Troubleshooting DNS with dig
dig is a DNS lookup utility which is invaluable for helping troubleshoot DNS errors.
To lookup the IPv4 address of a hostname, run:
$ dig example.ircnow.org ; <<>> dig 9.10.8-P1 <<>> example.ircnow.org ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15341 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;example.ircnow.org. IN A ;; ANSWER SECTION: example.ircnow.org. 3600 IN A 192.168.0.1 ;; Query time: 485 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Fri Aug 21 12:31:44 CST 2020 ;; MSG SIZE rcvd: 55
Success or Failure
This indicates that the name lookup succeeded.
This indicates that the name server believes there are no records for the hostname. In other words, the name server for the zone exists, but the record does not.
;; connection timed out; no servers could be reached
This indicates that your computer cannot reach the nameservers in /etc/resolv.conf. Please reconfigure your local caching nameservers.
;; ANSWER SECTION: example.ircnow.org. 3600 IN A 192.168.0.1
3600 means that this entry has a time to live (TTL) value of 3600s. After 3600s, or 1 hour, the answer will no longer be valid.
A means this is an A record (it tells you the IPv4 address), and the IP address 192.168.0.1.
;; Query time: 485 msec ;; SERVER: 127.0.0.1#53(127.0.0.1)
This tells you that it took 485 milliseconds to make the request, and that dig asked the nameserver 127.0.0.1 on port 53 for the answer. The server is very important because different nameservers might give different responses. For example, suppose you want to ask the two nameservers,
ns2.ircnow.org, what the correct answer is:
$ dig @ns1.ircnow.org example.ircnow.org $ dig @ns2.ircnow.org example.ircnow.org
The two nameservers might give different answers!
To test if your changes have propagated (other nameservers have synced), you can try testing other public nameservers like the ones offered by OpenNIC.
Getting Other Records
By default, dig returns A records, but there are many other records:
$ dig -t any example.ircnow.org # shows all records $ dig -t mx example.ircnow.org # shows MX (mail exchange) records $ dig -t ns example.ircnow.org # shows NS (nameserver) records $ dig -t aaaa example.ircnow.org # shows AAAA (IPv4) records $ dig -t txt example.ircnow.org # shows TXT (text) records