dig
A ferramenta dig é unha utilidade que persegue o mesmo obxectivo que nslookup, pero que presenta a información de diferente maneira. Tamén se emprega a través da liña de comandos. A diferenza de nslookup, para utilizar dig, necesitamos instalalo previamente.
Instalación en Windows
En Windows debemos descargar BIND da web oficial. A última versión dispoñible á hora de redactar esta guía é BIND9.17.9. O ficheiro ZIP conterá un binario chamado dig.exe, que será o que se utilizará. Se descomprimimos o ficheiro nun directorio C:\BIND9.17.9.x64, teremos que executar o seguinte:
C:\BIND9.17.9.x64>dig -h
Saída de comando
C:\BIND9.17.9.x64>dig -h
Usage: dig [@global-server] [domain] [q-type] [q-class] {q-opt}
{global-d-opt} host [@local-server] {local-d-opt}
[ host [@local-server] {local-d-opt} [...]]
Where: domain is in the Domain Name System
q-class is one of (in,hs,ch,...) [default: in]
q-type is one of (a,any,mx,ns,soa,hinfo,axfr,txt,...) [default:a]
(Use ixfr=version for type ixfr)
q-opt is one of:
-4 (use IPv4 query transport only)
-6 (use IPv6 query transport only)
-b address[#port] (bind to source address/port)
-c class (specify query class)
-f filename (batch mode)
-k keyfile (specify tsig key file)
-m (enable memory usage debugging)
-p port (specify port number)
-q name (specify query name)
-r (do not read ~/.digrc)
-t type (specify query type)
-u (display times in usec instead of msec)
-x dot-notation (shortcut for reverse lookups)
-y [hmac:]name:key (specify named base64 tsig key)
d-opt is of the form +keyword[=value], where keyword is:
+[no]aaflag (Set AA flag in query (+[no]aaflag))
+[no]aaonly (Set AA flag in query (+[no]aaflag))
+[no]additional (Control display of additional section)
+[no]adflag (Set AD flag in query (default on))
+[no]all (Set or clear all display flags)
+[no]answer (Control display of answer section)
+[no]authority (Control display of authority section)
+[no]badcookie (Retry BADCOOKIE responses)
+[no]besteffort (Try to parse even illegal messages)
+bufsize[=###] (Set EDNS0 Max UDP packet size)
+[no]cdflag (Set checking disabled flag in query)
+[no]class (Control display of class in records)
+[no]cmd (Control display of command line -
global option)
+[no]comments (Control display of packet header
and section name comments)
+[no]cookie (Add a COOKIE option to the request)
+[no]crypto (Control display of cryptographic
fields in records)
+[no]defname (Use search list (+[no]search))
+[no]dns64prefix (Get the DNS64 prefixes from ipv4only.arpa)
+[no]dnssec (Request DNSSEC records)
+domain=### (Set default domainname)
+[no]dscp[=###] (Set the DSCP value to ### [0..63])
+[no]edns[=###] (Set EDNS version) [0]
+ednsflags=### (Set EDNS flag bits)
+[no]ednsnegotiation (Set EDNS version negotiation)
+ednsopt=###[:value] (Send specified EDNS option)
+noednsopt (Clear list of +ednsopt options)
+[no]expandaaaa (Expand AAAA records)
+[no]expire (Request time to expire)
+[no]fail (Don't try next server on SERVFAIL)
+[no]header-only (Send query without a question section)
+[no]identify (ID responders in short answers)
+[no]ignore (Don't revert to TCP for TC responses.)
