.root-servers.net.
. 261640 IN NS l.root-servers.net.
. 261640 IN NS a.root-servers.net.
. 261640 IN NS h.root-servers.net.
. 261640 IN NS g.root-servers.net.
. 261640 IN NS c.root-servers.net.
. 261640 IN NS i.root-servers.net.
. 261640 IN NS d.root-servers.net.
. 261640 IN NS m.root-servers.net.
. 261640 IN NS b.root-servers.net.
. 261640 IN NS e.root-servers.net.
;; Query time: 12 msec
;; SERVER: 223.5.5.5#53(223.5.5.5)
;; WHEN: Wed Mar 15 18:48:35 2017
;; MSG SIZE rcvd: 228
dig 加个点
# dig .
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6_8.4 <<>> .
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8445
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;. IN A
;; AUTHORITY SECTION:
. 1603 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2017031500 1800 900 604800 86400
;; Query time: 12 msec
;; SERVER: 223.5.5.5#53(223.5.5.5)
;; WHEN: Wed Mar 15 18:50:57 2017
;; MSG SIZE rcvd: 92
查询某个域名的解析记录
➜ ~ dig awen.me
; <<>> DiG 9.8.3-P1 <<>> awen.me
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58893
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;awen.me. IN A
;; ANSWER SECTION:
awen.me. 600 IN A 121.42.148.64
;; Query time: 87 msec
;; SERVER: 223.5.5.5#53(223.5.5.5)
;; WHEN: Wed Mar 15 18:41:46 2017
;; MSG SIZE rcvd: 41
指定 dns 查询
对比上面的,我们看下SERVER: 223.5.5.5#53(223.5.5.5)变成了114的 dns。
# dig @114.114.114.114 www.awen.me
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6_8.4 <<>> @114.114.114.114 www.awen.me
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39643
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;www.awen.me. IN A
;; ANSWER SECTION:
www.awen.me. 600 IN A 121.42.148.64
;; Query time: 822 msec
;; SERVER: 114.114.114.114#53(114.114.114.114)
;; WHEN: Wed Mar 15 18:52:58 2017
;; MSG SIZE rcvd: 45
批量查询
我们把需要查询的域名信息写入文件文件,查询时候使用 -f 参数指定文件
# cat test.txt
www.baidu.com
www.youku.com
www.upyun.com
然后
dig -f test.txt
指定使用ipv4还是ipv6查询
dig -4 domain or dig -6 domain
使用-t 参数查询其他 dns 类型
查询邮件解析
# dig qq.com -t MX
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6_8.4 <<>> qq.com -t MX
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35044
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;qq.com. IN MX
;; ANSWER SECTION:
qq.com. 7200 IN MX 10 mx3.qq.com.
qq.com. 7200 IN MX 20 mx2.qq.com.
qq.com. 7200 IN MX 30 mx1.qq.com.
;; Query time: 472 msec
;; SERVER: 223.5.5.5#53(223.5.5.5)
;; WHEN: Wed Mar 15 18:58:02 2017
;; MSG SIZE rcvd: 84
-x 参数逆向查询选项。可以查询IP地址到域名的映射关系。
dig -x 121.42.148.64
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6_8.4 <<>> -x 121.42.148.64
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 17255
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;64.148.42.121.in-addr.arpa. IN PTR
;; Query time: 533 msec
;; SERVER: 223.5.5.5#53(223.5.5.5)
;; WHEN: Wed Mar 15 18:59:21 2017
;; MSG SIZE rcvd: 44
指定协议查询
还可以使用 tcp 查询,默认是 udp
dig +tcp domain
递归查询 dns 解析
dig +trcae domain
例如:
➜ ~ dig +trace awen.me
; <<>> DiG 9.8.3-P1 <<>> +trace awen.me
;; global options: +cmd
. 396 IN NS j.root-servers.net.
. 396 IN NS b.root-servers.net.
. 396 IN NS d.root-servers.net.
. 396 IN NS i.root-servers.net.
. 396 IN NS m.root-servers.net.
. 396 IN NS h.root-servers.net.
. 396 IN NS e.root-servers.net.
. 396 IN NS g.root-servers.net.
. 396 IN NS l.root-servers.net.
. 396 IN NS c.root-servers.net.
. 396 IN NS f.root-servers.net.
. 396 IN NS a.root-servers.net.
. 396 IN NS k.root-servers.net.
;; Received 228 bytes from 223.5.5.5#53(223.5.5.5) in 676 ms
me. 415 IN NS ns.nic.me.
me. 415 IN NS c0.cctld.afilias-nst.info.
me. 415 IN NS a2.me.afilias-nst.info.
me. 415 IN NS d0.cctld.afilias-nst.org.
me. 415 IN NS b2.me.afilias-nst.org.
me. 415 IN NS a0.cctld.afilias-nst.info.
me. 415 IN NS ns2.nic.me.
me. 415 IN NS b0.cctld.afilias-nst.org.
;; Received 511 bytes from 198.41.0.4#53(198.41.0.4) in 1094 ms
…… 省略很多,太长了
me. 414 IN NS ns2.nic.me.
me. 414 IN NS a0.cctld.afilias-nst.info.
me. 414 IN NS b2.me.afilias-nst.org.
me. 414 IN NS b0.cctld.afilias-nst.org.
me. 414 IN NS ns.nic.me.
me. 414 IN NS c0.cctld.afilias-nst.info.
me. 414 IN NS a2.me.afilias-nst.info.
me. 414 IN NS d0.cctld.afilias-nst.org.
;; BAD (HORIZONTAL) REFERRAL
dig: too many lookups
使用+short
只输出很短的信息
dig +short awen.me
121.42.148.64
查询 NS 信息
➜ wwwroot dig NS awen.me
; <<>> DiG 9.8.3-P1 <<>> NS awen.me
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5760
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;awen.me. IN NS
;; ANSWER SECTION:
awen.me. 605 IN NS dns9.hichina.com.
awen.me. 605 IN NS dns10.hichina.com.
;; Query time: 34 msec
;; SERVER: 223.5.5.5#53(223.5.5.5)
;; WHEN: Thu Jul 6 17:27:02 2017
;; MSG SIZE rcvd: 75