Dig - Búsqueda y Resolución de DNS¶

✅ ¡Todos los comandos dig copiados al portapapeles!

Dig (Domain Information Groper) es una potente herramienta de línea de comandos para búsqueda y resolución de DNS. Es más flexible y proporciona una salida más detallada que nslookup, convirtiéndolo en la herramienta preferida para diagnósticos e investigación de DNS.

Uso Básico¶

Búsqueda DNS Simple¶

Especificación de Tipos de Registros¶

Especificación de Servidor DNS¶

Usando Diferentes Servidores DNS¶

Servidores DNS IPv6¶

Opciones de Control de Salida¶

Formateando la Salida¶

Traza Detallada¶

Opciones Avanzadas de Consulta¶

Comportamiento de Consulta¶

Opciones DNSSEC¶

Búsquedas DNS Inversas¶

Consultas de Registro PTR¶

Consultas por Lotes¶

Múltiples Dominios¶

Consultas por Script¶

Registros DNS Especializados¶

Registros Relacionados con Correo¶

Registros de Descubrimiento de Servicios¶

Registros de Seguridad¶

Resolución de Problemas de DNS¶

Diagnósticos Comunes¶

Diagnóstico de Errores¶

Análisis de Ruta de Red¶

Pruebas de Rendimiento¶

Tiempo de Consulta¶

Pruebas de Carga¶

Would you like me to continue with specific translations for the remaining sections?```bash

