Dig - DNS 조회 및 문제 해결
✅ 모든 dig 명령어가 클립보드에 복사되었습니다!
Dig(Domain Information Groper)는 DNS 조회 및 문제 해결을 위한 강력한 명령줄 도구입니다. nslookup보다 더 유연하고 자세한 출력을 제공하여 DNS 진단 및 조사에 선호되는 도구입니다.
기본 사용법
간단한 DNS 조회
레코드 유형 지정
DNS 서버 지정
다른 DNS 서버 사용
IPv6 DNS 서버
출력 제어 옵션
출력 포맷팅
상세 추적
고급 쿼리 옵션
쿼리 동작
DNSSEC 옵션
역방향 DNS 조회
PTR 레코드 쿼리
배치 쿼리
다중 도메인
스크립트 쿼리
특수 DNS 레코드
이메일 관련 레코드
서비스 검색 레코드
보안 레코드
DNS 문제 해결
일반적인 진단
오류 진단
네트워크 경로 분석
성능 테스트
쿼리 타이밍
부하 테스트```bash
Basic A record lookup
dig google.com dig example.com dig github.com
Lookup with specific DNS server
dig @8.8.8.8 google.com dig @1.1.1.1 google.com dig @208.67.222.222 google.com
Short output (just the answer)
dig +short google.com dig +short @8.8.8.8 google.com
### Specifying Record Types
```bash
# A record (IPv4 address)
dig google.com A
dig +short google.com A
# AAAA record (IPv6 address)
dig google.com AAAA
dig +short google.com AAAA
# MX record (mail exchange)
dig google.com MX
dig +short google.com MX
# NS record (name servers)
dig google.com NS
dig +short google.com NS
# TXT record (text records)
dig google.com TXT
dig +short google.com TXT
# CNAME record (canonical name)
dig www.google.com CNAME
dig +short www.google.com CNAME
# SOA record (start of authority)
dig google.com SOA
dig +short google.com SOA
# PTR record (reverse DNS)
dig google.com PTR
# ANY record (all available records)
dig google.com ANYDNS Server Specification
Using Different DNS Servers
# Google DNS
dig @8.8.8.8 google.com
dig @8.8.4.4 google.com
# Cloudflare DNS
dig @1.1.1.1 google.com
dig @1.0.0.1 google.com
# OpenDNS
dig @208.67.222.222 google.com
dig @208.67.220.220 google.com
# Quad9 DNS
dig @9.9.9.9 google.com
dig @149.112.112.112 google.com
# Local DNS server
dig @192.168.1.1 google.com
# Multiple servers (dig will try each)
dig @8.8.8.8 @1.1.1.1 google.comIPv6 DNS Servers
# Google IPv6 DNS
dig @2001:4860:4860::8888 google.com
dig @2001:4860:4860::8844 google.com
# Cloudflare IPv6 DNS
dig @2606:4700:4700::1111 google.com
dig @2606:4700:4700::1001 google.com
# OpenDNS IPv6
dig @2620:119:35::35 google.com
dig @2620:119:53::53 google.comOutput Control Options
Formatting Output
# Short output (answer only)
dig +short google.com
# Show only answer section
dig +noall +answer google.com
# Show only authority section
dig +noall +authority google.com
# Show only additional section
dig +noall +additional google.com
# Show question and answer
dig +noall +question +answer google.com
# Multiline output
dig +multiline google.com
# No comments
dig +nocomments google.com
# No statistics
dig +nostats google.com
# No question section
dig +noquestion google.com
# No answer section
dig +noanswer google.com
# No authority section
dig +noauthority google.com
# No additional section
dig +noadditional google.comDetailed Tracing
# Trace the full DNS resolution path
dig +trace google.com
# Trace with short output
dig +trace +short google.com
# Trace specific record type
dig +trace google.com MX
# Show all name servers for domain
dig +nssearch google.com
# Show all name servers with details
dig +nssearch +noall +answer google.comAdvanced Query Options
Query Behavior
# Disable recursion
dig +norecurse google.com
# Use TCP instead of UDP
dig +tcp google.com
dig +vc google.com
# Force UDP (default)
dig +notcp google.com
# Set query timeout
dig +time=5 google.com
dig +time=10 google.com
# Set number of tries
dig +tries=3 google.com
# Set number of retries
dig +retry=2 google.com
# Set UDP buffer size
dig +bufsize=512 google.com
dig +bufsize=4096 google.com
# Enable EDNS
dig +edns=0 google.com
# Ignore truncation
dig +ignore google.com
# Fail on truncation
dig +fail google.comDNSSEC Options
