- 10 Linux Dig (Domain Information Groper) Commands to Query DNS
- 1. Query Domain “A” Record
- 2. Query Domain “A” Record with +short
- 3. Querying MX Record for Domain
- 4. Querying SOA Record for Domain
- 5. Querying TTL Record for Domain
- 6. Querying Only Answer Section
- 7. Querying ALL DNS Records Types
- 8. DNS Reverse Look-up
- 9. Querying Multiple DNS Records
- 10. Create .digrc file
- Update Search Domains on Red Hat 7, CentOS 7 and Fedora using nmcli
- What Are Search Domains and Why Use Them?
- How to Add Search Domains in Network Manager
- Adding Search Domains via the GUI
- Adding Search Domains via Command Line Using NMCLI
- Links and Resources
- In /etc/resolv.conf, what exactly does the "search" configuration option do?
- 2 Answers 2
- What is the difference between search domains and nameservers? [closed]
- 2 Answers 2
10 Linux Dig (Domain Information Groper) Commands to Query DNS
In our previous article, we have explained nslookup command examples and usage, which is a networking command-line tool used for querying and getting information of DNS (Domain Name System).
Here, in this article, we come up with another command line tool called dig, which is much similar to the Linux nslookup tool. We will see the usage of the dig command closely with their examples and usage.
Dig stands for (Domain Information Groper) is a network administration command-line tool for querying Domain Name System (DNS) name servers.
It is useful for verifying and troubleshooting DNS problems and also to perform DNS lookups and displays the answers that are returned from the name server that was queried.
Dig is part of the BIND domain name server software suite. dig command replaces older tools such as nslookup and the host. dig tool is available in major Linux distributions.
1. Query Domain “A” Record
# dig yahoo.com ; > DiG 9.16.1-Ubuntu > yahoo.com ;; global options: +cmd ;; Got answer: ;; ->>HEADERThe above command causes dig to look up the "A" record for the domain name yahoo.com. Dig command reads the /etc/resolv.conf file and querying the DNS servers listed there. The response from the DNS server is what dig displays.
Let us understand the output of the commands:
- Lines beginning with ; are comments not part of the information.
- The first line tells us the version of the dig (9.16.1) command.
- Next, dig shows the header of the response it received from the DNS server.
- Next comes the question section, which simply tells us the query, which in this case is a query for the "A" record of yahoo.com. The IN means this is an Internet lookup (in the Internet class).
- The answer section tells us that yahoo.com has the IP address 98.137.11.163.
- Lastly, there are some stats about the query. You can turn off these stats using the +nostats option.
2. Query Domain “A” Record with +short
By default, dig is quite verbose. One way to cut down the output is to use the +short option. which will drastically cut the output as shown below.
# dig yahoo.com +short 98.137.11.164 74.6.231.21 74.6.231.20 74.6.143.25 74.6.143.26 98.137.11.163
Note: By default, dig looks for the "A" record of the domain specified, but you can specify other records also. The MX or Mail eXchange record tells mail servers how to route the email for the domain. Likewise TTL, SOA, etc.
3. Querying MX Record for Domain
Querying different types of DNS resource records only.
# dig yahoo.com MX ; > DiG 9.16.1-Ubuntu > yahoo.com MX ;; global options: +cmd ;; Got answer: ;; ->>HEADER4. Querying SOA Record for Domain
# dig yahoo.com SOA ; > DiG 9.16.1-Ubuntu > yahoo.com SOA ;; global options: +cmd ;; Got answer: ;; ->>HEADER5. Querying TTL Record for Domain
# dig yahoo.com TTL ; > DiG 9.16.1-Ubuntu > yahoo.com TTL ;; global options: +cmd ;; Got answer: ;; ->>HEADER>HEADER6. Querying Only Answer Section
# dig yahoo.com +nocomments +noquestion +noauthority +noadditional +nostats ; > DiG 9.16.1-Ubuntu > yahoo.com +nocomments +noquestion +noauthority +noadditional +nostats ;; global options: +cmd yahoo.com. 1556 IN A 74.6.231.20 yahoo.com. 1556 IN A 98.137.11.163 yahoo.com. 1556 IN A 98.137.11.164 yahoo.com. 1556 IN A 74.6.143.26 yahoo.com. 1556 IN A 74.6.231.21 yahoo.com. 1556 IN A 74.6.143.257. Querying ALL DNS Records Types
# dig yahoo.com ANY +noall +answer ; > DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6 > yahoo.com ANY +noall +answer ;; global options: +cmd yahoo.com. 3509 IN A 72.30.38.140 yahoo.com. 3509 IN A 98.138.253.109 yahoo.com. 3509 IN A 98.139.183.24 yahoo.com. 1709 IN MX 1 mta5.am0.yahoodns.net. yahoo.com. 1709 IN MX 1 mta6.am0.yahoodns.net. yahoo.com. 1709 IN MX 1 mta7.am0.yahoodns.net. yahoo.com. 43109 IN NS ns2.yahoo.com. yahoo.com. 43109 IN NS ns8.yahoo.com. yahoo.com. 43109 IN NS ns3.yahoo.com. yahoo.com. 43109 IN NS ns1.yahoo.com. yahoo.com. 43109 IN NS ns4.yahoo.com. yahoo.com. 43109 IN NS ns5.yahoo.com. yahoo.com. 43109 IN NS ns6.yahoo.com.8. DNS Reverse Look-up
Querying DNS Reverse Look-up. Only display answer section with using +short.
