How to Use nslookup and dig to Verify and Troubleshoot DNS Configurations?
Intro:
DNS (Domain Name System) simplifies the process of accessing websites by users on the internet, mainly by mapping the IP Addresses of the web servers to human-readable names like (google.com).
It has other roles also with other online services (emails, load balancing, etc..), therefore, verifying and troubleshooting DNS settings to ensure it works properly is essential to keep your services up and running.
Tools like nslookup and dig helps with verifying and troubleshooting your dns settings.
What are nslookup and dig?
– nslookup: it’s a built-in command tool, supported by most of the operating systems.
– dig (Domain Information Groper): advanced DNS lookup tools, it comes with linux and MacOS operating systems, and it can be installed on Windows.
Both tools allow you to query DNS records like MX, TXT, A, AAAA and more.
How to Use dig Command?
Dig is used through a terminal (CMD for windows).
Basic command format:
| dig [domain] [record type] |
Replace the [domain] with the domain name you wish to query its records
[record type] can be any DNS record (A, MX, TXT, AAAA, NS, SOA, CNAME, etc…)
Example 1: let’s query google.com for the record type A:
Example 2: query an MX record type:
Query a specific DNS server:
| dig [domain] @[DNS server address or domain name] |
Example : I will query google.com from cloudflare DNS server (1.1.1.1):
Check reverse DNS lookup:
To resolve an IP address to a domain name:
| dig -x [IP Address] |
Example: the IP 172.217.17.46, should resolve to a domain name that belongs to a domain name:
Using Trace option for detailed resolution process:
If you need advanced troubleshooting for DNS process you can use “Trace” option:
| dig [domain] +trace |
Example: Here we can query google.com to trace the process:
Set Custom Timeout:
If you would like to reduce or extend the timeout, you can set the timeout in seconds.
| dig [domain] +time=[seconds] |
Example: Here I adjust the timeout for the below query to 5 Seconds:
Increase the query number of attempts:
With “retry” option, you can increase the number of attempts of the query:
| dig [domain] +retry=[number of attempts] |
Example: Here I will increase the number of tries to 3, with a wrong domain name so we can check the number of attempts:
Export results to text file:
You can save the results of a query in a text file using:
| dig [domain] > [file] |
Example: Let’s save the results of this query to a file:
| dig morhafsh.com ANY > file.txt |
The file will contain the results as below:
Query Bulk DNS with a File:
You can batch a DNS query from a file contains the domains (one domain per line):
| dig -f [file] |
Example: Here I have a file contains 4 domains, I will batch query the domains:
Now, let see the results:
Combining multiple options together:
We can mix options together to get the desired output:
Example 1: batch query the domains file, then save the results to another file:
| dig -f domains.txt > file.txt |
Example 2: increase the number of attempts and trace the dns process:
| dig [domain] +trace +retry=3 |
Example 3: query a domain from a specific name server with a timeout of 10 seconds:
| dig [domain] @8.8.8.8 +time=10 |
How to Use nslookup Command?
Basic Query:
Nslookup uses the below command for basic A record query:
| nslookup [domain] |
Example: querying google.com:
Query a specific DNS record:
You can specify which DNS record you want to query (A, AAAA, TXT, MX, SOA, … ):
| nslookup -query=[record] [domain] |
Example: let’s query a domain for MX record type:
Query a specific name server:
You can specify a name server as below:
| nslookup [domain] [name server] |
Example: let’s specify 8.8.8.8 as a name server:
Conclusion:
Mastering nslookup and dig helps you verify and troubleshoot DNS configurations effectively. Use dig for detailed queries and advanced troubleshooting, while nslookup is great for quick lookups. With these tools, you can diagnose DNS issues, verify records, and ensure smooth network operations.
For easier lookup and bulk query, you can use this Bulk DNS Lookup Tool.
