dig 명령어 사용법 - 네트워크 체크

     

    dig 명령어로 DNS 확인하기

    dig는 접속하고자 하는 사이트 혹은 운영중인 사이트에 액세스 문제가 발생한 것은 아닌지, 정상 접속 가능한지 등등 네트워크 문제를 진단하고자 할 때 사용하는 툴이다.

    dig라는 이름이 Domain Information Groper 라는 full name으로부터 유래 되었기 때문에, 도메인 특화 유틸리티라는 것을 알 수 있다.

     

    man page 설명

    NAME
           dig - DNS lookup utility
    
    SYNOPSIS
           dig [@server] [-b address] [-c class] [-f filename] [-k filename] [-m] [-p port#] [-q name] [-t type] [-v] [-x addr] [-y [hmac:]name:key] [-4] [-6] [name] [type]
               [class] [queryopt...]
    
           dig [-h]
    
           dig [global-queryopt...] [query...]
    
    DESCRIPTION
           dig (domain information groper) is a flexible tool for interrogating DNS name servers. It performs DNS lookups and displays the answers that are returned from the
           name server(s) that were queried. Most DNS administrators use dig to troubleshoot DNS problems because of its flexibility, ease of use and clarity of output.
           Other lookup tools tend to have less functionality than dig.
    
           Although dig is normally used with command-line arguments, it also has a batch mode of operation for reading lookup requests from a file. A brief summary of its
           command-line arguments and options is printed when the -h option is given. Unlike earlier versions, the BIND 9 implementation of dig allows multiple lookups to be
           issued from the command line.
    
           Unless it is told to query a specific name server, dig will try each of the servers listed in /etc/resolv.conf. If no usable server addresses are found, dig will
           send the query to the local host.
    
           When no command line arguments or options are given, dig will perform an NS query for "." (the root).
    
           It is possible to set per-user defaults for dig via ${HOME}/.digrc. This file is read and any options in it are applied before the command line arguments.
    
           The IN and CH class names overlap with the IN and CH top level domain names. Either use the -t and -c options to specify the type and class, use the -q the
           specify the domain name, or use "IN." and "CH." when looking up these top level domains.

     

    dig 설치

    맥북에는 기본적으로 설치가 되어 있을텐데, 리눅스 계열에 따라 필요시 아래의 명령어로 설치할 수 있다.

    # Ubuntu 계열
    $ sudo apt install dnsutils
    
    
    # Centos/ Fedora 계열
    $ sudo yum install bind-utils
    
    # Arch Linux 게열
    $ sudo paceman -S bind-tools

     

    반응형

     

    dig 기본 사용법

    위의 man page에도 자세한 설몀이 나와있지만, 기본 사용은 아래와 같이 한다고 보면 되겠다.

    $ dig daum.net
    $ dig @8.8.8.8 naver.com
    $ dig daum.net cname
    $ dig daum.net ns
    $ dig daum.net trace

     

    도메인 조회

    $ dig daum.net
    
    
    ; <<>> DiG 9.10.6 <<>> daum.net
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43775
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
    
    ;; OPT PSEUDOSECTION:
    ; EDNS: version: 0, flags:; udp: 4096
    ;; QUESTION SECTION:
    ;daum.net.            IN    A
    
    ;; ANSWER SECTION:
    daum.net.        250    IN    A    121.53.105.210
    daum.net.        250    IN    A    121.53.224.15
    
    ;; Query time: 3 msec
    ;; SERVER: 210.220.163.82#53(210.220.163.82)
    ;; WHEN: Sun Jan 08 20:16:52 KST 2023
    ;; MSG SIZE  rcvd: 69

    기본적으로 /etc/resolv.conf에 지정된 서버에 질의하여 주소를 얻어온다.

    그리고, IN A 라는 문장이 보여주듯 기본적으로 A 레코드를 질의한다.

