Domain Information Groper AKA 'dig'
What is dig?
The dig command is a network administration tool used for querying DNS name servers. It’s part of the BIND (Berkeley Internet Name Domain) software suite.
Why use dig over nslookup?
While nslookup is an older, classic tool, dig is widely considered its superior successor.
-
Detailed Output:
digprovides much more technical data about the query process. -
Flexibility: It allows you to specify exactly which DNS server to query and which record types to fetch.
-
Standardized: It follows DNS standards more strictly, making it the go-to for professionals.
How to Install dig
Most Linux distributions and macOS come with dig pre-installed.
- Linux (Ubuntu/Debian):
sudo apt install dnsutils - Linux (CentOS/Fedora):
sudo yum install bind-utils - macOS: Pre-installed (accessible via Terminal).
- Windows: Use the Winget package manager:
winget install ISC.BIND
The Anatomy of a dig Command
The basic syntax looks like this:
dig [@server] [domain] [type]
@server: (Optional) The specific DNS server you want to ask (e.g.,@8.8.8.8).domain: The website you are investigating.type: The specific record you want (A, MX, TXT, etc.).
Real-World Examples
1. The Basic Query
If you just want to see where a domain is pointing, run:
dig google.com
What to look for: The ANSWER SECTION. It will show you the IP address (A record) associated with the domain.
2. Get a Clean, Short Answer
The default output is very “chatty.” If you only want the IP address and nothing else, use +short:
dig google.com +short
Output: 142.250.190.46
3. Check Mail Servers (MX Records)
Troubleshooting why emails aren’t arriving? Check the Mail Exchanger records:
dig google.com MX
4. Query a Specific DNS Server
Sometimes your local ISP’s DNS is lagging. You can “ask” Google’s DNS (8.8.8.8) directly to see if it has the updated info:
dig @8.8.8.8 google.com
5. Reverse DNS Lookup
If you have an IP address and want to know what domain it belongs to, use the -x flag:
dig -x 8.8.8.8 +short
Output: dns.google.
6. The “Trace”
This is the most powerful feature for experts. It shows every step the query takes, from the “Root” servers down to the specific domain’s name server:
dig google.com +trace
Pro-Tip
If you want the full technical details but find the default comments and headers distracting, use this combination:
dig google.com +noall +answer
This tells dig to “hide everything” (+noall) and then “only show the answer” (+answer).
Summary Table of Common Record Types
| Type | Use Case |
|---|---|
| A | Maps a domain to an IPv4 address. |
| AAAA | Maps a domain to an IPv6 address. |
| MX | Identifies the mail servers for the domain. |
| TXT | Often used for security (SPF, DKIM) and site verification. |
| NS | Shows the authoritative Name Servers for the domain. |
| CNAME | Shows if a domain is an alias for another domain. |
dig is an essential tool for anyone working with the web. Next time a site disappears, you can just start digging.