Two commands cover this, and which one you use mostly comes down to what's installed. nslookup is everywhere, Windows included, and nslookup example.com is enough to confirm a site resolves or that a record you just changed went live. When we want detail, we reach for dig: dig +short example.com prints just the answer, while dig MX example.com or dig TXT example.com pull one record type so you're not wading through the rest. The bit worth memorising is the @ syntax. dig @8.8.8.8 example.com asks a specific resolver and steps around your own cache, which is how we check whether a change has actually propagated. Here are the commands, what the output means, and how to query one type at a time.
The short answer
nslookup example.com works everywhere. On Linux and macOS, dig example.com
shows more and dig +short example.com shows just the answer. Add a type
(dig MX example.com) or a resolver (dig @1.1.1.1 example.com).
The portable one: nslookup
nslookup ships on Windows, macOS and Linux, which is exactly why we keep it in
hand: it’s the one that’s always there. Hand it a name and it prints the
addresses, after a couple of lines telling you which server answered. Those first
lines are your own resolver, not the result, and they trip everyone up once.
nslookup example.com The detailed one: dig
On Linux and macOS, dig is the one worth learning. Out of the box it prints a
full report with the TTL and the authority section, which is gold when you’re
debugging and noise when you’re not. +short cuts it down to just the answer,
one value per line:
dig +short example.com Ask for one record type
Mail not arriving? Check MX. Chasing an SPF record or a domain-verification string? That lives in TXT. You name the type and dig fetches only that, which beats reading a whole zone to find one line:
dig MX example.com 
Bypass your cache to check propagation
Point the query at a public resolver with @. If a freshly changed record shows
up there but not from your default resolver, you are just waiting for the old
cached copy to expire:
dig @8.8.8.8 example.com To do the same lookups without a terminal, the DNS lookup tool queries every record type in one click, and what DNS TTL means explains the propagation wait.
Frequently asked questions
Should I use nslookup or dig?
Use nslookup when you just want a quick answer and it is the only tool installed, which on Windows it is. Use dig when you want detail or are scripting: it shows the exact records, TTLs and which server answered, and "dig +short" gives clean output you can pipe. dig is not installed by default on Windows, so nslookup is the portable choice there.
How do I look up just one record type, like MX or TXT?
Name the type. With dig: "dig MX example.com" for mail, "dig TXT example.com" for SPF and verification records, "dig AAAA example.com" for IPv6. With nslookup: "nslookup -type=MX example.com". This is how you debug mail flow or confirm an SPF record without wading through everything.
What does dig +short do?
It strips the full report down to just the answer values, one per line. "dig +short example.com" prints the IP addresses and nothing else, which is perfect for reading at a glance or feeding into a script. Drop the +short when you want the TTL and the authority section back.
How do I check if a DNS change has propagated?
Query a public resolver directly so you bypass your own cache: "dig @8.8.8.8 example.com" asks Google DNS, "dig @1.1.1.1 example.com" asks Cloudflare. If the new value shows there but not from your default resolver, you are waiting on the old record cached locally to expire, which is the TTL.