dig
DNS lookup and troubleshooting utility
TLDR
Query DNS
SYNOPSIS
dig [@server] [name] [type]
DESCRIPTION
dig (Domain Information Groper) is a DNS lookup utility. It queries DNS servers for various record types, provides detailed responses, and is the preferred tool for DNS troubleshooting and analysis.
The command has largely replaced older tools like nslookup.
PARAMETERS
@server
Query specific DNS server+short
Brief output (just answer)+noall +answer
Show only answer section-x ip
Reverse lookup-t type
Record type (A, AAAA, MX, NS, etc.)+trace
Trace DNS delegation path+dnssec
Request DNSSEC records-4 / -6
Use IPv4 / IPv6 only
RECORD TYPES
A
IPv4 addressAAAA
IPv6 addressMX
Mail exchangeNS
Name serversTXT
Text recordsCNAME
Canonical name (alias)SOA
Start of authorityPTR
Reverse lookup pointerSRV
Service locatorANY
All available records
WORKFLOW
dig example.com
# Specific record type
dig example.com MX
dig example.com AAAA
# Short answer only
dig example.com +short
# Multiple queries
dig example.com A AAAA MX
# Query specific DNS server
dig @8.8.8.8 example.com
dig @1.1.1.1 example.com
# Reverse lookup
dig -x 8.8.8.8
# Trace delegation
dig example.com +trace
# Show only answer
dig example.com +noall +answer
# Query all records
dig example.com ANY
DNS SERVERS
Common public DNS:
- 8.8.8.8 - Google DNS
- 1.1.1.1 - Cloudflare DNS
- 9.9.9.9 - Quad9
ADVANCED QUERIES
dig example.com +dnssec
# Query specific port
dig -p 5353 example.com
# Batch file queries
dig -f domains.txt
# TCP instead of UDP
dig +tcp example.com
# Show query time
dig example.com +stats
OUTPUT SECTIONS
QUESTION - Query sent
ANSWER - Response records
AUTHORITY - Authoritative nameservers
ADDITIONAL - Additional information
CAVEATS
Requires network connectivity. Default uses system DNS. Complex output for beginners. Some ISPs intercept DNS. DNSSEC validation requires proper setup. Large queries may timeout.
HISTORY
dig was developed by Steve Hotz at USC's Information Sciences Institute in 1989, becoming part of BIND and the standard DNS debugging tool.