digga · Domain & Infrastructure research<br>Domain research that actually<br>tells you what is going on.<br>DNS, RDAP, WHOIS, subdomains. One search, every angle. Free for everyone.<br>Ctrl+KLookup<br>Apex, subdomain, or URL. We figure it out.
Trygoogle.comwikipedia.orggithub.comvercel.comcloudflare.comopenai.com<br>Google ChromeNew: the digga Chrome extension<br>Right click any page to dig its domain. No copy paste, no typing.
Google ChromeAdd to ChromeAdd
What is inside<br>Six tools, one shortcut.
Built for debugging deploys, triaging incidents, and the curious.
01<br>DNS, every type<br>A, AAAA, MX, NS, TXT, CAA, DNSKEY, DS, SOA, SRV, PTR, NAPTR, CNAME. Switch live between Cloudflare, Google, and Alibaba DoH.
02<br>RDAP first, WHOIS fallback<br>Structured registration data through RDAP, with raw WHOIS as a graceful fallback when the registry has not caught up.
03<br>Subdomain discovery<br>Passive enumeration from public sources. Triggered on demand, results streamed back to your browser as they land.
04<br>IP, ASN, owner<br>Every A and AAAA record annotated with the responsible network. Click through for the full geolocation picture.
05<br>Email authentication<br>SPF, DKIM, DMARC, MTA-STS, TLS-RPT, and BIMI in one view. See how well a domain resists spoofing, with the SPF lookup limit checked for you.
06<br>Free, always<br>Open source under AGPL 3.0. No accounts, no paywalls, no creepy tracking. Just type and dig.
Explore each tool<br>A dedicated page for every lookup.
DNS Lookup
Free DNS lookup for any domain. Check A, AAAA, MX, NS, TXT, CAA, and DNSSEC records live via Cloudflare, Google, and Alibaba DNS over HTTPS.
WHOIS Lookup
Free WHOIS lookup for any domain. Find the registrar, nameservers, domain status, and creation and expiry dates. RDAP first, raw WHOIS fallback.
RDAP Lookup
Free RDAP lookup for any domain. Structured registrar, status, event, and DNSSEC data from the Registration Data Access Protocol, the modern WHOIS.
Subdomain Finder
Free subdomain finder. Discover subdomains passively from Certificate Transparency logs and public sources, with no traffic sent to the target.
Email Security Check
Free email security check. Analyze SPF, DKIM, DMARC, MTA-STS, TLS-RPT, and BIMI for any domain, with the SPF lookup limit validated for you.
SSL and TLS Certificate Checker
Free SSL and TLS certificate checker. Inspect the issuer, expiry countdown, protocol, cipher, subject alternative names, and chain for any domain.
How to use digga<br>Three steps to a full picture.
Step 01Type a domain<br>Apex, subdomain, or full URL. digga normalizes the input, handles IDN punycode, and routes you to the right results page.
Step 02Read the overview<br>Registration data, important dates, nameservers, status flags, DNSSEC, and the most relevant DNS records. Everything in one glance.
Step 03Drill into specifics<br>DNS tab for every record type with a resolver switch. WHOIS tab for RDAP JSON and raw WHOIS. Subdomains tab to kick off a passive scan. Email tab for SPF, DKIM, and DMARC.
What digga looks up<br>A quick glossary, no jargon kept secret.
DNS recordsDNS records map a domain to the infrastructure that serves it. The A record points to an IPv4 address, AAAA points to IPv6, MX to mail servers, NS to the authoritative name servers, TXT carries verification and policy strings like SPF and DMARC, and CAA controls which certificate authorities may issue a certificate for the domain. RFC 1035.<br>RDAPThe Registration Data Access Protocol is the modern, JSON based replacement for WHOIS. Every registry runs an RDAP server discoverable through the IANA bootstrap registry. digga queries RDAP first because it returns structured fields for registrar, registrant, status, events, and DNSSEC. RFC 7480.<br>WHOISThe original registration lookup protocol from 1982. Plain text, free form, port 43. Some TLDs still only speak WHOIS, so digga keeps a WHOIS fallback that runs whoiser against the right whois.iana.org referral chain. RFC 3912.<br>Subdomain enumerationDiscovering the subdomains attached to a domain. Useful for asset inventory, attack surface mapping, and triaging deploys. digga uses passive sources like Certificate Transparency logs, never touching the target directly. Certificate Transparency.<br>Email authentication (SPF, DKIM, DMARC)Three DNS based standards that stop attackers from spoofing a domain. SPF lists the servers allowed to send mail, DKIM signs each message with a cryptographic key, and DMARC ties the two together and tells receivers whether to quarantine or reject mail that fails. digga checks all three, plus MTA-STS, TLS-RPT, and BIMI, and validates the SPF ten lookup limit. RFC 7489.
One click access<br>Keep digga one tap away.
Google ChromeChrome extension<br>New<br>Right click any page and jump straight to the digga report for that domain. No copy paste, no typing.
Google ChromeAdd to Chrome
Browser bookmarklet<br>Drag the button below into your bookmark bar. Click it on any site to jump straight to the digga results for that domain.
Loading
iOS shortcut<br>Add the...