+[no]keepalive (Request EDNS TCP keepalive)
+[no]keepopen (Keep the TCP socket open between queries)
+[no]mapped (Allow mapped IPv4 over IPv6)
+[no]multiline (Print records in an expanded format)
+ndots=### (Set search NDOTS value)
+[no]nsid (Request Name Server ID)
+[no]nssearch (Search all authoritative nameservers)
+[no]onesoa (AXFR prints only one soa record)
+[no]opcode=### (Set the opcode of the request)
+padding=### (Set padding block size [0])
+[no]qr (Print question before sending)
+[no]question (Control display of question section)
+[no]raflag (Set RA flag in query (+[no]raflag))
+[no]rdflag (Recursive mode (+[no]recurse))
+[no]recurse (Recursive mode (+[no]rdflag))
+retry=### (Set number of UDP retries) [2]
+[no]rrcomments (Control display of per-record comments)
+[no]search (Set whether to use searchlist)
+[no]short (Display nothing except short
form of answers - global option)
+[no]showsearch (Search with intermediate results)
+[no]split=## (Split hex/base64 fields into chunks)
+[no]stats (Control display of statistics)
+subnet=addr (Set edns-client-subnet option)
+[no]tcflag (Set TC flag in query (+[no]tcflag))
+[no]tcp (TCP mode (+[no]vc))
+timeout=### (Set query timeout) [5]
+[no]tls (DNS over TLS mode)
+[no]trace (Trace delegation down from root [+dnssec])
+tries=### (Set number of UDP attempts) [3]
+[no]ttlid (Control display of ttls in records)
+[no]ttlunits (Display TTLs in human-readable units)
+[no]unknownformat (Print RDATA in RFC 3597 "unknown" format)
+[no]vc (TCP mode (+[no]tcp))
+[no]yaml (Present the results as YAML)
+[no]zflag (Set Z flag in query)
global d-opts and servers (before host name) affect all queries.
local d-opts and servers (after host name) affect only that lookup.
-h (print help and exit)
-v (print version and exit)
Se queremos poder executar dig.exe na terminal desde calquera ubicación é necesario modificar as variables de entorno.
Instalación en Ubuntu
En Ubuntu podemos instalar dig da seguinte maneira:
$ sudo apt install dnsutils
Para comprobar que se instalou correctamente, podemos executar o seguinte comando:
$ dig -h
Saída de comando
$ dig -h
Usage: dig [@global-server] [domain] [q-type] [q-class] {q-opt}
{global-d-opt} host [@local-server] {local-d-opt}
[ host [@local-server] {local-d-opt} [...]]
Where: domain is in the Domain Name System
q-class is one of (in,hs,ch,...) [default: in]
q-type is one of (a,any,mx,ns,soa,hinfo,axfr,txt,...) [default:a]
(Use ixfr=version for type ixfr)
q-opt is one of:
-4 (use IPv4 query transport only)
-6 (use IPv6 query transport only)
-b address[#port] (bind to source address/port)
-c class (specify query class)
-f filename (batch mode)
-k keyfile (specify tsig key file)
-m (enable memory usage debugging)
-p port (specify port number)
-q name (specify query name)
-r (do not read ~/.digrc)
-t type (specify query type)
-u (display times in usec instead of msec)
-x dot-notation (shortcut for reverse lookups)
-y [hmac:]name:key (specify named base64 tsig key)
d-opt is of the form +keyword[=value], where keyword is:
+[no]aaflag (Set AA flag in query (+[no]aaflag))
+[no]aaonly (Set AA flag in query (+[no]aaflag))
+[no]additional (Control display of additional section)
+[no]adflag (Set AD flag in query (default on))
+[no]all (Set or clear all display flags)
+[no]answer (Control display of answer section)
+[no]authority (Control display of authority section)
+[no]badcookie (Retry BADCOOKIE responses)
+[no]besteffort (Try to parse even illegal messages)
+bufsize=### (Set EDNS0 Max UDP packet size)
+[no]cdflag (Set checking disabled flag in query)
+[no]class (Control display of class in records)
+[no]cmd (Control display of command line -
global option)
+[no]comments (Control display of packet header
and section name comments)
+[no]cookie (Add a COOKIE option to the request)
+[no]crypto (Control display of cryptographic
fields in records)
+[no]defname (Use search list (+[no]search))
+[no]dnssec (Request DNSSEC records)
+domain=### (Set default domainname)
+[no]dscp[=###] (Set the DSCP value to ### [0..63])
+[no]edns[=###] (Set EDNS version) [0]
+ednsflags=### (Set EDNS flag bits)
+[no]ednsnegotiation (Set EDNS version negotiation)
+ednsopt=###[:value] (Send specified EDNS option)
+noednsopt (Clear list of +ednsopt options)
+[no]expandaaaa (Expand AAAA records)
+[no]expire (Request time to expire)
+[no]fail (Don't try next server on SERVFAIL)
+[no]header-only (Send query without a question section)
+[no]identify (ID responders in short answers)
+[no]idnin (Parse IDN names [default=on on tty])
+[no]idnout (Convert IDN response [default=on on tty])
+[no]ignore (Don't revert to TCP for TC responses.)
