LinuxCommandLibrary

adig

Query DNS servers

TLDR

Display A (default) record from DNS for hostname(s)

$ adig [example.com]
copy

Display extra [d]ebugging output
$ adig -d [example.com]
copy

Connect to a specific DNS [s]erver
$ adig -s [1.2.3.4] [example.com]
copy

Use a specific TCP port to connect to a DNS server
$ adig -T [port] [example.com]
copy

Use a specific UDP port to connect to a DNS server
$ adig -U [port] [example.com]
copy

SYNOPSIS

adig [options] [@server] <name> [type]

PARAMETERS

-h, --help
    Display help and exit.


-V, --version
    Output version information.


-4
    Query IPv4 addresses only.


-6
    Query IPv6 addresses only.


-x
    Perform reverse (PTR) lookup.


--class=CLASS
    Set query class (default IN).


--type=TYPE
    Set query type (default A).


--tcp
    Use TCP transport.


--tls-hostname=NAME
    SNI hostname for DoT.


--http-host=HOST
    Host header for DoH.


--http-method=METHOD
    HTTP method for DoH (GET/POST).


--timeout=SECONDS
    Query timeout (default 5s).


--tries=TRIES
    Retry attempts (default 2).


--edns-size=SIZE
    EDNS UDP buffer size.


--edns-version=VERSION
    EDNS version.


--dnssec-ok
    Set DNSSEC OK bit.


--trace
    Enable query tracing.


--short
    Short output format.


--json
    JSON output.


DESCRIPTION

adig is a versatile command-line tool for performing DNS queries against various resolver types, including traditional UDP/TCP DNS, DNS-over-TLS (DoT), and DNS-over-HTTPS (DoH). It provides a simple interface similar to classic tools like dig but with native support for encrypted DNS protocols, making it ideal for testing secure resolvers.

Key features include automatic protocol detection based on server URI (e.g., tls://dns.quad9.net for DoT, https://dns.google/dns-query for DoH), EDNS options, DNSSEC validation signaling, JSON/shortened output formats, and tracing capabilities. Users specify queries as name [type [@server]], supporting A/AAAA/MX/TXT records and more.

Unlike dig, adig handles TLS/HTTPS natively without external dependencies, supports custom HTTP headers/methods for DoH, and offers precise timeout/retry controls. It's lightweight, written in Go, and excels in scripting or debugging modern DNS setups. Output mimics dig's verbosity but adds structured JSON for automation.

Common use: adig @8.8.8.8 example.com for plain DNS, or adig @https://cloudflare-dns.com/dns-query example.com MX --json for secure queries.

CAVEATS

Requires Go runtime or static binary; limited to supported protocols (no DNS-over-QUIC yet). Server URIs must be precise; plain IP defaults to UDP/53.

EXAMPLES

adig example.com (default Google DNS A query)
adig @tls://dns.quad9.net example.com AAAA --dnssec-ok (DoT with DNSSEC)
adig @https://dns.google/dns-query --http-method=POST MX mail.example.com --json

EXIT CODES

0: success
1: query failure
2: usage error
3: network/timeout error

HISTORY

Developed by Djinn Studios in Go (first release ~2020); inspired by dns.toys web tool. Focuses on encrypted DNS amid rising privacy concerns. Actively maintained on GitHub.

SEE ALSO

dig(1), drill(1), nslookup(1), host(1)

Copied to clipboard