dig命令
1 . 最常用的查询命令
说明
命令:dig 您的域名(示例:dig example.com)
$ dig example.com
; <<>> DiG 9.11.36-RedHat-9.11.36-16.0.1.al8 <<>> example.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7585
;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;example.com. IN A
;; ANSWER SECTION:
example.com. 10 IN A 96.7.128.175
example.com. 10 IN A 96.7.128.198
example.com. 10 IN A 23.192.228.84
example.com. 10 IN A 23.215.0.136
example.com. 10 IN A 23.192.228.80
example.com. 10 IN A 23.215.0.138
;; Query time: 0 msec
;; WHEN: Tue Feb 18 13:31:55 CST 2025
;; MSG SIZE rcvd: 125
2 . 根据记录类型进行查询,比如MX,CNAME,NS,PTR等,只需将类型加在命令后面即可。
说明
命令:dig 您的域名 记录类型(示例:dig example.com NS)
$ dig example.com NS
; <<>> DiG 9.11.36-RedHat-9.11.36-16.0.1.al8 <<>> example.com NS
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29146
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;example.com. IN NS
;; ANSWER SECTION:
example.com. 10 IN NS b.iana-servers.net.
example.com. 10 IN NS a.iana-servers.net.
;; Query time: 0 msec
;; WHEN: Tue Feb 18 15:03:03 CST 2025
;; MSG SIZE rcvd: 93
解析未生效、或者未设置解析记录场景的示例(示例:dig example.com CNAME)。
$ dig example.com cname
; <<>> DiG 9.11.36-RedHat-9.11.36-16.0.1.al8 <<>> example.com cname
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39890
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;example.com. IN CNAME
;; AUTHORITY SECTION:
example.com. 5 IN SOA ns.icann.org. noc.dns.icann.org. 2025011545 7200 3600 1209600 3600
;; Query time: 143 msec
;; WHEN: Tue Feb 18 13:50:18 CST 2025
;; MSG SIZE rcvd: 94
3 . 指定域名DNS服务器测试解析是否生效的命令,以下以指定云解析DNS服务器和公共DNS服务器作为查询解析是否生效的示例演示。
说明
云解析DNS服务器命令:dig 您的域名 @ns1.alidns.com (示例:dig example.com @ns1.alidns.com )
公共DNS服务器命令:dig 您的域名 @223.5.5.5(示例:dig example.com @223.5.5.5 )
$ dig example.com @ns1.alidns.com
; <<>> DiG 9.11.36-RedHat-9.11.36-16.0.1.al8 <<>> example.com @ns1.alidns.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32895
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;example.com. IN A
;; AUTHORITY SECTION:
example.com. 600 IN SOA ns1.alidns.com. hostmaster.hichina.com. 2025021713 3600 1200 86400 600
;; Query time: 5 msec
;; WHEN: Tue Feb 18 15:22:09 CST 2025
;; MSG SIZE rcvd: 112
$ dig example.com @223.5.5.5
; <<>> DiG 9.11.36-RedHat-9.11.36-16.0.1.al8 <<>> example.com @223.5.5.5
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42292
;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1408
;; QUESTION SECTION:
;example.com. IN A
;; ANSWER SECTION:
example.com. 67 IN A 96.7.128.175
example.com. 67 IN A 96.7.128.198
example.com. 67 IN A 23.215.0.136
example.com. 67 IN A 23.215.0.138
example.com. 67 IN A 23.192.228.84
example.com. 67 IN A 23.192.228.80
;; Query time: 1 msec
;; SERVER: 223.5.5.5#53(223.5.5.5)
;; WHEN: Tue Feb 18 15:16:32 CST 2025
;; MSG SIZE rcvd: 136
4 . 使用dig +trace参数,使用这个参数之后将显示从根域逐级查询的过程,trace查询可以看到根域、 顶级域、以及一级域名的权威服务器的地址,及其各自的返回结果,这样对于追踪DNS解析中的问题有很大的帮助。
说明
命令:dig <您的域名> +trace(示例:dig example.com +trace)
$ dig example.com +trace
; <<>> DiG 9.11.36-RedHat-9.11.36-16.0.1.al8 <<>> example.com +trace
;; global options: +cmd
. 515049 IN NS j.root-servers.net.
