dig Command in Linux: DNS Lookup

By 

Dejan Panovski

Updated on

12 min read

Dig command querying DNS records in a Linux terminal

When a domain does not resolve, a mail server rejects messages, or a DNS change seems stuck, you need to see what name servers are returning. The dig command gives you that view from the Linux terminal.

Dig (Domain Information Groper) is part of the BIND (Berkeley Internet Name Domain) suite of DNS utilities. It queries DNS name servers and shows records such as A, AAAA, MX, NS, TXT, CNAME, and PTR.

This guide covers the dig command with practical examples and detailed explanations of the most common options.

Syntax

txt
dig [@server] [name] [type] [+queryoptions]
  • @server - The IP address or hostname of the name server to query. If not specified, dig uses the servers listed in /etc/resolv.conf.
  • name - The domain name to look up.
  • type - The type of DNS record to query (e.g., A, AAAA, MX, NS, TXT). Defaults to A.
  • +queryoptions - One or more query options such as +short, +noall, +answer, and +trace.

Installing dig

To check if the dig command is available on your system, type:

Terminal
dig -v

The output should look something like this:

output
DiG 9.18.28-1-Debian

If dig is not present on your system, the command above will print “dig: command not found”. Install the dig tool using your distribution’s package manager.

Install dig on Ubuntu, Debian, and Derivatives

Terminal
sudo apt update && sudo apt install dnsutils

Install dig on Fedora, RHEL, and Derivatives

Terminal
sudo dnf install bind-utils

Install dig on Arch Linux

Terminal
sudo pacman -S bind

Understanding the dig Output

In its simplest form, when used to query a single host (domain) without any additional options, the dig command is pretty verbose.

In the following example, we are performing a DNS lookup on the linux.org domain:

Terminal
dig linux.org

The output should look something like this:

dig command output

Let us go section by section and explain the output of the dig command:

  1. The first line of the output prints the installed dig version, and the queried domain name. The second line shows the global options (by default, only cmd).

    output
    ; <<>> DiG 9.18.28 <<>> linux.org
;; global options: +cmd

    If you do not want those lines to be included in the output, use the +nocmd option. This option must be the very first one after the dig command.

  2. The next section includes technical details about the answer received from the requested authority (DNS server). The header shows the opcode (the action performed by dig) and the status of the action. In this example, the status is NOERROR, which means that the requested authority served the query without any issue.

    output
    ;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37159
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 5

    This section can be removed using the +nocomments option, which also disables some other section headers.

  3. The “OPT” pseudo section is shown only in the newer versions of the dig utility. You can read more about the Extension Mechanisms for DNS (EDNS) here .

    output
    ;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096

    To exclude this section from the output, use the +noedns option.

  4. In the “QUESTION” section, dig shows the query (question). By default, dig requests the A record.

    output
    ;; QUESTION SECTION:
;linux.org.			IN	A

    You can disable this section using the +noquestion option.

  5. The “ANSWER” section provides the answer to our question. As we already mentioned, by default dig requests the A record. Here, we can see that the domain linux.org points to the 104.18.59.123 IP address.

    output
    ;; ANSWER SECTION:
linux.org.		300	IN	A	104.18.59.123
linux.org.		300	IN	A	104.18.58.123

    Usually, you do not want to turn off the answer, but you can remove this section from the output using the +noanswer option.

  6. The “AUTHORITY” section tells us what server(s) are the authority for answering DNS queries about the queried domain.

    output
    ;; AUTHORITY SECTION:
linux.org.		86379	IN	NS	lia.ns.cloudflare.com.
linux.org.		86379	IN	NS	mark.ns.cloudflare.com.

    You can disable this section of the output using the +noauthority option.

  7. The “ADDITIONAL” section gives us information about the IP addresses of the authoritative DNS servers shown in the authority section.

    output
    ;; ADDITIONAL SECTION:
lia.ns.cloudflare.com.	84354	IN	A	173.245.58.185
lia.ns.cloudflare.com.	170762	IN	AAAA	2400:cb00:2049:1::adf5:3ab9
mark.ns.cloudflare.com.	170734	IN	A	173.245.59.130
mark.ns.cloudflare.com.	170734	IN	AAAA	2400:cb00:2049:1::adf5:3b82

    The +noadditional option disables the additional section of a reply.

  8. The last section of the dig output includes statistics about the query.

    output
    ;; Query time: 58 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Wed Feb 05 10:15:32 CET 2026
;; MSG SIZE  rcvd: 212

    You can disable this part with the +nostats option.

Generally, you would want to get only a short answer to your dig query.

Short Answer

To get a short answer to your query, use the +short option:

Terminal
dig linux.org +short
output
104.18.59.123
104.18.58.123

The output includes only the IP addresses of the A record.

Detailed Answer

For a more detailed answer, turn off all the results using the +noall option and then turn on only the answer section with the +answer option:

Terminal
dig linux.org +noall +answer
output
linux.org.		67	IN	A	104.18.58.123
linux.org.		67	IN	A	104.18.59.123

Query a Specific Name Server

By default, if no name server is specified, dig uses the servers listed in the /etc/resolv.conf file.

