Skip to content

dig: add +human option

Description

I've spent a lot of time explaining dig to newcomers to DNS over the years, and I've found that they generally find dig's output format to be very inscrutable. Of course, there's always +short or +noall +answer for a terser output, but I generally want to explain more advanced DNS concepts to people (like glue records or SOA records for example), and for that you do need the full output.

Some specific things that I find confusing in dig's default output: (example output here)

  • There's some ASCII art decoration (<<>> DiG 9.10.6 <<>>, ->>HEADER<<-) that feels very ad hoc and it's hard to tell initially if those symbols are supposed to have some technical meaning. (why is ->>HEADER<-- styled like that, but not OPT PSEUDOSECTION?)
  • the header is split across 2 lines, and it's not completely clear that the second line is also part of the header
  • overall, it's not obvious which pieces of information are part of the DNS response itself and which aren't. For example, is global options: +cmd part of the DNS response? (of course it isn't, I don't think that's immediately obvious)
  • There's no newline between OPT PSEUDOSECTION and QUESTION SECTION, but there is a newline between QUESTION SECTION and ANSWER SECTION. There seems to be no reason for that inconsistency.
  • In MSG SIZE rcvd: 56, why are there two spaces between SIZE and rcvd? Are there more fields in MSG SIZE? (I checked the source code and the answer is no, the code says printf(";; MSG SIZE rcvd: %u\n", bytes);, so it seems like this is just an ad hoc choice)
  • The ;; prefix is confusing to many people. I realize it's because ; it's the comment character in a zone file, but I personally do not use bind or zone files and most DNS users I talk to don't either: they either use web-based admin consoles to administrate their DNS records or do it through an API like Route 53. So the ; character isn't familiar.

These might sound a little nitpicky -- each of these things on its own is pretty minor, and of course most users of dig learn to ignore them. But taken together I've found that newcomers are often misled into thinking that DNS responses are much more complicated than they actually are, which is really unfortunate.

I find the way Wireshark displays DNS packets to be much more clear (screenshot), even though they're both working at around the same level of detail.

Request

I realize that dig's default output format needs to remain relatively stable because people parse it in scripts. But would ISC be open to adding a +human (or something) option to dig that's designed to be more intuitive for newcomers to dig? Similarly to how du has an -h option.

I'm imagining something like this:

$ dig +human example.com
Received response from 192.168.1.1:53 (UDP), 68 bytes in 16ms
HEADER:
  status: NOERROR
  opcode: QUERY
  id: 15451
  flags: qr rd ra
  records: QUESTION: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

OPT PSEUDOSECTION:
  EDNS: version: 0, flags: None, udp: 4096

QUESTION SECTION:
  example.com.	IN	A

ANSWER SECTION:
  example.com.	78709	IN	A	93.184.216.34

I think the important thing is to make it easy for a newcomer to see at a glance that there are 4 parts to this DNS response (the header, the EDNS record, the question, and the answer)

I created a very rough proof of concept at https://github.com/jvns/dig-pretty that parses dig's +yaml format and outputs a format like what I suggested above, with a tiny bit of syntax highlighting for the DNS status code.

Alternatives I've considered

  • +short or +noall +answer are great for a lot of use cases, but as I mentioned above, they don't work for more advanced usage like looking at the SOA record on a NXDOMAIN response.
  • We already have +yaml, but I find +yaml to be extremely verbose (the output for dig +yaml example.com doesn't fit in my terminal window), and it's really a machine format and not a human format.
  • There are also alternative DNS tools (like dog) that aim to be more user friendly, but in general I've found those tools to be missing important features that dig has.

Thanks for considering this! I love dig and would love to see it become a little more approachable.

Links / references

Edited by Julia Evans
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information