digの意味
dig (domain information groper)
バージョン確認
% dig -v
DiG 9.8.3-P1
問合せ先のDNSサーバを指定
例) googleのキャッシュDNSサーバ(8.8.8.8)指定
% dig @8.8.8.8 google.com
レコードを指定
デフォルトはAレコード検索。
例) NSレコード指定
% dig google.com ns
; <<>> DiG 9.8.3-P1 <<>> google.com ns
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59704
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 4
;; QUESTION SECTION:
;google.com. IN NS
;; ANSWER SECTION:
google.com. 2863 IN NS ns1.google.com.
google.com. 2863 IN NS ns4.google.com.
google.com. 2863 IN NS ns3.google.com.
google.com. 2863 IN NS ns2.google.com.
;; ADDITIONAL SECTION:
ns3.google.com. 2915 IN A 216.239.36.10
ns4.google.com. 2878 IN A 216.239.38.10
ns2.google.com. 2893 IN A 216.239.34.10
ns1.google.com. 2917 IN A 216.239.32.10
;; Query time: 48 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Tue May 23 19:33:34 2017
;; MSG SIZE rcvd: 164
簡易表示
% dig google.com +short
172.217.24.142
% dig google.com +short ns
ns1.google.com.
ns2.google.com.
ns4.google.com.
ns3.google.com.
解決したDNSサーバを確認したい場合は+identifyオプションを追加。
% dig google.com +short +identify
216.58.200.206 from server 192.168.1.1 in 9 ms.
問合せ内容の詳細表示
Sending:以降に問合せ内容の詳細が表示される。(5-11行目)
フラグも確認可能。
以下の例では再帰問合せを意味するRD(recursion desired)フラグが表示されている。
% dig google.com +qr
; <<>> DiG 9.8.3-P1 <<>> google.com +qr
;; global options: +cmd
;; Sending:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7100
;; flags: rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;google.com. IN A
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7100
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 4
;; QUESTION SECTION:
;google.com. IN A
;; ANSWER SECTION:
google.com. 207 IN A 216.58.220.238
;; AUTHORITY SECTION:
google.com. 356 IN NS ns4.google.com.
google.com. 356 IN NS ns3.google.com.
google.com. 356 IN NS ns2.google.com.
google.com. 356 IN NS ns1.google.com.
;; ADDITIONAL SECTION:
ns2.google.com. 387 IN A 216.239.34.10
ns1.google.com. 365 IN A 216.239.32.10
ns3.google.com. 403 IN A 216.239.36.10
ns4.google.com. 482 IN A 216.239.38.10
;; Query time: 11 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Tue May 23 19:05:21 2017
;; MSG SIZE rcvd: 180
再帰問合せと非再帰問合せ
DNSの問合せは以下のように一般的にキャッシュDNSを経由して行われる。
Client <-①-> キャッシュDNS <-②-> DNS群
この際問合せは以下のように分類される。
①再帰問合せ/非再帰問合せ
②反復問合せ
非再帰問合せとは②を行わせない問合せを指す。
+norecurseオプションを指定することで非再帰問合せを行う。
+nssearch/+traceオプションを設定した場合は無効になる。
% dig google.com +norecurse
デフォルトは再帰問合せ
% dig google.com [+recurse]
反復問合せ
反復問合せの様子をトレース表示させる。
% dig google.com +trace
; <<>> DiG 9.8.3-P1 <<>> google.com +trace
;; global options: +cmd
. 1164 IN NS j.root-servers.net.
. 1164 IN NS b.root-servers.net.
. 1164 IN NS c.root-servers.net.
. 1164 IN NS g.root-servers.net.
. 1164 IN NS e.root-servers.net.
. 1164 IN NS f.root-servers.net.
. 1164 IN NS a.root-servers.net.
. 1164 IN NS k.root-servers.net.
. 1164 IN NS l.root-servers.net.
. 1164 IN NS d.root-servers.net.
. 1164 IN NS h.root-servers.net.
. 1164 IN NS i.root-servers.net.
. 1164 IN NS m.root-servers.net.