Basic A record lookup¶

dig google.com dig example.com dig github.com

Lookup with specific DNS server¶

dig @8.8.8.8 google.com dig @1.1.1.1 google.com dig @208.67.222.222 google.com

Short output (just the answer)¶

dig +short google.com dig +short @8.8.8.8 google.com

### Specifying Record Types
```bash
# A record (IPv4 address)
dig google.com A
dig +short google.com A

# AAAA record (IPv6 address)
dig google.com AAAA
dig +short google.com AAAA

# MX record (mail exchange)
dig google.com MX
dig +short google.com MX

# NS record (name servers)
dig google.com NS
dig +short google.com NS

# TXT record (text records)
dig google.com TXT
dig +short google.com TXT

# CNAME record (canonical name)
dig www.google.com CNAME
dig +short www.google.com CNAME

# SOA record (start of authority)
dig google.com SOA
dig +short google.com SOA

# PTR record (reverse DNS)
dig google.com PTR

# ANY record (all available records)
dig google.com ANY

DNS Server Specification¶

Using Different DNS Servers¶

# Google DNS
dig @8.8.8.8 google.com
dig @8.8.4.4 google.com

# Cloudflare DNS
dig @1.1.1.1 google.com
dig @1.0.0.1 google.com

# OpenDNS
dig @208.67.222.222 google.com
dig @208.67.220.220 google.com

# Quad9 DNS
dig @9.9.9.9 google.com
dig @149.112.112.112 google.com

# Local DNS server
dig @192.168.1.1 google.com

# Multiple servers (dig will try each)
dig @8.8.8.8 @1.1.1.1 google.com

IPv6 DNS Servers¶

# Google IPv6 DNS
dig @2001:4860:4860::8888 google.com
dig @2001:4860:4860::8844 google.com

# Cloudflare IPv6 DNS
dig @2606:4700:4700::1111 google.com
dig @2606:4700:4700::1001 google.com

# OpenDNS IPv6
dig @2620:119:35::35 google.com
dig @2620:119:53::53 google.com

Output Control Options¶

Formatting Output¶

# Short output (answer only)
dig +short google.com

# Show only answer section
dig +noall +answer google.com

# Show only authority section
dig +noall +authority google.com

# Show only additional section
dig +noall +additional google.com

# Show question and answer
dig +noall +question +answer google.com

# Multiline output
dig +multiline google.com

# No comments
dig +nocomments google.com

# No statistics
dig +nostats google.com

# No question section
dig +noquestion google.com

# No answer section
dig +noanswer google.com

# No authority section
dig +noauthority google.com

# No additional section
dig +noadditional google.com

Detailed Tracing¶

# Trace the full DNS resolution path
dig +trace google.com

# Trace with short output
dig +trace +short google.com

# Trace specific record type
dig +trace google.com MX

# Show all name servers for domain
dig +nssearch google.com

# Show all name servers with details
dig +nssearch +noall +answer google.com

Advanced Query Options¶

Query Behavior¶

# Disable recursion
dig +norecurse google.com

# Use TCP instead of UDP
dig +tcp google.com
dig +vc google.com

# Force UDP (default)
dig +notcp google.com

# Set query timeout
dig +time=5 google.com
dig +time=10 google.com

# Set number of tries
dig +tries=3 google.com

# Set number of retries
dig +retry=2 google.com

# Set UDP buffer size
dig +bufsize=512 google.com
dig +bufsize=4096 google.com

# Enable EDNS
dig +edns=0 google.com

# Ignore truncation
dig +ignore google.com

# Fail on truncation
dig +fail google.com

DNSSEC Options¶

# Request DNSSEC records
dig +dnssec google.com

# Check DNSSEC validation
dig +cd google.com

# Request authentic data
dig +ad google.com

# Show DNSSEC chain
dig +trace +dnssec google.com

# Validate DNSSEC signatures
dig +sigchase google.com

# Show DNSKEY records
dig google.com DNSKEY

# Show DS records
dig google.com DS

# Show RRSIG records
dig google.com RRSIG

Reverse DNS Lookups¶

PTR Record Queries¶

# Reverse lookup using -x flag
dig -x 8.8.8.8
dig -x 1.1.1.1
dig -x 192.168.1.1

# Manual PTR lookup
dig 8.8.8.8.in-addr.arpa PTR
dig 1.1.1.1.in-addr.arpa PTR

