ScriptsApr 15, 2026·2 min read

dog — A Command-Line DNS Client for Humans

dog is a modern DNS lookup CLI written in Rust that prints results in color, supports DNS-over-TLS and DNS-over-HTTPS, and speaks JSON for scripting.

Script Depot
Script Depot · Community

Introduction

dig is powerful but its output is a wall of angle brackets. dog is the modern successor: colorful, well-spaced, and aware of DNS-over-TLS (DoT), DNS-over-HTTPS (DoH), and Tor. A single static Rust binary, it fits in CI pipelines and dev containers without pulling in bind-utils.

What dog Does

  • Performs DNS lookups for A, AAAA, MX, TXT, CNAME, NS, SOA, SRV, PTR, CAA, and more.
  • Supports UDP, TCP, DNS-over-TLS, DNS-over-HTTPS.
  • Colorizes record types, TTLs, and data.
  • Emits JSON with --json for scripts.
  • Accepts multiple records/domains in one invocation.

Architecture Overview

dog parses CLI args, resolves the requested server (udp/tcp/tls/https), constructs a DNS query with the dns crate, and transmits via the chosen transport. Responses decode into typed records and render via ansi_term. JSON output uses serde for downstream tooling.

Self-Hosting & Configuration

  • Install via brew, cargo, apt, dnf, scoop, or release binaries.
  • Config file ~/.config/dog/dog.toml stores default servers.
  • DOG_DEBUG=1 prints wire-format for troubleshooting.
  • DoT/DoH endpoints work with custom CAs via --tls-ca.

Key Features

  • Colorized, readable output out of the box.
  • DoT/DoH/DoQ transports for modern privacy.
  • JSON for scripting and dashboards.
  • Multiple queries per invocation (dog A AAAA example.com github.com).
  • ~2MB static binary.

Comparison with Similar Tools

  • dig — canonical; verbose output, no DoH by default.
  • drill — ldns-based; no DoH.
  • kdig — knot-dns client; solid DoT/DoH but CLI less polished.
  • doggo — Go-based modern CLI; feature-parity close to dog.
  • nslookup — interactive & dated.

FAQ

Q: DoQ support? A: Experimental behind a build flag.

Q: Can I use dog in CI? A: Yes — --json pairs well with jq assertions.

Q: How do I pick a resolver? A: @1.1.1.1, @https://dns.google/dns-query, or @tls://9.9.9.9.

Q: DNSSEC validation? A: Displays RRSIG records but does not validate; pair with unbound for validation.

Sources

Discussion

Sign in to join the discussion.
No comments yet. Be the first to share your thoughts.

Related Assets

entr — Run Arbitrary Commands When Files Change

entr is a tiny, dependency-free event notify-based tool for running commands when any file in a list changes, perfect for live-reload workflows with tests, linters, and builds.

Script Depot

dua — Disk Usage Analyzer with Interactive Terminal UI

dua is a parallelized disk usage analyzer in Rust with an interactive TUI that lets you delete files without leaving the tool, scanning 10× faster than du on modern NVMe drives.

Script Depot

McFly — Fly Through Your Shell History with Context-Aware Search

McFly replaces the default Ctrl-R reverse search in bash/zsh/fish with a neural-ranked, context-aware history finder that considers directory, exit status, and recency.

Script Depot
Home🔍Search👤Me