53/tcp DNS – Dig enumeration

Dig stands for (Domain Information Groper). Dig is a network administration command-line tool for querying Domain Name System (DNS) name servers. It is useful for verifying and troubleshooting DNS problems and also to perform DNS lookups and displays the answers that are returned from the name server that were queried. dig is part of the BIND domain name server software suite. dig command replaces older tool such as nslookup and the host. dig tool is available in major Linux distributions.

Install Dig on Linux

Debian

apt-get install dnsutils

CentOS 7

yum install bind-utils

Dig Syntax

In its simplest form, the syntax of the dig utility will look like this:

dig [server] [name] [type]

[server] – the IP address or hostname of the name server to query

If the server argument is the hostname then dig will resolve the hostname before proceeding with querying the name server.

It is optional and if you don’t provide a server argument then dig uses the name server listed in /etc/resolv.conf

[name] – the name of the resource record that is to be looked up

[type] – the type of query requested by dig. For example, it can be an A record, MX record, SOA record or any other types. By default dig performs a lookup for an A record if no type argument is specified.

Queries

Dig Commands Cheatsheet

Dig a Domain Name

dig yahoo.com

UNDERSTAND THE OUTPUT:

Lines beginning with ; are comments not part of the information.
The first line tell us the version of dig (9.11.5) command.
Next, dig shows the header of the response it received from the DNS server
Next comes the question section, which simply tells us the query, which in this case is a query for the “A” record of yahoo.com. The IN means this is an Internet lookup (in the Internet class).
The answer section tells us that yahoo.com has the IP address 72.30.38.140
Lastly there are some stats about the query. You can turn off these stats using the +nostats option.