;; Received 436 bytes from 192.168.1.1#53(192.168.1.1) in 3828 ms
com. 172800 IN NS i.gtld-servers.net.
com. 172800 IN NS e.gtld-servers.net.
com. 172800 IN NS k.gtld-servers.net.
com. 172800 IN NS g.gtld-servers.net.
com. 172800 IN NS f.gtld-servers.net.
com. 172800 IN NS b.gtld-servers.net.
com. 172800 IN NS h.gtld-servers.net.
com. 172800 IN NS j.gtld-servers.net.
com. 172800 IN NS m.gtld-servers.net.
com. 172800 IN NS d.gtld-servers.net.
com. 172800 IN NS a.gtld-servers.net.
com. 172800 IN NS c.gtld-servers.net.
com. 172800 IN NS l.gtld-servers.net.
;; Received 500 bytes from 192.36.148.17#53(192.36.148.17) in 4230 ms
google.com. 172800 IN NS ns2.google.com.
google.com. 172800 IN NS ns1.google.com.
google.com. 172800 IN NS ns3.google.com.
google.com. 172800 IN NS ns4.google.com.
;; Received 164 bytes from 192.26.92.30#53(192.26.92.30) in 126 ms
google.com. 300 IN A 172.217.25.78
google.com. 300 IN A 172.217.25.78
google.com. 300 IN A 172.217.25.78
;; Received 76 bytes from 216.239.32.10#53(216.239.32.10) in 71 ms
権威サーバのSOAレコードを表示
一覧表示
% dig google.com +nssearch
SOA ns3.google.com. dns-admin.google.com. 156825000 900 900 1800 60 from server 216.239.36.10 in 39 ms.
SOA ns2.google.com. dns-admin.google.com. 156825000 900 900 1800 60 from server 216.239.34.10 in 39 ms.
SOA ns4.google.com. dns-admin.google.com. 156837621 900 900 1800 60 from server 216.239.32.10 in 70 ms.
SOA ns2.google.com. dns-admin.google.com. 156825000 900 900 1800 60 from server 216.239.38.10 in 97 ms.
見やすい形式で表示
+noallで全ての表示オプションを無効にした上で、+answerでANSWER SECTIONのみを表示。
それに加えて+multilineにて複数行表示に切り替え。
% dig google.com soa +noall +answer +multiline
; <<>> DiG 9.8.3-P1 <<>> google.com soa +noall +answer +multiline
;; global options: +cmd
google.com. 60 IN SOA ns1.google.com. dns-admin.google.com. (
156825000 ; serial
900 ; refresh (15 minutes)
900 ; retry (15 minutes)
1800 ; expire (30 minutes)
60 ; minimum (1 minute)
)
逆引き
例) ns1.google.com.のIPアドレスからドメインを逆引き
% dig -x 216.239.32.10
; <<>> DiG 9.8.3-P1 <<>> -x 216.239.32.10
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43280
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 4
;; QUESTION SECTION:
;10.32.239.216.in-addr.arpa. IN PTR
;; ANSWER SECTION:
10.32.239.216.in-addr.arpa. 3600 IN PTR ns1.google.com.
;; AUTHORITY SECTION:
32.239.216.in-addr.arpa. 3600 IN NS ns4.google.com.
32.239.216.in-addr.arpa. 3600 IN NS ns1.google.com.
32.239.216.in-addr.arpa. 3600 IN NS ns2.google.com.
32.239.216.in-addr.arpa. 3600 IN NS ns3.google.com.
;; ADDITIONAL SECTION:
ns4.google.com. 3299 IN A 216.239.38.10
ns2.google.com. 3314 IN A 216.239.34.10
ns3.google.com. 3472 IN A 216.239.36.10
ns1.google.com. 3290 IN A 216.239.32.10
;; Query time: 53 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Tue May 23 20:08:13 2017
;; MSG SIZE rcvd: 204
参考
Usage
% dig -h
Usage: dig [@global-server] [domain] [q-type] [q-class] {q-opt}
{global-d-opt} host [@local-server] {local-d-opt}
[ host [@local-server] {local-d-opt} [...]]