+[no]keepalive (Request EDNS TCP keepalive)
+[no]keepopen (Keep the TCP socket open between queries)
+[no]mapped (Allow mapped IPv4 over IPv6)
+[no]multiline (Print records in an expanded format)
+ndots=### (Set search NDOTS value)
+[no]nsid (Request Name Server ID)
+[no]nssearch (Search all authoritative nameservers)
+[no]onesoa (AXFR prints only one soa record)
+[no]opcode=### (Set the opcode of the request)
+padding=### (Set padding block size [0])
+[no]qr (Print question before sending)
+[no]question (Control display of question section)
+[no]raflag (Set RA flag in query (+[no]raflag))
+[no]rdflag (Recursive mode (+[no]recurse))
+[no]recurse (Recursive mode (+[no]rdflag))
+retry=### (Set number of UDP retries) [2]
+[no]rrcomments (Control display of per-record comments)
+[no]search (Set whether to use searchlist)
+[no]short (Display nothing except short
form of answers - global option)
+[no]showsearch (Search with intermediate results)
+[no]split=## (Split hex/base64 fields into chunks)
+[no]stats (Control display of statistics)
+subnet=addr (Set edns-client-subnet option)
+[no]tcflag (Set TC flag in query (+[no]tcflag))
+[no]tcp (TCP mode (+[no]vc))
+timeout=### (Set query timeout) [5]
+[no]trace (Trace delegation down from root [+dnssec])
+tries=### (Set number of UDP attempts) [3]
+[no]ttlid (Control display of ttls in records)
+[no]ttlunits (Display TTLs in human-readable units)
+[no]unexpected (Print replies from unexpected sources
default=off)
+[no]unknownformat (Print RDATA in RFC 3597 "unknown" format)
+[no]vc (TCP mode (+[no]tcp))
+[no]yaml (Present the results as YAML)
+[no]zflag (Set Z flag in query)
global d-opts and servers (before host name) affect all queries.
local d-opts and servers (after host name) affect only that lookup.
-h (print help and exit)
-v (print version and exit)
Resolución de nome de dominio
Para realizar unha consulta DNS, temos que executar o comando da seguinte maneira:
$ dig google.com
A resposta que devolve o comando anterior ten unha estrutura similar á seguinte:
; <<>> DiG 9.16.6-Ubuntu <<>> google.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2454
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;google.com. IN A
;; ANSWER SECTION:
google.com. 102 IN A 142.250.185.14
;; Query time: 40 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: mar feb 09 21:07:49 CET 2021
;; MSG SIZE rcvd: 55
O comando mostra varios datos. Resáltanse as partes máis destacables:
- En primeiro lugar, podemos ver unha liña que mostra a cantidade de consultas e respostas. Vemos que é hai 1 consulta (
QUERY) e 1 resposta (ANSWER). - Unhas liñas máis abaixo, despois da liña que indica
QUESTION SECTION, móstrase a consulta que se realiza. Vemos que a consulta é para o rexistroA. Por defecto, se non se lle indica nada,digconsulta o rexistroA. - A resposta a unha consulta realizada con
digatoparase a continuación da liña que indicaANSWER SECTION. Da resposta podemos ver que a dirección IPv4 degoogle.comé142.250.185.14. - Por último, podemos ver o tempo que demorou a consulta e a que servidor DNS se realizou. Neste caso, a consulta tardou 40 ms en realizarse e o servidor DNS é o
1.1.1.1.
Respostas breves
Se non queremos obter unha saída como a vista previamente, podemos utilizar o parámetro +short. Desta maneira, só se mostrará o esencial.
Por exemplo, se queremos realizar unha consulta do rexistro A do dominio google.com, executaremos o seguinte comando:
$ dig google.com +short
Exemplo de saída de comando
$ dig google.com +short
142.250.185.14
O comando anterior só mostrará a IPv4 correspondente a google.com: 142.250.185.14.
