v2digga

Domain research that actually
tells you what is going on.

DNS, RDAP, WHOIS, subdomains. One search, every angle. Free for everyone.

Apex, subdomain, or URL. We figure it out.

Trygoogle.comwikipedia.orggithub.comvercel.comcloudflare.comopenai.com

What is inside

Six tools, one shortcut.

  • 01

    DNS, every type

    A, AAAA, MX, NS, TXT, CAA, DNSKEY, DS, SOA, SRV, PTR, NAPTR, CNAME. Switch live between Cloudflare, Google, and Alibaba DoH.

  • 02

    RDAP first, WHOIS fallback

    Structured registration data through RDAP, with raw WHOIS as a graceful fallback when the registry has not caught up.

  • 03

    Subdomain discovery

    Passive enumeration from public sources. Triggered on demand, results streamed back to your browser as they land.

  • 04

    IP, ASN, owner

    Every A and AAAA record annotated with the responsible network. Click through for the full geolocation picture.

  • 05

    Email authentication

    SPF, DKIM, DMARC, MTA-STS, TLS-RPT, and BIMI in one view. See how well a domain resists spoofing, with the SPF lookup limit checked for you.

  • 06

    Free, always

    Open source under AGPL 3.0. No accounts, no paywalls, no creepy tracking. Just type and dig.

How to use digga

Three steps to a full picture.

  1. Step 01

    Type a domain

    Apex, subdomain, or full URL. digga normalizes the input, handles IDN punycode, and routes you to the right results page.

  2. Step 02

    Read the overview

    Registration data, important dates, nameservers, status flags, DNSSEC, and the most relevant DNS records. Everything in one glance.

  3. Step 03

    Drill into specifics

    DNS tab for every record type with a resolver switch. WHOIS tab for RDAP JSON and raw WHOIS. Subdomains tab to kick off a passive scan. Email tab for SPF, DKIM, and DMARC.

What digga looks up

A quick glossary, no jargon kept secret.

DNS records
DNS records map a domain to the infrastructure that serves it. The A record points to an IPv4 address, AAAA points to IPv6, MX to mail servers, NS to the authoritative name servers, TXT carries verification and policy strings like SPF and DMARC, and CAA controls which certificate authorities may issue a certificate for the domain. RFC 1035.
RDAP
The Registration Data Access Protocol is the modern, JSON based replacement for WHOIS. Every registry runs an RDAP server discoverable through the IANA bootstrap registry. digga queries RDAP first because it returns structured fields for registrar, registrant, status, events, and DNSSEC. RFC 7480.
WHOIS
The original registration lookup protocol from 1982. Plain text, free form, port 43. Some TLDs still only speak WHOIS, so digga keeps a WHOIS fallback that runs whoiser against the right whois.iana.org referral chain. RFC 3912.
Subdomain enumeration
Discovering the subdomains attached to a domain. Useful for asset inventory, attack surface mapping, and triaging deploys. digga uses passive sources like Certificate Transparency logs, never touching the target directly. Certificate Transparency.
Email authentication (SPF, DKIM, DMARC)
Three DNS based standards that stop attackers from spoofing a domain. SPF lists the servers allowed to send mail, DKIM signs each message with a cryptographic key, and DMARC ties the two together and tells receivers whether to quarantine or reject mail that fails. digga checks all three, plus MTA-STS, TLS-RPT, and BIMI, and validates the SPF ten lookup limit. RFC 7489.

One click access

Keep digga one tap away.

Browser bookmarklet

Drag the button below into your bookmark bar. Click it on any site to jump straight to the digga results for that domain.

Loading

iOS shortcut

Add the shortcut to your iPhone or iPad share sheet. Trigger it on any web page to research the current domain instantly.

Add shortcut

FAQ

Questions, answered.

Is digga free?
Yes, completely free for everyone — no signup, no accounts, no paywalls. digga is open source under AGPL 3.0.
What is the difference between RDAP and WHOIS?
RDAP is the modern JSON based registration protocol defined in RFC 7480 and friends. WHOIS, defined in RFC 3912, is the original plain text protocol from 1982. RDAP returns structured fields that map cleanly into a UI; WHOIS returns free form text that varies per registrar. digga uses RDAP first and falls back to WHOIS when a registry has not yet rolled out RDAP.
Which DNS resolvers can I use?
digga ships three public DoH resolvers: Cloudflare 1.1.1.1, Google 8.8.8.8, and Alibaba DNS. You can switch between them live without reloading the page; DNS responses come straight from the resolver to your browser, never through our servers.
How does subdomain discovery work?
When you click Run scan, our server gathers subdomains from passive public sources like Certificate Transparency logs. It is purely passive: no traffic is ever sent to the target domain itself.
Can digga check SPF, DKIM, and DMARC?
Yes. The Email tab analyzes SPF, DKIM, DMARC, MTA-STS, TLS-RPT, and BIMI for any domain. It validates the SPF record against the ten DNS lookup limit, reports whether DMARC is enforcing, and flags common misconfigurations that leave a domain open to email spoofing.
Can I look up subdomains and IP records too?
Yes. Enter any subdomain like mail.example.com directly. digga also lets you click into individual IPs from the A and AAAA records to see ASN, organization, and country information.
Does digga support DNSSEC?
Yes. The overview page reports whether the parent zone has a signed DS delegation, and the DNS tab surfaces DNSKEY and DS records when the resolver returns them.
Why might WHOIS data be missing?
A few TLDs, notably .ch and .li under SWITCH, block automated WHOIS. Some registries are RDAP only. And some registrars redact registrant information per GDPR. In all three cases digga shows what is available and links to ICANN for a direct manual lookup.

Ready to dig?

Start with one of the example domains or paste your own.

Apex, subdomain, or URL. We figure it out.