To specify a name server against which the query will be executed, use the @ (at) symbol followed by the name server IP address or hostname.

For example, to query the Google name server (8.8.8.8) for information about the linux.org domain, you would use:

Terminal
dig linux.org @8.8.8.8
output
; <<>> DiG 9.18.28 <<>> linux.org @8.8.8.8
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39110
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;linux.org.			IN	A

;; ANSWER SECTION:
linux.org.		299	IN	A	104.18.58.123
linux.org.		299	IN	A	104.18.59.123

;; Query time: 54 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Wed Feb 05 10:18:01 CET 2026
;; MSG SIZE  rcvd: 70

Query Record Types

Dig allows you to perform any valid DNS query by appending the record type to the end of the query. In the following sections, we will show you examples of how to search for the most common records, such as A, AAAA, CNAME, TXT, MX, and NS.

A Records

To get a list of all the address(es) for a domain name, use the a option:

Terminal
dig +nocmd google.com a +noall +answer
output
google.com.		128	IN	A	216.58.206.206

If no DNS record type is specified, dig requests the A record by default. You can also query the A record without specifying the a option.

AAAA Records

To query the IPv6 address of a domain, use the aaaa option:

Terminal
dig +nocmd google.com aaaa +noall +answer
output
google.com.		300	IN	AAAA	2a00:1450:4017:804::200e

As IPv6 adoption continues to grow, querying AAAA records is useful for verifying that a domain has proper IPv6 connectivity.

CNAME Records

To find the alias domain name, use the cname option:

Terminal
dig +nocmd mail.google.com cname +noall +answer
output
mail.google.com.	553482	IN	CNAME	googlemail.l.google.com.

TXT Records

Use the txt option to retrieve all the TXT records for a specific domain:

Terminal
dig +nocmd google.com txt +noall +answer
output
google.com.		300	IN	TXT	"facebook-domain-verification=22rm551cu4k0ab0bxsw536tlds4h95"
google.com.		300	IN	TXT	"v=spf1 include:_spf.google.com ~all"
google.com.		300	IN	TXT	"docusign=05958488-4752-4ef2-95eb-aa7ba8a3bd0e"

TXT records are commonly used for SPF, DKIM, and domain ownership verification.

MX Records

To get a list of all the mail servers for a specific domain, use the mx option:

Terminal
dig +nocmd google.com mx +noall +answer
output
google.com.		494	IN	MX	10 aspmx.l.google.com.
google.com.		494	IN	MX	20 alt1.aspmx.l.google.com.
google.com.		494	IN	MX	30 alt2.aspmx.l.google.com.
google.com.		494	IN	MX	40 alt3.aspmx.l.google.com.
google.com.		494	IN	MX	50 alt4.aspmx.l.google.com.

The number before the mail server hostname is the priority. A lower number means higher priority.

NS Records

To find the authoritative name servers for a specific domain, use the ns option:

Terminal
dig +nocmd google.com ns +noall +answer
output
google.com.		84527	IN	NS	ns1.google.com.
google.com.		84527	IN	NS	ns2.google.com.
google.com.		84527	IN	NS	ns3.google.com.
google.com.		84527	IN	NS	ns4.google.com.

ANY Queries

The any option asks a resolver for an ANY response:

Terminal
dig +nocmd google.com any +noall +answer

Modern public resolvers often return no useful answer or a minimal response for ANY queries. Per RFC 8482, DNS servers may refuse to provide a full record set and can return a small synthesized response instead. For a complete picture of a domain’s DNS records, query each record type individually.

Reverse DNS Lookup

To query the hostname associated with a specific IP address, use the -x option.

For example, to perform a reverse lookup on 208.118.235.148, you would type:

Terminal
dig -x 208.118.235.148 +noall +answer

As you can see from the output below, the IP address 208.118.235.148 is associated with the hostname wildebeest.gnu.org:

output
148.235.118.208.in-addr.arpa. 245 IN	PTR	wildebeest.gnu.org.

Trace DNS Resolution Path

The +trace option instructs dig to perform iterative queries from the root name servers down to the authoritative server. This is useful for debugging DNS resolution issues and understanding how a domain name is resolved:

Terminal
dig google.com +trace
output
; <<>> DiG 9.18.28 <<>> google.com +trace
;; global options: +cmd
.			86400	IN	NS	a.root-servers.net.
.			86400	IN	NS	b.root-servers.net.
;; Received 239 bytes from 192.168.1.1#53 in 12 ms

com.			172800	IN	NS	a.gtld-servers.net.
com.			172800	IN	NS	b.gtld-servers.net.
;; Received 1170 bytes from 198.41.0.4#53(a.root-servers.net) in 24 ms

google.com.		172800	IN	NS	ns1.google.com.
google.com.		172800	IN	NS	ns2.google.com.
;; Received 836 bytes from 192.5.6.30#53(a.gtld-servers.net) in 32 ms

google.com.		300	IN	A	216.58.206.206
;; Received 55 bytes from 216.239.34.10#53(ns2.google.com) in 18 ms

The output shows each step of the resolution: from the root servers (.), to the TLD servers (com.), to the authoritative name servers (ns1.google.com.), and finally the answer.

