1<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" 2 "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" 3 [<!ENTITY mdash "—">]> 4<!-- 5 - Copyright (C) 2004-2011, 2013 Internet Systems Consortium, Inc. ("ISC") 6 - Copyright (C) 2000-2003 Internet Software Consortium. 7 - 8 - Permission to use, copy, modify, and/or distribute this software for any 9 - purpose with or without fee is hereby granted, provided that the above 10 - copyright notice and this permission notice appear in all copies. 11 - 12 - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH 13 - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY 14 - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, 15 - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM 16 - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE 17 - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR 18 - PERFORMANCE OF THIS SOFTWARE. 19--> 20 21<!-- $Id: dig.docbook,v 1.51 2011/11/04 11:02:50 jreed Exp $ --> 22<refentry id="man.dig"> 23 24 <refentryinfo> 25 <date>June 30, 2000</date> 26 </refentryinfo> 27 28 <refmeta> 29 <refentrytitle>dig</refentrytitle> 30 <manvolnum>1</manvolnum> 31 <refmiscinfo>BIND9</refmiscinfo> 32 </refmeta> 33 34 <refnamediv> 35 <refname>dig</refname> 36 <refpurpose>DNS lookup utility</refpurpose> 37 </refnamediv> 38 39 <docinfo> 40 <copyright> 41 <year>2004</year> 42 <year>2005</year> 43 <year>2006</year> 44 <year>2007</year> 45 <year>2008</year> 46 <year>2009</year> 47 <year>2010</year> 48 <year>2011</year> 49 <year>2013</year> 50 <holder>Internet Systems Consortium, Inc. ("ISC")</holder> 51 </copyright> 52 <copyright> 53 <year>2000</year> 54 <year>2001</year> 55 <year>2002</year> 56 <year>2003</year> 57 <holder>Internet Software Consortium.</holder> 58 </copyright> 59 </docinfo> 60 61 <refsynopsisdiv> 62 <cmdsynopsis> 63 <command>dig</command> 64 <arg choice="opt">@server</arg> 65 <arg><option>-b <replaceable class="parameter">address</replaceable></option></arg> 66 <arg><option>-c <replaceable class="parameter">class</replaceable></option></arg> 67 <arg><option>-f <replaceable class="parameter">filename</replaceable></option></arg> 68 <arg><option>-k <replaceable class="parameter">filename</replaceable></option></arg> 69 <arg><option>-m</option></arg> 70 <arg><option>-p <replaceable class="parameter">port#</replaceable></option></arg> 71 <arg><option>-q <replaceable class="parameter">name</replaceable></option></arg> 72 <arg><option>-t <replaceable class="parameter">type</replaceable></option></arg> 73 <arg><option>-x <replaceable class="parameter">addr</replaceable></option></arg> 74 <arg><option>-y <replaceable class="parameter"><optional>hmac:</optional>name:key</replaceable></option></arg> 75 <arg><option>-4</option></arg> 76 <arg><option>-6</option></arg> 77 <arg choice="opt">name</arg> 78 <arg choice="opt">type</arg> 79 <arg choice="opt">class</arg> 80 <arg choice="opt" rep="repeat">queryopt</arg> 81 </cmdsynopsis> 82 83 <cmdsynopsis> 84 <command>dig</command> 85 <arg><option>-h</option></arg> 86 </cmdsynopsis> 87 88 <cmdsynopsis> 89 <command>dig</command> 90 <arg choice="opt" rep="repeat">global-queryopt</arg> 91 <arg choice="opt" rep="repeat">query</arg> 92 </cmdsynopsis> 93 </refsynopsisdiv> 94 95 <refsect1> 96 <title>DESCRIPTION</title> 97 <para><command>dig</command> 98 (domain information groper) is a flexible tool 99 for interrogating DNS name servers. It performs DNS lookups and 100 displays the answers that are returned from the name server(s) that 101 were queried. Most DNS administrators use <command>dig</command> to 102 troubleshoot DNS problems because of its flexibility, ease of use and 103 clarity of output. Other lookup tools tend to have less functionality 104 than <command>dig</command>. 105 </para> 106 107 <para> 108 Although <command>dig</command> is normally used with 109 command-line 110 arguments, it also has a batch mode of operation for reading lookup 111 requests from a file. A brief summary of its command-line arguments 112 and options is printed when the <option>-h</option> option is given. 