Quartz 4

dig command

2 min read

dig (Domain Information Groper): The standard tool for querying DNS records.

Gemini said

dig (Domain Information Groper) is a powerful command-line tool used by network administrators and security professionals to query Domain Name System (DNS) name servers.

While tools like nslookup are older and more basic, dig is the industry standard because it is flexible, provides detailed output, and follows DNS standards more strictly.

Why Use dig?

  • Troubleshooting: Verify if a domain is pointing to the correct IP address or if a recent DNS change has propagated.

  • Security Reconnaissance: Enumerate subdomains, find mail servers (MX records), and check for security-related TXT records.

  • Detailed Output: It shows you the exact response from the server, including the “Header,” “Question Section,” and “Answer Section.”

Common dig Commands

Since you are using a Linux-based pentesting lab, here are the most useful ways to use the tool:

TaskCommand
Basic Lookupdig google.com
Specific Record Typedig google.com MX (finds mail servers)
Short Answerdig google.com +short (returns just the IP)
Trace the Pathdig google.com +trace (shows the lookup from Root to Authoritative)
Reverse Lookupdig -x 8.8.8.8 (finds the domain associated with an IP)
Query a Specific Serverdig @8.8.8.8 google.com (queries Google’s DNS instead of your default)

Anatomy of a dig Response

When you run a standard query, dig returns several sections:

  1. Header: Shows the version of dig, global options, and the status of the query (e.g., NOERROR).

  2. Question Section: Confirms what you asked for (e.g., “What is the A record for example.com?”).

  3. Answer Section: The actual data (e.g., the IP address).

  4. Authority Section: Lists the nameservers that are authoritative for the domain.

  5. Statistics: Shows how long the query took and which server provided the answer.

Advanced Usage: Zone Transfers (AXFR)

In your PenTest+ studies, you’ll learn that a misconfigured DNS server might allow a Zone Transfer. This lets an attacker download the entire DNS database for a domain.

  • Command: dig @<nameserver_ip> <domain_name> axfr

If the server is insecure, this command will list every internal host, which is a massive win for the “Enumeration” phase of a pentest.

networkreconnaissance reconnaissance dns CLItool

Graph View

Backlinks