Where: domain is in the Domain Name System
q-class is one of (in,hs,ch,...) [default: in]
q-type is one of (a,any,mx,ns,soa,hinfo,axfr,txt,...) [default:a]
(Use ixfr=version for type ixfr)
q-opt is one of:
-x dot-notation (shortcut for reverse lookups)
-i (use IP6.INT for IPv6 reverse lookups)
-f filename (batch mode)
-b address[#port] (bind to source address/port)
-p port (specify port number)
-q name (specify query name)
-t type (specify query type)
-c class (specify query class)
-k keyfile (specify tsig key file)
-y [hmac:]name:key (specify named base64 tsig key)
-4 (use IPv4 query transport only)
-6 (use IPv6 query transport only)
-m (enable memory usage debugging)
d-opt is of the form +keyword[=value], where keyword is:
+[no]vc (TCP mode)
+[no]tcp (TCP mode, alternate syntax)
+time=### (Set query timeout) [5]
+tries=### (Set number of UDP attempts) [3]
+retry=### (Set number of UDP retries) [2]
+domain=### (Set default domainname)
+bufsize=### (Set EDNS0 Max UDP packet size)
+ndots=### (Set NDOTS value)
+edns=### (Set EDNS version)
+[no]search (Set whether to use searchlist)
+[no]showsearch (Search with intermediate results)
+[no]defname (Ditto)
+[no]recurse (Recursive mode)
+[no]ignore (Don't revert to TCP for TC responses.)
+[no]fail (Don't try next server on SERVFAIL)
+[no]besteffort (Try to parse even illegal messages)
+[no]aaonly (Set AA flag in query (+[no]aaflag))
+[no]adflag (Set AD flag in query)
+[no]cdflag (Set CD flag in query)
+[no]cl (Control display of class in records)
+[no]cmd (Control display of command line)
+[no]comments (Control display of comment lines)
+[no]question (Control display of question)
+[no]answer (Control display of answer)
+[no]authority (Control display of authority)
+[no]additional (Control display of additional)
+[no]stats (Control display of statistics)
+[no]short (Disable everything except short
form of answer)
+[no]ttlid (Control display of ttls in records)
+[no]all (Set or clear all display flags)
+[no]qr (Print question before sending)
+[no]nssearch (Search all authoritative nameservers)
+[no]identify (ID responders in short answers)
+[no]trace (Trace delegation down from root)
+[no]dnssec (Request DNSSEC records)
+[no]nsid (Request Name Server ID)
+[no]multiline (Print records in an expanded format)
+[no]onesoa (AXFR prints only one soa record)
global d-opts and servers (before host name) affect all queries.
local d-opts and servers (after host name) affect only that lookup.
-h (print help and exit)
-v (print version and exit)
出力の見方
- QUESTION SECTION: 問合せ内容
- ANSWER SECTION: 問い合わせたレコードの結果
- AUTHORITY SECTION: 応答した権威サーバを含む権威サーバ群(権威サーバのNSレコード)
- ADDITIONAL SECTION: 権威サーバのAレコード(権威サーバのSOAレコードに登録されるグルーレコード)
- SERVER: 問い合わせたDNSサーバ
% dig google.com
; <<>> DiG 9.8.3-P1 <<>> google.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13411
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 4
;; QUESTION SECTION:
;google.com. IN A
;; ANSWER SECTION:
google.com. 20 IN A 216.58.200.206
;; AUTHORITY SECTION:
google.com. 146 IN NS ns1.google.com.
google.com. 146 IN NS ns3.google.com.
google.com. 146 IN NS ns4.google.com.
google.com. 146 IN NS ns2.google.com.
;; ADDITIONAL SECTION:
ns2.google.com. 160 IN A 216.239.34.10
ns4.google.com. 149 IN A 216.239.38.10
ns1.google.com. 160 IN A 216.239.32.10
ns3.google.com. 160 IN A 216.239.36.10
;; Query time: 11 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Tue May 23 19:38:53 2017
;; MSG SIZE rcvd: 180
参照
http://www.atmarkit.co.jp/fnetwork/dnstips/015.html
http://www.atmarkit.co.jp/ait/articles/1409/25/news001.html
http://www.atmarkit.co.jp/ait/articles/1510/28/news013.html