     

    특정 네임서버로부터 도메인 조회

    $ dig @8.8.8.8 daum.net
    
    
    ; <<>> DiG 9.10.6 <<>> @8.8.8.8 daum.net
    ; (1 server found)
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14966
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
    
    ;; OPT PSEUDOSECTION:
    ; EDNS: version: 0, flags:; udp: 512
    ;; QUESTION SECTION:
    ;daum.net.            IN    A
    
    ;; ANSWER SECTION:
    daum.net.        6    IN    A    121.53.224.15
    daum.net.        6    IN    A    121.53.105.210
    
    ;; Query time: 37 msec
    ;; SERVER: 8.8.8.8#53(8.8.8.8)
    ;; WHEN: Sun Jan 08 20:18:48 KST 2023
    ;; MSG SIZE  rcvd: 69

    위의 커맨드와 비슷한데, 어느 서버에 물어볼 것인지를 지정할 수 있다.

    즉, 8.8.8.8 (구글)에 daum.net의 주소를 물어본 셈이다.

     

     

     

     

    CName 조회하기

    $ dig luran.me cname
    
    ; <<>> DiG 9.10.6 <<>> luran.me cname
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30462
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
    
    ;; OPT PSEUDOSECTION:
    ; EDNS: version: 0, flags:; udp: 4096
    ;; QUESTION SECTION:
    ;luran.me.            IN    CNAME
    
    ;; AUTHORITY SECTION:
    luran.me.        3600    IN    SOA    algin.ns.cloudflare.com. dns.cloudflare.com. 2277755759 10000 2400 604800 3600
    
    ;; Query time: 806 msec
    ;; SERVER: 219.250.36.130#53(219.250.36.130)
    ;; WHEN: Sun Jan 08 20:23:24 KST 2023
    ;; MSG SIZE  rcvd: 114

    Came 레코드를 문의하면, canonical name 즉 본명을 알려준다.

     

    NS 조회하기

    $ dig luran.me ns
    
    ; <<>> DiG 9.10.6 <<>> luran.me ns
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15126
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 13
    
    ;; OPT PSEUDOSECTION:
    ; EDNS: version: 0, flags:; udp: 4096
    ;; QUESTION SECTION:
    ;luran.me.            IN    NS
    
    ;; ANSWER SECTION:
    luran.me.        83104    IN    NS    roxy.ns.cloudflare.com.
    luran.me.        83104    IN    NS    algin.ns.cloudflare.com.
    
    ;; ADDITIONAL SECTION:
    roxy.ns.cloudflare.com.    16022    IN    A    108.162.192.142
    roxy.ns.cloudflare.com.    16022    IN    A    172.64.32.142
    roxy.ns.cloudflare.com.    16022    IN    A    173.245.58.142
    algin.ns.cloudflare.com. 108678    IN    A    108.162.193.61
    algin.ns.cloudflare.com. 108678    IN    A    172.64.33.61
    algin.ns.cloudflare.com. 108678    IN    A    173.245.59.61
    roxy.ns.cloudflare.com.    77281    IN    AAAA    2606:4700:50::adf5:3a8e
    roxy.ns.cloudflare.com.    77281    IN    AAAA    2803:f800:50::6ca2:c08e
    roxy.ns.cloudflare.com.    77281    IN    AAAA    2a06:98c1:50::ac40:208e
    algin.ns.cloudflare.com. 14249    IN    AAAA    2606:4700:58::adf5:3b3d
    algin.ns.cloudflare.com. 14249    IN    AAAA    2803:f800:50::6ca2:c13d
    algin.ns.cloudflare.com. 14249    IN    AAAA    2a06:98c1:50::ac40:213d
    
    ;; Query time: 857 msec
    ;; SERVER: 210.220.163.82#53(210.220.163.82)
    ;; WHEN: Sun Jan 08 20:24:24 KST 2023
    ;; MSG SIZE  rcvd: 357

    대상 서버의 네임서버가 어떻게 잡혀있는지를 확인한다.

    댓글

    Designed by JB FACTORY