113 Unlike earlier versions, the BIND 9 implementation of 114 <command>dig</command> allows multiple lookups to be issued 115 from the 116 command line. 117 </para> 118 119 <para> 120 Unless it is told to query a specific name server, 121 <command>dig</command> will try each of the servers listed in 122 <filename>/etc/resolv.conf</filename>. If no usable server addresses 123 are found, <command>dig</command> will send the query to the local 124 host. 125 </para> 126 127 <para> 128 When no command line arguments or options are given, 129 <command>dig</command> will perform an NS query for "." (the root). 130 </para> 131 132 <para> 133 It is possible to set per-user defaults for <command>dig</command> via 134 <filename>${HOME}/.digrc</filename>. This file is read and 135 any options in it 136 are applied before the command line arguments. 137 </para> 138 139 <para> 140 The IN and CH class names overlap with the IN and CH top level 141 domains names. Either use the <option>-t</option> and 142 <option>-c</option> options to specify the type and class, 143 use the <option>-q</option> the specify the domain name, or 144 use "IN." and "CH." when looking up these top level domains. 145 </para> 146 147 </refsect1> 148 149 <refsect1> 150 <title>SIMPLE USAGE</title> 151 152 <para> 153 A typical invocation of <command>dig</command> looks like: 154 <programlisting> dig @server name type </programlisting> 155 where: 156 157 <variablelist> 158 159 <varlistentry> 160 <term><constant>server</constant></term> 161 <listitem> 162 <para> 163 is the name or IP address of the name server to query. This 164 can be an IPv4 address in dotted-decimal notation or an IPv6 165 address in colon-delimited notation. When the supplied 166 <parameter>server</parameter> argument is a hostname, 167 <command>dig</command> resolves that name before querying 168 that name server. 169 </para> 170 <para> 171 If no <parameter>server</parameter> argument is 172 provided, <command>dig</command> consults 173 <filename>/etc/resolv.conf</filename>; if an 174 address is found there, it queries the name server at 175 that address. If either of the <option>-4</option> or 176 <option>-6</option> options are in use, then 177 only addresses for the corresponding transport 178 will be tried. If no usable addresses are found, 179 <command>dig</command> will send the query to the 180 local host. The reply from the name server that 181 responds is displayed. 182 </para> 183 </listitem> 184 </varlistentry> 185 186 <varlistentry> 187 <term><constant>name</constant></term> 188 <listitem> 189 <para> 190 is the name of the resource record that is to be looked up. 191 </para> 192 </listitem> 193 </varlistentry> 194 195 <varlistentry> 196 <term><constant>type</constant></term> 197 <listitem> 198 <para> 199 indicates what type of query is required — 200 ANY, A, MX, SIG, etc. 201 <parameter>type</parameter> can be any valid query 202 type. If no 203 <parameter>type</parameter> argument is supplied, 204 <command>dig</command> will perform a lookup for an 205 A record. 206 </para> 207 </listitem> 208 </varlistentry> 209 210 </variablelist> 211 </para> 212 213 </refsect1> 214 215 <refsect1> 216 <title>OPTIONS</title> 217 218 <para> 219 The <option>-b</option> option sets the source IP address of the query 220 to <parameter>address</parameter>. This must be a valid 221 address on 222 one of the host's network interfaces or "0.0.0.0" or "::". An optional 223 port 224 may be specified by appending "#<port>" 225 </para> 226 227 <para> 228 The default query class (IN for internet) is overridden by the 229 <option>-c</option> option. <parameter>class</parameter> is 230 any valid 231 class, such as HS for Hesiod records or CH for Chaosnet records. 232 </para> 233 234 <para> 235 The <option>-f</option> option makes <command>dig </command> 236 operate 237 in batch mode by reading a list of lookup requests to process from the 238 file <parameter>filename</parameter>. The file contains a 239 number of 240 queries, one per line. Each entry in the file should be organized in 241 the same way they would be presented as queries to 242 <command>dig</command> using the command-line interface. 