Traditional DNS queries and responses are sent over UDP or TCP without encryption. This is vulnerable to eavesdropping and spoofing (including DNS-based Internet filtering). Responses from recursive resolvers to clients are the most vulnerable to undesired or malicious changes, while communications between recursive resolvers and authoritative nameservers often incorporate additional protection.

To address this problem, Google Public DNS offers DNS resolution over an encrypted HTTPS connection. DNS-over-HTTPS greatly enhances privacy and security between a client and a recursive resolver, and complements DNSSEC to provide end-to-end authenticated DNS lookups.

query(name, type = "1", cd = FALSE, do = FALSE,
  edns_client_subnet = "", random_padding = NULL)

dig(name, type = "1", cd = FALSE, do = FALSE,
  edns_client_subnet = "", random_padding = NULL)



item to lookup. Valid characters are numbers, letters, hyphen, and dot. Length must be between 1 and 255. Names with escaped or non-ASCII characters are not supported. Internationalized domain names must use the punycode format (e.g. "xn--qxam").

If an IPv4 string is input, it will be transformed into a proper format for reverse lookups.


RR type can be represented as a number in [1, 65535] or canonical string (A, aaaa, etc). More information on RR types can be found here. You can use 255 for an ANY query.


(Checking Disabled) flag. Use `TRUE` to disable DNSSEC validation; Default: `FALSE`.


(DNSSEC OK) flag. Use `TRUE` include DNSSEC records (RRSIG, NSEC, NSEC3); Default: `FALSE`.


The edns0-client-subnet option. Format is an IP address with a subnet mask. Examples:, 2001:700:300::/48.
If you are using DNS-over-HTTPS because of privacy concerns, and do not want any part of your IP address to be sent to authoritative nameservers for geographic location accuracy, use edns_client_subnet= Google Public DNS normally sends approximate network information (usually replacing the last part of your IPv4 address with zeroes). is the default.


clients concerned about possible side-channel privacy attacks using the packet sizes of HTTPS GET requests can use this to make all requests exactly the same size by padding requests with random data. To prevent misinterpretation of the URL, restrict the padding characters to the unreserved URL characters: upper- and lower-case letters, digits, hyphen, period, underscore and tilde.


a list with the query result or NULL if an error occurred


To perform vectorized queries with only answers (and no metadata) use bulk_query()).




dig("", "255") # ANY query
query("", "MX")
dig("", "TXT")
dig("", "PTR")
# }