Utilizar un servidor DNS determinado
Se queremos forzar a que a consulta se realice cun servidor DNS concreto, indicarémolo nos parámetros na forma @servidor. Por exemplo, se queremos obter a dirección IP do dominio youtube.com a través do servidor DNS con IP 1.0.0.1, executaremos o seguinte:
$ dig @1.0.0.1 youtube.com
Exemplo de saída de comando
$ dig @1.0.0.1 youtube.com
; <<>> DiG 9.16.6-Ubuntu <<>> @1.0.0.1 youtube.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51248
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;youtube.com. IN A
;; ANSWER SECTION:
youtube.com. 39 IN A 142.250.185.14
;; Query time: 40 msec
;; SERVER: 1.0.0.1#53(1.0.0.1)
;; WHEN: mar feb 09 21:46:15 CET 2021
;; MSG SIZE rcvd: 56
Na liña SERVER podemos observar que se empregou o servidor DNS indicado: 1.0.0.1.
Obter rexistro AAAA
Para obter a dirección IPv6 dun dominio, podemos indicalo antepoñendo AAAA ao dominio. Por exemplo, se queremos obter a IPv6 de google.com, executaremos o seguinte comando:
$ dig AAAA google.com
Exemplo de saída de comando
$ dig AAAA google.com
; <<>> DiG 9.16.6-Ubuntu <<>> AAAA google.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52061
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;google.com. IN AAAA
;; ANSWER SECTION:
google.com. 294 IN AAAA 2a00:1450:4003:803::200e
;; Query time: 72 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: mar feb 09 21:15:16 CET 2021
;; MSG SIZE rcvd: 67
Podemos observar da saída que a IPv6 de google.com é 2a00:1450:4003:803::200e.
Obter rexistros NS
Para obter os rexistros NS dun dominio, por exemplo, google.com, executamos o seguinte:
$ dig NS google.com
Exemplo de saída de comando
$ dig NS google.com
; <<>> DiG 9.16.6-Ubuntu <<>> NS google.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46162
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;google.com. IN NS
;; ANSWER SECTION:
google.com. 335458 IN NS ns3.google.com.
google.com. 335458 IN NS ns4.google.com.
google.com. 335458 IN NS ns2.google.com.
google.com. 335458 IN NS ns1.google.com.
;; Query time: 36 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: mar feb 09 21:26:07 CET 2021
;; MSG SIZE rcvd: 111
Obter rexistros MX
Para obter os rexistros MX dun dominio, por exemplo, google.com, executamos o seguinte:
$ dig MX google.com
Exemplo de saída de comando
$ dig MX google.com
; <<>> DiG 9.16.6-Ubuntu <<>> MX google.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34059
;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;google.com. IN MX
;; ANSWER SECTION:
google.com. 542 IN MX 40 alt3.aspmx.l.google.com.
google.com. 542 IN MX 20 alt1.aspmx.l.google.com.
google.com. 542 IN MX 30 alt2.aspmx.l.google.com.
google.com. 542 IN MX 10 aspmx.l.google.com.
google.com. 542 IN MX 50 alt4.aspmx.l.google.com.
;; Query time: 44 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: mar feb 09 21:40:16 CET 2021
;; MSG SIZE rcvd: 147
Resolución inversa
Para realizar unha resolución inversa debemos indicar o parámetro -x e a dirección IP. Por exemplo, se queremos obter o dominio da IP 1.1.1.1, executaremos o seguinte comando:
$ dig -x 1.1.1.1
Exemplo de saída de comando
$ dig -x 1.1.1.1
; <<>> DiG 9.16.6-Ubuntu <<>> -x 1.1.1.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20039
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;1.1.1.1.in-addr.arpa. IN PTR
;; ANSWER SECTION:
1.1.1.1.in-addr.arpa. 432 IN PTR one.one.one.one.
;; Query time: 52 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: mar feb 09 21:49:14 CET 2021
;; MSG SIZE rcvd: 78
Na liña da resposta podemos ver que o dominio é one.one.one.one.