home · notes

Unix Command - dig

dig is a powerful DNS lookup tool that gives you info about the Domain Name System.

It sends queries to DNS servers and displays the answers it receives. dig is designed to provide organized information about DNS records.

When you run:

dig filipelinhares.com

dig queries the default DNS server for the domain’s A record and displays:

  • Header Section: Details about the query (flags and status).
  • Question Section: The query that was sent.
  • Answer Section: The DNS records returned (like A, AAAA, MX, NS, etc.).
  • Additional Section: Extra records that provide context (e.g., IP addresses of the nameservers).
dig @8.8.8.8 filipelinhares.com A
; <<>> DiG 9.10.6 <<>> @8.8.8.8 filipelinhares.com A
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13854
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;filipelinhares.com.            IN      A

;; ANSWER SECTION:
filipelinhares.com.     600     IN      A       76.76.21.21

;; Query time: 271 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Wed Mar 26 14:12:34 -03 2025
;; MSG SIZE  rcvd: 63

You can also specify the type of DNS record you’re interested in. For example:

dig filipelinhares.com MX

This command retrieves the mail exchange records for the domain.

Script to check if DNS is configured correctly

#!/bin/bash
EXPECTED_IP="93.184.216.34"

RESULT=$(dig +short filipelinhares.com A)

if [[ "$RESULT" == "$EXPECTED_IP" ]]; then
    echo "DNS A record is correctly set to $EXPECTED_IP."
else
    echo "DNS A record mismatch: got $RESULT (expected $EXPECTED_IP)."
fi