Querying a specific name server using dig
A practical tip on how to avoid cached results when looking up DNS records.
To avoid having to remember IP addresses we can use DNS, which makes it
possible to associate IP addresses with domain names. Sometimes we need to
test or troubleshoot these systems, which is where the DNS lookup utility
dig
comes into play.
The simplest query you can make is dig
followed by a
domain name.
$ dig nytimes.com
That type of query makes a recursive DNS request using your locally specified DNS server. This means that the answer can and often will be a cached result.
What you really want is an up-to-date
answer from an authoritative name server for that domain, which you can get
by adding an argument, the @
symbol followed by the
server name.
$ dig @<dns-server> nytimes.com
The simplest way to find out which name servers are authoritative is to
use whois
.
$ whois nytimes.com
Another way is to actually use the dig
command it self,
followed by ns
. Note that this also could give a cached result,
unlike whois
.
$ dig ns nytimes.com +noall +answer
; <<>> DiG 9.8.3-P1 <<>> ns nytimes.com +noall +answer
;; global options: +cmd
nytimes.com. 232 IN NS ns1.p24.dynect.net.
nytimes.com. 232 IN NS ns2.p24.dynect.net.
nytimes.com. 232 IN NS ns3.p24.dynect.net.
nytimes.com. 232 IN NS ns4.p24.dynect.net.
nytimes.com. 232 IN NS dns.ewr1.nytimes.com.
nytimes.com. 232 IN NS dns.sea1.nytimes.com.
Pro-tip: If you just want the answer section, add +noall
and
+answer
as arguments to the command.
So finally this would be an example of how to query a specific
authoritative DNS server for nytimes.com
.
$ dig @ns1.p24.dynect.net nytimes.com