Dig - Ricerca DNS e Risoluzione dei Problemi
✅ Tutti i comandi dig sono stati copiati negli appunti!
Dig (Domain Information Groper) è un potente strumento da riga di comando per la ricerca DNS e la risoluzione dei problemi. È più flessibile e fornisce un output più dettagliato rispetto a nslookup, rendendolo lo strumento preferito per la diagnostica e l’indagine DNS.
Utilizzo Base
Ricerca DNS Semplice
Specificare Tipi di Record
Specifica del Server DNS
Utilizzo di Server DNS Diversi
Server DNS IPv6
Opzioni di Controllo dell’Output
Formattazione dell’Output
Tracciamento Dettagliato
Opzioni di Query Avanzate
Comportamento della Query
Opzioni DNSSEC
Ricerche DNS Inverse
Query Record PTR
Query in Batch
Domini Multipli
Query con Script
Record DNS Specializzati
Record Relativi alle Email
Record per la Scoperta di Servizi
Record di Sicurezza
Risoluzione dei Problemi DNS
Diagnostica Comune
Diagnosi degli Errori
Analisi del Percorso di Rete
Test delle Prestazioni
Temporizzazione delle Query
Test di Carico
Would you like me to continue with specific translations for the remaining sections? I noticed that some sections were left blank in the original text. I can provide translations for those as well if you’d like.```bash
Basic A record lookup
dig google.com dig example.com dig github.com
Lookup with specific DNS server
dig @8.8.8.8 google.com dig @1.1.1.1 google.com dig @208.67.222.222 google.com
Short output (just the answer)
dig +short google.com dig +short @8.8.8.8 google.com
### Specifying Record Types
```bash
# A record (IPv4 address)
dig google.com A
dig +short google.com A
# AAAA record (IPv6 address)
dig google.com AAAA
dig +short google.com AAAA
# MX record (mail exchange)
dig google.com MX
dig +short google.com MX
# NS record (name servers)
dig google.com NS
dig +short google.com NS
# TXT record (text records)
dig google.com TXT
dig +short google.com TXT
# CNAME record (canonical name)
dig www.google.com CNAME
dig +short www.google.com CNAME
# SOA record (start of authority)
dig google.com SOA
dig +short google.com SOA
# PTR record (reverse DNS)
dig google.com PTR
# ANY record (all available records)
dig google.com ANYDNS Server Specification
Using Different DNS Servers
# Google DNS
dig @8.8.8.8 google.com
dig @8.8.4.4 google.com
# Cloudflare DNS
dig @1.1.1.1 google.com
dig @1.0.0.1 google.com
# OpenDNS
dig @208.67.222.222 google.com
dig @208.67.220.220 google.com
# Quad9 DNS
dig @9.9.9.9 google.com
dig @149.112.112.112 google.com
# Local DNS server
dig @192.168.1.1 google.com
# Multiple servers (dig will try each)
dig @8.8.8.8 @1.1.1.1 google.comIPv6 DNS Servers
# Google IPv6 DNS
dig @2001:4860:4860::8888 google.com
dig @2001:4860:4860::8844 google.com
# Cloudflare IPv6 DNS
dig @2606:4700:4700::1111 google.com
dig @2606:4700:4700::1001 google.com
# OpenDNS IPv6
dig @2620:119:35::35 google.com
dig @2620:119:53::53 google.comOutput Control Options
Formatting Output
# Short output (answer only)
dig +short google.com
# Show only answer section
dig +noall +answer google.com
# Show only authority section
dig +noall +authority google.com
# Show only additional section
dig +noall +additional google.com
# Show question and answer
dig +noall +question +answer google.com
# Multiline output
dig +multiline google.com
# No comments
dig +nocomments google.com
# No statistics
dig +nostats google.com
# No question section
dig +noquestion google.com
# No answer section
dig +noanswer google.com
# No authority section
dig +noauthority google.com
# No additional section
dig +noadditional google.comDetailed Tracing
# Trace the full DNS resolution path
dig +trace google.com
# Trace with short output
dig +trace +short google.com
# Trace specific record type
dig +trace google.com MX
# Show all name servers for domain
dig +nssearch google.com
# Show all name servers with details
dig +nssearch +noall +answer google.comAdvanced Query Options
Query Behavior
# Disable recursion
dig +norecurse google.com
# Use TCP instead of UDP
dig +tcp google.com
dig +vc google.com
# Force UDP (default)
dig +notcp google.com
# Set query timeout
dig +time=5 google.com
dig +time=10 google.com
