← Lessons

quiz vs the machine

Silver1130

Networking

The Dig and Nslookup

Querying DNS records directly to debug name resolution.

4 min read · intro · beat Silver to climb

Asking DNS Directly

When a name will not resolve, you want to query the Domain Name System by hand instead of guessing. The dig and nslookup tools do exactly that, asking a resolver for specific records.

What You Can Ask

You can target the exact record type you care about.

  • An A record maps a name to an IPv4 address, and an AAAA record to an IPv6 one.
  • An MX record lists mail servers, while a CNAME points one name at another.
  • You can also pick which server to ask, bypassing the system default.

This lets you compare what one resolver returns against another to isolate a problem.

Reading An Answer

Dig output shows the question, the answer section with records and their time to live, and which server replied. If a record is missing or stale, you can ask the authoritative server directly to see the true value. Comparing a local resolver answer with the authoritative one often reveals a caching issue.

Key idea

Dig and nslookup query DNS directly for specific record types and even specific servers, letting you compare a resolver answer with the authoritative one to pinpoint stale or missing records.

Check yourself

Answer to earn rating on the learn ladder.

1. What does an A record map a name to?

2. Why ask the authoritative server directly with dig?