El comando “dig” (Domain Information Groper) es una herramienta poderosa para explorar y diagnosticar información DNS. Descubramos 10 comandos útiles de “dig” para potenciar tu comprensión del sistema de nombres de dominio.

1. Consulta de Registro A (IPv4):

dig <dominio> A

Busca la dirección IPv4 asociada al dominio “<dominio>”.

Ejemplo:

dig google.com A
; <<>> DiG 9.10.6 <<>> google.com A
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30741
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;google.com.			IN	A

;; ANSWER SECTION:
google.com.		46	IN	A	142.250.79.78

;; Query time: 13 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Fri Jan 19 00:02:29 -03 2024
;; MSG SIZE  rcvd: 55

2. Consulta de Registro AAAA (IPv6):

dig <dominio> AAAA

Recupera la dirección IPv6 asociada al dominio “<dominio>”.

Ejemplo:

dig google.com AAAA
; <<>> DiG 9.10.6 <<>> google.com AAAA
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29749
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;google.com.			IN	AAAA

;; ANSWER SECTION:
google.com.		274	IN	AAAA	2800:3f0:4002:811::200e

;; Query time: 13 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Fri Jan 19 00:05:16 -03 2024
;; MSG SIZE  rcvd: 67

3. Consulta de Registro MX (Mail Exchange):

dig <dominio> MX

Obtiene la información sobre los servidores de intercambio de correo asociados al dominio “<dominio>”.

dig google.com MX
; <<>> DiG 9.10.6 <<>> google.com MX
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36299
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;google.com.			IN	MX

;; ANSWER SECTION:
google.com.		300	IN	MX	10 smtp.google.com.

;; Query time: 34 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Fri Jan 19 00:07:28 -03 2024
;; MSG SIZE  rcvd: 60

4. Consulta de Registro CNAME (Alias de Nombre Canónico):

dig <dominio> CNAME

Busca el alias de nombre canónico asociado a “dominio”.

dig www.google.com CNAME
; <<>> DiG 9.10.6 <<>> www.google.com CNAME
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33810
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;www.google.com.			IN	CNAME

;; AUTHORITY SECTION:
google.com.		60	IN	SOA	ns1.google.com. dns-admin.google.com. 599114401 900 900 1800 60

;; Query time: 35 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Fri Jan 19 00:09:39 -03 2024
;; MSG SIZE  rcvd: 93

5. Consulta de Registro TXT (Texto):

dig <dominio> TXT

Recupera la información de texto asociada al dominio “<dominio>”.

dig google.com TXT
; <<>> DiG 9.10.6 <<>> google.com TXT
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61450
;; flags: qr rd ra; QUERY: 1, ANSWER: 12, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;google.com.			IN	TXT

;; ANSWER SECTION:
google.com.		3600	IN	TXT	"MS=E4A68B9AB2BB9670BCE15412F62916164C0B20BB"
google.com.		3600	IN	TXT	"facebook-domain-verification=22rm551cu4k0ab0bxsw536tlds4h95"
google.com.		3600	IN	TXT	"docusign=1b0a6754-49b1-4db5-8540-d2c12664b289"
google.com.		3600	IN	TXT	"v=spf1 include:_spf.google.com ~all"
google.com.		3600	IN	TXT	"atlassian-domain-verification=5YjTmWmjI92ewqkx2oXmBaD60Td9zWon9r6eakvHX6B77zzkFQto8PQ9QsKnbf4I"
google.com.		3600	IN	TXT	"google-site-verification=wD8N7i1JTNTkezJ49swvWW48f8_9xveREV4oB-0Hf5o"
google.com.		3600	IN	TXT	"apple-domain-verification=30afIBcvSuDV2PLX"
google.com.		3600	IN	TXT	"docusign=05958488-4752-4ef2-95eb-aa7ba8a3bd0e"
google.com.		3600	IN	TXT	"onetrust-domain-verification=de01ed21f2fa4d8781cbc3ffb89cf4ef"
google.com.		3600	IN	TXT	"google-site-verification=TV9-DBe4R80X4v0M4U_bd_J9cpOJM0nikft0jAgjmsQ"
google.com.		3600	IN	TXT	"globalsign-smime-dv=CDYX+XFHUw2wml6/Gb8+59BsH31KzUr6c1l2BPvqKX8="
google.com.		3600	IN	TXT	"webexdomainverification.8YX6G=6e6922db-e3e6-4a36-904e-a805c28087fa"

;; Query time: 36 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Fri Jan 19 00:11:16 -03 2024
;; MSG SIZE  rcvd: 885

6. Consulta de Registro SOA (Start of Authority):

dig <dominio> SOA

Obtiene la información de autoridad del dominio “<dominio>”.

dig google.com SOA
; <<>> DiG 9.10.6 <<>> google.com SOA
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10516
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;google.com.			IN	SOA

;; ANSWER SECTION:
google.com.		60	IN	SOA	ns1.google.com. dns-admin.google.com. 599114401 900 900 1800 60

;; Query time: 13 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Fri Jan 19 00:13:53 -03 2024
;; MSG SIZE  rcvd: 89

7. Búsqueda inversa de DNS:

dig -x <IP>

Obtiene el registro DNS correspondiente a la dirección IP <IP>.

dig -x 8.8.8.8
; <<>> DiG 9.10.6 <<>> -x 8.8.8.8
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37780
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;8.8.8.8.in-addr.arpa.		IN	PTR

;; ANSWER SECTION:
8.8.8.8.in-addr.arpa.	86400	IN	PTR	dns.google.

;; Query time: 309 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Fri Jan 19 00:18:02 -03 2024
;; MSG SIZE  rcvd: 73

8. Consultar un Servidor DNS Específico

dig @<servidor_dns> <dominio>

Obtiene el registro consultado desde el servidor DNS <servidor_dns>

dig @8.8.8.8 google.com
; <<>> DiG 9.10.6 <<>> @8.8.8.8 google.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62038
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;google.com.			IN	A

;; ANSWER SECTION:
google.com.		47	IN	A	142.251.133.238

;; Query time: 11 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Fri Jan 19 00:24:55 -03 2024
;; MSG SIZE  rcvd: 55

9. Consulta de Registro NS (Name Server):

dig <dominio> NS

Recupera información sobre los servidores de nombres autoritativos para el dominio “<dominio>”.

dig google.com NS
; <<>> DiG 9.10.6 <<>> google.com NS
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19713
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;google.com.			IN	NS

;; ANSWER SECTION:
google.com.		23835	IN	NS	ns2.google.com.
google.com.		23835	IN	NS	ns1.google.com.
google.com.		23835	IN	NS	ns4.google.com.
google.com.		23835	IN	NS	ns3.google.com.

;; Query time: 1129 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Fri Jan 19 00:27:28 -03 2024
;; MSG SIZE  rcvd: 111

10. Consulta registro DNS con salida resumida

dig +short <dominio>

Obtiene el registro DNS con salida resumida.

dig +short google.com
142.251.134.46

dig +short google.com NS
ns2.google.com.
ns1.google.com.
ns4.google.com.
ns3.google.com

¡Estos 10 comandos “dig” te permitirán explorar y comprender mejor el mundo del Sistema de Nombres de Dominio (DNS) en Linux!