How to: Dig DNS records within your terminal

Ever in the need to quick check some DNS records of a domain without using online tools? In this blog I show you how to install and use BIND’s Dig tool in your Mac terminal or on your Windows machine.


What is Dig?

Dig is a command line tool to querying DNS records. Dig can be useful to quick find DNS records for a domain to trouble shoot or to check DNS settings like a SPF record.

Install Dig on MacOS

First install Homebrew, a package manager for MacOS. Then go to https://brew.sh/, copy and paste the install command in your terminal:

/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"

When the install is done follow the ‘next steps’ and run:

echo 'eval $(/opt/homebrew/bin/brew shellenv)' >> /Users/"YOUR USER NAME"/.zprofile
eval $(/opt/homebrew/bin/brew shellenv)

When the install is complete run:

brew install bind

No you have installed the BIND Dig tool in your Mac terminal.

Install Dig on Windows

Windows on its own don’t have an UNIX shell like MacOS. MacOS is a part of the UNIX family, so installing the Dig tool can be done directly from the Mac’s terminal. To install it on Windows you can choose from different flavours.

  1. Download and install the BIND9 tool at https://www.isc.org/download/
    • You can use the Dig commands within CMD
  2. Download and install WLS (Windows Subsystem for Linux).
  3. Running a headless UNIX-like system VM (1024MB RAM).

With option 2 you can choose the most populars Linux distributions, like Debian, Ubuntu or Kali (based on Debian) and SUSE linux. For option 3 you can choose all distributions out there. With tools like PuTTY (for SSH), OpenSSH and WinSCP (for SFTP) you can access your local VM better than using the terminal screen from your hypervisor software, if you set the network adapter bridged or portforwarding in your hypervisor software like on VirtualBox.

To install the Dig tool in a Debian based Linux distribution, you can simply run the following command:

sudo apt-get install dnsutils

How to use the Dig tool

With Dig you obtain DNS records faster than with the online tools out there. When you change something in a DNS, dig will shows it much faster than any other tool. Hereby some examples to use.

Dig TXT records on top level for settings like SPF

dig vand3rlinden.nl txt +short

Dig a MX record

dig vand3rlinden.nl MX +short

Dig a DMARC (TXT) record

dig _dmarc.vand3rlinden.nl TXT +short

Happy digging!