# dig -x 72.30.38.140 +short ir1.fp.vip.sp2.yahoo.com.9. Querying Multiple DNS Records
Query multiple website’s DNS specific query viz. MX, NS, etc. records.
# dig yahoo.com mx +noall +answer redhat.com ns +noall +answer ; > DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6 > yahoo.com mx +noall +answer redhat.com ns +noall +answer ;; global options: +cmd yahoo.com. 1740 IN MX 1 mta6.am0.yahoodns.net. yahoo.com. 1740 IN MX 1 mta7.am0.yahoodns.net. yahoo.com. 1740 IN MX 1 mta5.am0.yahoodns.net. redhat.com. 132 IN NS ns1.redhat.com. redhat.com. 132 IN NS ns4.redhat.com. redhat.com. 132 IN NS ns3.redhat.com. redhat.com. 132 IN NS ns2.redhat.com.10. Create .digrc file
Create .digrc file under $HOME/.digrc to store default dig options.
# dig yahoo.com yahoo.com. 3427 IN A 72.30.38.140 yahoo.com. 3427 IN A 98.138.253.109 yahoo.com. 3427 IN A 98.139.183.24We have store +noall +answer options permanently in the .digrc file under the user’s home directory. Now, whenever the dig command is executed it will show only answer section of the dig output. No Need to type every-time options like +noall +answer.
In this article, we tried to find out the dig command which may help you to search (DNS) Domain Name Service-related information. Share your thoughts through the comment box.
Update Search Domains on Red Hat 7, CentOS 7 and Fedora using nmcli
Q: I am running Red Hat Enterprise Linux 7 Workstation and having a hard time adding search domains. My work has several domains and I want to be able to use the short names. I have tried the network settings and don't see a place to add search domains. I have also added search domain1 domain2 to /etc/resolv.conf but it gets replaced every reboot by Network Manager. Any help?
A: This is because Gnome does not give you a place to enter search domains in their Network Settings GUI. Also, the /etc/resolv.conf file is generated every time the Network Manager service starts or restarts which overwrites the manual changes.
What Are Search Domains and Why Use Them?
Search domains are domains used to append to a hostname to create a fully qualified domain name. If you configure your system with three search domains, it will use these names when it receives an incomplete FQDN. For example let's say your office used a domain of example.com. So the servers are named similar to server1.example.com. If you add example.com to your search domains, you would be able to access the servers using the short name "server1". The search domains are automatically appended to the end of host names. If you add multiple search domains they will append one by one until they resolve in DNS.
How to Add Search Domains in Network Manager
Now that we understand what a search domain is and why we need it, let's learn how to add them. Network Manager gives you several ways to interact with it. The GUI is probably the easiest, especially if you rarely need to make these types of changes. If you are a Linux Admin with a lot of systems, you might prefer the command line. Let's get started.
Adding Search Domains via the GUI
You can run the Network Manager GUI configuration tool by running the following command:
Once the Network Manager Connection Editor opens, select the network adapter you want to change the settings for and click edit (little gear icon).
Go to the IPv4 Settings page and enter the domains in "Additional search domains" field (separate multiple domains with a comma).
