dig
dig (Domain Information Groper) is a command-line DNS lookup tool that queries nameservers for domain records on Linux and macOS.
- What dig Does and When to Use It
- How to Install dig
- Core Concepts of dig
- dig Query Syntax
- dig Output Sections
- dig Record Types
- dig Default Resolver
- Common Tasks with dig
- How to Query a Domain A Record with dig
- How to Perform a Reverse DNS Lookup with dig
- How to Query a Specific DNS Server with dig
- How to Trace the DNS Delegation Path with dig
- How to Query MX Records with dig
- How to Query NS Records with dig
- dig Flags and Options Reference
- Related Tools and Guides
Domain Information Groper (dig) is a command-line DNS lookup utility that queries Domain Name System (DNS) servers for domain records on Linux, macOS, and Windows.
What dig Does and When to Use It
Domain Information Groper (dig) sends DNS queries to nameservers and displays the responses. dig retrieves DNS records such as A, AAAA, MX, CNAME, NS, SOA, TXT, and PTR records for any domain. Network administrators and developers use dig to troubleshoot DNS resolution issues, verify DNS propagation after changes, and inspect the delegation path from root nameservers to authoritative servers.
dig is part of the Berkeley Internet Name Domain (BIND) suite, maintained by the Internet Systems Consortium (ISC). It replaces older tools such as
nslookup and
host with more detailed output and greater flexibility. dig runs on Linux, macOS, and Windows (via Cygwin or Windows Subsystem for Linux).
Use dig when a domain fails to resolve, when DNS records need verification, or when tracing the full resolution path from root servers through Top-Level Domain (TLD) servers to the authoritative nameserver. For quick one-off lookups where detailed output is unnecessary,
host or
nslookup may be simpler alternatives.
How to Install dig
dig ships preinstalled on most Linux distributions and on macOS. Verify whether dig is available by checking its version:
dig -vInstall dig on systems where it is missing:
Ubuntu / Debian:
sudo apt update && sudo apt install dnsutilsCentOS / RHEL / Fedora:
sudo dnf install bind-utilsArch Linux:
sudo pacman -S bind-toolsAlpine Linux:
sudo apk add bind-toolsmacOS (Homebrew):
brew install bindCore Concepts of dig
dig Query Syntax
dig follows the syntax
dig [@server] [name] [type] [options]. The
@server argument specifies which DNS resolver to query. The
name argument identifies the domain to look up. The
type argument selects the DNS record type (A, MX, NS, AAAA, CNAME, TXT, SOA, PTR, or ANY). Options modify the output format and query behavior.
dig Output Sections
dig divides its response into five sections. The HEADERsection shows the query status (NOERROR, NXDOMAIN, SERVFAIL), flags, and record counts. The QUESTIONsection repeats the query that was sent. The ANSWERsection contains the DNS records returned by the nameserver. The AUTHORITYsection lists the authoritative nameservers for the domain. The ADDITIONALsection provides extra records such as nameserver IP addresses. The statistics footer shows query time, responding server, and message size.
dig Record Types
dig queries different DNS record types to retrieve specific information. The A record maps a domain to an IPv4 address. The AAAA record maps a domain to an IPv6 address. The MX record identifies mail exchange servers for a domain. The NS record lists the authoritative nameservers. The CNAME record maps an alias to a canonical domain name. The TXT record holds text data such as SPF policies and domain verification strings. The SOA record contains zone authority metadata including the primary nameserver, administrator email, serial number, and Time to Live (TTL) values.
dig Default Resolver
dig reads the system's
/etc/resolv.conf file to determine which DNS resolver to use when no
@server argument is specified. Override this default by passing a specific resolver with the
@ prefix, such as
@8.8.8.8 for Google Public DNS or
@1.1.1.1 for Cloudflare DNS.
Common Tasks with dig
How to Query a Domain A Record with dig
dig queries the A record of a domain by default. Pass the domain name as the argument:
dig example.comAdd
+short to display the IP address without the full verbose output:
dig example.com +shortFor detailed options, see How to Use dig.
How to Perform a Reverse DNS Lookup with dig
dig performs a reverse DNS lookup with the
-x flag. Pass the IP address to find the associated domain name through a PTR record query:
dig -x 8.8.8.8For the full procedure, see How to Look Up a Domain by IP with dig.
How to Query a Specific DNS Server with dig
dig queries a specific DNS resolver when the
@server argument precedes the domain name. This bypasses the system's default resolver:
dig @8.8.8.8 example.comFor more details, see How to Query a Domain Using a Specific DNS Server with dig.
How to Trace the DNS Delegation Path with dig
dig traces the full DNS resolution path from root nameservers to the authoritative server with the
+trace option. This reveals each step of DNS delegation:
dig example.com +traceFor the complete walkthrough, see How to Trace the DNS Delegation Path with dig.
How to Query MX Records with dig
dig retrieves Mail Exchange (MX) records by specifying the MX record type after the domain name:
dig example.com MXHow to Query NS Records with dig
dig lists the authoritative nameservers for a domain with the NS record type:
dig example.com NSdig Flags and Options Reference
dig accepts command-line flags and query options prefixed with
+. The table below covers the most commonly used options.
| Flag / Option | Description | Default | Example |
|---|---|---|---|
@server | Query a specific DNS server instead of the system default resolver | System resolver from
/etc/resolv.conf | dig @8.8.8.8 example.com |
-x address | Perform a reverse DNS lookup to find the domain name for an IP address via PTR record | N/A | dig -x 93.184.216.34 |
-t type | Set the DNS record type to query (A, AAAA, MX, NS, CNAME, TXT, SOA, PTR, ANY) | A | dig -t MX example.com |
-p port | Send the query to a non-standard port number | 53 | dig -p 5353 example.com |
-4 | Force dig to use IPv4 transport only | Both | dig -4 example.com |
-6 | Force dig to use IPv6 transport only | Both | dig -6 example.com |
-f file | Read domain names from a file and query each one in batch mode | N/A | dig -f domains.txt |
+short | Display the answer in short form, showing the record value without headers or metadata | Off | dig example.com +short |
+noall +answer | Suppress all output sections, then re-enable the answer section for clean output | Full output | dig example.com +noall +answer |
+trace | Trace the DNS delegation path from root nameservers to the authoritative server | Off | dig example.com +trace |
+dnssec | Request DNSSEC records (RRSIG) to verify the authenticity of DNS responses | Off | dig example.com +dnssec |
+tcp | Force dig to use TCP instead of UDP for the query | UDP | dig example.com +tcp |
+time=N | Set the query timeout to N seconds | 5 | dig example.com +time=10 |
+tries=N | Set the total number of UDP query attempts | 3 | dig example.com +tries=5 |
+nocmd | Remove the initial comment line showing the dig version and query | On | dig example.com +nocmd |
+nocomments | Remove comment lines from the output | On | dig example.com +nocomments |
+nostats | Remove the statistics footer from the output | On | dig example.com +nostats |
For the complete flag and option reference, see dig References.
Related Tools and Guides
nslookup is an older DNS lookup tool that dig replaces for most diagnostic tasks. See
nslookupfor its usage.
host is a simpler DNS lookup tool that provides concise output without the detailed sections that dig displays. See
hostfor basic DNS queries.
The
.digrc configuration file stores default dig options that apply to every query. See
How to Use .digrcfor configuration details.