Dig Tutorial

First and foremost, what the heck is Dig? Dig is an acronym for “domain internet groper”.  Dig is a useful tool for webmasters and system administrators, it can be used to query DNS servers and fix DNS related issues.  Dig is a part of the BIND DNS software.

There are many beneficial and useful ways to use dig.  Do you ever find yourself needing to make changes to DNS records, but aren’t sure how to verify your changes?

Check out the following breakdown of a dig query.

Type the following dig query into your Terminal and follow along!

dig www.no-ip.com

This query will call on the A record for the domain name www.no-ip.com.

So, lets dive into this a little deeper and explain what each part of the response means…

The first two lines tell us the version of dig that is being used, in my case, i am using version 9.4.3-P3, the command line parameters (www.no-ip.com) and the query options (printcmd). The printcmd options means that the command section (the name of these first two lines) is printed. You can disable this response by using the option +nocmd.

; <<>> DiG 9.4.3-P3 <<>> www.no-ip.com
;; global options: printcmd

Next, dig tells you the response that it collected from the DNS server. The answer received was (opcode: QUERY) and that the response contains 1 part in the answer section, 5 parts in the authority section and 6 parts in the additional section. Just before those responses you will see “flags”.  Flags state certain things about the DNS server and its response.

-qr (query response) simply means this is a response to a query
-rd (recursion desired) means that the incoming query requested recursive  support
-ra (recursion available) means that the responding server supports recursive queries

;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55423
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 5, ADDITIONAL: 6

The question section is next. This section just states what I queried, in this case, I queried the A record of www.no-ip.com and it is in the Internet class or IN.

;www.no-ip.com.                       IN                  A

The answer section follows; it adds the IP address of www.no-ip.com, and it also names all of the NS records that are authoritative for the domain.

www.no-ip.com.    60          IN                  A    
no-ip.com. 50531              IN                  NS             ns2.no-ip.com.
no-ip.com. 50531              IN                  NS             ns4.no-ip.com.
no-ip.com. 50531              IN                  NS             ns5.no-ip.com.
no-ip.com. 50531              IN                  NS             ns3.no-ip.com.
no-ip.com. 50531              IN                  NS             ns1.no-ip.com.

The additional section lists the IP addresses of all of the NS records, along with what type of record they are.

ns1.no-ip.com. 7702             IN                  A  
ns1.no-ip.com. 128              IN                  AAAA         2620:0:2e60::33
ns4.no-ip.com. 128              IN                  A  
ns2.no-ip.com. 79306            IN                  A  
ns5.no-ip.com. 79306            IN                  A  
ns3.no-ip.com. 19260            IN                  A  

The last section just gives stats about the query: how long it took, the IP address it was queried from and how large the message was.  You can disable this reply by using the +nostats option.

;; Query time: 48 msec
;; WHEN: Fri Apr  8 11:22:02 2011
;; MSG SIZE  rcvd: 245

Using dig can help you troubleshoot your DNS related issues.  How often do you use dig?

Part Two: What are NS Records and Why Are They Important to DNS

A NS record or (name server record) tells recursive nameserverswhich name servers areauthoritative fora zone.  Recursive nameservers look at the NS records to work out who to ask next when resolving a name.

You can have as many NS records as you would like in your zone file.   The benefit of having multiple NS records is redundancy of your DNS service.  It is important to note that in order to get the most redundancy out of your NS records, they should be hosted on different network segments.  If they are not hosted on different networks segments and the network goes down, your DNS goes down with it. Check out No-IP Plus if you are interested in redundancy and reliability for your domain.

NS records help to ensure that all of the domains on your server are available at all times. Multiple NS records ensure that your customers are able to reach your site each and every time without any problems, even if one or more of your name servers are unreachable. (Again only if they are hosted on different network segments.)

An example of this is if your business is located in an area that is hit by a natural disaster and your web servers at that location are down, your NS records will point to an additional name server that is hosted elsewhere (where mother nature has not wreaked havoc) and the customers are still able to reach your site and will never suspect anything is awry.

Another great example is if your website is attacked by a DDoS (Distributed Denial of Service) attack your entire website will not be down. Traffic will be routed to the other name server location that has the backup of the primary name server.

Please see the following example of the NS records for No-IP.com
no-ip.com. 73002 IN NS ns1.no-ip.com.
no-ip.com. 73002 IN NS ns2.no-ip.com.
no-ip.com. 73002 IN NS ns3.no-ip.com.
no-ip.com. 73002 IN NS ns4.no-ip.com.
no-ip.com. 73002 IN NS ns5.no-ip.com.
no-ip.com. 73002 IN NS ns1.no-ip.com.

Questions or Comments? Please leave them below.