Using whois and dig to investigate domain name and DNS records

Introduction

This page is intended to provide a basic guide to two very handy tools, whois and dig, for the purposes of investigating domain and DNS records.

Using whois

Whois is used for finding information about a domain's registration. The amount of information available will depend on the type of gTLD or ccTLD, and the registrar of the domain. For instance, the information provided for most .au domains is limited to the registrar name, registrant name and email address, domain status, and nameservers. Many other registries, including those of .com, .net, and .org, provide full registrant contact details, domain registration and expiration dates, as well as the registrant name, domain status, and nameservers.

Web-based whois queries

Some (especially small or newly-available) TLD registries have no whois servers, but provide other ways to query their databases, such as from the registry's website. If so, a link will generally be provided in the text of the whois information. For example, running whois on a .fm domain:

$ whois last.fm
This TLD has no whois server, but you can access the whois database at
http://www.dot.fm/whois.html

Others may provide only limited information on their whois servers, and require access via their website for the full information. Ausregistry, the .au registry administrator, is one of these. For example:

$ whois anchor.com.au
Domain Name:                     anchor.com.au
Last Modified:                   09-May-2008 02:03:16 UTC
Registrar ID:                    Anchor Systems
Registrar Name:                  Anchor Systems
Status:                          ok

Registrant:                      ANCHOR SYSTEMS PTY LTD
Registrant ID:                   ACN 093848278
Eligibility Type:                Company
Eligibility Name:                ANCHOR SYSTEMS PTY LTD
Eligibility ID:                  ACN 093848278

Registrant Contact ID:           AS0043966
Registrant Contact Name:         The Manager
Registrant Contact Email:        Visit whois.ausregistry.com.au for Web based WhoIs

Tech Contact ID:                 AS0105220
Tech Contact Name:               The Manager
Tech Contact Email:              Visit whois.ausregistry.com.au for Web based WhoIs

Name Server:                     ns2.anchor.net.au
Name Server IP:                  202.4.234.251
Name Server:                     ns1.anchor.net.au
Name Server IP:                  202.4.235.59

Visiting http://whois.ausregistry.com.au and running the same query will show the registrant and tech contact email addresses.

Using dig

Dig stands for "domain information groper", and is used for contacting DNS nameservers and retrieving records.

Basic usage

By default, dig will request the A record of whatever address is queried. This will return the IP address of the server hosting that website. As an example, let's look up the IP address of the web server hosting www.anchor.com.au:

$ dig www.anchor.com.au

; <<>> DiG 9.4.2 <<>> www.anchor.com.au
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24518
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0

;; QUESTION SECTION:
;www.anchor.com.au.             IN      A

;; ANSWER SECTION:
www.anchor.com.au.      86400   IN      A       202.4.234.96

;; AUTHORITY SECTION:
anchor.com.au.          3600    IN      NS      ns2.anchor.net.au.
anchor.com.au.          3600    IN      NS      ns1.anchor.net.au.

;; Query time: 90 msec
;; SERVER: 10.108.62.2#53(10.108.62.2)
;; WHEN: Fri Nov 28 16:44:22 2008
;; MSG SIZE  rcvd: 98

The information we're after is usually just in the ANSWER SECTION. While the other details can be handy for diagnosing problems, a terse answer can be provided by using the +short option.

$ dig www.anchor.com.au +short
202.4.234.96

Other types of records can be requested by specifying the desired type. For example:

$ dig anchor.com.au mx +short
10 av1.anchor.net.au.
20 smtp2.anchor.net.au.

Specific nameservers

dig can be used to contact specific nameservers, using the syntax:

dig @NAMESERVER DOMAIN

At Anchor, we most often use this to check that a domain's records on our nameservers are correct before redelegating it.

It can also be handy if the domain has been redelegated incorrectly or too early, and the current nameservers have useless records. By querying it up on the old nameservers, the IP address of the server previously hosting the site can then be used to retrieve the old content.

Reverse lookups

PTR records can be retrieved with the -x option.

Zone transfers

dig axfr. Many (most) nameservers don't support it, but general info on transferring zones, commonly present records, etc.

More DNS information

More information about DNS is available at: How DNS works.

Web-based tools

Both whois and dig are standard tools included with most distributions of Linux. If you don't have easy access to a Linux machine, there are a number of web-based whois and DNS lookup tools available. A few of the most popular are: