I have a custom dnsmasq instance running locally as my main dns provider and I want to forward *.vm requests to libvirt's instance of dnsmasq, but there's something wrong with my local network configuration. This dig request used to work:

$ virsh list
 Id   Name          State
-----------------------------
 1    recovery.vm   running

$ dig @192.168.122.1 recovery.vm.
;; communications error to 192.168.122.1#53: timed out

; > DiG 9.20.10 > @192.168.122.1 recovery.vm.
; (1 server found)
;; global options: +cmd
;; no servers could be reached

I think it is strange that is says "no servers could be reached", instead of the usual "NXDOMAIN" response. I know for a fact dnsmasq is running...

sudo lsof -nP -iTCP -sTCP:LISTEN | grep dnsmasq
dnsmasq    1579       nobody   6u  IPv4  27785      0t0  TCP 192.168.122.1:53 (LISTEN)
dnsmasq   19342      dnsmasq   5u  IPv4 236233      0t0  TCP 127.0.0.1:53 (LISTEN)
dnsmasq   19342      dnsmasq   7u  IPv6 236235      0t0  TCP [::1]:53 (LISTEN)

SO libvirt's dnsmasq is definitely running with pid=1579, but for some reason, dig cannot reach it... I am not sure what could be happening here.

$ sudo nft list ruleset
table ip libvirt_network {
	chain forward {
		type filter hook forward priority filter; policy accept;
		counter packets 178240 bytes 171747714 jump guest_cross
		counter packets 178240 bytes 171747714 jump guest_input
		counter packets 65829 bytes 3589986 jump guest_output
	}

	chain guest_output {
		ip saddr 192.168.122.0/24 iif "virbr0" counter packets 0 bytes 0 accept
		iif "virbr0" counter packets 0 bytes 0 reject
	}

	chain guest_input {
		oif "virbr0" ip daddr 192.168.122.0/24 ct state established,related counter packets 0 bytes 0 accept
		oif "virbr0" counter packets 0 bytes 0 reject
	}

	chain guest_cross {
		iif "virbr0" oif "virbr0" counter packets 0 bytes 0 accept
	}

	chain guest_nat {
		type nat hook postrouting priority srcnat; policy accept;
		ip saddr 192.168.122.0/24 ip daddr 224.0.0.0/24 counter packets 0 bytes 0 return
		ip saddr 192.168.122.0/24 ip daddr 255.255.255.255 counter packets 0 bytes 0 return
		meta l4proto tcp ip saddr 192.168.122.0/24 ip daddr != 192.168.122.0/24 counter packets 0 bytes 0 masquerade to :1024-65535
		meta l4proto udp ip saddr 192.168.122.0/24 ip daddr != 192.168.122.0/24 counter packets 0 bytes 0 masquerade to :1024-65535
		ip saddr 192.168.122.0/24 ip daddr != 192.168.122.0/24 counter packets 0 bytes 0 masquerade
	}
}
table ip6 libvirt_network {
	chain forward {
		type filter hook forward priority filter; policy accept;
		counter packets 0 bytes 0 jump guest_cross
		counter packets 0 bytes 0 jump guest_input
		counter packets 0 bytes 0 jump guest_output
	}

	chain guest_output {
	}

	chain guest_input {
	}

	chain guest_cross {
	}

	chain guest_nat {
		type nat hook postrouting priority srcnat; policy accept;
	}
}

$ sudo iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Looking for suggestions on how to fix it or further investigate, please. Thank you.

Is there a way to have dig request (potentially over several requests) all of the common types of records for a domain at once? dig any domain.com and dig all domain.com seem to be lacking... everything. E.g. I would like output that includes mx, txt, a, aaaa, ns, ptr, etc. all at once. Is that possible with dig?

Using dig I can query a specific DNS server for some DNS records, for instance dig example.com A @192.168.1.1 Where in this instance 192.168.1.1 is my router's ip. Is there a way, using dig or any other program, to find out what DNS servers my router is using? (when it doesn't have the query cached) I have limited access to the router due to restrictions of the ISP. So in the web interface I cannot find anything.

