Check domain availability across every ICANN TLD, right from your terminal.
dibs checks if a domain is available across all 1400+ ICANN TLDs, or against a
single domain like bas.il or foo.co.uk. It queries DNS over HTTPS instead
of scraping WHOIS, and --verify cross-checks results against registry data
via RDAP.
Pre-built binaries are available for macOS (arm64, amd64) and Linux (amd64, arm64).
brew install sitapix/dibs/dibsDownloads the latest binary, verifies its checksum, and installs it:
curl -fsSL https://raw.githubusercontent.com/sitapix/dibs/main/install.sh | bashOr review the script first:
curl -fsSL https://raw.githubusercontent.com/sitapix/dibs/main/install.sh -o install.sh
less install.sh
bash install.shRequires Go 1.26+.
git clone https://github.com/sitapix/dibs.git
cd dibs
make buildOr with go install:
go install github.com/sitapix/dibs@latestGrab the latest binary for your platform from the releases page, then:
chmod +x dibs-*
sudo mv dibs-* /usr/local/bin/dibs# check top 25 popular TLDs
dibs orbit
# check ALL 1400+ TLDs
dibs --all orbit
# check one specific domain (single-domain mode: any argument with a dot)
dibs bas.il
dibs foo.co.uk
# verify a specific domain against registry data
dibs bas.il --verify
# verify available domains from a sweep
dibs --verify orbit
# both
dibs --all --verify orbit
# only show available domains
dibs --quiet orbit
# interactive mode (prompts for domain name)
dibs# JSON (for scripting)
dibs --json orbit
# CSV (for spreadsheets)
dibs --csv orbit
# JSON with verification data
dibs --json --verify orbit
# disable colors (also respects NO_COLOR env var)
dibs --no-color orbitJSON output shape:
{
"query": "orbit",
"checked": 25,
"partial": false,
"available": [
{ "domain": "orbit.dev", "tld": "dev" }
],
"taken": [
{ "domain": "orbit.com", "tld": "com" }
],
"errors": []
}# only short TLDs (2-3 characters)
dibs --max-length 3 orbit
# only TLDs with 4+ characters
dibs --min-length 4 orbit
# specific TLDs only
dibs --tlds com,io,dev,app orbit
# sort results
dibs --sort alpha orbit
dibs --sort length orbit
# limit how many TLDs to check
dibs --limit 50 --all orbitdibs --file domains.txtdomains.txt format (one per line, # comments supported):
orbit
atlas
harbor
# increase parallel connections (default: 100, max: 500)
dibs --parallel 200 --all orbit
# adjust timeout per query (default: 5s)
dibs --timeout 3 orbit
# retry failed DNS queries (default: 1)
dibs --retries 3 --all orbit
# force refresh cached TLD list
dibs --refresh --all orbit# use Mullvad DoH instead of Quad9 (default)
dibs --provider mullvad orbit
# use another built-in non-registrar resolver
dibs --provider nextdns orbit
dibs --provider adguard orbit
# rotate between all providers
dibs --rotate orbit
# use your own DoH server (for example Cloudflare or Google)
dibs --doh-url https://dns.example.com/dns-query orbit
# use system DNS instead of DoH (faster, plaintext)
dibs --no-doh orbit- Single binary, no runtime deps. Go standard library plus
golang.org/x/netfor Public Suffix List parsing. Nothing else. - One domain or many.
dibs orbitsweeps the top 25 TLDs;dibs bas.ilordibs foo.co.ukchecks just that domain. Multi-label TLDs like.co.ukparse correctly via the Public Suffix List. - DNS over HTTPS, padded. Queries use
RFC 8484 wire format over
HTTPS, padded to 128-byte blocks
(RFC 7830 /
RFC 8467)
so passive observers can't fingerprint query length by ciphertext size.
User-Agentis suppressed. Fall back to system DNS with--no-dohif you prefer. - RDAP verification.
--verifycross-checks available domains against the actual registry (RFC 7480). Catches domains that are registered but have no DNS set up. - Fast. 100 parallel DNS queries by default, up to 500. Smart defaults
check the top 25 TLDs;
--allsweeps all 1400+ ICANN TLDs. - Flexible output. Terminal with colors and progress bar, JSON, or CSV. Filter by TLD length, sort, limit, or pick specific TLDs.
- Batch and interactive. Read domains from a file, or run with no args for
an interactive prompt. Drop a config at
~/.config/dibs/configto set your defaults.
- Grabs the official TLD list from IANA
- Caches it locally for 24 hours (
~/.cache/dibs/tlds.txt) - Fires off parallel DNS A-record lookups via DoH (RFC 8484 wire format) or system DNS
- NXDOMAIN means available, NOERROR means taken
DNS is fast but it's really just a first pass. A domain can be registered without having any DNS set up, so it would look available when it's actually not.
When the argument contains a dot (e.g. bas.il, foo.co.uk), dibs skips the
TLD sweep. The Public Suffix List (baked into the
binary via golang.org/x/net/publicsuffix) splits the input correctly, so
multi-label TLDs like .co.uk and .com.br parse as one TLD instead of
splitting on the last dot. dibs rejects non-registrable inputs up front:
subdomains (mail.google.com → use google.com), fake TLDs like .tld, and
PSL private suffixes like .github.io. The DNS and RDAP paths are identical
to sweep mode. Single-domain mode conflicts with --all, --tlds, --file,
--limit, --sort, and --min/max-length.
With --verify, dibs goes back and double-checks the domains that DNS said
were available:
- Grabs the IANA RDAP bootstrap (also cached for 24 hours)
- For each "available" domain, asks the TLD's registry directly over HTTPS (RFC 7480)
- If the registry says it exists (HTTP 200), it gets corrected to taken. If the registry says it doesn't (HTTP 404), it's confirmed available.
dibs talks to registries directly using the IANA bootstrap files, not through a redirect service. All gTLDs support RDAP, but some ccTLDs don't, so those results stay unverified. See rdap.org if you want to learn more about the protocol.
A domain can pass both DNS and RDAP checks and still not be available to buy. Registries can hold names back for premium pricing, trademark protection (TMCH), or other policy reasons without ever creating DNS records or RDAP entries for them. When you go to actually buy one of these, the registrar will either reject it or hit you with a higher price.
Some ccTLDs also restrict second-level registrations to local residents or
registered entities (e.g. .il, .ve), even if the name shows as available
in both DNS and RDAP. dibs tells you what's probably available; the registrar
always has the final say.
| Provider | Default | Notes |
|---|---|---|
| Quad9 | Yes | Non-profit. quad9.net |
| Mullvad | mullvad.net | |
| NextDNS | nextdns.io | |
| AdGuard | Unfiltered endpoint. adguard-dns.io |
Built-in providers are limited to the non-registrar set above. Use --doh-url
if you want a different resolver.
Use --rotate to spread queries across all four providers, or --no-doh to
skip DoH entirely and use system DNS (faster, but plaintext).
You can create a config file at ~/.config/dibs/config to set your defaults:
# max concurrent DNS queries (default: 100, max: 500)
parallel=100
# DNS query timeout in seconds (default: 5)
timeout=5
# retry count on error (default: 1)
retries=1
# DoH provider: quad9, mullvad, nextdns, adguard (default: quad9)
provider=quad9Only the keys shown above are supported. Unknown keys produce an error. CLI flags override config file values.
Contributions are welcome! Check out CONTRIBUTING.md for guidelines.
MIT License. See LICENSE for details.