# Request DNSSEC records
dig +dnssec google.com
# Check DNSSEC validation
dig +cd google.com
# Request authentic data
dig +ad google.com
# Show DNSSEC chain
dig +trace +dnssec google.com
# Validate DNSSEC signatures
dig +sigchase google.com
# Show DNSKEY records
dig google.com DNSKEY
# Show DS records
dig google.com DS
# Show RRSIG records
dig google.com RRSIGReverse DNS Lookups
PTR Record Queries
# Reverse lookup using -x flag
dig -x 8.8.8.8
dig -x 1.1.1.1
dig -x 192.168.1.1
# Manual PTR lookup
dig 8.8.8.8.in-addr.arpa PTR
dig 1.1.1.1.in-addr.arpa PTR
# IPv6 reverse lookup
dig -x 2001:4860:4860::8888
# Short reverse lookup
dig +short -x 8.8.8.8
# Reverse lookup with specific server
dig @8.8.8.8 -x 1.1.1.1Batch Queries
Multiple Domains
# Query multiple domains
dig google.com yahoo.com microsoft.com
# Query from file
echo -e "google.com\nyahoo.com\nmicrosoft.com" > domains.txt
dig -f domains.txt
# Query different record types for same domain
dig google.com A MX NS TXT
# Batch with specific server
dig @8.8.8.8 -f domains.txtScripted Queries
# Loop through domains
for domain in google.com yahoo.com microsoft.com; do
echo "=== $domain ==="
dig +short $domain
done
# Check multiple record types
for type in A AAAA MX NS TXT; do
echo "=== $type records for google.com ==="
dig +short google.com $type
doneSpecialized DNS Records
Email-Related Records
# MX records (mail exchange)
dig google.com MX
dig +short google.com MX
# SPF records (in TXT)
dig google.com TXT|grep "v=spf1"
dig _spf.google.com TXT
# DMARC records
dig _dmarc.google.com TXT
# DKIM records
dig selector1._domainkey.google.com TXT
# Mail server A records
dig gmail-smtp-in.l.google.com AService Discovery Records
# SRV records (service records)
dig _sip._tcp.example.com SRV
dig _xmpp-server._tcp.example.com SRV
dig _minecraft._tcp.example.com SRV
# CAA records (certificate authority authorization)
dig google.com CAA
# NAPTR records (naming authority pointer)
dig example.com NAPTR
# LOC records (location)
dig example.com LOCSecurity Records
# TLSA records (DNS-based authentication)
dig _443._tcp.example.com TLSA
dig _25._tcp.mail.example.com TLSA
# SSHFP records (SSH fingerprints)
dig example.com SSHFP
# CERT records (certificates)
dig example.com CERTTroubleshooting DNS Issues
Common Diagnostics
# Check if domain exists
dig +short google.com
# Check authoritative name servers
dig +short google.com NS
# Query authoritative server directly
dig @ns1.google.com google.com
# Check SOA record for domain info
dig google.com SOA
# Trace full resolution path
dig +trace google.com
# Check for DNS propagation
dig @8.8.8.8 example.com
dig @1.1.1.1 example.com
dig @208.67.222.222 example.comError Diagnosis
# Check for NXDOMAIN (domain doesn't exist)
dig nonexistent.google.com
# Check for SERVFAIL
dig +trace problematic.domain.com
# Check for timeout issues
dig +time=1 +tries=1 slow.server.com
# Check for truncation
dig +bufsize=512 large.response.com
# Verify DNSSEC
dig +dnssec +cd google.comNetwork Path Analysis
# Test different DNS servers
for server in 8.8.8.8 1.1.1.1 208.67.222.222; do
echo "Testing $server:"
dig @$server +time=3 google.com|grep "Query time"
done
# Check local vs remote DNS
dig @127.0.0.1 google.com
dig @8.8.8.8 google.com
# Test UDP vs TCP
dig +notcp google.com
dig +tcp google.comPerformance Testing
Query Timing
# Show query time
dig google.com|grep "Query time"
# Multiple queries for average
for i in \\\\{1..5\\\\}; do
dig google.com|grep "Query time"
done
# Time multiple servers
for server in 8.8.8.8 1.1.1.1 208.67.222.222; do
echo "Server: $server"
dig @$server google.com|grep "Query time"