Yesterday I play with old bind on old unix vm (1998, Interactive Unix 4.1.1) dig www.google.it return this dig +noedns www.google.it @192.168.0.15 ; > DiG 9.18.30 > +noedns www.google.it @192.168.0.15 ;; global options: +cmd ;; Got answer: ;; ->>HEADER> DiG 9.18.30 > +noedns www.google.it @192.168.0.4 ;; global options: +cmd ;; Got answer: ;; ->>HEADER> DiG 9.18.30 > www.google.it @192.168.0.4 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35264 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1232 ; COOKIE: 3ef6be6f29a5772001000000672a11a41858b37880b6f84b (good) ;; QUESTION SECTION: ;www.google.it. IN A ;; ANSWER SECTION: www.google.it. 4m32s IN A 142.251.209.35 ;; Query time: 3 msec ;; SERVER: 192.168.0.4#53(192.168.0.4) (UDP) ;; WHEN: Tue Nov 05 13:37:56 CET 2024 ;; MSG SIZE rcvd: 86 Why old bind return more results?

Sorry I don't know if this is a docker issue or a dig issue on rockylinux 9. Everything works as expected on rockylinux 8. I have a docker-compose.yml file below with a service named https. That allows the container to be referenced by the hostname https. While ping https works, for some reason dig https (DiG 9.16.23-RH) does not work on rockylinux 9. It does work on rockylinux 8 (DiG 9.11.36-RedHat-9.11.36-16.el8_10.2). If I change the service name to httpsx then dig httpsx works.

services:
  https:
    image: "rockylinux:${RL_VERSION}"
    command: bash -c "yum install -y iputils bind-utils && echo '=====dig version output====' && dig -v && echo '=====ping https output====' && ping -c 3 https && echo '=====dig https output====' && dig +short https"
    environment:
       - RL_VERSION

Working 8:

% RL_VERSION=8 docker-compose up
Attaching to https-1
https-1  | Rocky Linux 8 - AppStream                       5.7 MB/s |  11 MB     00:01    
...
https-1  | Complete!
https-1  | =====dig version output====
https-1  | DiG 9.11.36-RedHat-9.11.36-16.el8_10.2
https-1  | =====ping https output====
https-1  | PING https (172.21.0.2) 56(84) bytes of data.
https-1  | 64 bytes from c3f0c7a6613c (172.21.0.2): icmp_seq=1 ttl=64 time=0.558 ms
https-1  | 64 bytes from c3f0c7a6613c (172.21.0.2): icmp_seq=2 ttl=64 time=0.051 ms
https-1  | 64 bytes from c3f0c7a6613c (172.21.0.2): icmp_seq=3 ttl=64 time=0.040 ms
https-1  | 
https-1  | --- https ping statistics ---
https-1  | 3 packets transmitted, 3 received, 0% packet loss, time 2025ms
https-1  | rtt min/avg/max/mdev = 0.040/0.216/0.558/0.241 ms
https-1  | =====dig https output====
https-1  | 172.21.0.2

Failing 9:

% RL_VERSION=9 docker-compose up
[+] Running 1/1
 ✔ Container testhttps-https-1  Recreated                                                                                                    0.2s 
Attaching to https-1
https-1  | Rocky Linux 9 - BaseOS                          2.4 MB/s | 2.4 MB     00:00    
...
https-1  | Complete!
https-1  | =====dig version output====
https-1  | DiG 9.16.23-RH
https-1  | =====ping https output====
https-1  | PING https (172.21.0.2) 56(84) bytes of data.
https-1  | 64 bytes from 4a2841b5dac9 (172.21.0.2): icmp_seq=1 ttl=64 time=0.404 ms
https-1  | 64 bytes from 4a2841b5dac9 (172.21.0.2): icmp_seq=2 ttl=64 time=0.117 ms
https-1  | 64 bytes from 4a2841b5dac9 (172.21.0.2): icmp_seq=3 ttl=64 time=0.088 ms
https-1  | 
https-1  | --- https ping statistics ---
https-1  | 3 packets transmitted, 3 received, 0% packet loss, time 2009ms
https-1  | rtt min/avg/max/mdev = 0.088/0.203/0.404/0.142 ms
https-1  | =====dig https output====
https-1  | c.root-servers.net.
https-1  | l.root-servers.net.
https-1  | e.root-servers.net.
https-1  | d.root-servers.net.
https-1  | i.root-servers.net.
https-1  | b.root-servers.net.
https-1  | g.root-servers.net.
https-1  | m.root-servers.net.
https-1  | a.root-servers.net.
https-1  | f.root-servers.net.
https-1  | h.root-servers.net.
https-1  | j.root-servers.net.
https-1  | k.root-servers.net.

