How do i know if my domain/subdomain was digged by someone with any DNS dig tool? [closed]

Solution 1:

If you don't want people to see information in the DNS system, don't put it in the DNS system.

DNS servers only respond with the information you configure them to respond with. They don't care if the client is dig or a web browser. There's no way you can stop anyone from looking at your DNS records, and at the same time have a functioning DNS record.

Furthermore, DNS analytics is next to useless; the lookups doesn't really mean anything, as DNS is cached everywhere. You don't have any way to know what google's DNS servers (8.8.8.8, 8.8.4.4) sent the result they got from you to one client or a hundred million clients. In fact, there's no way you can tell.


As pointed out in a comment by Patrick Mevzek some tricks can be used to force queries to hit your servers, such as generating unique per-user names. This can be done through e.g. Javascript in a webpage. It's not as much a property of DNS as a property of how client software for common protocols work.

Solution 2:

Why do you care about that, first? And why do you focus on dig specially, it is far from the only DNS client, you have kdig or delve and many others, and any program using a DNS library, etc.

Also, yes, the DNS provider has the full list of DNS queries coming over it, but note that queries typically come from recursive resolver and the authoritative nameserver at the DNS provider side can not, just looking at a DNS packet, know if the client is dig or a recursive nameserver (there is no information on the client in the DNS message, besides its DNS question).

PS:

  • "A record is proxied": this is not typical DNS terminology, there is no proxy in the DNS, an A record maps an hostname to an IPv4 address
  • please use example.com when you want to obfuscate names