The “dig” or “Domain Information Groper” is a command-line utility for interrogating/analyzing the DNS servers. It also enables the network administrators to fix the DNS issues. The “dig” command is widely in use because of its straightforward output that is easy to understand and adaptable customization. It can retrieve detailed records like mail exchange servers (MX), text records (TXT), name servers (NS), and more. It comes with the “dnsutils” package.
This guide sheds light on “How to Install the dig Command on Debian 12” and explains its use.
- How to Install the “dig” Command on Debian 12
- How to Use the “dig” Command on Debian 12
- Bonus Tip: How to Prevent the DNS Spoofing by Utilizing the “dig” Command
Let’s begin!
How to Install the “dig” Command on Debian 12
To install the “dig” command on Debian 12, install the “dnsutils” by following these steps:
Step 1: Update System Repositories
Use the below command to update the system’s repositories and minimize the errors during the installation process:
sudo apt update
Step 2: Install the “dig” Command
Now, install the “dig” command by executing the below-mentioned command:
sudo apt install dnsutils
Step 3: Verify the Installation
To verify if the “dig” command is installed on your system, execute the below-stated command:
dig -v
If the above command shows the “dig” command’s version, it is successfully installed. If you see the error message “dig: command not found”, the command is not installed.
Additionally, you can use the “bind9-dnsutils” to install the “dig” with a few other command-line utilities. To install the “bind9-dnsutils”, run:
sudo apt install bind9-dnsutils
How to Use the “dig” Command on Debian 12?
The “dig” command comes with several flags or options that you can use to view the desired output. But, before moving on to understanding the usage of the “dig” command, let’s understand the common DNS record types:
| Record Type | Explanation |
| A | The single “A” shows the IPv4 type records. |
| AAAA | The quad “A” shows the IPv6 type records. |
| MX or Mail Exchanger Server | The “MX” is the email host server that shows the relevant data. |
| TXT | The “TXT” shows the text type records. |
| SIG | The “SIG” is the signature type record. |
Syntax of the “dig” Command
The syntax of using the “dig” command is as follows:
dig [Server] [Name] [Type]Here:
- The “dig” invokes the dig command.
- The “Server” is the IP address for querying.
- The “Name” specifies the DNS lookup hostname.
- The “Type” tells the dig command to output the record type of the DNS. The default is set to “Type A”.
The below section explains the use of the “dig” command via the examples:
Example 1: Perform a Simple DNS Query
To perform a simple DNS query using the “dig” command, specify the hostname after the dig command. For instance, the below command queries “google.com”:
dig google.com
In the above output,
| First Section | Shows the dig command version and the queried server.“HEADER” outputs the results generated from the querying. |
| Second Section | Shows the “EDNS”, flags, protocol, and other relevant information. The EDNS stands for Extension Mechanisms for DNS and it provides additional capabilities to the dig command to fetch more detailed responses. |
| Third Section | Shows the answer from the queried server. Includes TTL (time to live (253)), class type (IN), record type (A), and the server’s IP. |
| Fourth Section | Shows the Query time (12 msec), the IP through which the server is queried. The WHEN is the time of query and MSG SIZE (rcvd:83) is the size of the answer received via the query. |
Example 2: Perform a Short DNS Query
The “dig” command can output only the IP address of the server. We call it the “Short DNS Query”. To view the IP address of “Google.com”, run the following command:
dig Google.com +short
Example 3: Execute DNS Query Request From a Different Server
The “dig” command does the DNS query request using the “/etc/resolv.conf” file and users can override it. For instance, a user wants to bypass the default DNS server and get the output directly from a different server:
dig @<Server-Name/IP> <Server-to-Perform-DNS-Query
The above command performs a DNS query on “Google.com” using the IP “8.8.8.8”.
Example 4: Query All Types of DNS Records
To view all “Types” of DNS records associated with the specified domain, use the following command:
dig Google.com Any
Users can search for a specific record type as well. For instance, below is the command to view the “text” type DNS record for “Google.com”:
dig Google.com txt
Example 5: Query Reverse DNS
The “Reverse DNS” is the process of unmasking the name behind an IP address. The Reverse DNS Query is currently in use to filter the spam messages by the email servers. To perform the Reverse DNS Query using the “dig” command, use the following format:
dig -x <Server-IP-to-Query-Reverse-DNS>
The above command performs the reverse DNS query against the IP (192.65.69.68).