I have a list of domains, and I want to use dig to check whether those domains have HTTPS records or not. I ran a for loop to do so, and I realized that the reason why I don't have any result is because the domain name read from the file is suffixed with '\013' string when passed to dig. Hence, I get NXDOMAIN (even for A records which are available for all the domains in my list). My domain list is as follows:

google.com
cloudflare.com

I issue the following loop:

for i in $(cat mydomains.csv); do echo $i; dig  $i; sleep 2; done

In the output, you can see that echo $i shows google.com for the first domain, but in the dig command's output, the requested domain is google.com\013

google.com

; > DiG 9.18.18-0ubuntu0.22.04.1-Ubuntu > google.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 30386
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;google.com\013.			IN	A

;; Query time: 0 msec
;; SERVER: 127.0.0.53#53(127.0.0.53) (UDP)
;; WHEN: Fri Feb 02 15:11:29 +08 2024
;; MSG SIZE  rcvd: 40

I bet this is just some stupid encoding problem, but could not figure out how to overcome this. Anyone had the same issue before?

When running dig you can specify a "server" (the DNS server you make query against), "domain" and "host". Since "host" is not optional, I'm guessing this is what you are trying to resolve. But you also can specify a "domain". I thought that may be if we take unix.stackexchange.com as an example, the "host" could be unix and the "domain" could be stackexchange.com, however dig stackexchange.com unix did not seem to retreive the dns records for unix.stackexchange.com. The "host" and "domain" I'm referring to are what is listed in the help lines below. (To clarify, I know that dig unix.stackexchange.com works, I'm asking about the meaning of "host" and "domain" in dig help lines)

$ dig -v
DiG 9.16.44-Debian
$ dig -h
Usage:  dig [@global-server] [domain] [q-type] [q-class] {q-opt}
            {global-d-opt} host [@local-server] {local-d-opt}
            [ host [@local-server] {local-d-opt} [...]]
Where:  domain    is in the Domain Name System
        q-class  is one of (in,hs,ch,...) [default: in]
        q-type   is one of (a,any,mx,ns,soa,hinfo,axfr,txt,...) [default:a]
                 (Use ixfr=version for type ixfr)
        q-opt    is one of:
                 -4                  (use IPv4 query transport only)
                 -6                  (use IPv6 query transport only)
                 -b address[#port]   (bind to source address/port)
                 -c class            (specify query class)
                 -f filename         (batch mode)
                 -k keyfile          (specify tsig key file)
                 -m                  (enable memory usage debugging)
                 -p port             (specify port number)
                 -q name             (specify query name)
                 -r                  (do not read ~/.digrc)
                 -t type             (specify query type)
                 -u                  (display times in usec instead of msec)
                 -x dot-notation     (shortcut for reverse lookups)
                 -y [hmac:]name:key  (specify named base64 tsig key)
        d-opt    is of the form +keyword[=value], where keyword is:
                 +[no]aaflag         (Set AA flag in query (+[no]aaflag))
                 +[no]aaonly         (Set AA flag in query (+[no]aaflag))
...
        global d-opts and servers (before host name) affect all queries.
        local d-opts and servers (after host name) affect only that lookup.
        -h                           (print help and exit)
        -v                           (print version and exit)

I'm unsure if I found a bug in bind. I've setup a simple dns server on debian 12. in *named.conf.options* zone "rpz-test" { type master; file "/etc/bind/rpz-test.zone"; check-names ignore; } in *rpz-test.zone* ;RPZ $TTL 604800 @ IN SOA rpz.zone. rpz.zone. ( 2; serial 604800; refresh 86400; retry 2419200; expire 604800; minimum ) IN NS localhost. *.com A 127.0.0.1 sub.domain.com A 127.0.0.1 Now... If I use dig to check the configuration once bind9 is started... This is what happens: **dig whatever.com @localhost -p 53** -> replies 127.0.0.1 **dig sub.domain.com @localhost -p 53** -> replies 127.0.0.1 **dig domain.com @localhost -p 53** -> breaks the wildcard and is resolved Practically if there's a subdomain of a domain declared, the main is resolved externally! Very weird, wasn't the wildcard able to overcome the subsequent declarations? Probably the problem is in my configuration, not sure if is a bug however the versions I'm using are: debian 12.2 bind 9.18.19~deb12u1

