出力結果の見方
ヘッダ
status
- NOERROR: 正常
- REFUSED: 拒否
- NXDOMAIN: 存在しない
flags
- qr: 応答 クエリなら0, 返信なら1
- rd: Recursion Desired 再帰クエリかどうか
- ra: 応答するDNSサーバが再帰をサポートしているか
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9748
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
QUESTION
問合せ内容を記述
;; QUESTION SECTION:
;google.com. IN A
ANSWER
問合せ内容に対して返答されたリソースレコード
;; ANSWER SECTION:
google.com. 168 IN A 216.58.199.238
その他いろいろ
キャッシュDNSサーバやメッセージサイズなどが格納されている。
;; Query time: 7 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Fri Sep 18 08:41:24 JST 2020
;; MSG SIZE rcvd: 649
dig の便利な使い方
キャッシュDNSサーバを指定する @アドレス
@のあとに(キャッシュ)DNSサーバのアドレスを指定することができる。 今回はGoogleのPublic DNSである8.8.8.8を利用してみる。
$ dig @8.8.8.8 google.com
; <<>> DiG 9.11.3-1ubuntu1.8-Ubuntu <<>> @8.8.8.8 google.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17835
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;google.com. IN A
;; ANSWER SECTION:
google.com. 40 IN A 172.217.26.110
;; Query time: 7 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Fri Sep 18 07:59:29 JST 2020
;; MSG SIZE rcvd: 55
最低限だけ出力する +short
digコマンドは他のdns関連のコマンドと比較してかなり詳細まで出力してくれるため、情報量が多くて見辛いことがある。
そのような場合は +shortオプションが便利
$ dig google.com +short
172.217.161.206
$ dig google.com +short ns
ns2.google.com.
ns3.google.com.
ns4.google.com.
ns1.google.com.
全部知る
クエリタイプでanyを指定すると、全てのリソースレコードを取得可能
$ dig google.com any
; <<>> DiG 9.11.3-1ubuntu1.8-Ubuntu <<>> google.com any
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32666
;; flags: qr rd ra; QUERY: 1, ANSWER: 11, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;google.com. IN ANY
;; ANSWER SECTION:
google.com. 63 IN A 172.217.161.238
google.com. 38 IN AAAA 2404:6800:400a:80c::200e
google.com. 550 IN MX 20 alt1.aspmx.l.google.com.
google.com. 550 IN MX 10 aspmx.l.google.com.
google.com. 550 IN MX 50 alt4.aspmx.l.google.com.
google.com. 550 IN MX 40 alt3.aspmx.l.google.com.
google.com. 550 IN MX 30 alt2.aspmx.l.google.com.
google.com. 36362 IN NS ns4.google.com.
google.com. 36362 IN NS ns2.google.com.
google.com. 36362 IN NS ns3.google.com.
google.com. 36362 IN NS ns1.google.com.
;; Query time: 1 msec
;; SERVER: 127.0.0.53#53(127.0.0.53)
;; WHEN: Fri Sep 18 08:03:02 JST 2020
;; MSG SIZE rcvd: 263
ルートDNSサーバ
dig . nsなどでルートDNSを調べられる。digコマンドに何も指定しなかったらルートDNSサーバ一覧が表示される。
全世界にルートDNSサーバは13個あることがわかる。
$ dig
; <<>> DiG 9.11.3-1ubuntu1.8-Ubuntu <<>>
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57769
;; flags: qr rd ra; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;. IN NS
;; ANSWER SECTION:
. 7170 IN NS c.root-servers.net.
. 7170 IN NS b.root-servers.net.
. 7170 IN NS a.root-servers.net.
. 7170 IN NS m.root-servers.net.
. 7170 IN NS l.root-servers.net.
. 7170 IN NS k.root-servers.net.
. 7170 IN NS j.root-servers.net.
. 7170 IN NS i.root-servers.net.
. 7170 IN NS h.root-servers.net.
. 7170 IN NS g.root-servers.net.
. 7170 IN NS f.root-servers.net.
. 7170 IN NS e.root-servers.net.
. 7170 IN NS d.root-servers.net.
;; Query time: 0 msec
;; SERVER: 127.0.0.53#53(127.0.0.53)
;; WHEN: Fri Sep 18 08:25:35 JST 2020
;; MSG SIZE rcvd: 239
digコマンドの詳細
$ dig -h
Usage: dig [@global-server] [domain] [q-type] [q-class] {q-opt}
{global-d-opt} host [@local-server] {local-d-opt}
[ host [@local-server] {local-d-opt} [...]]