# Set number of tries
dig +tries=3 google.com
# Set number of retries
dig +retry=2 google.com
# Set UDP buffer size
dig +bufsize=512 google.com
dig +bufsize=4096 google.com
# Enable EDNS
dig +edns=0 google.com
# Ignore truncation
dig +ignore google.com
# Fail on truncation
dig +fail google.comDNSSEC Options
# Request DNSSEC records
dig +dnssec google.com
# Check DNSSEC validation
dig +cd google.com
# Request authentic data
dig +ad google.com
# Show DNSSEC chain
dig +trace +dnssec google.com
# Validate DNSSEC signatures
dig +sigchase google.com
# Show DNSKEY records
dig google.com DNSKEY
# Show DS records
dig google.com DS
# Show RRSIG records
dig google.com RRSIGReverse DNS Lookups
PTR Record Queries
# Reverse lookup using -x flag
dig -x 8.8.8.8
dig -x 1.1.1.1
dig -x 192.168.1.1
# Manual PTR lookup
dig 8.8.8.8.in-addr.arpa PTR
dig 1.1.1.1.in-addr.arpa PTR
# IPv6 reverse lookup
dig -x 2001:4860:4860::8888
# Short reverse lookup
dig +short -x 8.8.8.8
# Reverse lookup with specific server
dig @8.8.8.8 -x 1.1.1.1Batch Queries
Multiple Domains
# Query multiple domains
dig google.com yahoo.com microsoft.com
# Query from file
echo -e "google.com\nyahoo.com\nmicrosoft.com" > domains.txt
dig -f domains.txt
# Query different record types for same domain
dig google.com A MX NS TXT
# Batch with specific server
dig @8.8.8.8 -f domains.txtScripted Queries
# Loop through domains
for domain in google.com yahoo.com microsoft.com; do
echo "=== $domain ==="
dig +short $domain
done
# Check multiple record types
for type in A AAAA MX NS TXT; do
echo "=== $type records for google.com ==="
dig +short google.com $type
doneSpecialized DNS Records
Email-Related Records
# MX records (mail exchange)
dig google.com MX
dig +short google.com MX
# SPF records (in TXT)
dig google.com TXT|grep "v=spf1"
dig _spf.google.com TXT
# DMARC records
dig _dmarc.google.com TXT
# DKIM records
dig selector1._domainkey.google.com TXT
# Mail server A records
dig gmail-smtp-in.l.google.com AService Discovery Records
# SRV records (service records)
dig _sip._tcp.example.com SRV
dig _xmpp-server._tcp.example.com SRV
dig _minecraft._tcp.example.com SRV
# CAA records (certificate authority authorization)
dig google.com CAA
# NAPTR records (naming authority pointer)
dig example.com NAPTR
# LOC records (location)
dig example.com LOCSecurity Records
# TLSA records (DNS-based authentication)
dig _443._tcp.example.com TLSA
dig _25._tcp.mail.example.com TLSA
# SSHFP records (SSH fingerprints)
dig example.com SSHFP
# CERT records (certificates)
dig example.com CERTTroubleshooting DNS Issues
Common Diagnostics
# Check if domain exists
dig +short google.com
# Check authoritative name servers
dig +short google.com NS
# Query authoritative server directly
dig @ns1.google.com google.com
# Check SOA record for domain info
dig google.com SOA
# Trace full resolution path
dig +trace google.com
# Check for DNS propagation
dig @8.8.8.8 example.com
dig @1.1.1.1 example.com
dig @208.67.222.222 example.comError Diagnosis
# Check for NXDOMAIN (domain doesn't exist)
dig nonexistent.google.com
# Check for SERVFAIL
dig +trace problematic.domain.com
# Check for timeout issues
dig +time=1 +tries=1 slow.server.com
# Check for truncation
dig +bufsize=512 large.response.com
# Verify DNSSEC
dig +dnssec +cd google.comNetwork Path Analysis
# Test different DNS servers
for server in 8.8.8.8 1.1.1.1 208.67.222.222; do
echo "Testing $server:"
dig @$server +time=3 google.com|grep "Query time"
done
# Check local vs remote DNS
dig @127.0.0.1 google.com
dig @8.8.8.8 google.com
# Test UDP vs TCP
dig +notcp google.com
dig +tcp google.comPerformance Testing
Query Timing
# Show query time
dig google.com|grep "Query time"
# Multiple queries for average
for i in \\\\{1..5\\\\}; do
dig google.com|grep "Query time"
done
# Time multiple servers
for server in 8.8.8.8 1.1.1.1 208.67.222.222; do
echo "Server: $server"
dig @$server google.com|grep "Query time"
doneLoad Testing
# Rapid queries (be careful with rate limiting)
for i in \\\\{1..10\\\\}; do
dig +short google.com &
done
wait
# Measure DNS cache performance
dig google.com # First query (cache miss)
