The DNS (Domain Name System) is the process that allows the machines to resolve the domains to the IP addresses. When the user enters the domain name into the internet browser, the computer sends the request to the DNS servers to resolve the searched domain to an IP address. After the DNS request, an IP address is mapped against the searched domain name, which is used to access the internet resources or information that are also in the IP address format.
The computer uses the DNS-returned IP address to connect with the server hosting the searched domain name (website).
This guide will cover the methods to search DNS history in Linux using the following methods:
- How to search DNS history in Linux?
- Search DNS History Using dig Command
- Search DNS History Using host Command
- Search DNS History Using nslookup Command
Let’s get into the basics of the DNS history.
How to Search DNS History in Linux?
There are several methods to search DNS history in Linux, which will be discussed in this section.
First, let’s discuss the type of records in which the DNS details are stored.
Several types of records store the DNS information in different protocols. The commonly used DNS record types are as follows:
- A Record: This type of record directly links the hostname to an IP address (ipv4).
- AAAA Record: It links the hostname to the Ip address via the ipv6 protocol.
- MX Record: It links the message transfer agents to the domain name.
- NS Record: It links the servers that share the information to the DNS.
- SIG Record: This signature record specifically links to the encrypted protocols.
- TXT Record: It shows the details, such as ownership of the domains.
Method 1: Search DNS History Using dig Command
The most used command for searching the DNS history in Linux is the “dig” (Domain Information Groper) command. The dig command performs the DNS lookup and provides detailed information about the DNS servers. The dig command queries the DNS servers and fetches the information about the DNS records.
The basic syntax of the dig command is as follows:
$ dig <server> <name> <type>
- server: The hostname or IP address of the query DNS.
- name: The name of the DNS server.
- type: The type of record that the query should return.
To find the DNS history in Linux using the dig command for the domain name “google.com”, the below dig command is executed:
Note: The default DNS record type is “A”.
$ dig google.com
The above output contains different information about the google.com domain, which also shows that the “google.com” domain is mapped against the “188.8.131.52” IP address.
To get the DNS records for every record type, use the “ANY” option with the dig command shown below:
$ dig google.com ANY
It shows the different types of records (A, AAAA, MX, SOA, NS) that store the DNS history.
The “+tries=<number-of-queries>” option can set the number of DNS servers you want to query. To search for the DNS history for the domain “google.com” three times, execute the below-written command:
$ dig +tries=3 google.com
The output shows the result in the 1st query.
The “t” option is used to get the specific DNS record type. To search for the google.com domain name by performing the “MX” search type, use the below command:
$ dig -t MX google.com
It shows the DNS history record in MX format.
Similarly, to search the DNS for the google.com domain name for record type “TXT”, the below command is utilized:
$ dig -t TXT google.com
To get the IP address only that is associated with the domain name “google.com” the “+short” option is utilized:
$ dig google.com +short
For getting the detailed information about the domain “google.com” using the “+noall” option that clears the options for the dig command and “answer” shows the as the output:
$ dig google.com +noall +answer
We can do the reverse DNS search with the dig command “x” option which will provide the domain name with its “ip address”. For instance, to find the DNS by using its IP address:
$ dig -x 192.168.141.130
Set the DNS Search Options Permanently
We can permanently set the DNS search options to get the search history for any domain. To set the DNS options permanently, use the dig configuration file by following the below steps:
Open the “~/.digrc” file in the nano editor:
$ sudo nano ~/.digrc
Add the options you want to use by default permanently
Save the “~/.digrc” file and quit the nano editor.
Now, when you run any dig command, it will display the answers with “+noall”, and “+answer” options by default:
$ dig google.com
It displays the DNS information in pre-formatted output.
Method 2: Search DNS History Using host Command
The host command is a DNS lookup command that allows the users to search for DNS history. The “a” option searches for all the DNS history records. For instance, to do a DNS search for the “goole.com” domain with the host command, run the below command:
$ host -a google.com
To perform the “A” type DNS search for google.com, run:
$ host -t A google.com
To do the “MX” type DNS search for “google.com”, execute:
$ host -t MX google.com
For searching the “TXT” type DNS lookup, use:
$ host -t TXT google.com
Method 3: Search DNS History Using nslookup Command
Another command to search the DNS history is “nslookup” (Name server lookup). This command is used to get the information from the DNS. For instance, to search the DNS history for the domain “google.com”, utilize the below command:”
$ nslookup google.com
To perform every type of DNS record search for the domain “google.com”, use the “-type=any” option as shown below:
$ nslookup -type=any google.com
To search the “google.com” for the DNS lookup record type “MX”, use the below command:
$ nslookup -type=MX google.com
It shows the DNS history in MX format.
To search the “TXT” type DNS lookup for “google.com”, use:
$ nslookup -type=TXT google.com
That’s how you can search DNS history in Linux.
The DNS server in Linux converts the domain name to a universally readable IP address that allows the access of other servers’ resources to the local domain. We can search the DNS history in Linux using the “dig”. “Host” and “nslookup” commands. Moreover, we can set the default options permanently to display the DNS search result in pre-formatted output.