I'm using dig with dig someserver.com -p 53 @localhost checking if my bind server do what it should. However even if I have a rpz set up with a wildcard like *.com A 127.0.0.1 most of .com replies correctly with 127.0.0.1 there are some domain.com that instead are resolved externally, let's say they strangely bypass the wildcard. The configuration is very big with a ton of voices, so I'm wondering if there's another rule that instead forwards externally the request. I wonder... there's a command that could help me to understand which rule make bind act in that specific way? eg. this host is resolved this way cause the rule at line 2421 of that file ?

We use a security rating service which among other things, searches the world for imposter domains that resemble our domains. So it does find some of those but also finds ones that don't exist. It finds a lot of them. * In the 5th line of a dig response, there is the term Answer: then a number. * I would like to run dig with a text file of hostnames, and for the results to be two columns only: Column 1: the hostname for that row Column 2: either Answer: x or just x, the value of Answer. So far I can run dig with a bulk input file, but can't figure out how to filter the results and get them to display like that. If anyone could point me in the right direction I'd be grateful.

I want to do a bulk reverse DNS query to a specific nameserver. Currently, after searching here and Google. I got it to work for 1 entry at the time with the following command: dig @NAMESERVER -x 10.10.10.10 +short This returns exactly what I want. But If I want to do this for multiple IP addresses, it fails. What I did was to make a list of 2 IP addresses to test. I'm trying to use the following command: dig @NAMESERVER -x -f dnsquery.txt +short This does not show any result, what am I doing wrong? The input files has 2 lines, each with 1 IP address: 10.10.10.10 10.10.10.11

>ping can resolve hostname, while dig is unable to resolve the same hostname? I'm experiencing a strange issue, where ping is able to resolve some DNS hostname, while dig cannot. I've tried to dig +search to use the search entries in /etc/resolv.conf, or dig @ to set the nameserver explicitly, but that didn't help. How can I understand why ping resolves the hostnames, while dig is unable? kube@ctf-k8s-deploy-647d66b697-lxqkl:~$ cat /etc/resolv.conf nameserver 100.64.0.10 search default.svc.cluster.local svc.cluster.local cluster.local eu-central-1.compute.internal options ndots:5 kube@ctf-k8s-deploy-647d66b697-lxqkl:~$ dig +search ctf-k8s-deploy-647d66b697-lxqkl ; > DiG 9.11.5-P4-5.1-Debian > +search ctf-k8s-deploy-647d66b697-lxqkl ;; global options: +cmd ;; Got answer: ;; ->>HEADER> DiG 9.11.5-P4-5.1-Debian > @100.64.0.10 +search ctf-k8s-deploy-647d66b697-lxqkl ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 47568 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;ctf-k8s-deploy-647d66b697-lxqkl. IN A ;; Query time: 0 msec ;; SERVER: 100.64.0.10#53(100.64.0.10) ;; WHEN: Mon Mar 23 14:46:53 UTC 2020 ;; MSG SIZE rcvd: 60 kube@ctf-k8s-deploy-647d66b697-lxqkl:~$ ping ctf-k8s-deploy-647d66b697-lxqkl PING ctf-k8s-deploy-647d66b697-lxqkl (100.96.1.8) 56(84) bytes of data. 64 bytes from ctf-k8s-deploy-647d66b697-lxqkl (100.96.1.8): icmp_seq=1 ttl=64 time=0.019 ms 64 bytes from ctf-k8s-deploy-647d66b697-lxqkl (100.96.1.8): icmp_seq=2 ttl=64 time=0.019 ms 64 bytes from ctf-k8s-deploy-647d66b697-lxqkl (100.96.1.8): icmp_seq=3 ttl=64 time=0.021 ms ^C --- ctf-k8s-deploy-647d66b697-lxqkl ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 40ms rtt min/avg/max/mdev = 0.019/0.019/0.021/0.005 ms **Update**: /etc/hosts: kube@ctf1-deploy1-89b48b46-zkqld:~$ cat /etc/hosts # Kubernetes-managed hosts file. 127.0.0.1 localhost ::1 localhost ip6-localhost ip6-loopback fe00::0 ip6-localnet fe00::0 ip6-mcastprefix fe00::1 ip6-allnodes fe00::2 ip6-allrouters 100.96.3.22 ctf1-deploy1-89b48b46-zkqld /etc/resolv.conf: kube@ctf1-deploy1-89b48b46-zkqld:~$ cat /etc/resolv.conf nameserver 100.64.0.10 search ctf1-ns.svc.cluster.local svc.cluster.local cluster.local eu-central-1.compute.internal options ndots:5