dig google.com # Second query (cache hit)Configurazione e Personalizzazione
Utilizzo della Configurazione .digrc
# Create ~/.digrc for default options
echo "+short" > ~/.digrc
echo "+time=5" >> ~/.digrc
echo "+tries=2" >> ~/.digrc
# Override config file
dig +noconfig google.comVariabili di Ambiente
# Set default options
export DIG_OPTIONS="+short +time=5"
dig google.com
# Set default server
export DIG_SERVER="8.8.8.8"
dig google.comIntegrazione con Altri Strumenti
Combinazione con Altri Comandi
# Extract IP addresses
dig +short google.com|grep -E '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+
### Scripting Examples
```bash
#!/bin/bash
# Script di verifica della salute DNS
DOMAIN="example.com"
SERVERS=("8.8.8.8" "1.1.1.1" "208.67.222.222")
echo "Verifica della Salute DNS per $DOMAIN"
echo "================================"
for server in "$\{SERVERS[@]\}"; do
echo "Test del server: $server"
# Test record A
A_RECORD=$(dig @$server +short $DOMAIN A)
if [ -n "$A_RECORD" ]; then
echo " Record A: $A_RECORD"
else
echo " Record A: FALLITO"
fi
# Test tempo di query
QUERY_TIME=$(dig @$server $DOMAIN|grep "Query time"|awk '\{print $4\}')
echo " Tempo di Query: $\{QUERY_TIME\}ms"
echo ""
doneCross-Platform Considerations
Linux
# Installare dig (solitamente parte di bind-utils o dnsutils)
sudo apt install dnsutils # Ubuntu/Debian
sudo yum install bind-utils # RHEL/CentOS
sudo dnf install bind-utils # Fedora
# Strumenti alternativi
host google.com # Ricerca DNS semplice
nslookup google.com # Ricerca DNS interattivamacOS
# dig è pre-installato su macOS
dig google.com
# Installare tramite Homebrew per la versione più recente
brew install bind
# Strumenti alternativi
host google.com
nslookup google.comWindows
# dig non è incluso di default
# Scaricare da ISC BIND o usare alternative
# Alternative per Windows
nslookup google.com
Resolve-DnsName google.com # PowerShellBest Practices
Security Considerations
- Use trusted DNS servers for sensitive queries
- Be aware that DNS queries can be logged
- Consider using DNS over HTTPS (DoH) or DNS over TLS (DoT)
- Validate DNSSEC when security is critical
Performance Tips
- Use +short for scripting to reduce output parsing
- Set appropriate timeouts for your network
- Use local DNS caching when possible
- Consider the impact of DNS queries on rate limiting
Troubleshooting Methodology
- Start with basic queries to verify connectivity
- Use +trace to understand the resolution path
- Test multiple DNS servers to isolate issues
- Check both forward and reverse DNS
- Verify DNSSEC when applicable
Monitoring and Automation
- Log DNS query times for performance monitoring
- Set up alerts for DNS resolution failures
- Use batch queries for efficiency
- Implement proper error handling in scripts
Dig is an essential tool for DNS troubleshooting and investigation. Its flexibility and detailed output make it invaluable for network administrators, security professionals, and developers working with DNS-dependent applications.
Get all A records and ping them
dig +short google.com A|while read ip; do echo “Pinging $ip” ping -c 1 $ip done
Check if domain resolves to specific IP
if dig +short google.com|grep -q “172.217.”; then echo “Domain resolves to Google IP range” fi
Compare DNS responses
diff <(dig @8.8.8.8 +short google.com) <(dig @1.1.1.1 +short google.com)
### Esempi di Script
__CODE_BLOCK_22__
## Considerazioni Cross-Platform
### Linux
__CODE_BLOCK_23__
### macOS
__CODE_BLOCK_24__
### Windows
__CODE_BLOCK_25__
## Best Practice
### Considerazioni di Sicurezza
- Utilizzare server DNS attendibili per query sensibili
- Essere consapevoli che le query DNS possono essere registrate
- Considerare l'uso di DNS over HTTPS (DoH) o DNS over TLS (DoT)
- Validare DNSSEC quando la sicurezza è critica
### Suggerimenti per le Prestazioni
- Usare +short per lo scripting per ridurre l'analisi dell'output
- Impostare timeout appropriati per la propria rete
- Utilizzare la cache DNS locale quando possibile
- Considerare l'impatto delle query DNS sul rate limiting
### Metodologia di Risoluzione dei Problemi