How to Properly Set DNS Query Timeout with dig +time Option


3 views

The +time option in dig controls the total time allowed for the complete DNS query operation. However, many users report confusion when the timeout doesn't work as expected, particularly in these common scenarios:

dig +time=5 @hii.com hello.me
dig @hii.com hello.me +time=5

The timeout behavior depends on several factors:

  • The +time value sets the total timeout per query, not per server
  • DNS servers may ignore client-side timeout requests
  • Network conditions can override your specified timeout

For more reliable timeout control, combine multiple parameters:

dig +time=5 +tries=2 @hii.com hello.me

This ensures:

  1. Maximum 5 seconds total timeout
  2. Only 2 query attempts maximum

For complete timeout control, wrap dig in a timeout command:

timeout 5 dig @hii.com hello.me

This uses the system's timeout command to forcefully terminate the dig process after 5 seconds.

To understand what's happening with your queries, use verbose mode:

dig +time=5 +cmd +stats @hii.com hello.me

The output will show detailed timing information and where the query might be hanging.

Many developers encounter unexpected behavior when using dig's timeout option. The key thing to understand is that +time doesn't work like a conventional timeout parameter. Here's what actually happens:

# This won't necessarily stop after 5 seconds
dig @8.8.8.8 example.com +time=5

The +time parameter sets the total time dig will wait for a response, but it's implemented as:

  • Initial timeout: 5 seconds (when +time=5)
  • If no response, it retries with exponential backoff
  • The sum of all retries won't exceed your specified timeout

For strict timeout control, combine these options:

dig +time=5 +tries=1 @ns1.example.com domain.com

Or use the Linux timeout command:

timeout 5 dig @ns1.example.com domain.com

Here's how to implement proper DNS query timeouts in scripts:

#!/bin/bash
# Set hard timeout of 3 seconds
TIMEOUT=3
if output=$(timeout $TIMEOUT dig +short @1.1.1.1 example.com); then
    echo "DNS response: $output"
else
    echo "Query timed out after $TIMEOUT seconds"
fi
  • Always specify both +time and +tries for predictable behavior
  • Consider using DoH (DNS-over-HTTPS) for more reliable timeouts
  • For production systems, implement retry logic in your application code