How to recognize a domain MX record using the DIG command

To ensure efficient communication and access to Internet resources, it is important to understand how domain names and DNS work. In Linux, the dig (Domain Information Groper) command is the main tool for working with DNS. In this article, we will look at what the command is, how to use it, and practical examples.

Overview of the dig linux command

The dig command is a command-line utility that allows you to query DNS servers. It can be used to get IP addresses, recognize mx domain records (for email), NS records (name server names), and other data. It is a powerful tool for diagnosing network problems, checking DNS settings, and general domain name analysis.

Team Format:
dig [@server] domain [query-type] [query-class] [+query-option] [-dig-otion] [%comment]
The server parameter is optional. By default, dig uses the DNS server specified in /etc/resolv.conf. You can specify the server by specifying it either by hostname or via IP address. If you use a hostname, dig will first resolve it to an IP address using the default DNS server, and then will use that server to retrieve domain information.

The query-type parameter specifies the type of record being queried, such as A, SOA, NS, or MX record in dig. To retrieve all available domain data, you can specify query-type as any.

The query-class parameter designates the class of the network information. The +query-option allows you to change the settings in the DNS query or the output format of the results. Many of these options are the same as in the nslookup program.

Parameters of the dig command

• [no]debug: Enables or disables debug mode.
• [no]d2: Same with full debug mode.
• [no]recurse: Determines whether or not to use recursive queries.
• retry=#: Sets the number of attempts to retry the query.
• time=#: Sets the wait time between queries.
• [no]ko: Allows the option to be left open (implements virtual connections).
• [no]vc: Whether or not to use a virtual connection.
• [no]defname: Enables or disables the use of the default domain.
• [no]search: Whether or not to use a search list.
• domain=NAME: Sets the default domain as NAME.
• [no]ignore: Ignore or no truncation errors.
• [no]primary: Whether or not to use the primary server.
• [no]aaonly: Flag to query only authoritative data.
• [no]trace: Display query trace.
• [no]cmd: Displays arguments when executing a command.
• [no]stats: Displays query statistics.
• [no]Header: Displays the main header of the response.
• [no]header: Displays header flags.
• [no]ttlid: Displays the TTL (time to live) value.
• [no]cl: Displays record class information.
• [no]qr: Displays the outgoing request.
• [no]reply: Displays the reply to the request.
• [no]ques: Displays the question field.
• [no]answer: Displays the answer field.
• [no]author: Displays the authorization field.
• [no]addit: Displays the additional information field.
• pfdef: Sets the default flag output.
• pfmin: Sets the minimum flag output.
• pfset=#: Sets the number of flags to output.
• pfand=#: Outputs flags using the bitwise AND operation.
• pfor=#: Outputs flags using the bitwise OR operation.

The -dig-otion parameter is used for other options.

-x   Inverse address conversion in normal spelling.
-f    Reads a file for batch processing.
-T   Time in seconds until batch processing mode is enabled.
-P   Issue a ping command after receiving a response.
-p   The port number to use.
-t    Specify the type of request.
-c    Specify the class of the request.
-envsav   The dig parameters are saved for default use in the future.

Dig installation

To ensure that the dig command is available, run the following command:
dig -v
The expected output will be something like this:

DiG 9.11.3-1ubuntu1.1-Ubuntu

If the dig command is not installed - you will get the message: “dig: command not found”. To install dig, use your distribution's package manager.

Installing dig on Ubuntu and Debian:
apt update && sudo apt install dnsutils
To install dig on CentOS and Fedora:
yum install bind-utils
Installing dig on Arch Linux:
pacman -S bind-tools

Print only the answer

If you only need to get a short answer to a query - use the +short option:
dig linux.org +short
The output will contain only the IP addresses for the A record:

104.18.59.123
104.18.58.123

For a more detailed answer, apply the parameters +noall to exclude all data and +answer to display only the answer section:
dig linux.org +noall +answer
The output will be as follows:

; <<>> DiG 9.13.3 <<>> linux.org +noall +answer
;; global options: +cmd
linux.org. 67 IN A 104.18.58.123
linux.org. 67 IN A 104.18.59.123

Querying a specific name server

By default, dig uses the servers specified in /etc/resolv.conf. To specify a particular name server, use the @ symbol followed by the server's IP address or name:
dig linux.org @8.8.8.8.8
Example output for a query to the Google server (8.8.8.8.8):