Where: domain is in the Domain Name System
q-class is one of (in,hs,ch,...) [default: in]
q-type is one of (a,any,mx,ns,soa,hinfo,axfr,txt,...) [default:a]
(Use ixfr=version for type ixfr)
q-opt is one of:
-4 (use IPv4 query transport only)
-6 (use IPv6 query transport only)
-b address[#port] (bind to source address/port)
-c class (specify query class)
-f filename (batch mode)
-i (use IP6.INT for IPv6 reverse lookups)
-k keyfile (specify tsig key file)
-m (enable memory usage debugging)
-p port (specify port number)
-q name (specify query name)
-t type (specify query type)
-u (display times in usec instead of msec)
-x dot-notation (shortcut for reverse lookups)
-y [hmac:]name:key (specify named base64 tsig key)
d-opt is of the form +keyword[=value], where keyword is:
+[no]aaonly (Set AA flag in query (+[no]aaflag))
+[no]additional (Control display of additional section)
+[no]adflag (Set AD flag in query (default on))
+[no]all (Set or clear all display flags)
+[no]answer (Control display of answer section)
+[no]authority (Control display of authority section)
+[no]besteffort (Try to parse even illegal messages)
+bufsize=### (Set EDNS0 Max UDP packet size)
+[no]cdflag (Set checking disabled flag in query)
+[no]cl (Control display of class in records)
+[no]cmd (Control display of command line)
+[no]comments (Control display of comment lines)
+[no]crypto (Control display of cryptographic fields in records)
+[no]defname (Use search list (+[no]search))
+[no]dnssec (Request DNSSEC records)
+domain=### (Set default domainname)
+[no]edns[=###] (Set EDNS version) [0]
+ednsflags=### (Set EDNS flag bits)
+[no]ednsnegotiation (Set EDNS version negotiation)
+ednsopt=###[:value] (Send specified EDNS option)
+noednsopt (Clear list of +ednsopt options)
+[no]expire (Request time to expire)
+[no]fail (Don't try next server on SERVFAIL)
+[no]identify (ID responders in short answers)
+[no]idnout (convert IDN response)
+[no]ignore (Don't revert to TCP for TC responses.)
+[no]keepopen (Keep the TCP socket open between queries)
+[no]multiline (Print records in an expanded format)
+ndots=### (Set search NDOTS value)
+[no]nsid (Request Name Server ID)
+[no]nssearch (Search all authoritative nameservers)
+[no]onesoa (AXFR prints only one soa record)
+[no]opcode=### (Set the opcode of the request)
+[no]qr (Print question before sending)
+[no]question (Control display of question section)
+[no]recurse (Recursive mode)
+retry=### (Set number of UDP retries) [2]
+[no]rrcomments (Control display of per-record comments)
+[no]search (Set whether to use searchlist)
+[no]short (Display nothing except short
form of answer)
+[no]showsearch (Search with intermediate results)
+[no]split=## (Split hex/base64 fields into chunks)
+[no]stats (Control display of statistics)
+subnet=addr (Set edns-client-subnet option)
+[no]tcp (TCP mode (+[no]vc))
+time=### (Set query timeout) [5]
+[no]trace (Trace delegation down from root [+dnssec])
+tries=### (Set number of UDP attempts) [3]
+[no]ttlid (Control display of ttls in records)
+[no]vc (TCP mode (+[no]tcp))
global d-opts and servers (before host name) affect all queries.
local d-opts and servers (after host name) affect only that lookup.
-h (print help and exit)
-v (print version and exit)
おまけ
DNSのクラスで指定可能な Chaosnet, Hesiodについて知りたかったらこれをみるといいかも。
他のDNS関連コマンド
host
楽だから個人的にはdigはあまり使わないでhostコマンド使う。
$ host example.com
example.com has address 93.184.216.34
example.com has IPv6 address 2606:2800:220:1:248:1893:25c8:1946
example.com mail is handled by 0 .
nslookup
$ nslookup example.com
Server: 127.0.0.53
Address: 127.0.0.53#53
Non-authoritative answer:
Name: example.com
Address: 93.184.216.34
Name: example.com
Address: 2606:2800:220:1:248:1893:25c8:1946
ping
pingでも名前解決の結果が表示される。
$ ping example.com
PING example.com (93.184.216.34) 56(84) bytes of data.
64 bytes from 93.184.216.34 (93.184.216.34): icmp_seq=1 ttl=52 time=104 ms
64 bytes from 93.184.216.34 (93.184.216.34): icmp_seq=2 ttl=52 time=104 ms
64 bytes from 93.184.216.34 (93.184.216.34): icmp_seq=3 ttl=52 time=104 ms
...
参考文献
https://tools.ietf.org/rfc/rfc1035.txt https://tools.ietf.org/html/rfc2929
https://linux.die.net/man/1/dig