# IPv6 reverse lookup
dig -x 2001:4860:4860::8888

# Short reverse lookup
dig +short -x 8.8.8.8

# Reverse lookup with specific server
dig @8.8.8.8 -x 1.1.1.1

Batch Queries¶

Multiple Domains¶

# Query multiple domains
dig google.com yahoo.com microsoft.com

# Query from file
echo -e "google.com\nyahoo.com\nmicrosoft.com" > domains.txt
dig -f domains.txt

# Query different record types for same domain
dig google.com A MX NS TXT

# Batch with specific server
dig @8.8.8.8 -f domains.txt

Scripted Queries¶

# Loop through domains
for domain in google.com yahoo.com microsoft.com; do
    echo "=== $domain ==="
    dig +short $domain
done

# Check multiple record types
for type in A AAAA MX NS TXT; do
    echo "=== $type records for google.com ==="
    dig +short google.com $type
done

Specialized DNS Records¶

# MX records (mail exchange)
dig google.com MX
dig +short google.com MX

# SPF records (in TXT)
dig google.com TXT|grep "v=spf1"
dig _spf.google.com TXT

# DMARC records
dig _dmarc.google.com TXT

# DKIM records
dig selector1._domainkey.google.com TXT

# Mail server A records
dig gmail-smtp-in.l.google.com A

Service Discovery Records¶

# SRV records (service records)
dig _sip._tcp.example.com SRV
dig _xmpp-server._tcp.example.com SRV
dig _minecraft._tcp.example.com SRV

# CAA records (certificate authority authorization)
dig google.com CAA

# NAPTR records (naming authority pointer)
dig example.com NAPTR

# LOC records (location)
dig example.com LOC

Security Records¶

# TLSA records (DNS-based authentication)
dig _443._tcp.example.com TLSA
dig _25._tcp.mail.example.com TLSA

# SSHFP records (SSH fingerprints)
dig example.com SSHFP

# CERT records (certificates)
dig example.com CERT

Troubleshooting DNS Issues¶

Common Diagnostics¶

# Check if domain exists
dig +short google.com

# Check authoritative name servers
dig +short google.com NS

# Query authoritative server directly
dig @ns1.google.com google.com

# Check SOA record for domain info
dig google.com SOA

# Trace full resolution path
dig +trace google.com

# Check for DNS propagation
dig @8.8.8.8 example.com
dig @1.1.1.1 example.com
dig @208.67.222.222 example.com

Error Diagnosis¶

# Check for NXDOMAIN (domain doesn't exist)
dig nonexistent.google.com

# Check for SERVFAIL
dig +trace problematic.domain.com

# Check for timeout issues
dig +time=1 +tries=1 slow.server.com

# Check for truncation
dig +bufsize=512 large.response.com

# Verify DNSSEC
dig +dnssec +cd google.com

Network Path Analysis¶

# Test different DNS servers
for server in 8.8.8.8 1.1.1.1 208.67.222.222; do
    echo "Testing $server:"
    dig @$server +time=3 google.com|grep "Query time"
done

# Check local vs remote DNS
dig @127.0.0.1 google.com
dig @8.8.8.8 google.com

# Test UDP vs TCP
dig +notcp google.com
dig +tcp google.com

Performance Testing¶

Query Timing¶

# Show query time
dig google.com|grep "Query time"

# Multiple queries for average
for i in \\\\{1..5\\\\}; do
    dig google.com|grep "Query time"
done

# Time multiple servers
for server in 8.8.8.8 1.1.1.1 208.67.222.222; do
    echo "Server: $server"
    dig @$server google.com|grep "Query time"
done

Load Testing¶

# Rapid queries (be careful with rate limiting)
for i in \\\\{1..10\\\\}; do
    dig +short google.com &
done
wait

# Measure DNS cache performance
dig google.com  # First query (cache miss)
dig google.com  # Second query (cache hit)
```## Configuración y Personalización
```bash
# Create ~/.digrc for default options
echo "+short" > ~/.digrc
echo "+time=5" >> ~/.digrc
echo "+tries=2" >> ~/.digrc

# Override config file
dig +noconfig google.com
```### Variables de Entorno
```bash
# Set default options
export DIG_OPTIONS="+short +time=5"
dig google.com

# Set default server
export DIG_SERVER="8.8.8.8"
dig google.com
```## Integración con Otras Herramientas

