BASICS
Common DNS record types
Amaps a domain name to an IPv4 address.AAAAmaps a domain name to an IPv6 address.MXtells email where to go for a domain.NSshows the authoritative nameservers for a domain.SOAstores primary zone information like the main nameserver and DNS timing values.TXTstores free-form text, often used for SPF, DKIM, and verification tokens.PTRis used for reverse DNS, mapping an IP address back to a hostname.
Quick examples
A→example.com→93.184.216.34AAAA→example.com→2606:2800:220:1:248:1893:25c8:1946MX→gmail.com→gmail-smtp-in.l.google.comNS→example.com→a.iana-servers.netTXT→example.com→"v=spf1 -all"
BASIC LOOKUP
Query the default A record for a domain
dig example.comExample output:
; <<>> DiG 9.10.6 <<>> example.com;; QUESTION SECTION:;example.com. IN A
;; ANSWER SECTION:example.com. 300 IN A 93.184.216.34
;; Query time: 24 msec;; SERVER: 192.168.1.1#53(192.168.1.1)RECORD TYPES
Query an A record explicitly
dig example.com AExample output:
;; ANSWER SECTION:example.com. 300 IN A 93.184.216.34Query an AAAA record for IPv6
dig example.com AAAAExample output:
;; ANSWER SECTION:example.com. 300 IN AAAA 2606:2800:220:1:248:1893:25c8:1946Query mail exchange records
dig gmail.com MXExample output:
;; ANSWER SECTION:gmail.com. 300 IN MX 5 gmail-smtp-in.l.google.com.gmail.com. 300 IN MX 10 alt1.gmail-smtp-in.l.google.com.Query nameserver records
dig example.com NSExample output:
;; ANSWER SECTION:example.com. 172800 IN NS a.iana-servers.net.example.com. 172800 IN NS b.iana-servers.net.Query the start of authority record
dig example.com SOAExample output:
;; ANSWER SECTION:example.com. 3600 IN SOA ns.icann.org. noc.dns.icann.org. 2025010101 7200 3600 1209600 3600Query TXT records
dig example.com TXTExample output:
;; ANSWER SECTION:example.com. 300 IN TXT "v=spf1 -all"SHORT OUTPUT
Show only the answer section
dig example.com +shortExample output:
93.184.216.34Show only short MX answers
dig gmail.com MX +shortExample output:
5 gmail-smtp-in.l.google.com.10 alt1.gmail-smtp-in.l.google.com.20 alt2.gmail-smtp-in.l.google.com.USING A SPECIFIC DNS SERVER
Ask Google Public DNS directly
dig @8.8.8.8 example.comExample output:
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; ANSWER SECTION:example.com. 300 IN A 93.184.216.34Ask Cloudflare DNS directly
dig @1.1.1.1 example.com AAAAExample output:
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; ANSWER SECTION:example.com. 300 IN AAAA 2606:2800:220:1:248:1893:25c8:1946REVERSE LOOKUP
Resolve an IP address back to a host name
dig -x 8.8.8.8Example output:
;; ANSWER SECTION:8.8.8.8.in-addr.arpa. 1800 IN PTR dns.google.TRACE DNS RESOLUTION
Trace the full resolution path from the root servers
dig example.com +traceExample output:
. 518400 IN NS a.root-servers.net.com. 172800 IN NS a.gtld-servers.net.example.com. 172800 IN NS a.iana-servers.net.example.com. 300 IN A 93.184.216.34CHECK ALL SECTIONS
Display answer, authority, and additional sections clearly
dig example.com +noall +answer +authority +additionalExample output:
example.com. 300 IN A 93.184.216.34a.iana-servers.net. 172800 IN A 199.43.135.53b.iana-servers.net. 172800 IN A 199.43.133.53COMMON FLAGS
Skip comments and show only records
dig example.com +nocmd +noquestion +nocomments +nostatsExample output:
example.com. 300 IN A 93.184.216.34Show DNSSEC-related records
dig example.com +dnssecExample output:
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1PRACTICAL CHECKS
Verify a website points to the expected IP
dig myapp.example.com +shortExample output:
203.0.113.10Verify a domain has mail routing configured
dig myapp.example.com MX +shortExample output:
10 mail.myapp.example.com.Verify a TXT record such as SPF or domain verification
dig myapp.example.com TXT +shortExample output:
"v=spf1 include:_spf.example.net ~all"NSLOOKUP EXAMPLES
Use nslookup for a basic lookup
nslookup example.comExample output:
Server: 192.168.1.1Address: 192.168.1.1#53
Non-authoritative answer:Name: example.comAddress: 93.184.216.34Query a specific record type
nslookup -type=MX gmail.comExample output:
gmail.com mail exchanger = 5 gmail-smtp-in.l.google.com.gmail.com mail exchanger = 10 alt1.gmail-smtp-in.l.google.com.Query using a specific DNS server
nslookup example.com 8.8.8.8Example output:
Server: 8.8.8.8Address: 8.8.8.8#53
Non-authoritative answer:Name: example.comAddress: 93.184.216.34HOST EXAMPLES
Use host for a basic lookup
host example.comExample output:
example.com has address 93.184.216.34example.com has IPv6 address 2606:2800:220:1:248:1893:25c8:1946Use host for MX records
host -t MX gmail.comExample output:
gmail.com mail is handled by 5 gmail-smtp-in.l.google.com.gmail.com mail is handled by 10 alt1.gmail-smtp-in.l.google.com.Reverse lookup an IP address
host 8.8.8.8Example output:
8.8.8.8.in-addr.arpa domain name pointer dns.google.See which DNS server answered you
With dig:
dig example.comLook for:
;; SERVER: 192.168.1.1#53(192.168.1.1)With nslookup:
nslookup example.comLook for:
Server: 192.168.1.1Address: 192.168.1.1#53With host:
host -v example.comLook for output similar to:
Using domain server:Name: 192.168.1.1Address: 192.168.1.1#53