243 </para> 244 245 <para> 246 The <option>-m</option> option enables memory usage debugging. 247 <!-- It enables ISC_MEM_DEBUGTRACE and ISC_MEM_DEBUGRECORD 248 documented in include/isc/mem.h --> 249 </para> 250 251 <para> 252 If a non-standard port number is to be queried, the 253 <option>-p</option> option is used. <parameter>port#</parameter> is 254 the port number that <command>dig</command> will send its 255 queries 256 instead of the standard DNS port number 53. This option would be used 257 to test a name server that has been configured to listen for queries 258 on a non-standard port number. 259 </para> 260 261 <para> 262 The <option>-4</option> option forces <command>dig</command> 263 to only 264 use IPv4 query transport. The <option>-6</option> option forces 265 <command>dig</command> to only use IPv6 query transport. 266 </para> 267 268 <para> 269 The <option>-t</option> option sets the query type to 270 <parameter>type</parameter>. It can be any valid query type 271 which is 272 supported in BIND 9. The default query type is "A", unless the 273 <option>-x</option> option is supplied to indicate a reverse lookup. 274 A zone transfer can be requested by specifying a type of AXFR. When 275 an incremental zone transfer (IXFR) is required, 276 <parameter>type</parameter> is set to <literal>ixfr=N</literal>. 277 The incremental zone transfer will contain the changes made to the zone 278 since the serial number in the zone's SOA record was 279 <parameter>N</parameter>. 280 </para> 281 282 <para> 283 The <option>-q</option> option sets the query name to 284 <parameter>name</parameter>. This useful do distinguish the 285 <parameter>name</parameter> from other arguments. 286 </para> 287 288 <para> 289 Reverse lookups — mapping addresses to names — are simplified by the 290 <option>-x</option> option. <parameter>addr</parameter> is 291 an IPv4 292 address in dotted-decimal notation, or a colon-delimited IPv6 address. 293 When this option is used, there is no need to provide the 294 <parameter>name</parameter>, <parameter>class</parameter> and 295 <parameter>type</parameter> arguments. <command>dig</command> 296 automatically performs a lookup for a name like 297 <literal>11.12.13.10.in-addr.arpa</literal> and sets the 298 query type and 299 class to PTR and IN respectively. By default, IPv6 addresses are 300 looked up using nibble format under the IP6.ARPA domain. 301 To use the older RFC1886 method using the IP6.INT domain 302 specify the <option>-i</option> option. Bit string labels (RFC2874) 303 are now experimental and are not attempted. 304 </para> 305 306 <para> 307 To sign the DNS queries sent by <command>dig</command> and 308 their 309 responses using transaction signatures (TSIG), specify a TSIG key file 310 using the <option>-k</option> option. You can also specify the TSIG 311 key itself on the command line using the <option>-y</option> option; 312 <parameter>hmac</parameter> is the type of the TSIG, default HMAC-MD5, 313 <parameter>name</parameter> is the name of the TSIG key and 314 <parameter>key</parameter> is the actual key. The key is a 315 base-64 316 encoded string, typically generated by 317 <citerefentry> 318 <refentrytitle>dnssec-keygen</refentrytitle><manvolnum>8</manvolnum> 319 </citerefentry>. 320 321 Caution should be taken when using the <option>-y</option> option on 322 multi-user systems as the key can be visible in the output from 323 <citerefentry> 324 <refentrytitle>ps</refentrytitle><manvolnum>1</manvolnum> 325 </citerefentry> 326 or in the shell's history file. When 327 using TSIG authentication with <command>dig</command>, the name 328 server that is queried needs to know the key and algorithm that is 329 being used. In BIND, this is done by providing appropriate 330 <command>key</command> and <command>server</command> statements in 331 <filename>named.conf</filename>. 