There are times when macOS mucks with DNS lookups. For example, a corporate VPN client might tell macOS that DNS lookups for certain domains (i.e. domains inside the company) are to be handled differently.
dig are pure DNS lookups. They evade
macOS’s DNS mucking and do their lookups based on
what’s on the command line and/or what’s in
They are unfiltered (unfetttered?) by macOS. For example:
That’s useful when you are trying to diagnose a problem with an external DNS server.
To do a DNS lookup the way a macOS app would see the world, use
dscacheutil -q host -a name HOSTNAME. For example:
This is useful when you are debugging your Mac’s DNS client, or an application issue.
Sometimes it is useful to compare the output of both commands to verify that things are working as expected.
I set up an alias because I can never memorize the command. For example:
I found this trick on Stack Overflow’s Superuser.com site.
P.S. If you own a domain and maintain it using BIND, Route53, Google DNS, Azure DNS, or any of more than 2 dozen DNS platforms, consider using DNSControl to manage your zones “like code”. You’ll be surprised at how much it makes your life easier.