Let’s DIG Deeper With 20 Most Useful DIG Examples for DNS and Network Administrators

D.I.G which stands for “Domain Information Groper” is a powerful tool available on most Unix/Linux systems and very helpful to DNS or Network Administrator in their daily routines which involve maintaining DNS servers and troubleshooting DNS issues. DIG can also be installed on Windows by downloading BIND and installing the BIND tools or Cygwin. But before we dig in, let’s first familiarize ourselves with the anatomy of a dig query. To understand this better, we shall break it down into three categories:

1. DNS Operation Codes
2. DNS Flags
3. DNS Response Codes

Let’s try and understand what each of the above three categories is about!

A) DNS operation codes, also known as OPCODEs, are part of the DNS protocol and are used to specify the kind of query being made to a DNS server. They are included in the header of a DNS message and inform the server of the action that is requested. Here are the primary DNS OPCODEs:

1. QUERY (Standard Query – OpCode 0): This is the most common operation code, used for standard DNS queries where the client requests the resolution of a domain name into its IP address.

2. IQUERY (Inverse Query – OpCode 1): This is used for inverse DNS lookups, where the client provides an IP address and requests the corresponding domain name. However, this OpCode is now considered obsolete.

3. STATUS (Server Status Request – OpCode 2): This code is used to query the server for its status.

4. NOTIFY (OpCode 4): Used by a master server to notify a slave server that the zone has been updated and a zone transfer needs to be initiated.

5. UPDATE (Dynamic Update – OpCode 5): This is used for dynamically updating the DNS records in a zone.

B) DNS Flags are part of the DNS protocol and are used to control the operation of DNS queries and responses. They are included in the header of a DNS message and consist of a series of bits, each with a specific meaning. Here are the main DNS flags:

1. QR (Query/Response): A 1-bit field that specifies whether the message is a query (0) or a response (1).

2. Opcode: A 4-bit field that specifies the kind of query in a DNS message. It indicates the desired action, such as a standard query (0) or a dynamic update (5).

3. AA (Authoritative Answer): A 1-bit field that indicates whether the responding DNS server is an authority for the domain name in question (1) or not (0).

4. TC (Truncation): A 1-bit field that specifies whether the message was truncated (1) because it was longer than the allowed length of 512 bytes when using UDP.

5. RD (Recursion Desired): A 1-bit field set by the client to indicate that recursive query resolution is desired (1).

6. RA (Recursion Available): A 1-bit field set by the server to indicate that it can do recursive queries (1).

7. Z (Reserved): A 3-bit field reserved for future use. Must be zero in all queries and responses.

8. RCODE (Response Code): A 4-bit field that indicates the outcome of the query, such as no error (0), format error (1), or server failure (2).

C) DNS Response Codes, also known as RCODEs, are numerical codes that indicate the outcome of a DNS query. These codes are part of the DNS message format and are used to communicate the status of the request between DNS clients and servers. Here are the most common DNS Response Codes with their meanings and examples:

1. NOERROR (RCODE:0): Indicates that the DNS query completed successfully. For example, if you query the DNS for the IP address of www.techjunction.co and it exists, you will receive a NOERROR response.

2. FORMERR (RCODE:1): Signifies a DNS Query Format Error. This occurs when the DNS server cannot understand the query due to a problem with the way it is formatted. An example would be if the query message is corrupted or improperly constructed.

3. SERVFAIL (RCODE:2): Server failed to complete the DNS request. This can happen if the DNS server is experiencing issues or if there is a problem with the network.

4. NXDOMAIN (RCODE:3): Domain name does not exist. If you try to resolve a domain name that is not registered, you will get an NXDOMAIN response.

5. NOTIMP (RCODE:4): Function not implemented. This response is given when the DNS server does not support the requested operation, such as an unsupported query type.

6. REFUSED (RCODE:5): The server refused to answer for the query. This can be due to policy reasons, like if the requested domain is blacklisted.

7. YXDOMAIN (RCODE:6): Name that should not exist, does exist. This is used in dynamic update messages.

8. XRRSET (RCODE:7): RRset that should not exist, does exist. Also used in dynamic update messages.

9. NOTAUTH (RCODE:8): Server not authoritative for the zone. This means the server is not responsible for the domain queried.

10. NOTZONE (RCODE:9): Name not in zone. This indicates that the query name is not within the zone the server is authoritative for. For example, if you make a DNS query for anothertechjunction.co, and there is no such domain registered, the DNS server will return an NXDOMAIN response code, indicating that the domain does not exist. These response codes are essential for diagnosing issues with DNS queries and understanding the status of the responses received. The Internet Assigned Numbers Authority (IANA) maintains the full list of DNS response codes for reference.

Now that we fully understand the anatomy of a DIG query, let’s dig in with these 20 most useful dig examples for DNS Administrators and Network Administrators.

Notice the “rd” for “recursion desired” flag has been removed in the query below: