What's the difference between `dig` and `host` when querying a specific name-server?

Question

I was using this command to verify if I'd set things up correctly with a DNS provider:

host hostname.example.com ns1.example-nameserver.com

As far as I can tell, this asks ns1.example-nameserver.com to look up hostname.example.com and reports the answer. I was getting a host-not-found response so I thought I'd done it wrong. However, without specifying their name-server (thus allowing my ISP's name-server to look it up) I got the correct response (hostname is a CNAME if it matters). I couldn't fathom this so I searched around and found the dig command:

dig @ns1.example-nameserver.com hostname.example.com

As far as I can tell this does the same thing as the host command - asks a specific name-server to look up a host. I therefore conclude that they must do it differently somehow, and that caching name-servers must use the same method as dig.

My conclusion is either right or wrong, if it is right:

What is the difference between these two look-up methods?

If it is wrong:

What are my misunderstandings about DNS and the host and dig commands that have led me to this conclusion?

Example output:

$ host cardiff.tzmchapters.org ns1.livedns.co.uk
Using domain server:
Name: ns1.livedns.co.uk
Address: 213.171.192.250#53
Aliases: 

Host cardiff.tzmchapters.org not found: 3(NXDOMAIN)

$ dig @ns1.livedns.co.uk cardiff.tzmchapters.org

; <<>> DiG 9.8.3-P1 <<>> @ns1.livedns.co.uk cardiff.tzmchapters.org
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 23620
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;cardiff.tzmchapters.org.   IN  A

;; ANSWER SECTION:
cardiff.tzmchapters.org. 3600   IN  CNAME   ghs.google.com.

;; AUTHORITY SECTION:
google.com.     3600    IN  SOA ns1.livedns.co.uk. admin.google.com. 1354213742 10800 3600 604800 3600

;; Query time: 27 msec
;; SERVER: 213.171.192.250#53(213.171.192.250)
;; WHEN: Mon Apr 22 23:47:05 2013
;; MSG SIZE  rcvd: 128

score 22 · Answer 1 · answered Apr 21 '13 at 05:59

host, dig, and nslookup all share most of the same functionality. In the case you are asking about (asking a particular DNS question to a particular nameserver), dig and host (and indeed nslookup) behave exactly the same.

For DNS troubleshooting, dig is preferred because its output format is more "raw": in its output it directly shows the contents of all 4 fields in the DNS response: question, answer, authority, and additional sections (plus the flags in the header), and also it has more options. host, on the other hand, has a more user-friendly output format.

If you don't happen to need an option that one of the commands has and the others don't, or a piece of information that one of them outputs and the others don't, then it comes down to a matter of preference.

score 13 · Answer 2 · answered Sep 25 '19 at 20:57

If you're using the non-FQDN hostname, the results can be different because host will use the search domains in resolv.conf, whereas dig does not by default.

You have to use the +search option if you want dig to use resolv.conf (or add it to ~/.digrc).

For example:

$ host foo
foo.myfqdn.com has address 10.1.2.3

$ dig +short foo
# (no result)

$ dig +short +search foo
10.1.2.3

score 0 · Answer 3 · answered Dec 28 '22 at 21:52

The nslookup command is included into Windows and BusyBox which is used on embedded devices like routers or TV boxes. This makes it more preferable for cross-platform scripting. See https://en.wikipedia.org/wiki/Nslookup

Examples of output for a comparison:

$ nslookup example.com
Server:     127.0.0.53
Address:    127.0.0.53#53
Non-authoritative answer:
Name:   example.com
Address: 93.184.216.34
Name:   example.com
Address: 2606:2800:220:1:248:1893:25c8:1946

dig provides a response in a BIND zone format with many details:

$ dig example.com
; <<>> DiG 9.18.1-1ubuntu1.2-Ubuntu <<>> example.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41996
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;example.com.           IN  A
;; ANSWER SECTION:
example.com.        7147    IN  A   93.184.216.34
;; Query time: 0 msec
;; SERVER: 127.0.0.53#53(127.0.0.53) (UDP)
;; WHEN: Wed Dec 28 23:44:07 EET 2022
;; MSG SIZE  rcvd: 56

The host command tries to give an explanation:

$ host example.com 
example.com has address 93.184.216.34
example.com has IPv6 address 2606:2800:220:1:248:1893:25c8:1946
example.com mail is handled by 0 .

What's the difference between `dig` and `host` when querying a specific name-server?

3 Answers3