dug
macOS-native DNS lookup that queries through the system resolver — shows what apps actually see, not what dig sees.
View project →dig lied to me at a coffee shop. I knew the problem was DNS, ran dig, got clean results, and spent too long debugging the wrong layer.
That’s the trap: dig bypasses the macOS system resolver entirely. It ignores VPN split DNS, /etc/resolver/* configs, and mDNS — answering a different question than your apps are asking. dug fixes that by querying through mDNSResponder, the same daemon every other app on your Mac uses.
The output includes resolver metadata dig can’t provide: which network interface handled the query, whether the answer came from cache, and which nameservers were configured for that interface. On a VPN with split DNS, dug returns the internal address; dig returns NXDOMAIN.
Built in Swift, installable via Homebrew, compatible with most dig flags.
brew install shortrib-labs/tap/dug
Every technical leader has a version of this — years of friction they couldn’t justify fixing. That’s the same itch dug scratches.