Mastering DNS on Linux: A Practical Guide to Using the dig and nslookup Commands
When a website fails to load or emails suddenly stop arriving, the culprit is often a problem with the Domain Name System (DNS). DNS acts as the internet’s address book, translating human-readable domain names (like example.com) into machine-readable IP addresses (like 93.184.216.34). For system administrators, developers, and security professionals working on Linux, having the right tools to diagnose these issues is critical.
Two of the most powerful command-line utilities for this job are dig and nslookup. Understanding how to install and use them can save you hours of frustration and help you quickly pinpoint network problems.
What Are dig and nslookup?
At their core, both dig (Domain Information Groper) and nslookup (Name Server Lookup) are tools used to query DNS servers. They allow you to retrieve various types of DNS records to verify configurations, troubleshoot connectivity, and perform security reconnaissance.
digis the modern, more powerful tool. It provides detailed, easy-to-read output and is highly flexible, making it the preferred choice for most professionals.nslookupis the older, classic utility. While it’s considered deprecated by some, it’s still available on most systems and is perfect for quick, simple queries.
How to Install dig and nslookup on Linux
These tools are not always installed by default, but they are easily available from the standard repositories of most Linux distributions. They are typically bundled together in a package of DNS utilities.
For Debian-based systems (Ubuntu, Mint):
The tools are part of the dnsutils package. Open your terminal and run:
sudo apt update && sudo apt install dnsutils
For Red Hat-based systems (CentOS, Fedora, RHEL):
The tools are included in the bind-utils package. Open your terminal and run:
sudo dnf install bind-utils
(For older systems like CentOS 7, you may need to use yum instead of dnf)
Once the installation is complete, you can verify it by typing dig -v or nslookup -version in your terminal.
Using the dig Command for Advanced DNS Queries
The dig command is your go-to tool for in-depth DNS analysis. Its default output is verbose but incredibly informative.
A basic query looks like this:
dig example.com
The output is divided into sections:
- QUESTION SECTION: Shows the query you made.
- ANSWER SECTION: Provides the direct answer—in this case, the A record (IP address) for
example.com. - AUTHORITY SECTION: Lists the authoritative name servers for the domain.
- ADDITIONAL SECTION: Provides extra information, like the IP addresses of the name servers.
Common dig Use Cases
1. Find an A Record (IP Address)
This is the most common query. While dig example.com works, you can be more specific.
dig example.com A
2. Query for Mail Exchange (MX) Records
To troubleshoot email delivery, you need to find the mail servers responsible for a domain.
dig example.com MX
The output will list the mail servers and their priority numbers (lower numbers are tried first).
3. Check Name Server (NS) Records
To see which name servers are authoritative for a domain:
dig example.com NS
4. Verify TXT Records for Security
TXT records are used for many purposes, including SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail), which help prevent email spoofing.
dig example.com TXT
5. Perform a Reverse DNS Lookup
If you have an IP address and want to find the domain name associated with it, use the -x flag.
dig -x 8.8.8.8
6. Get a Quick, Short Answer
If you don’t need the detailed breakdown and just want the result, use the +short option. This is excellent for scripting.
dig example.com +short
Output:
93.184.216.34
Quick Checks with the nslookup Command
While dig is more powerful, nslookup is perfect for fast and simple lookups.
A basic query is straightforward:
nslookup example.com
The output shows the server that answered the query and the resulting IP address.
To query for a specific record type, use the -type= option:
nslookup -type=MX example.com
nslookup also has an interactive mode, which you can enter by simply typing nslookup. This allows you to perform multiple queries without retyping the command.
Actionable Security and Troubleshooting Tips
You can leverage these tools for more than just basic connectivity checks. Use them to enhance your security posture.
- Audit Your DNS Records: Regularly use
dig yourdomain.com ANYto get a broad overview of all published DNS records. Look for anything unexpected or outdated that could be exploited. - Verify Email Security: Use
digto check your SPF and DMARC records (dig _dmarc.yourdomain.com TXT). A missing or misconfigured record can make your domain vulnerable to email spoofing and phishing attacks. - Investigate Suspicious IPs: If you see a suspicious IP address in your logs, use
dig -x [IP_ADDRESS]to perform a reverse lookup. This can help you identify the source and determine if it’s a known bad actor.
Final Thoughts: dig vs. nslookup
So, which tool should you use?
- For detailed analysis, scripting, and serious troubleshooting, the clear winner is
dig. Its structured output and powerful options make it the professional standard. - For a quick, simple check when you just need an IP address,
nslookupis perfectly fine and readily available.
Mastering both dig and nslookup will equip you with the skills to confidently tackle any DNS-related challenge. By integrating these commands into your regular workflow, you’ll gain deeper insight into your network’s health and be better prepared to keep it secure and running smoothly.
Source: https://www.tecmint.com/install-dig-and-nslookup-in-linux/
