Introduction to dig

Made DNS changes? Not sure if they are correct? Don't want to wait for the changes to propagate before discovering a small typo?

No problem. Using the common but often ignored command 'dig', we can query DNS servers for records, specify records and even specify which DNS server to query.


The basics of the dig (domain information groper) command are very simple. Let's start by having a look at Google's records:


The response is as follows:

; <<>> DiG 9.3.4 <<>>
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10147
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 4, ADDITIONAL: 4

;                    IN      A

;; ANSWER SECTION:             103     IN      A             103     IN      A             103     IN      A

;; AUTHORITY SECTION:             71923   IN      NS             71923   IN      NS             71923   IN      NS             71923   IN      NS

;; ADDITIONAL SECTION:         300836  IN      A         300836  IN      A         300836  IN      A         300836  IN      A

;; Query time: 1 msec
;; WHEN: Mon Oct  8 09:41:18 2007
;; MSG SIZE  rcvd: 212

Take it a section at a time and the output is actually incredibly informative and easy to navigate.

Firstly we have the header info which, at this point is not particularly interesting (it will be later on when we specify particular servers to query).

Next we have the Question. We asked for the DNS record of

Which gave us the Answer. In this case 3 servers responded to the domain along with the IP addresses.

Next is the Authority section. In other words what Name Servers are being used by

And lastly, the Additional section. This gives the IP addresses of the Name Servers found in the Authority section.


The problem with the answer is that it actually came from local DNS servers - this could be from our ISP or indeed on our local workstation or network.

To put it another way, the records displayed above have already been propagated. It will not show very recent changes.

Remember that ISPs usually cache DNS information and may not update them more than once or twice a day - this is why we have to wait for new records to be propagated and why, on occasion, you may see your new website but your friend may still be directed the old records - their ISP has not updated the records.

Direct Query

However, that doesn't deter the intrepid Slicer as they query the DNS server directly.

Have a look at the Authority section in the google output. It lists four Name Servers. Let's directly query one of them:


Note the specified Name Server must be prefixed with the @ symbol.

It's the same

But isn't the output the same? Well, in this case, yes it is but note the headers:

; <<>> DiG 9.3.4 <<>>

we are now querying directly which will show any changes they had made that had not been fully propagated.

This is the key to checking any DNS changes you've made in the Slicehost Management Panel. Querying the records directly will show the changes before they are fully propagated.

Real Life

In this example I am going to use one of my own domains -

I use the Slicehost DNS Manager so I'm going to query that directly:


The output is as follows:

; <<>> DiG 9.3.4 <<>>
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60798
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 3

;                      IN      A

;; ANSWER SECTION:               3600    IN      A

;; AUTHORITY SECTION:               3600    IN      NS               3600    IN      NS

;; ADDITIONAL SECTION:      3600    IN      A      3600    IN      A

;; Query time: 1 msec
;; WHEN: Mon Oct  8 10:17:07 2007
;; MSG SIZE  rcvd: 154

Well, everything seems ok but I want to check for my mail (MX) records.

Specifying Records

To do this I simply append the record type to the query:

dig MX

Part of the output is as follows:

;                      IN      MX

;; AUTHORITY SECTION:               3600    IN      SOA 1 28800 7200 604800 3600

I have the correct question (it's querying for MX records) but no answer.

There is a good reason for that: I haven't created the records.

Create the Record

OK, now I've entered the MX records I can directly query them (you may have to wait a couple of minutes for the record to be added to the Name Server):

dig MX

The relevant part of the output:

;                      IN      MX

;; ANSWER SECTION:               3600    IN      MX      0

Good. That seems correct to me. Now I have to wait until the records are fully propagated but I do know that they are correct.

Other Records

I can do this with any type of record by appending the record type to the command:

dig NS

That will query the NS records only.


Naturally, there is more you can do with the 'dig' command and a quick:

man dig

will give detailed settings and options that are available for use.


Using the dig command can save a lot of time and effort when setting your domain's records. Although the manual will give more information for very detailed searches, the methods shown in this article should suffice for most situations.


Article Comments:

James commented Sun Dec 02 19:55:56 UTC 2007:

On Gutsy, I do not have dig, nslookup, or host. I had to do:

sudo aptitude install dnsutils


Sudar Muthu commented Fri Jan 04 16:40:09 UTC 2008:

Thanks James,

Even I am using Gutsy and was wondering why these commands were not working.

I am installing the dnsutils now. Thanks!

Vlad commented Sun Mar 02 02:01:27 UTC 2008:

sudo aptitude install dnsutils didn't work for me on a fresh slice. I used sudo yum install bind-utils and it worked.

movielady commented Sun Jun 15 19:24:13 UTC 2008:

FYI, dig is found in the bind-tools package on Gentoo.

Per Velschow commented Wed Sep 10 05:13:37 UTC 2008:

Trying dig on Mac OS X. I can't get the AUTHORITY SECTION to appear. Anyone know the option for that?

fil commented Mon Oct 06 14:21:39 UTC 2008:

me neither, but u get the info if u do: dig soa

wytcom commented Mon Jan 12 23:31:02 UTC 2009:

My slicehost vps with centos 5 came without dig. To install:

yum install bind-utils

Owen commented Sun Oct 31 09:07:51 UTC 2010:

Really useful, cheers guys.

sysadmin commented Tue Oct 02 14:35:54 UTC 2012:

Per Velschow, on MacOS to find out the name servers for your domain (usually shown in the authority section by linux version of dig), use "dig NS" command.

Want to comment?

(not made public)


(use plain text or Markdown syntax)