dig

dig (Domain Information Groper) is a powerful command-line DNS lookup tool used to query DNS name servers and retrieve resource records. It is commonly used in reconnaissance to resolve hostnames, enumerate DNS records, test custom name servers, and analyze DNS responses in detail.

Common Options

Basic Queries

Query Control

Examples

Query A Record

dig A example.com

↑ Options

Query AAAA Record

dig AAAA example.com

↑ Options

Query MX Records

dig MX example.com

↑ Options

Query Name Servers

dig NS example.com

↑ Options

Query CNAME Record

dig CNAME www.example.com

↑ Options

Query SOA Record

dig SOA example.com

↑ Options

Query TXT Records

dig TXT example.com

↑ Options

Use Specific DNS Server

dig @8.8.8.8 A example.com

↑ Options

Simplified Output

dig +short A example.com

↑ Options

Show Only Answer Section

dig +noall +answer A example.com

↑ Options

Set Timeout

dig +timeout=2 A example.com

↑ Options

Set Number of Retries

dig +tries=1 A example.com

↑ Options

Force TCP Query

dig +tcp A example.com

↑ Options

See Also

• dnsenum
• host
• whois
• nmap