What is the dig command used for?

dig is used to query DNS records from the command line, including A, AAAA, MX, TXT, NS, CNAME and SOA records.

How do I install dig on Ubuntu?

Install the dnsutils package with sudo apt update and sudo apt install dnsutils.

How do I check MX records with dig?

Run dig example.com MX to check mail exchanger records for a domain.

How do I query a specific DNS resolver with dig?

Place the resolver before the domain, for example dig @1.1.1.1 example.com A +short.

Where can I build dig commands?

Use the dig Command Builder on CommandLineQuiz to generate common DNS lookup commands.

dig command guide banner showing DNS lookup examples

DNS troubleshooting

dig Command Guide: DNS Lookups from the Linux Terminal

The dig command is one of the most useful tools for checking DNS records from the terminal. This guide covers installation, basic syntax, record types, custom resolvers, reverse DNS and practical troubleshooting examples.

Open dig Builder View dig Cheat Sheet Nmap Builder

Overview

What is the dig command?

dig, short for Domain Information Groper, is a command line DNS lookup tool. It asks DNS servers for records such as A, AAAA, MX, TXT, NS and CNAME.

It is useful when checking whether a website points to the right IP, whether email records are correct, whether TXT verification records exist, or whether DNS is different from one resolver to another.

Want to generate the command faster? Use the dig Command Builder and keep the dig Cheat Sheet nearby.

How to install dig

Ubuntu or Debian

sudo apt update
sudo apt install dnsutils

AlmaLinux, Rocky, RHEL or CentOS

sudo dnf install bind-utils

Fedora

sudo dnf install bind-utils

Arch Linux

sudo pacman -S bind

Check it works

dig -v

Basic syntax

dig [server] name [type] [options]

Basic A lookup

dig example.com A

Short answer only

dig example.com A +short

Query a resolver

dig @8.8.8.8 example.com A

Trace delegation

dig +trace example.com

Example output

$ dig example.com A +short
93.184.216.34

Common DNS record types

Record	Purpose	Example
`A`	IPv4 address	`dig example.com A`
`AAAA`	IPv6 address	`dig example.com AAAA`
`MX`	Mail exchangers	`dig example.com MX`
`TXT`	SPF, DKIM, verification and policy records	`dig example.com TXT`
`NS`	Authoritative nameservers	`dig example.com NS`
`CNAME`	Alias record	`dig www.example.com CNAME`
`SOA`	Start of authority	`dig example.com SOA`

Check different resolvers

Different resolvers may return different answers while DNS is propagating. Querying a specific resolver helps compare results.

Google DNS

dig @8.8.8.8 example.com A +short

Cloudflare DNS

dig @1.1.1.1 example.com A +short

Quad9 DNS

dig @9.9.9.9 example.com A +short

Authoritative NS

dig @ns1.example.com example.com A

Reverse DNS lookups

Use -x to check PTR/reverse DNS for an IP address.

dig -x 8.8.8.8 +short

Example output:

dns.google.

Useful dig examples

Check website IP

dig example.com A +short

Check IPv6

dig example.com AAAA +short

Check mail routing

dig example.com MX

Check SPF TXT

dig example.com TXT

Check nameservers

dig example.com NS +short

Show only answer section

dig example.com A +noall +answer

External references

Practical DNS workflow

Which dig command should you run first?

When DNS looks broken, avoid random checks. Start with the record you expect to exist, then compare it from more than one resolver.

Problem	Start with	What it tells you
Website not resolving	`dig example.com A +short`	Whether the domain returns an IPv4 address.
Email delivery issue	`dig example.com MX +short`	Which mail exchangers are published.
SPF, DKIM or verification issue	`dig example.com TXT +short`	Whether TXT records are visible publicly.
Propagation concern	`dig @1.1.1.1 example.com A +short`	What a specific public resolver sees.
Nameserver mismatch	`dig example.com NS +short`	Which authoritative nameservers are delegated.

Output examples

Useful dig output examples

Use +short when you need a quick answer. Remove it when you need TTLs, flags and the full response.

$ dig example.com A +short
93.184.216.34

$ dig example.com MX +short
10 mail.example.com.

$ dig example.com TXT +short
"v=spf1 include:_spf.example.net ~all"

If one resolver returns the old value and another returns the new value, the issue is usually cache or propagation rather than a missing DNS record.

FAQ

Frequently Asked Questions

What does dig +short do?

dig +short prints a compact answer without the full DNS response header, making it useful for quick checks and scripts.

How do I check DNS propagation with dig?

Query more than one resolver, for example dig @1.1.1.1 example.com A +short and dig @8.8.8.8 example.com A +short, then compare the answers.

Why does dig show no answer?

The record may not exist, the domain may use different nameservers, DNSSEC may be failing, or the resolver may not have a current answer yet.

Is dig better than nslookup?

dig usually gives more detailed DNS troubleshooting output, while nslookup is simpler and widely available.

$ practise_next --topic dns

Practise this next

Turn the guide into practice with a related quiz, builder, cheat sheet or learning path.

[1]Use the dig Command BuilderBuild DNS lookup commands for A, MX, TXT, NS and more.[2]Open the dig Command GuideLearn practical DNS checks from the terminal.[3]Open the dig Cheat SheetReview useful dig examples quickly.[4]Read: Basic Networking CommandsPractise DNS and network troubleshooting basics.