I cannot find dig command on my Cygwin, nor any package name that would directly point to it. If there is a package containing it, then which one to install?

I'm using a local BIND9 server to host some local dns records. When trying to dig for a local domain name I can't find it if I don't explicitly tell dig to use my local BIND9 server. user@heimdal:~$ dig +short heimdal.lan.se user@heimdal:~$ dig +short @192.168.1.7 heimdal.lan.se 192.168.1.2 Ubuntu 17.04 and systemd-resolved are used. This is the content of my /etc/resolved # Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8) # DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN # 127.0.0.53 is the systemd-resolved stub resolver. # run "systemd-resolve --status" to see details about the actual nameservers. nameserver 127.0.0.53 And the output from systemd-resolve --status Global DNS Servers: 192.168.1.7 192.168.1.1 DNSSEC NTA: 10.in-addr.arpa 16.172.in-addr.arpa 168.192.in-addr.arpa 17.172.in-addr.arpa 18.172.in-addr.arpa 19.172.in-addr.arpa 20.172.in-addr.arpa 21.172.in-addr.arpa 22.172.in-addr.arpa 23.172.in-addr.arpa 24.172.in-addr.arpa 25.172.in-addr.arpa 26.172.in-addr.arpa 27.172.in-addr.arpa 28.172.in-addr.arpa 29.172.in-addr.arpa 30.172.in-addr.arpa 31.172.in-addr.arpa corp d.f.ip6.arpa home internal intranet lan local private test The DNS Servers section does seem to have rightfully configured 192.168.1.7 as the main DNS server (my local BIND9 instance). I can't understand why it's not used ... ?

Why do the commands dig and nslookup sometimes print different results? ~$ dig facebook.com ; > DiG 9.9.2-P1 > facebook.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6625 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 512 ;; QUESTION SECTION: ;facebook.com. IN A ;; ANSWER SECTION: facebook.com. 205 IN A 173.252.110.27 ;; Query time: 291 msec ;; SERVER: 8.8.8.8#53(8.8.8.8) ;; WHEN: Sun Oct 6 17:55:52 2013 ;; MSG SIZE rcvd: 57 ~$ nslookup facebook.com Server: 8.8.8.8 Address: 8.8.8.8#53 Non-authoritative answer: Name: facebook.com Address: 10.10.34.34

On Alpine Linux, I'd like to know how to extract just the IP address from a DNS / dig query. The query I'm running looks like this: lab-1:/var/# dig +answer smtp.mydomain.net +short smtp.ggs.mydomain.net 10.11.11.11 I'd like to be able to get just the IP address returned. I'm currently playing around with the bash pipe and the awk command. But so far, nothing I've tried is working. Thanks.