332 </para> 333 334 </refsect1> 335 336 <refsect1> 337 <title>QUERY OPTIONS</title> 338 339 <para><command>dig</command> 340 provides a number of query options which affect 341 the way in which lookups are made and the results displayed. Some of 342 these set or reset flag bits in the query header, some determine which 343 sections of the answer get printed, and others determine the timeout 344 and retry strategies. 345 </para> 346 347 <para> 348 Each query option is identified by a keyword preceded by a plus sign 349 (<literal>+</literal>). Some keywords set or reset an 350 option. These may be preceded 351 by the string <literal>no</literal> to negate the meaning of 352 that keyword. Other 353 keywords assign values to options like the timeout interval. They 354 have the form <option>+keyword=value</option>. 355 The query options are: 356 357 <variablelist> 358 359 <varlistentry> 360 <term><option>+[no]tcp</option></term> 361 <listitem> 362 <para> 363 Use [do not use] TCP when querying name servers. The default 364 behavior is to use UDP unless an AXFR or IXFR query is 365 requested, in 366 which case a TCP connection is used. 367 </para> 368 </listitem> 369 </varlistentry> 370 371 <varlistentry> 372 <term><option>+[no]vc</option></term> 373 <listitem> 374 <para> 375 Use [do not use] TCP when querying name servers. This alternate 376 syntax to <parameter>+[no]tcp</parameter> is 377 provided for backwards 378 compatibility. The "vc" stands for "virtual circuit". 379 </para> 380 </listitem> 381 </varlistentry> 382 383 <varlistentry> 384 <term><option>+[no]ignore</option></term> 385 <listitem> 386 <para> 387 Ignore truncation in UDP responses instead of retrying with TCP. 388 By 389 default, TCP retries are performed. 390 </para> 391 </listitem> 392 </varlistentry> 393 394 <varlistentry> 395 <term><option>+domain=somename</option></term> 396 <listitem> 397 <para> 398 Set the search list to contain the single domain 399 <parameter>somename</parameter>, as if specified in 400 a 401 <command>domain</command> directive in 402 <filename>/etc/resolv.conf</filename>, and enable 403 search list 404 processing as if the <parameter>+search</parameter> 405 option were given. 406 </para> 407 </listitem> 408 </varlistentry> 409 410 <varlistentry> 411 <term><option>+[no]search</option></term> 412 <listitem> 413 <para> 414 Use [do not use] the search list defined by the searchlist or 415 domain 416 directive in <filename>resolv.conf</filename> (if 417 any). 418 The search list is not used by default. 419 </para> 420 </listitem> 421 </varlistentry> 422 423 <varlistentry> 424 <term><option>+[no]showsearch</option></term> 425 <listitem> 426 <para> 427 Perform [do not perform] a search showing intermediate 428 results. 429 </para> 430 </listitem> 431 </varlistentry> 432 433 <varlistentry> 434 <term><option>+[no]defname</option></term> 435 <listitem> 436 <para> 437 Deprecated, treated as a synonym for <parameter>+[no]search</parameter> 438 </para> 439 </listitem> 440 </varlistentry> 441 442 <varlistentry> 443 <term><option>+[no]aaonly</option></term> 444 <listitem> 445 <para> 446 Sets the "aa" flag in the query. 447 </para> 448 </listitem> 449 </varlistentry> 450 451 <varlistentry> 452 <term><option>+[no]aaflag</option></term> 453 <listitem> 454 <para> 455 A synonym for <parameter>+[no]aaonly</parameter>. 456 </para> 457 </listitem> 458 </varlistentry> 459 460 <varlistentry> 461 <term><option>+[no]adflag</option></term> 462 <listitem> 463 <para> 464 Set [do not set] the AD (authentic data) bit in the 465 query. This requests the server to return whether 466 all of the answer and authority sections have all 467 been validated as secure according to the security 468 policy of the server. AD=1 indicates that all records 469 have been validated as secure and the answer is not 470 from a OPT-OUT range. AD=0 indicate that some part 471 of the answer was insecure or not validated. This 472 bit is set by default. 