dig command is a tool for querying DNS nameservers on Linux operating system. host is another tool for performing DNS lookups. nslookup is also a tool for querying DNS to obtain domain name, IP address, or DNS records. Those are great little tools for any sysadmin, but unfortunately those tools aren’t installed by default on CentOS 7. dig, host, and nslookup are a part of the BIND utilities, to get them you will have to install bind-utils package on CentOS 7.
BIND Utilities / bind-utils package is a collection of the client side programs for querying DNS name servers to find out information about Internet host. You can obtain information about IP address, DNS records, as well as other information about registered domains and network address.
without bind-utils package, you will get this error if you try to run dig, host, or nslookup
# dig namhuy.net
-bash: dig: command not found
Install dig, host, nslookup on CentOS 7
As I mentioned before, we are going to instlal bind-utils package
# yum install bind-utils
Run dig on CentOS 7
I have moved my domain from namesilo to namecheap recently to get advantage of their recent promotion “Move Your Domain Day”. Sadly namecheap does not support DNSSEC right out of the box (you can’t add DNSSEC record by yourself), you have to submit ticket and they will manually add the DS Record records for you. Anyway, back to our topic, I want to check if namecheap add my DS Records correctly or not, dig command will come handy.
I’m not going to deep on how to use those command, since I’m checking on DNSSEC on my domain, I will show you how.
# dig namhuy.net +dnssec +multi
; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7_2.2 <<>> namhuy.net +dnssec +multi
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3420
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 8192
;; QUESTION SECTION:
;namhuy.net. IN A
;; ANSWER SECTION:
namhuy.net. 300 IN A 18.104.22.168
namhuy.net. 300 IN A 22.214.171.124
namhuy.net. 300 IN RRSIG A 13 2 300 (
20160211052359 20160209032359 35273 namhuy.net.
;; Query time: 3 msec
;; SERVER: 126.96.36.199#53(188.8.131.52)
;; WHEN: Tue Feb 09 20:23:59 PST 2016
;; MSG SIZE rcvd: 177
The +dnssec flag is to ask your DNS server to validate the zone data. If dig returns with AD-Flag (Authenticated answer), it means your domain is DNSSEC signed and setup correctly. In my case dig returns without AD-Flag means my domain isn’t have DNSSEC signed. I will update this tutorial after I get my domain signed to compare the result with and without DNSSEC.
Run host on CentOS 7
host is a simple utility to perform DNS lookups. Usually it convert names to IP address and vice versa. Without any option given, host prints a short summary of names and IP addresses.
# host namhuy.net
namhuy.net has address 184.108.40.206
namhuy.net has address 220.127.116.11
namhuy.net has IPv6 address 2400:cb00:2048:1::681c:145b
namhuy.net has IPv6 address 2400:cb00:2048:1::681c:155b
namhuy.net mail is handled by 50 mx3.zoho.com.
namhuy.net mail is handled by 20 mx2.zoho.com.
namhuy.net mail is handled by 10 mx.zoho.com.
Run nslookup on CentOS 7
Very similar to host, nslookup is to query DNS to get domain name or IP address, or convert a host / domain name into IP addresses.
# nslookup namhuy.net