| Both sides previous revisionPrevious revisionNext revision | Previous revision |
| dns:dig [2025/01/26 19:48] – [What Is My IP] bstafford | dns:dig [2026/01/30 16:02] (current) – bstafford |
|---|
| ====== DIG ====== | ====== DIG ====== |
| ===== Quick Dig ===== | ===== Quick Dig ===== |
| <code>dig +noall +answer +ttlunits @1.1.1.1 A www.example.com</code> | <code>dig +short TXT o-o.myaddr.l.google.com @ns1.google.com</code> |
| <code>dig +noall +answer +ttlunits A www.example.com @1.1.1.1</code> | <code>dig +noall +answer +ttlunits A www.example.com @1.1.1.1</code> |
| ===== Flags ===== | ===== Flags ===== |
| # Remove Lines containing "rpz.infoblox.local" (RPZ name) | # Remove Lines containing "rpz.infoblox.local" (RPZ name) |
| # Remove Lines containing "2000512" (tenant ID - only use with Infoblox RPZ feeds) | # Remove Lines containing "2000512" (tenant ID - only use with Infoblox RPZ feeds) |
| dig +noidnout axfr @$B1TD_SERVER $RPZ_FEED -y $KEY | awk -F ".$RPZ_FEED" '{print $1}' | sed '/^[[:space:]]*$/d' | sed '/^ *;/d' | grep -v rpz.infoblox.local | grep -v 2000512 > $OUTPUT_FILE</code> | dig +noidnout axfr @$B1TD_SERVER $RPZ_FEED -y $KEY | awk -F ".$RPZ_FEED" '{print $1}' | sed '/^[[:space:]]*$/d' | sed '/^ *;/d' | grep -v rpz.infoblox.local | awk -F ".rpz-ip" '{print $1}' | grep -v 2000512 > $OUTPUT_FILE</code> |
| |
| | # The following version deletes lines starting with the character '*'. This is useful when you just want a list of domains rather than the actual list of domains (which includes the wildcard). |
| | <code>dig +noidnout axfr @$B1TD_SERVER $RPZ_FEED -y $KEY | awk -F ".$RPZ_FEED" '{print $1}' | sed '/^[[:space:]]*$/d' | sed '/^ *;/d' | sed '/^\*.*$/d' | grep -v rpz.infoblox.local| grep -v 2000512 > $OUTPUT_FILE</code> |
| The reason we include ''+noidnout'' is because we once got this error from suspicious feeds | The reason we include ''+noidnout'' is because we once got this error from suspicious feeds |
| <code>dig: 'xn--6g8haa.cf.domain.' is not a legal IDNA2008 name (string contains a disallowed character), use +noidnout</code> | <code>dig: 'xn--6g8haa.cf.domain.' is not a legal IDNA2008 name (string contains a disallowed character), use +noidnout</code> |
| If the RPZ feed is IP based, you can convert the format into IP format with the following. Strip it down to the reverse IP and then use AWK to invert the numbers. | If the RPZ feed is IP based, you can convert the format into IP format with the following. Strip it down to the reverse IP and then use AWK to invert the numbers. |
| <code>awk -F ".rpz-ip" '{print $1}' | awk -F "." '{print $5 "." $4 "." $3 "." $2 "/" $1}'</code> | <code>awk -F ".rpz-ip" '{print $1}' | awk -F "." '{print $5 "." $4 "." $3 "." $2 "/" $1}'</code> |
| | |
| | A fuller version of the IP conversation is |
| | <code>dig +noidnout axfr @$B1TD_SERVER $RPZ_FEED -y $KEY | awk -F ".$RPZ_FEED" '{print $1}' | sed '/^[[:space:]]*$/d' | sed '/^ *;/d' | grep -v rpz.infoblox.local | grep -v 3000462 | awk -F ".rpz-ip" '{print $1}' | awk -F "." '{print $5 "." $4 "." $3 "." $2 "/" $1}'> $OUTPUT_FILE</code> |
| ===== DIG ===== | ===== DIG ===== |
| <code>C:\Users\bstafford>dig +multiline SOA oxford.ac.uk | <code>C:\Users\bstafford>dig +multiline SOA oxford.ac.uk |
| ===== What Is My IP ===== | ===== What Is My IP ===== |
| What is my IP from the CLI with DNS | What is my IP from the CLI with DNS |
| | |
| | If you want to find your DNS resolver's exgress IP, remove the ''@x.x.x.x'' bit of the commands below. |
| |
| **CloudFlare** | **CloudFlare** |
| <code>dig +short txt ch whoami.cloudflare @1.0.0.1</code> | <code>dig @1.0.0.1 +short TXT ch whoami.cloudflare</code> |
| **Google** | Strip of the double quotes with awk on Linux |
| <code> dig TXT +short o-o.myaddr.l.google.com @ns1.google.com</code> | <code>dig @1.0.0.1 +short txt ch whoami.cloudflare | awk -F'"' '{ print $2}'</code> |