473 </para> 474 </listitem> 475 </varlistentry> 476 477 <varlistentry> 478 <term><option>+[no]cdflag</option></term> 479 <listitem> 480 <para> 481 Set [do not set] the CD (checking disabled) bit in the query. 482 This 483 requests the server to not perform DNSSEC validation of 484 responses. 485 </para> 486 </listitem> 487 </varlistentry> 488 489 <varlistentry> 490 <term><option>+[no]cl</option></term> 491 <listitem> 492 <para> 493 Display [do not display] the CLASS when printing the record. 494 </para> 495 </listitem> 496 </varlistentry> 497 498 <varlistentry> 499 <term><option>+[no]ttlid</option></term> 500 <listitem> 501 <para> 502 Display [do not display] the TTL when printing the record. 503 </para> 504 </listitem> 505 </varlistentry> 506 507 <varlistentry> 508 <term><option>+[no]recurse</option></term> 509 <listitem> 510 <para> 511 Toggle the setting of the RD (recursion desired) bit 512 in the query. This bit is set by default, which means 513 <command>dig</command> normally sends recursive 514 queries. Recursion is automatically disabled when 515 the <parameter>+nssearch</parameter> or 516 <parameter>+trace</parameter> query options are used. 517 </para> 518 </listitem> 519 </varlistentry> 520 521 <varlistentry> 522 <term><option>+[no]nssearch</option></term> 523 <listitem> 524 <para> 525 When this option is set, <command>dig</command> 526 attempts to find the 527 authoritative name servers for the zone containing the name 528 being 529 looked up and display the SOA record that each name server has 530 for the 531 zone. 532 </para> 533 </listitem> 534 </varlistentry> 535 536 <varlistentry> 537 <term><option>+[no]trace</option></term> 538 <listitem> 539 <para> 540 Toggle tracing of the delegation path from the root 541 name servers for the name being looked up. Tracing 542 is disabled by default. When tracing is enabled, 543 <command>dig</command> makes iterative queries to 544 resolve the name being looked up. It will follow 545 referrals from the root servers, showing the answer 546 from each server that was used to resolve the lookup. 547 </para> 548 <para> 549 <command>+dnssec</command> is also set when +trace is 550 set to better emulate the default queries from a nameserver. 551 </para> 552 </listitem> 553 </varlistentry> 554 555 <varlistentry> 556 <term><option>+[no]cmd</option></term> 557 <listitem> 558 <para> 559 Toggles the printing of the initial comment in the output 560 identifying 561 the version of <command>dig</command> and the query 562 options that have 563 been applied. This comment is printed by default. 564 </para> 565 </listitem> 566 </varlistentry> 567 568 <varlistentry> 569 <term><option>+[no]short</option></term> 570 <listitem> 571 <para> 572 Provide a terse answer. The default is to print the answer in a 573 verbose form. 574 </para> 575 </listitem> 576 </varlistentry> 577 578 <varlistentry> 579 <term><option>+[no]identify</option></term> 580 <listitem> 581 <para> 582 Show [or do not show] the IP address and port number that 583 supplied the 584 answer when the <parameter>+short</parameter> option 585 is enabled. If 586 short form answers are requested, the default is not to show the 587 source address and port number of the server that provided the 588 answer. 589 </para> 590 </listitem> 591 </varlistentry> 592 593 <varlistentry> 594 <term><option>+[no]comments</option></term> 595 <listitem> 596 <para> 597 Toggle the display of comment lines in the output. The default 598 is to print comments. 599 </para> 600 </listitem> 601 </varlistentry> 602 603 <varlistentry> 604 <term><option>+[no]rrcomments</option></term> 605 <listitem> 606 <para> 607 Toggle the display of per-record comments in the output (for 608 example, human-readable key information about DNSKEY records). 609 The default is not to print record comments unless multiline 610 mode is active. 611 </para> 612 </listitem> 613 </varlistentry> 614 615 <varlistentry> 616 <term><option>+split=W</option></term> 617 <listitem> 618 <para> 619 Split long hex- or base64-formatted fields in resource 620 records into chunks of <parameter>W</parameter> characters 621 (where <parameter>W</parameter> is rounded up to the nearest 622 multiple of 4). 