반응형
dig (domain information groper) 란?
dig는 네트워크 관리 도구 중 하나로 DNS (Domain Name System) 를 질의할 수 있는 도구입니다.
nslookup 도구를 사용하여 DNS 를 질의할 수 있지만, 보다 더 편한 인터페이스와 사용법을 제공합니다.
이와 더불어 IDN (Internationalized Domain Name) 쿼리를 지원합니다. (nslookup도 지원)
dig 설치
최근 OS들에는 dig 커맨드가 기본으로 설치되어 있습니다.
만약, dig 커맨드가 없을 경우 아래의 방법으로 설치하면 됩니다.
Mac
brew install dig
Windows
첫 번째 방법으로는, ISC 다운로드 에 접속하여 다운로드 할 수 있습니다.
두 번째 방법으로는 WSL (Windows Subsystem for Linux) 를 다운로드 하여 사용하는 것 입니다.
dig 사용법
dig는 간단하게 조회하고자 하는 도메인명을 입력하면 됩니다.
dig 기본 문법은 아래와 같습니다.
Usage: dig [@global-server] [domain] [q-type] [q-class] {q-opt}
{global-d-opt} host [@local-server] {local-d-opt}
[ host [@local-server] {local-d-opt} [...]]
우선, www.naver.com 의 ip 주소를 알고 싶을 땐, 아래와 같이 입력하면 됩니다.
$ dig www.naver.com
; <<>> DiG 9.10.6 <<>> www.naver.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56148
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.naver.com. IN A
;; ANSWER SECTION:
www.naver.com. 21427 IN CNAME www.naver.com.nheos.com.
www.naver.com.nheos.com. 151 IN A 210.89.160.88
www.naver.com.nheos.com. 151 IN A 125.209.222.142
;; Query time: 8 msec
;; SERVER: 210.220.163.82#53(210.220.163.82)
;; WHEN: Sun May 17 21:46:54 KST 2020
;; MSG SIZE rcvd: 108
+short 옵션을 주면, 질의 결과를 짧게 볼 수 있습니다.
$ dig www.naver.com +short
www.naver.com.nheos.com.
125.209.222.142
210.89.160.88
쿼리 타입 지정 조회 (CNAME 레코드 조회)
도메인을 질의할 때, 쿼리 타입을 지정할 수 있습니다.
여기서는 CNAME을 지정하겠습니다.
$ dig www.naver.com cname
; <<>> DiG 9.10.6 <<>> www.naver.com cname
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52572
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.naver.com. IN CNAME
;; ANSWER SECTION:
www.naver.com. 18905 IN CNAME www.naver.com.nheos.com.
;; Query time: 26 msec
;; SERVER: 210.220.163.82#53(210.220.163.82)
;; WHEN: Sun May 17 21:47:18 KST 2020
;; MSG SIZE rcvd: 79
데이터 타입을 any로 지정할 경우, 해당 존 (zone)에 설정된 다양한 타입을 확인할 수 있습니다.
$ dig naver.com any
; <<>> DiG 9.10.6 <<>> naver.com any
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48210
;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;naver.com. IN ANY
;; ANSWER SECTION:
naver.com. 0 IN TXT "v=spf1 include:_spfblocka.naver.com include:_spfblockb.naver.com include:_spfblockc.naver.com include:_spfblockd.naver.com include:_spfblocke.naver.com include:_spfblockf.naver.com include:spf.worksmobile.com ~all"
naver.com. 0 IN TXT "google-site-verification=fK9dDFcEOeNM2Wr3xzNAN-XLcerfAGpOABdSYiqw4_s"
naver.com. 0 IN TXT "google-site-verification=TX2ZPeYhsJwJ-zQKOLMgqsTx4R5mAlBy2CjxIcl2Xgc"
naver.com. 300 IN SOA ns1.naver.com. webmaster.naver.com. 2020051502 21600 1800 1209600 180
naver.com. 51181 IN NS ns2.naver.com.
naver.com. 51181 IN NS ns1.naver.com.
;; Query time: 8 msec
;; SERVER: 210.220.163.82#53(210.220.163.82)
;; WHEN: Sun May 17 21:47:48 KST 2020
;; MSG SIZE rcvd: 508
네임서버 지정
@[네임서버이름] 을 통해 특정 네임서버를 선택해 질의할 수 있습니다.
