Domain Seizures Act II: Minimizing Collateral Harm
Book Review: Internet Down, A Modern American Western

Domain Internet Groper: Using dig to access DNS zone data

One of the hands-on activities  I use when explaining how the DNS works shows how to access DNS zone data using the command line tools dig on Mac, BSD, or Linux operating systems. dig is a convenient way to illustrate how applications like the browser or mail client on your device queries the DNS for IP addresses associated with names. dig does essentially what a  "stub" resolver on your device does: basically, it accepts a domain name and submits a query to a name server that performs what is called recursion to obtain the data you are requesting from the DNS.

The following short movies show how a basic query for name to address resolution works:

dig: the Movie (103K)

Here's how you can query for the name servers that host the authoritative zone file of a domain name:

dig for name servers: the Sequel (129K)

and how you can identify the mail servers of a domain:

dig for mail servers: straining the limits of Sequels (153 K)


Now that you've seen some of the basic operations, here's some homework: try some of these variantsof dig to get a feel for how you can get IPv6 addresses and other information about a name. If you are curious how many more query options exist, check out the Linux man page posted here.

[Note: you may be tempted to check YouTube for video with audio. There are a few, and they fall into several categories including NSFW and "thickly accented, nearly incomprensible English". Bottom line: you don't need the audio.]


Feed You can follow this conversation by subscribing to the comment feed for this post.

The comments to this entry are closed.