i have a problem with DNS resolution. The routing seems to work, because I can ping other servers and traceroute also works. But using dig, i get the a address for 'a.root-servers.net not found error. I'm on opensuse leap 15.4. dig +trace google.de @1.1.1.1 ; > DiG 9.16.20 > +trace google.de @1.1.1.1 ;; global options: +cmd . 515724 IN NS a.root-servers.net. . 515724 IN NS b.root-servers.net. . 515724 IN NS c.root-servers.net. . 515724 IN NS d.root-servers.net. . 515724 IN NS e.root-servers.net. . 515724 IN NS f.root-servers.net. . 515724 IN NS g.root-servers.net. . 515724 IN NS h.root-servers.net. . 515724 IN NS i.root-servers.net. . 515724 IN NS j.root-servers.net. . 515724 IN NS k.root-servers.net. . 515724 IN NS l.root-servers.net. . 515724 IN NS m.root-servers.net. . 515724 IN RRSIG NS 8 0 518400 20230209050000 20230127040000 951 . PHk0oAh7B64P4athdNaFRLc2Q/IPUaMhDOdxt98tIfOy7AN4BvWteUMg e1lmRQrHW1V6hPAGoKxNm72DV03Dvg25qZyFC8i2pm5ynEOXHUaGNDVQ +pTLw7xFB9l53WmkEXkjBXa4Zym7BankEClAWJOguovlO3jkFHcdVc6J OAT/jNzQ6RCorSSi027oQ+tc2zfc64IFCqg3z43VQx6eFtW+FtzUAvGT lmpbaOiKiZwEOb7Q9ltpqJc8c62uJWr3l2AU0f6ya4bqEU7ELVw5WA90 A6pC9/L2VQL0h83dnzRlRVTR8wwL2dO50sAOyuuItmgJxj/D2oHJi/A+ qnGIrw== couldn't get address for 'a.root-servers.net': not found couldn't get address for 'b.root-servers.net': not found couldn't get address for 'c.root-servers.net': not found couldn't get address for 'd.root-servers.net': not found couldn't get address for 'e.root-servers.net': not found couldn't get address for 'f.root-servers.net': not found couldn't get address for 'g.root-servers.net': not found couldn't get address for 'h.root-servers.net': not found couldn't get address for 'i.root-servers.net': not found couldn't get address for 'j.root-servers.net': not found couldn't get address for 'k.root-servers.net': not found couldn't get address for 'l.root-servers.net': not found couldn't get address for 'm.root-servers.net': not found dig: couldn't get address for 'a.root-servers.net': no more Edit: Current /etc/resolv.conf: ### /etc/resolv.conf is a symlink to /var/run/netconfig/resolv.conf ### autogenerated by netconfig! # # Before you change this file manually, consider to define the # static DNS configuration using the following variables in the # /etc/sysconfig/network/config file: # NETCONFIG_DNS_STATIC_SEARCHLIST # NETCONFIG_DNS_STATIC_SERVERS # NETCONFIG_DNS_FORWARDER # or disable DNS configuration updates via netconfig by setting: # NETCONFIG_DNS_POLICY='' # # See also the netconfig(8) manual page and other documentation. # ### Call "netconfig update -f" to force adjusting of /etc/resolv.conf.

I'm trying to test some nameservers against a domain name. For that, I created a script that reads a list of nameservers and asks for a domain name. Something basic like this: #!/bin/bash domain=$1 [ -z $domain ] && read -p "DOMAIN NAME: " domain namefile="./nameserver" echo "RESULT - NAMESERVER DOMAIN IP" for host in $(cat "$namefile"); do IPADD=$(dig +short "$host" "$domain" A 2> /dev/null) [[ ! -z $IPADD ]] && result="OK" || result="FAIL" echo "$result - Nameserver: $host - Domain: $domain - IP answer: $IPADD" done The issue I'm having is that, when Dig fails, it is not redirecting errors to null. Thus, the $IPADD variable receives a wrong value. # CORRECT nameserver # dig +short @8.8.8.8 google.com A 2> /dev/null 142.250.218.206 --- # WRONG nameserver # dig +short @8.8.8.80 google.com A 2> /dev/null ;; connection timed out; no servers could be reached If I test it with a wrong nameserver address, I still get an error message, like shown above. As I understand, when redirecting to null, it should **not** display that error message. Any idea? Thank you.

I've pored over the man pages and I'm pretty sure the answer is "no" but is there a way to prevent dig from resolving a CNAME record for a host? For example:

$ dig +short mail.yahoo.com A
edge.gycpi.b.yahoodns.net.
66.218.84.40
66.218.84.44
66.218.84.41
66.218.84.45
66.218.84.42
66.218.84.43

There is not an A record for this host, so I should get no answer. It seems like A and AAAA are treated differently from any other record type in this regard. I've tried the +norecurse and +noadditional options without success. I can easily parse the response in my script to see if it has multiple lines where the first one is a FQDN, but it feels like I shouldn't have to.

When I do a dig on a hostname, in our network, it doesn't not give me the IP address, but when I add the domain name it does work or when I do a **dig +search** Why is the domain name a prerequisite for DIG to resolve the hostname to IP?