doneLoad Testing
# Rapid queries (be careful with rate limiting)
for i in \\\\{1..10\\\\}; do
dig +short google.com &
done
wait
# Measure DNS cache performance
dig google.com # First query (cache miss)
dig google.com # Second query (cache hit)
```## 구성 및 사용자 정의
```bash
# Create ~/.digrc for default options
echo "+short" > ~/.digrc
echo "+time=5" >> ~/.digrc
echo "+tries=2" >> ~/.digrc
# Override config file
dig +noconfig google.com
```### 환경 변수
```bash
# Set default options
export DIG_OPTIONS="+short +time=5"
dig google.com
# Set default server
export DIG_SERVER="8.8.8.8"
dig google.com
```## 다른 도구와의 통합
### 다른 명령어와 결합
```bash
# Extract IP addresses
dig +short google.com|grep -E '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+
### Scripting Examples
```bash
#!/bin/bash
# DNS 상태 확인 스크립트
DOMAIN="example.com"
SERVERS=("8.8.8.8" "1.1.1.1" "208.67.222.222")
echo "DNS 상태 확인 for $DOMAIN"
echo "================================"
for server in "$\{SERVERS[@]\}"; do
echo "서버 테스트: $server"
# A 레코드 테스트
A_RECORD=$(dig @$server +short $DOMAIN A)
if [ -n "$A_RECORD" ]; then
echo " A 레코드: $A_RECORD"
else
echo " A 레코드: 실패"
fi
# 쿼리 시간 테스트
QUERY_TIME=$(dig @$server $DOMAIN|grep "Query time"|awk '\{print $4\}')
echo " 쿼리 시간: $\{QUERY_TIME\}ms"
echo ""
doneCross-Platform Considerations
Linux
# dig 설치 (보통 bind-utils 또는 dnsutils의 일부)
sudo apt install dnsutils # Ubuntu/Debian
sudo yum install bind-utils # RHEL/CentOS
sudo dnf install bind-utils # Fedora
# 대체 도구
host google.com # 간단한 DNS 조회
nslookup google.com # 대화형 DNS 조회macOS
# dig은 macOS에 사전 설치됨
dig google.com
# 최신 버전은 Homebrew로 설치
brew install bind
# 대체 도구
host google.com
nslookup google.comWindows
# dig은 기본적으로 포함되지 않음
# ISC BIND에서 다운로드하거나 대체 도구 사용
# Windows 대체 도구
nslookup google.com
Resolve-DnsName google.com # PowerShellBest Practices
Security Considerations
- Use trusted DNS servers for sensitive queries
- Be aware that DNS queries can be logged
- Consider using DNS over HTTPS (DoH) or DNS over TLS (DoT)
- Validate DNSSEC when security is critical
Performance Tips
- Use +short for scripting to reduce output parsing
- Set appropriate timeouts for your network
- Use local DNS caching when possible
- Consider the impact of DNS queries on rate limiting
Troubleshooting Methodology
- Start with basic queries to verify connectivity
- Use +trace to understand the resolution path
- Test multiple DNS servers to isolate issues
- Check both forward and reverse DNS
- Verify DNSSEC when applicable
Monitoring and Automation
- Log DNS query times for performance monitoring
- Set up alerts for DNS resolution failures
- Use batch queries for efficiency
- Implement proper error handling in scripts
Dig is an essential tool for DNS troubleshooting and investigation. Its flexibility and detailed output make it invaluable for network administrators, security professionals, and developers working with DNS-dependent applications.
Get all A records and ping them
dig +short google.com A|while read ip; do echo “Pinging $ip” ping -c 1 $ip done
Check if domain resolves to specific IP
if dig +short google.com|grep -q “172.217.”; then echo “Domain resolves to Google IP range” fi
Compare DNS responses
diff <(dig @8.8.8.8 +short google.com) <(dig @1.1.1.1 +short google.com)
### 스크립팅 예시
__CODE_BLOCK_22__
## 크로스 플랫폼 고려사항
### Linux
__CODE_BLOCK_23__
### macOS
__CODE_BLOCK_24__
### Windows
__CODE_BLOCK_25__
## 모범 사례
### 보안 고려사항
- 민감한 쿼리에는 신뢰할 수 있는 DNS 서버 사용
- DNS 쿼리가 로깅될 수 있음을 인지
- DNS over HTTPS (DoH) 또는 DNS over TLS (DoT) 고려
- 보안이 중요한 경우 DNSSEC 검증
### 성능 팁
- 스크립팅 시 +short 사용하여 출력 파싱 감소
- 네트워크에 적절한 타임아웃 설정
- 가능한 경우 로컬 DNS 캐싱 사용
- 속도 제한에 대한 DNS 쿼리의 영향 고려
### 문제 해결 방법론