. 515049 IN NS k.root-servers.net.
. 515049 IN NS a.root-servers.net.
. 515049 IN NS b.root-servers.net.
. 515049 IN NS c.root-servers.net.
. 515049 IN NS d.root-servers.net.
. 515049 IN NS e.root-servers.net.
. 515049 IN NS f.root-servers.net.
. 515049 IN NS g.root-servers.net.
. 515049 IN NS h.root-servers.net.
. 515049 IN NS i.root-servers.net.
. 515049 IN NS l.root-servers.net.
. 515049 IN NS m.root-servers.net.
;; Received 819 bytes from 100.100.2.136#53(100.100.2.136) in 1 ms
com. 172800 IN NS e.gtld-servers.net.
com. 172800 IN NS b.gtld-servers.net.
com. 172800 IN NS j.gtld-servers.net.
com. 172800 IN NS m.gtld-servers.net.
com. 172800 IN NS i.gtld-servers.net.
com. 172800 IN NS f.gtld-servers.net.
com. 172800 IN NS a.gtld-servers.net.
com. 172800 IN NS g.gtld-servers.net.
com. 172800 IN NS h.gtld-servers.net.
com. 172800 IN NS c.gtld-servers.net.
com. 172800 IN NS d.gtld-servers.net.
com. 172800 IN NS l.gtld-servers.net.
com. 172800 IN NS k.gtld-servers.net.
;; Received 839 bytes from 198.41.0.4#53(a.root-servers.net) in 2 ms
example.com. 172800 IN NS a.iana-servers.net.
example.com. 172800 IN NS b.iana-servers.net.
;; Received 326 bytes from 192.26.92.30#53(c.gtld-servers.net) in 2 ms
example.com. 86400 IN A 96.7.128.175
example.com. 86400 IN A 96.7.128.198
example.com. 86400 IN A 23.192.228.84
example.com. 86400 IN A 23.215.0.136
example.com. 86400 IN A 23.192.228.80
example.com. 86400 IN A 23.215.0.138
;; Received 134 bytes from 199.43.135.53#53(a.iana-servers.net) in 143 ms
5 . 获取 DNS 出口 IP,通过查询特殊域名返回客户端出口 IP(即本地 DNS 服务器对外的公网 IP),确认 NAT 或代理后的真实请求源地址(影响 CDN 调度)。
说明
命令:dig +short TXT whoami.ds.akahelp.net
$ dig +short TXT whoami.ds.akahelp.net
"ns"
"47.xxx.xxx.14"
6 . 查询域名使用的域名DNS服务器。
说明
命令:dig ns 您的域名(这里输入主域名即可)
$ dig ns example.com
; <<>> DiG 9.11.36-RedHat-9.11.36-16.0.1.al8 <<>> ns example.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58283
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;example.com. IN NS
;; ANSWER SECTION:
example.com. 10 IN NS a.iana-servers.net.
example.com. 10 IN NS b.iana-servers.net.
;; Query time: 5 msec
;; SERVER:
;; WHEN: Tue Feb 18 16:09:33 CST 2025
;; MSG SIZE rcvd: 93
7 . 可通过指定客户机IP,查询权威DNS返回的解析地址,来判断智能解析调度的精准度。
说明
命令:dig @权威DNS服务器 域名 +subnet=指定客户机IP(示例:dig @ns1.alidns.com example.com +subnet=10.10.10.10)
$ dig @ns1.alidns.com example.com +subnet=10.10.10.10
; <<>> DiG 9.11.36-RedHat-9.11.36-16.0.1.al8 <<>> @ns1.alidns.com example.com +subnet=10.10.10.10
; (9 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60880
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; CLIENT-SUBNET: 10.10.10.10/32/24
;; QUESTION SECTION:
;example.com. IN A
;; AUTHORITY SECTION:
example.com. 600 IN SOA ns1.alidns.com. hostmaster.hichina.com. 2024120417 3600 1200 86400 600
;; Query time: 0 msec
;; SERVER:
;; WHEN: Tue Feb 18 16:19:41 CST 2025
;; MSG SIZE rcvd: 124
