dig is a DNS query tool. Its name is commonly expanded as Domain Information Groper. The job of dig is simple: ask DNS a precise question and show the answer in a way that is useful for troubleshooting.
A normal web browser hides DNS behind the page load. If a website does not open, the browser may only show a generic connection error. Dig separates the DNS step from the rest of the request, so you can see whether the domain name resolves, which record was returned, and which part of the DNS chain needs attention.
What dig is used for
- Checking whether a domain has an A or AAAA record for web traffic.
- Confirming MX records before troubleshooting email delivery.
- Reading TXT records for SPF, DKIM, DMARC, site verification, and certificate validation.
- Finding the authoritative name servers for a domain.
- Checking TTL values when DNS changes appear slow.
- Comparing different public resolvers when one location sees an old answer.
A basic example
The most common query asks for the IPv4 address of a domain:
dig example.com AThe useful part of the output is the answer section. It normally includes the name, TTL, class, record type, and record data.
example.com. 300 IN A 93.184.216.34Why a browser version is useful
Terminal dig is excellent for administrators and developers. A browser-based lookup is useful when you are on a phone, using a locked-down machine, helping a customer, or sending a clean result to a registrar, hosting provider, or incident channel.
What dig does not prove
Dig proves what DNS returns for a particular question. It does not prove that a web server is healthy, that a firewall allows traffic, that a certificate is valid, or that an application is responding. Treat it as the first diagnostic step, not the whole diagnosis.