Troubleshooting DNS with dig

dig is a DNS lookup utility which is invaluable for helping troubleshoot DNS errors.

To lookup the IPv4 address of a hostname, run:

$ dig
; <<>> dig 9.10.8-P1 <<>>
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15341
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

; EDNS: version: 0, flags:; udp: 4096
;                    IN      A

;; ANSWER SECTION:             3600    IN      A

;; Query time: 485 msec
;; WHEN: Fri Aug 21 12:31:44 CST 2020
;; MSG SIZE  rcvd: 55

Success or Failure

  1. status: NOERROR
    This indicates that the name lookup succeeded.
  2. status: NXDOMAIN
    This indicates that the name server believes there are no records for the hostname. In other words, the name server for the zone exists, but the record does not.
  3. ;; connection timed out; no servers could be reached
    This indicates that your computer cannot reach the nameservers in /etc/resolv.conf. Please reconfigure your local caching nameservers.

Answer Section

;; ANSWER SECTION:             3600    IN      A

The 3600 means that this entry has a time to live (TTL) value of 3600s. After 3600s, or 1 hour, the answer will no longer be valid. A means this is an A record (it tells you the IPv4 address), and the IP address

Other Details

;; Query time: 485 msec

This tells you that it took 485 milliseconds to make the request, and that dig asked the nameserver on port 53 for the answer. The server is very important because different nameservers might give different responses. For example, suppose you want to ask the two nameservers, and, what the correct answer is:

$ dig
$ dig

The two nameservers might give different answers!

To test if your changes have propagated (other nameservers have synced), you can try testing other public nameservers like the ones offered by OpenNIC.

Getting Other Records

By default, dig returns A records, but there are many other records:

$ dig -t any # shows all records
$ dig -t mx # shows MX (mail exchange) records
$ dig -t ns # shows NS (nameserver) records
$ dig -t aaaa # shows AAAA (IPv4) records
$ dig -t txt # shows TXT (text) records