Using dig to view, backup and verify DNS zone records on OS X

I was recently asked by a client to consolidate all of their DNS zone records and domain name registrations from 2 separate services to a single provider. The FAQ page of the current DNS service recommended using the named-xfer shell command, but that utility isn’t available on OS X. I googled around and learned that dig is a suitable alternative.

Finding the nameservers

Dig can be used to find nameserver information for a given domain:

$ dig yourdomain.com NS +short
ns1.nameserver.com.
ns2.nameserver.com.
ns3.nameserver.com.

Viewing and Backing up DNS Records

$ dig @ns1.nameserver.com yourdomain.com IN ANY
;; Truncated, retrying in TCP mode.

; < <>> DiG 9.8.3-P1 < <>> @ns1.nameserver.com yourdomain.com IN ANY
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER< <- opcode: QUERY, status: NOERROR, id: 12683
;; flags: qr aa rd; QUERY: 1, ANSWER: 7, AUTHORITY: 0, ADDITIONAL: 5

;; QUESTION SECTION:
;yourdomain.com.		IN	ANY

;; ANSWER SECTION:
yourdomain.com.	14400	IN	NS	ns1.nameserver.com.
yourdomain.com.	14400	IN	NS	ns2.nameserver.com.
yourdomain.com.	14400	IN	NS	ns3.nameserver.com.
yourdomain.com.	14400	IN	MX	0 mx1.balanced.homie.mail.nameserver.com.
yourdomain.com.	14400	IN	MX	0 mx2.balanced.homie.mail.nameserver.com.
yourdomain.com.	14400	IN	A	69.163.240.35
yourdomain.com.	14400	IN	SOA	ns1.nameserver.com. hostmaster.nameserver.com. 2013122000 16668 1800 1814400 14400

;; ADDITIONAL SECTION:
ns1.nameserver.com.	14400	IN	A	66.33.206.206
ns2.nameserver.com.	14400	IN	A	208.96.10.221
ns3.nameserver.com.	14400	IN	A	66.33.216.216
mx1.balanced.homie.mail.nameserver.com. 14400 IN	A 208.97.132.209
mx2.balanced.homie.mail.nameserver.com. 14400 IN	A 208.97.132.210

;; Query time: 150 msec
;; SERVER: 66.33.206.206#53(66.33.206.206)
;; WHEN: Tue Feb  4 16:17:59 2014
;; MSG SIZE  rcvd: 305

Backing these up just requires you to send that output to a file: dig @ns1.nameserver.com yourdomain.com IN ANY >> dns-backup-yourdomain.com-ns1.nameserver.com

Once you’ve updated the nameservers for a domain you can verify if they’ve changed using the dig yourdomain.com NS +short command.

Other useful dig commands

$ dig yourdomain.com A +short
69.163.240.35

Well the hours are good, but now you come to mention it, most of the actual minutes are pretty lousy.

— Vogon Guard