Adding Search Domains via Command Line Using NMCLI
Option 2 is to use the Network Manager Command Line Interface (nmcli). First run nmcli without options to find the name of the interface like so:
sudo nmcli em1: connected to em1 "Intel Ethernet Connection (3) I218-LM" ethernet (e1000e), 83:7B:FB:41:6B:78, hw, mtu 1500 ip4 default inet4 192.168.38.83/22 inet6 fe83::8043:90fb:ff4e:9590/64 wlp2s0: disconnected "Intel Wireless 7265 (Dual Band Wireless-N 7265)" wifi (iwlwifi), 62:EF:10:F9:3B:BE, hw lo: unmanaged "lo" loopback (unknown), 00:00:00:00:00:00, sw, mtu 65536 DNS configuration: servers: 192.168.16.40 192.168.16.10 interface: em1
Interface em1 is our main wired connection, and that is the one we want to change. To add the search domains to em1 interface use the nmcli command like so:
sudo nmcli con mod em1 ipv4.dns-search "domain1.local,domain2.local,domain3.local"
Now use the show option to check the configuration. We we use grep to pull just the dns search information.
sudo nmcli con show em1 | grep dns-search
Here is an example output:
ipv4.dns-search: domain1.local,domain2.local,domain3.local ipv6.dns-search: --
Now that we have updated the network configuration we need to restart Network Manager so the changes will take effect.
sudo systemctl restart NetworkManager
When Network Manager restarts, it should now generate the correct settings in /etc/resolv.conf .
# Generated by NetworkManager search domain1.local,domain2.local,domain3.local nameserver 192.168.16.40 nameserver 192.168.16.10
In this tutorial we covered what search domains are, how they are used, and why we might need them. We also looked at some examples of adding them through the GUI and from the command line. If you have any questions or comments we would love to hear them.
Links and Resources
In /etc/resolv.conf, what exactly does the "search" configuration option do?
If I have the option set as the domain name of the server itself, does that mean the server itself is used first to lookup domain names before querying the external internet? i.e. /etc/hosts will be queried? For example:
2 Answers 2
The search list is normally determined from the local domain name; by default, it contains only the local domain name. This may be changed by listing the desired domain search path following the search keyword with spaces or tabs separating the names. Resolver queries having fewer than ndots dots (default is 1) in them will be attempted using each component of the search path in turn until a match is found. For environments with multiple subdomains please read options ndots:n below to avoid man-in-the-middle attacks and unnecessary traffic for the root-dns-servers. Note that this process may be slow and will generate a lot of network traffic if the servers for the listed domains are not local, and that queries will time out if no server is available for one of the domains.
The search list is currently limited to six domains with a total of 256 characters.
To summarize the above, assuming no change from the defaults mentioned above, if something gets to the resolver that has no dots in it, the resolver will try adding example.com to it.
So lets say you just type http://somesite/somedocument.html in your browser. The resolver will catch that and first try to resolve somesite.example.com - equivalent if you actually typed http://somesite.example.com/somedocument.html - before trying what you actually requested.
This is helpful if you are part of a LAN environment that has its own DNS server so that people can type simple names to reach local resources. If you don't have a home or corporate LAN with your own DNS server it's nothing you really have to worry about.
What is the difference between search domains and nameservers? [closed]
Questions must demonstrate a minimal understanding of the problem being solved. Try including attempted solutions, why they didn't work, and the expected results. See How can I ask better questions on Server Fault? for further guidance.
I've usually seen two kinds of entries in /etc/resolv.conf on certain servers. The domain-name-servers entry specifies which DNS to use for resolving hostnames to IP addresses. Recently I saw an entry for search IP_ADDRESS . So here's my question. What's the difference between a nameserver and a search domain?
The value specified with search must be a domain rather than an IP address. It is plausible that if the DHCP server is misconfigured and neither server nor client validate the value, that you could end up with an IP address being written into resolv.conf . It may also be that the invalid value in resolv.conf was placed there manually.
2 Answers 2
the search indicate what domain(s) to append to your host name in a search. for example if you run this command :
if you do not have anything in the search domain, it will search for "myserver" in your hostfile, and if nothing there, it will return
but if you add search mydomain.com
then the same ping would return
64 bytes from myserver.mydomain.com (some ip): icmp_seq=1 ttl=62 time=415 ms
(provided the "myserver.mydomain.com actually exist, and reply to ping requests)
nameserver on the other hand is the IP address of your actual DNS server, where you look up all hostnames that is not in your hosts file.
edit: added some more details, and the 2nd part of the question (nameserver)