| |
| <code>dig TXT +short o-o.myaddr.l.google.com @ns1.google.com | awk -F'"' '{ print $2}'</code> | **DNS Crypt** |
| | <code>dig @37.59.238.214 +short TXT resolver.dnscrypt.info</code> |
| | <code>dig @37.59.238.214 +short TXT resolver.dnscrypt.info | grep Resolver | awk -F'"' '{ print $2}' | awk -F' ' '{ print $3}'</code> |
| | **Google** |
| | <code>dig @ns1.google.com +short TXT o-o.myaddr.l.google.com</code> |
| | <code>dig @216.239.32.10 +short TXT o-o.myaddr.l.google.com</code> |
| | Strip of the double quotes with awk on Linux |
| | <code>dig @ns1.google.com +short TXT o-o.myaddr.l.google.com | awk -F'"' '{ print $2}'</code> |
| **Akamai** | **Akamai** |
| <code>dig @ns1-1.akamaitech.net ANY whoami.akamai.net +short</code> | <code>dig @ns1-1.akamaitech.net +short ANY whoami.akamai.net</code> |
| | <code>dig @193.108.88.1 +short ANY whoami.akamai.net</code> |
| **OpenDNS** | **OpenDNS** |
| <code>dig +short myip.opendns.com @resolver1.opendns.com -4</code> | <code>dig @resolver1.opendns.com +short A myip.opendns.com -4</code> |
| | <code>dig @208.67.222.222 +short A myip.opendns.com -4</code> |
| | |
| |
| **Host** | **Host** |
| <code>11-January-2001 11:22:33.123 queries: info: client @0x6f6667722a8 1.2.3.4#42463 (www.example-com): query: www.example-com IN A +E(0)K (10.10.10.10) [ECS 2.2.2.0/24/0]</code> | <code>11-January-2001 11:22:33.123 queries: info: client @0x6f6667722a8 1.2.3.4#42463 (www.example-com): query: www.example-com IN A +E(0)K (10.10.10.10) [ECS 2.2.2.0/24/0]</code> |
| |
| | ===== EDNS0 Subnet ===== |
| | <code>dig +short @8.8.8.8 +subnet=41.33.12.0/24 3dzip.org</code> |
| ===== EDNS Opt ===== | ===== EDNS Opt ===== |
| <code>+ednsopt=65523:0a0a0a0a</code> | <code>+ednsopt=65523:0a0a0a0a</code> |
| <code>dig +tcp txt run-d.m.c.never.watch</code> | <code>dig +tcp txt run-d.m.c.never.watch</code> |
| |
| | ===== CNAME Recursion ===== |
| | If a query returns a CNAME chain (see below), then if the BIND server that made the query (i.e. forwarded to a recursor) is authoratative or conditionally forwards to a domain in the CNAME chain (e.g. forward privatelink.azurewebsites.net to Azure DNS resolver), then BIND will try and re-resolve using the conditional forwarder/authoritative zone even though it already has the answer. This means that, in the case below, the domain won't resolve if you are forwarding privatelink.azurewebsites.net to Azure and haven't configured Azure to [[https://learn.microsoft.com/en-us/azure/dns/private-dns-fallback|fallback to public resolution]]. |
| | <code>C:\Users\owner>dig A www.icaew.com |
| | |
| | ; <<>> DiG 9.16.38 <<>> A www.icaew.com |
| | ;; global options: +cmd |
| | ;; Got answer: |
| | ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25022 |
| | ;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 1 |
| | |
| | ;; OPT PSEUDOSECTION: |
| | ; EDNS: version: 0, flags:; udp: 4096 |
| | ; COOKIE: 96da9888912f9092 (echoed) |
| | ;; QUESTION SECTION: |
| | ;www.icaew.com. IN A |
| | |
| | ;; ANSWER SECTION: |
| | www.icaew.com. 10 IN CNAME icaew-sitecore-cd-as.azurewebsites.net. |
| | icaew-sitecore-cd-as.azurewebsites.net. 10 IN CNAME icaew-sitecore-cd-as.privatelink.azurewebsites.net. |
| | icaew-sitecore-cd-as.privatelink.azurewebsites.net. 10 IN CNAME waws-prod-am2-217.sip.azurewebsites.windows.net. |
| | waws-prod-am2-217.sip.azurewebsites.windows.net. 10 IN CNAME waws-prod-am2-217.westeurope.cloudapp.azure.com. |
| | waws-prod-am2-217.westeurope.cloudapp.azure.com. 10 IN A 137.117.218.101 |
| | |
| | ;; Query time: 162 msec |
| | ;; SERVER: 127.0.0.1#53(127.0.0.1) |
| | ;; WHEN: Tue Apr 22 13:15:59 GMT Summer Time 2025 |
| | ;; MSG SIZE rcvd: 503</code> |
| ===== Convert Domains to IP Lists ===== | ===== Convert Domains to IP Lists ===== |
| |
