Make the dig command more efficient with scripts!

Introduction

Hi, I'm Kita, a third-year engineer.
How do you all typically use the dig (Domain Information Groper) command, which is often used for checking domain settings?
This time, I'd like to introduce some ways to streamline the dig command using scripts!

dig command

To reiterate, the dig (Domain Information Groper) command is an essential and convenient tool for infrastructure engineers, used to query DNS servers with questions such as "What is the IP address of this domain?" and "Where is the mail server?".
the dig commandour company blogWe have already introduced

Although the dig command is useful, it has the following two drawbacks:

1.Limitations of type specification:
Because dig can only query one record type at a time, even if you list them like "dig domain A MX ", only the last specified MX record will actually be queried.
Therefore, if you want to check multiple types, you need to run dig for each type individually.

2.The obsolescence of ANY queries:
Previously, specifying a domain like "dig beyondjapan.com ANY " allowed you to retrieve multiple records set for that domain at once.
developed by the Internet Engineering Task Force RFC8482 , implementations now generally return only a minimal response to ANY queries.

[Examples of ANY failures]

beyondjapan.com. 3600 IN HINFO "RFC8482" ""

* HINFO "RFC8482" is a rejection response from the server saying "We do not provide a bulk response, so please make individual requests."

Automatic continuous queries with scripts

If the `dig` command cannot retrieve all the data at once, you would normally have to manually enter the command multiple times.
However, this becomes more time-consuming as the number of records to be searched increases, and it also increases the likelihood of errors such as overlooking something.

Therefore, this time, we will introduce a technique to save the trouble of manually re-entering commands multiple times and to retrieve multiple records accurately all at once by separating the "survey items (txt)" and the "execution program (script)"!

How to execute the script

① Create a list of records to investigate.
First, in your local environment (Ubuntu / WSL, etc.), create a text file (records.txt) in which you list the record types you want to investigate for the target domain, one per line. Move to the directory below and prepare it as follows.

vi records.txt

■ Contents of records.txt

A MX TXT NS

② Create the execution script
Next, create a script (dig-check.sh) that automatically reads the above list (records.txt) and executes dig repeatedly.
*Since records.txt and dig-check.sh are created by specifying only the filename of records.txt within the script, please create them in the same directory to prevent read errors (file not found)!

vi dig-check.sh

■ Contents of dig-check.sh

#!/bin/bash DOMAIN=$1 # Display an error if no domain name is specified if [ -z "$DOMAIN" ]; then echo "Usage: ./dig-check.sh [Domain name]" exit 1 fi echo "--- Domain: $DOMAIN ---" # Read and execute records.txt line by line while read type; do # Skip if there is an empty line [ -z "$type" ] && continue echo "[$type Record]" dig $DOMAIN $type +short echo "" done < records.txt

 ③ Granting execution permissions to the script
The script created in step ② (dig-check.sh) is not yet recognized as a "file that can be executed".

■Permission status of the script (dig-check.sh) after creation

-rw-r--r-- 1 root root 453 Feb 26 17:59 dig-check.sh

Type the following command to grant permissions:

chmod +x dig-check.sh

■ Permission status of the script (dig-check.sh) after adjustment

-rwxr-xr-x 1 root root 453 Feb 26 17:59 dig-check.sh

*Since records.txt is a text file, this operation is not necessary

Text file (records.txt): The script only "reads" the contents, so it can run with standard permissions (-rw-r--r--).
Script file (dig-check.sh): Permissions must be set because the OS needs to be given permission to run this as a program (+x: execute permission).

④ Specify a domain and run.
This time, we will run it using "example.com" as an example.
With this, the items written in records.txt will be output all at once by the script, so you can check the settings in a shorter amount of time!
* ./ means "execute the file in the current directory", so if you are in a different directory, please move to the target directory before running it.

./dig-check.sh example.com

■ Output results

--- Domain: example.com --- [A Record] 104.18.27.120 104.18.26.120 [MX Record] 0 . [TXT Record] "v=spf1 -all" "_k2n1y4vw3qtb4skdx9e7dxt97qrmmq9" [NS Record] elliott.ns.cloudflare.com. hera.ns.cloudflare.com.

Notes on script execution

The bulk acquisition script introduced here is merely a tool that checks the items listed in records.txt in order. Therefore, while it is convenient, please be aware of the following two points!

■Unknown records cannot be found:
For example, if you only list "A/MX" in records.txt, even if a TXT record is set for the target domain, it will not be displayed.

■ It's not possible to check "everything that's registered":
Due to the nature of DNS, it's difficult to obtain a complete "list of configured records" from the server side.
Therefore, this method is not intended to "obtain all settings from a state where you don't know what's registered," but rather to check a predetermined number of records faster and more accurately than manually.

Conclusion

"You used to type commands one by one" - checking multiple settings with the dig command. With a little ingenuity, separating the txt file and scripts, you can prevent human errors such as missing checks when executing them manually, and save a lot of time!

This time, we introduced an example of checking multiple settings for a single domain, but in practice, there may be situations where you want to check all 10 domains you manage.
In that case, you can handle it by preparing a domain list (domains.txt) and creating a nested loop in the script.

I hope to provide a more detailed introduction on another occasion!
I hope this article has been helpful to you.
Thank you for reading to the end.