How to Install and Use the dig Command

The dig command can provide information about domains and nameservers. dig stands for Domain Information Groper.

How to Install dig

To see if you have dig installed, type this command:

dig -v

If you have dig installed, it will print out a version number something like DiG 9.10.6, though your version number might be different.

It should be preinstalled on Linux and Mac, but if you don’t have it for some reason, use your package manager.

• On Mac you can use Homebrew: brew install bind
• On Windows, install WSL, which is Ubuntu that runs inside of Windows.
• On Ubuntu Linux you can use sudo apt update && sudo apt install dnsutils
• If you’re using a different Linux distro, you might need to search around to find specifics for your distro’s package manager. For example, it might be called bind-utils in yum.

How to Use dig

The simplest usage of the command is to type the word dig in a terminal, followed by a hostname like this:

dig example.com

It will print out some information that looks like this:

; <<>> DiG 9.10.6 <<>> example.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24832
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;example.com.			IN	A

;; ANSWER SECTION:
example.com.		83657	IN	A	93.184.216.34

;; Query time: 56 msec
;; SERVER: 10.1.0.1#53(10.1.0.1)
;; WHEN: Wed Nov 16 11:12:29 PST 2022
;; MSG SIZE  rcvd: 56

In the ANSWER section you can see the IP address of the site.

An easier way to get just the IP address is to use the short form:

dig +short example.com

Or just the ANSWER section:

dig +noall +answer example.com

which will print something like this:

example.com.            82061   IN      A       93.184.216.34

You can query a specific nameserver like Cloudflare (1.1.1.1) or Google (8.8.8.8) like this:

dig @1.1.1.1 example.com

Or combine commands:

dig @1.1.1.1 +short example.com

You can get specific records (A, AAAA, CNAME, TXT, etc.) by specifying the type:

dig txt example.com
dig mx mail.google.com
dig aaaa fonts.google.com

To find the authoritative nameserver, use the ns option:

dig ns example.com

To find domain information from an IP address, use the -x flag:

dig -x 142.251.40.46 +noall +answer

resulting in:

; <<>> DiG 9.10.6 <<>> -x 142.251.40.46 +noall +answer
;; global options: +cmd
46.40.251.142.in-addr.arpa. 49040 IN    PTR     lax17s55-in-f14.1e100.net.

Automating dig with a File

You can do bulk dig queries by loading hostnames from a file.

Create a file named domains.txt and add the following contents:

example.com
gmail.com
nasa.gov

Then run the command like this, which loads only the answer section for MX queries to the domains listed in the file:

dig -f domains.txt +noall +answer mx

It will print out a report like this:

example.com.            83582   IN      MX      0 .
gmail.com.              916     IN      MX      30 alt3.gmail-smtp-in.l.google.com.
gmail.com.              916     IN      MX      40 alt4.gmail-smtp-in.l.google.com.
gmail.com.              916     IN      MX      5 gmail-smtp-in.l.google.com.
gmail.com.              916     IN      MX      10 alt1.gmail-smtp-in.l.google.com.
gmail.com.              916     IN      MX      20 alt2.gmail-smtp-in.l.google.com.
nasa.gov.               583     IN      MX      0 nasa-gov.mail.protection.outlook.com.