Example 6: Trace DNS Path
To trace the DNS lookup path, use the “+trace” flag. Let’s trace the DNS path for “Google.com” by executing the below-mentioned command:
dig Google.com +trace
Example 7: Multiple DNS Lookup
The “dig” command also allows the users to perform multiple DNS lookups. To do that, create a “.txt” file and add the following text as an example:
Wikipedia.com
Google.com
Yahoo.comNow, give the created file (testDNS.txt in this case) as an input to the “dig” command using the below command:
dig testDNS.txt
Example 8: Configure the Output of the “dig” Command
Users can configure the output of the “dig” command. To override the default output of the “dig” command, users must create a “.digrc” file in their “Home” directory. The “dig” command always looks for this file; if found, it automatically processes it. To create a .digrc file, run the following command:
nano .digrcAfter creating the file, users can specify the output they want to view. Below is a sample configuration of the “dig” command’s output using the .digrc file:
# Use Google's DNS servers
server 8.8.8.8 8.8.4.4
# Query for no records
+noall
# Show concise output
+short
# Enable tracing for detailed lookup path
+traceNow, run the “dig” command as usual without specifying any flag as it takes the input flags from the “.digrc” file:
dig bing.com
Example 9: Set IPv4 or IPv6 for DNS Querying
Users can set and force the “dig” command to query for the specific IP versions. To make it query the IPv4 address, run:
dig -4 Google.com
To query the IPv6, use the below-stated format:
dig -6 <Domain-Name>Example 10: Set DNS Server Timeout Interval
If the domain is taking longer to respond to the DNS query, it will display a “timed out” message after the default timer (5 seconds). To change or override the default timer for the DNS query, use the “-t” or “+time” flag and specify the time in seconds as follows:
dig Google.com +time=10
Bonus Tip: How to Prevent the DNS Spoofing by Utilizing the “dig” Command
The “DNS Spoofing” or “DNS Cache Poisoning” is a dangerous cyberattack. If the DNS is spoofed, users are often redirected to the fraudulent websites without their knowledge. In this attack, the attacker intercepts the DNS query and redirects it to a fake webpage that steals the user’s information.
Currently, there’s no way to check if your DNS is spoofed. However, some signs include the following:
- You are often redirected to an unexpected website that you did not open.
- You see unrelated popups that are automatically triggered when you open your internet browser.
- You are seeing too many security warnings about invalid certificates while opening a website because you are redirected to a fake website.
To prevent DNS spoofing by utilizing the “dig” command, follow the below stated instructions:
Use Trusted DNS Servers
Firstly, change the default DNS server to the trusted DNS servers, such as Google (8.8.8.8 and 8.8.4.4), Cloudflare (1.1.1.1 and 1.0.0.1), or Quad9 (9.9.9.9). To change the DNS server on Debian 12, open the Network Manager using:
nm-connection-editorAfter opening the Network Editor, select a connection and navigate to “IPv4” or “IPv6” settings as per your choice. From here, add the desired “DNS Server” and “Save” the changes:
Now check the responses (using the dig command) from the specified website and see if the results are the same as with the default DNS server. If they are the same, the DNS server is not spoofed, but if they are not the same, the DNS server is spoofed.
The following is an example of the “dig” command to get better insights into the DNS server:
dig +trace Google.com #The path of DNS servers involved in resolving the query.
dig +additional Google.com #Get additional records associated with the domain.
dig +norecurse Google.com #Prevent dig from following referrals to other DNS servers.That’s all for installing the “dig” command on Debian 12.
Final Words
The “dig” command digs into the network and provides a detailed analysis of the DNS Server. It comes bundled with the package called “dnsutils” and to use the “dig” command, users must install the “dnsutils”.
To gain a comprehensive understanding of the “dig” command, refer to the above guide.