Verify DNSSEC

DNSSEC (DNS Security Extensions) adds cryptographic signatures to DNS records, protecting against spoofing and cache poisoning. Use the +dnssec option to request DNSSEC records:

Terminal
dig cloudflare.com @1.1.1.1 +dnssec +noall +answer
output
cloudflare.com.		300	IN	A	104.16.132.229
cloudflare.com.		300	IN	A	104.16.133.229
cloudflare.com.		300	IN	RRSIG	A 13 2 300 20260514091648 20260512071648 34505 cloudflare.com. ...

If DNSSEC is configured for the domain, you will see RRSIG (signature) records alongside the standard records. You can also check the ad (Authenticated Data) flag in the header to confirm that the response was validated:

Terminal
dig cloudflare.com @1.1.1.1 +dnssec | grep flags
output
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

The ad flag indicates that the DNS resolver validated the DNSSEC signatures.

Bulk Queries

If you want to query a large number of domains, you can add them in a file (one domain per line) and use the -f option followed by the file name.

In the following example, we are querying the domains listed in the domains.txt file:

domains.txttxt
lxer.com
linuxtoday.com
tuxmachines.org
Terminal
dig -f domains.txt +short
output
108.166.170.171
70.42.23.121
204.68.122.43

The .digrc File

The dig command’s behavior can be controlled by setting per-user options in the ${HOME}/.digrc file.

If the .digrc file is present in the user’s home directory, the options specified in it are applied before the command-line arguments.

For example, if you want to display only the answer section, open your text editor and create the following ~/.digrc file:

~/.digrctxt
+nocmd +noall +answer

Troubleshooting

dig returns SERVFAIL or REFUSED
This usually means the resolver you queried cannot reach the authoritative servers or is blocking the query. Try a different resolver and compare results:

Terminal
dig example.com @1.1.1.1
dig example.com @8.8.8.8

If the public resolvers also fail, the issue is likely on the authoritative side.

dig returns NXDOMAIN
NXDOMAIN indicates that the domain does not exist. Double-check the spelling and confirm the domain is registered.

No response or query timed out
This often points to a firewall or network issue. Test connectivity to port 53 and try TCP as a fallback:

Terminal
dig example.com +tcp

Only partial output is returned
If the response is truncated, try TCP or disable DNSSEC to narrow down the issue:

Terminal
dig example.com +tcp
Terminal
dig example.com +nodnssec

Quick Reference

For a printable quick reference, see the dig cheatsheet .

TaskCommand
Simple lookupdig example.com
Short answer onlydig example.com +short
Query specific name serverdig example.com @8.8.8.8
Query A recorddig example.com a
Query AAAA recorddig example.com aaaa
Query MX recorddig example.com mx
Query NS recorddig example.com ns
Query TXT recorddig example.com txt
Query CNAME recorddig example.com cname
Try an ANY querydig example.com any
Reverse DNS lookupdig -x 192.0.2.1
Trace resolution pathdig example.com +trace
Check DNSSECdig example.com +dnssec
Answer section onlydig example.com +noall +answer
Bulk query from filedig -f domains.txt +short

FAQ

What is the difference between dig and nslookup?
Both tools query DNS servers, but dig provides more detailed output and is preferred for troubleshooting. nslookup has a simpler interactive mode and more readable output for quick checks. dig also supports advanced options like +trace and +dnssec that nslookup does not.

What does NXDOMAIN mean?
NXDOMAIN (Non-Existent Domain) is a DNS status code indicating that the queried domain name does not exist. If you see status: NXDOMAIN in the dig output, the domain is either misspelled or has not been registered.

How do I check DNS propagation?
Query multiple public DNS servers and compare the results. For example, run dig example.com @8.8.8.8, dig example.com @1.1.1.1, and dig example.com @9.9.9.9. If the answers differ, the DNS change has not fully propagated yet.

What does the TTL value mean in dig output?
TTL (Time To Live) is the number of seconds a DNS record is cached by resolvers before they query the authoritative server again. A lower TTL means changes propagate faster, while a higher TTL reduces DNS query load.

Conclusion

For a simpler interactive DNS lookup, see the nslookup command . To find out who owns a domain or when it expires rather than its DNS records, use the whois command . For more on individual record types, the Cloudflare DNS records guide is a useful reference.

Tags

dns

Linuxize Weekly Newsletter

A quick weekly roundup of new tutorials, news, and tips.

About the authors

Dejan Panovski

Dejan Panovski

Dejan Panovski is the founder of Linuxize, an RHCSA-certified Linux system administrator and DevOps engineer based in Skopje, Macedonia. Author of 800+ Linux tutorials with 20+ years of experience turning complex Linux tasks into clear, reliable guides.

View author page