; <<>> DiG 9.13.3 <<>> linux.org @8.8.8.8.8
;; global options: +cmd
;; Got answer:
;; ->>>HEADER<<- opcode: QUERY, status: NOERROR, id: 39110
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
;; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;linux.org. IN A
;; ANSWER SECTION:
linux.org. 299 IN A 104.18.58.123
linux.org. 299 IN A 104.18.59.123
;; Query time: 54 msec
;; SERVER: 8.8.8.8.8#53(8.8.8.8.8)
;; WHEN: Fri Oct 12 14:28:01 CEST 2018
;; MSG SIZE rcvd: 70

Record type query

To run a query to retrieve records of a specific type, add the record type to the end of the command.

Query records A:
dig +nocmd google.com a +noall +answerOutput:

google.com. 128 IN A 216.58.206.206.

Query CNAME records:
dig +nocmd mail.google.com cname +noall +answerOutput:

mail.google.com. 553482 IN CNAME googlemail.l.google.com.

TXT records query:
dig +nocmd google.com txt +noall +answerOutput:

google.com. 300 IN TXT “facebook-domain-verification=22rm551cu4k0ab0bxsw536tlds4h95”
google.com. 300 IN TXT “v=spf1 include:_spf.google.com ~all”
google.com. 300 IN TXT “docusign=05958488-4752-4ef2-95eb-aa7ba8a3bd0e”

How to check mx domain record:
dig +nocmd google.com mx +noall +answer
Output:

google.com. 494 IN MX 30 alt2.aspmx.l.google.com.
google.com. 494 IN MX 10 aspmx.l.google.com.
google.com. 494 IN MX 40 alt3.aspmx.l.google.com.
google.com. 494 IN MX 50 alt4.aspmx.l.google.com.
google.com. 494 IN MX 20 alt1.aspmx.l.google.com.

Query NS entries:
dig +nocmd google.com ns +noall +answer
Output:

google.com. 84527 IN NS ns1.google.com.
google.com. 84527 IN NS ns2.google.com.
google.com. 84527 IN NS ns4.google.com.
google.com. 84527 IN NS ns3.google.com.

Query all records:
dig +nocmd google.com any +noall +answer
Output:

google.com. 299 IN A 216.58.212.14
google.com. 299 IN AAAA 2a00:1450:4017:804::200e
google.com. 21599 IN NS ns2.google.com.
google.com. 21599 IN NS ns1.google.com.
google.com. 599 IN MX 30 alt2.aspmx.l.google.com.
google.com. 21599 IN NS ns4.google.com.
google.com. 599 IN MX 50 alt4.aspmx.l.google.com.
google.com. 599 IN MX 20 alt1.aspmx.l.google.com.
google.com. 299 IN TXT “docusign=05958488-4752-4ef2-95eb-aa7ba8a3bd0e”
google.com. 21599 IN CAA 0 issue “pki.goog”
google.com. 599 IN MX 40 alt3.aspmx.l.google.com.
google.com. 3599 IN TXT “facebook-domain-verification=22rm551cu4k0ab0bxsw536tlds4h95”
google.com. 21599 IN NS ns3.google.com.
google.com. 599 IN MX 10 aspmx.l.google.com.
google.com. 3599 IN TXT “v=spf1 include:_spf.google.com ~all”
google.com. 59 IN SOA ns1.google.com. dns-admin.google.com. 216967258 900 900 1800 60

Reverse DNS lookup

To find the hostname by IP address, use the -x option:
dig -x 208.118.235.148 +noall +answer
Output:

; <<>> DiG 9.13.3 <<>> -x 208.118.235.235.148 +noall +answer
;; global options: +cmd
148.235.118.208.in-addr.arpa. 245 IN PTR wildebeest.gnu.org.

Bulk queries
If you need to query multiple domains, add them to a file (one per line) and use the -f parameter, specifying the file name:
dig -f domains.txt +short
An example of the contents of the domains.txt file:

lxer.com
linuxtoday.com
tuxmachines.org

Output:

108.166.170.171
70.42.23.121
204.68.122.43

Conclusion

dig is a command-line utility designed to retrieve DNS information and diagnose problems related to domain name systems.