### Combinación con Otros Comandos
```bash
# Extract IP addresses
dig +short google.com|grep -E '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+

### Scripting Examples
```bash
#!/bin/bash
# Script de verificación de salud DNS

DOMAIN="example.com"
SERVERS=("8.8.8.8" "1.1.1.1" "208.67.222.222")

echo "Verificación de Salud DNS para $DOMAIN"
echo "================================"

for server in "$\{SERVERS[@]\}"; do
    echo "Probando servidor: $server"

    # Probar registro A
    A_RECORD=$(dig @$server +short $DOMAIN A)
    if [ -n "$A_RECORD" ]; then
        echo "  Registro A: $A_RECORD"
    else
        echo "  Registro A: FALLIDO"
    fi

    # Probar tiempo de consulta
    QUERY_TIME=$(dig @$server $DOMAIN|grep "Query time"|awk '\{print $4\}')
    echo "  Tiempo de Consulta: $\{QUERY_TIME\}ms"

    echo ""
done

Cross-Platform Considerations¶

Linux¶

# Instalar dig (generalmente parte de bind-utils o dnsutils)
sudo apt install dnsutils          # Ubuntu/Debian
sudo yum install bind-utils         # RHEL/CentOS
sudo dnf install bind-utils         # Fedora

# Herramientas alternativas
host google.com                     # Búsqueda DNS simple
nslookup google.com                 # Búsqueda DNS interactiva

macOS¶

# dig está pre-instalado en macOS
dig google.com

# Instalar via Homebrew para la última versión
brew install bind

# Herramientas alternativas
host google.com
nslookup google.com

Windows¶

# dig no está incluido por defecto
# Descargar desde ISC BIND o usar alternativas

# Alternativas de Windows
nslookup google.com
Resolve-DnsName google.com          # PowerShell

Best Practices¶

Security Considerations¶

Use trusted DNS servers for sensitive queries
Be aware that DNS queries can be logged
Consider using DNS over HTTPS (DoH) or DNS over TLS (DoT)
Validate DNSSEC when security is critical

Performance Tips¶

Use +short for scripting to reduce output parsing
Set appropriate timeouts for your network
Use local DNS caching when possible
Consider the impact of DNS queries on rate limiting

Troubleshooting Methodology¶

Start with basic queries to verify connectivity
Use +trace to understand the resolution path
Test multiple DNS servers to isolate issues
Check both forward and reverse DNS
Verify DNSSEC when applicable

Monitoring and Automation¶

Log DNS query times for performance monitoring
Set up alerts for DNS resolution failures
Use batch queries for efficiency
Implement proper error handling in scripts

Dig is an essential tool for DNS troubleshooting and investigation. Its flexibility and detailed output make it invaluable for network administrators, security professionals, and developers working with DNS-dependent applications.

Get all A records and ping them¶

dig +short google.com A|while read ip; do echo "Pinging $ip" ping -c 1 $ip done

Check if domain resolves to specific IP¶

if dig +short google.com|grep -q "172.217."; then echo "Domain resolves to Google IP range" fi

Compare DNS responses¶

diff <(dig @8.8.8.8 +short google.com) <(dig @1.1.1.1 +short google.com) ```### Ejemplos de Scripting

Dig - Búsqueda y Resolución de DNS¶

Uso Básico¶

Búsqueda DNS Simple¶

Especificación de Tipos de Registros¶

Especificación de Servidor DNS¶

Usando Diferentes Servidores DNS¶

Servidores DNS IPv6¶

Opciones de Control de Salida¶

Formateando la Salida¶

Traza Detallada¶

Opciones Avanzadas de Consulta¶

Comportamiento de Consulta¶

Opciones DNSSEC¶

Búsquedas DNS Inversas¶

Consultas de Registro PTR¶

Consultas por Lotes¶

Múltiples Dominios¶

Consultas por Script¶

Registros DNS Especializados¶

Registros Relacionados con Correo¶

Registros de Descubrimiento de Servicios¶

Registros de Seguridad¶

Resolución de Problemas de DNS¶

Diagnósticos Comunes¶

Diagnóstico de Errores¶

Análisis de Ruta de Red¶

Pruebas de Rendimiento¶

Tiempo de Consulta¶

Pruebas de Carga¶

Basic A record lookup¶

Lookup with specific DNS server¶

Short output (just the answer)¶

DNS Server Specification¶

Using Different DNS Servers¶

IPv6 DNS Servers¶

Output Control Options¶

Formatting Output¶

Detailed Tracing¶

Advanced Query Options¶

Query Behavior¶

DNSSEC Options¶

Reverse DNS Lookups¶

PTR Record Queries¶

Batch Queries¶

Multiple Domains¶

Scripted Queries¶

Specialized DNS Records¶

Email-Related Records¶

Service Discovery Records¶

Security Records¶

Troubleshooting DNS Issues¶

Common Diagnostics¶

Error Diagnosis¶

Network Path Analysis¶

Performance Testing¶

Query Timing¶

Load Testing¶

Cross-Platform Considerations¶

Linux¶

macOS¶

Windows¶

Best Practices¶

Security Considerations¶

Performance Tips¶

Troubleshooting Methodology¶

Monitoring and Automation¶

Get all A records and ping them¶

Check if domain resolves to specific IP¶

Compare DNS responses¶

Consideraciones Multiplataforma¶

Linux¶

macOS¶

Windows¶

Mejores Prácticas¶

Consideraciones de Seguridad¶

Consejos de Rendimiento¶

Metodología de Resolución de Problemas¶