dig/host Cheatsheet

DNS commands.

Overview

dig and host are the standard DNS investigation tools. Five primitive surfaces cover almost every DNS debugging session: record-type queries, authoritative-server targeting, trace mode for full resolution paths, reverse DNS lookups, and short output for scripting. Fluency under pressure turns “DNS is broken” into a specific query.

• Record-type queries. A, AAAA, CNAME, MX, TXT, NS, SOA. Match the query to the question.
• Authoritative queries. @nameserver targets a specific server. Catches recursion-versus-authoritative discrepancies.
• Trace mode. +trace shows the full resolution path. Roots-down debugging on NXDOMAIN.
• Reverse DNS plus short output. -x for PTR lookups; +short for scriptable output.

The approach

Five idioms cover most DNS investigation. Memorising them moves the team from copy-paste guesses to surgical resolution debugging.

• dig example.com. Default A-record query. The starting point for every DNS investigation.
• dig @8.8.8.8 example.com. Query Google’s public resolver. Compares against your local resolver.
• dig +trace example.com. Full resolution path. Catches misconfigured delegations.
• dig +short plus host -t MX. +short for scriptable output; host is more concise for simple lookups.

Why this compounds

Each DNS investigation teaches the team a little more about resolver behaviour and zone configuration. Fluent dig replaces guesswork; the same skills transfer to authoritative-server debugging and DNSSEC validation.

• Faster DNS debugging. Fluent dig replaces guesswork. Fast root cause.
• DNS hygiene improves. Each investigation surfaces config issues. Zones get cleaner.
• Cross-tool transfer. dig teaches DNS protocol. Skills transfer to authoritative tools and DNSSEC validators.
• Year-one investment, year-two habit. First year builds fluency. By year two, dig is reflexive on every DNS-flavoured incident.