해당 옵션을 사용하여 특정 국가의 cache dns 에 질의를 해볼 수 있습니다. (예시, 중국 cache dns)
구글 public dns 인 8.8.8.8 를 지정하여, 질의 할 경우 아래와 같습니다.
$ dig @8.8.8.8 www.naver.com
; <<>> DiG 9.10.6 <<>> @8.8.8.8 www.naver.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27776
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;www.naver.com. IN A
;; ANSWER SECTION:
www.naver.com. 21182 IN CNAME www.naver.com.nheos.com.
www.naver.com.nheos.com. 10479 IN CNAME www.naver.com.edgekey.net.
www.naver.com.edgekey.net. 21539 IN CNAME e6030.a.akamaiedge.net.
e6030.a.akamaiedge.net. 19 IN A 23.46.23.18
;; Query time: 63 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Sun May 17 21:53:47 KST 2020
;; MSG SIZE rcvd: 164
DNS 질의 추적
+trace 옵션을 통해 root 네임서버 부터, 질의한 도메인의 네임서버까지의 흐름을 확인할 수 있습니다.
$ dig www.naver.com +trace
; <<>> DiG 9.10.6 <<>> www.naver.com +trace
;; global options: +cmd
. 497291 IN NS m.root-servers.net.
. 497291 IN NS l.root-servers.net.
. 497291 IN NS b.root-servers.net.
. 497291 IN NS j.root-servers.net.
. 497291 IN NS c.root-servers.net.
. 497291 IN NS d.root-servers.net.
. 497291 IN NS a.root-servers.net.
. 497291 IN NS e.root-servers.net.
. 497291 IN NS k.root-servers.net.
. 497291 IN NS g.root-servers.net.
. 497291 IN NS h.root-servers.net.
. 497291 IN NS i.root-servers.net.
. 497291 IN NS f.root-servers.net.
;; Received 251 bytes from 210.220.163.82#53(210.220.163.82) in 14 ms
com. 172800 IN NS a.gtld-servers.net.
com. 172800 IN NS b.gtld-servers.net.
com. 172800 IN NS c.gtld-servers.net.
com. 172800 IN NS d.gtld-servers.net.
com. 172800 IN NS e.gtld-servers.net.
com. 172800 IN NS f.gtld-servers.net.
com. 172800 IN NS g.gtld-servers.net.
com. 172800 IN NS h.gtld-servers.net.
com. 172800 IN NS i.gtld-servers.net.
com. 172800 IN NS j.gtld-servers.net.
com. 172800 IN NS k.gtld-servers.net.
com. 172800 IN NS l.gtld-servers.net.
com. 172800 IN NS m.gtld-servers.net.
com. 86400 IN DS 30909 8 2 E2D3C916F6DEEAC73294E8268FB5885044A833FC5459588F4A9184CF C41A5766
com. 86400 IN RRSIG DS 8 1 86400 20200530050000 20200517040000 48903 . T2Y9wYpYfgrt4Eebf81byyhpG/Pbc+Q8CMeIWeKMaAjxf/emVuZqIb/r P4XDVmAhjxbe4LT/7HN8zrimSw5fFPcMCRd904dERQSJn5+NlsIZCNUw nv9IoHlzSZUUHCa8GiLPtXX4V2PA7cIlomEJ1qRk2ZEksLYWNcjklOVi Otsiy1wpx9VX0APaM8MEO1SbIgY4BsFweALU8mKBUS697XzO4cjDz+O8 tnp6rY0zF0sYsExrZlgRxX36CN6B0VnakuTBK0jVHUQBohnzBo+efPYG tWdNQ5U5ID/sa0uj6CMXhFwciJw2OTxrs057rdqq2L7GYfEYhMNpqtqG eV7vqQ==
;; Received 1173 bytes from 199.7.91.13#53(d.root-servers.net) in 159 ms
naver.com. 172800 IN NS ns2.naver.com.
naver.com. 172800 IN NS ns1.naver.com.
CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 86400 IN NSEC3 1 1 0 - CK0Q1GIN43N1ARRC9OSM6QPQR81H5M9A NS SOA RRSIG DNSKEY NSEC3PARAM
CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 86400 IN RRSIG NSEC3 8 2 86400 20200521044944 20200514033944 39844 com. Uq5A4YKkaCM5nGg2yT6X/Tr81YIIM+nQbFDCxKZ+TpfyIhUnuG0fL8jA lDTGAJRIZbYDObcT7eF54Y3Q4Xs+YSzyDciBppTmv1DSVQQ3M4VUwmXf 9m+UUAFyTyN8tyG42+AAHOD21j6wCbXUZhzd27JSAHfvmeLRy3WkOBn9 huGPmwnMwiD6ueYSXrIMRX+dvcqV76um4wFw/gYIsii/jw==
6P7ERTLUIGM2RTE9MP0JB6J2THEI5ARD.com. 86400 IN NSEC3 1 1 0 - 6P7H26V3O7PUHS3BBHAED1P6LBRKMDR3 NS DS RRSIG
6P7ERTLUIGM2RTE9MP0JB6J2THEI5ARD.com. 86400 IN RRSIG NSEC3 8 2 86400 20200521052504 20200514041504 39844 com. G4AlHR0LqClWuo0Scyhq2DAKauP7uSqbR5ud2Svg1rynUqLFatKdX4wp vlR+6HbHX/nZ5ORiNpX9hb1g9AKPVLiAFQ5lzlEUZ7bdhoPR2rVoK/nU jS/73wULFTpt3Eb4GjDpvTJdtmOwN1o/QvXVbyaSWGkPJQAxkEcy6eBX gSjywAhmufrnwA6HjWeQB1ROH9/TtEaUsRfkBh9zSCz73A==
;; Received 659 bytes from 192.54.112.30#53(h.gtld-servers.net) in 40 ms
www.naver.com. 21600 IN CNAME www.naver.com.nheos.com.
;; Received 76 bytes from 125.209.248.6#53(ns1.naver.com) in 9 ms
여러 도메인 질의 (파일 읽기)
-f 옵션을 사용하면, 파일에 적힌 도메인들을 한 번에 질의할 수 있습니다.
$ cat domain_list.txt
www.naver.com
www.google.com
www.apple.com
$ dig -f domain_list.txt
; <<>> DiG 9.10.6 <<>> www.naver.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50822
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.naver.com. IN A
;; ANSWER SECTION:
www.naver.com. 21360 IN CNAME www.naver.com.nheos.com.
www.naver.com.nheos.com. 160 IN A 210.89.160.88
www.naver.com.nheos.com. 160 IN A 210.89.164.90
;; Query time: 37 msec
;; SERVER: 210.220.163.82#53(210.220.163.82)
;; WHEN: Sun May 17 22:01:30 KST 2020
;; MSG SIZE rcvd: 108
; <<>> DiG 9.10.6 <<>> www.google.com
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54003
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.google.com. IN A
;; ANSWER SECTION:
www.google.com. 294 IN A 172.217.174.100
;; Query time: 6 msec
;; SERVER: 210.220.163.82#53(210.220.163.82)
;; WHEN: Sun May 17 22:01:30 KST 2020
;; MSG SIZE rcvd: 59
; <<>> DiG 9.10.6 <<>> www.apple.com
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36643
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.apple.com. IN A
;; ANSWER SECTION:
www.apple.com. 1790 IN CNAME www.apple.com.edgekey.net.
www.apple.com.edgekey.net. 21480 IN CNAME www.apple.com.edgekey.net.globalredir.akadns.net.
www.apple.com.edgekey.net.globalredir.akadns.net. 3381 IN CNAME e6858.dsce9.akamaiedge.net.
e6858.dsce9.akamaiedge.net. 19 IN A 104.74.172.164
;; Query time: 6 msec
;; SERVER: 210.220.163.82#53(210.220.163.82)
;; WHEN: Sun May 17 22:01:30 KST 2020
;; MSG SIZE rcvd: 193
참고
2. dig man page
반응형
'Infra & Architecture > DNS' 카테고리의 다른 글
| [DNS] 퓨니코드(Punycode) 란? - 한글 도메인 (0) | 2020.05.06 |
|---|---|
| DNS over HTTPS (DoH) (0) | 2018.10.22 |
댓글