623 <parameter>+nosplit</parameter> or 624 <parameter>+split=0</parameter> causes fields not to be 625 split at all. The default is 56 characters, or 44 characters 626 when multiline mode is active. 627 </para> 628 </listitem> 629 </varlistentry> 630 631 <varlistentry> 632 <term><option>+[no]stats</option></term> 633 <listitem> 634 <para> 635 This query option toggles the printing of statistics: when the 636 query 637 was made, the size of the reply and so on. The default 638 behavior is 639 to print the query statistics. 640 </para> 641 </listitem> 642 </varlistentry> 643 644 <varlistentry> 645 <term><option>+[no]qr</option></term> 646 <listitem> 647 <para> 648 Print [do not print] the query as it is sent. 649 By default, the query is not printed. 650 </para> 651 </listitem> 652 </varlistentry> 653 654 <varlistentry> 655 <term><option>+[no]question</option></term> 656 <listitem> 657 <para> 658 Print [do not print] the question section of a query when an 659 answer is 660 returned. The default is to print the question section as a 661 comment. 662 </para> 663 </listitem> 664 </varlistentry> 665 666 <varlistentry> 667 <term><option>+[no]answer</option></term> 668 <listitem> 669 <para> 670 Display [do not display] the answer section of a reply. The 671 default 672 is to display it. 673 </para> 674 </listitem> 675 </varlistentry> 676 677 <varlistentry> 678 <term><option>+[no]authority</option></term> 679 <listitem> 680 <para> 681 Display [do not display] the authority section of a reply. The 682 default is to display it. 683 </para> 684 </listitem> 685 </varlistentry> 686 687 <varlistentry> 688 <term><option>+[no]additional</option></term> 689 <listitem> 690 <para> 691 Display [do not display] the additional section of a reply. 692 The default is to display it. 693 </para> 694 </listitem> 695 </varlistentry> 696 697 <varlistentry> 698 <term><option>+[no]all</option></term> 699 <listitem> 700 <para> 701 Set or clear all display flags. 702 </para> 703 </listitem> 704 </varlistentry> 705 706 <varlistentry> 707 <term><option>+time=T</option></term> 708 <listitem> 709 <para> 710 711 Sets the timeout for a query to 712 <parameter>T</parameter> seconds. The default 713 timeout is 5 seconds. 714 An attempt to set <parameter>T</parameter> to less 715 than 1 will result 716 in a query timeout of 1 second being applied. 717 </para> 718 </listitem> 719 </varlistentry> 720 721 <varlistentry> 722 <term><option>+tries=T</option></term> 723 <listitem> 724 <para> 725 Sets the number of times to try UDP queries to server to 726 <parameter>T</parameter> instead of the default, 3. 727 If 728 <parameter>T</parameter> is less than or equal to 729 zero, the number of 730 tries is silently rounded up to 1. 731 </para> 732 </listitem> 733 </varlistentry> 734 735 <varlistentry> 736 <term><option>+retry=T</option></term> 737 <listitem> 738 <para> 739 Sets the number of times to retry UDP queries to server to 740 <parameter>T</parameter> instead of the default, 2. 741 Unlike 742 <parameter>+tries</parameter>, this does not include 743 the initial 744 query. 745 </para> 746 </listitem> 747 </varlistentry> 748 749 <varlistentry> 750 <term><option>+ndots=D</option></term> 751 <listitem> 752 <para> 753 Set the number of dots that have to appear in 754 <parameter>name</parameter> to <parameter>D</parameter> for it to be 755 considered absolute. The default value is that defined using 756 the 757 ndots statement in <filename>/etc/resolv.conf</filename>, or 1 if no 758 ndots statement is present. Names with fewer dots are 759 interpreted as 760 relative names and will be searched for in the domains listed in 761 the 762 <option>search</option> or <option>domain</option> directive in 763 <filename>/etc/resolv.conf</filename>. 764 </para> 765 </listitem> 766 </varlistentry> 767 768 <varlistentry> 769 <term><option>+bufsize=B</option></term> 770 <listitem> 771 <para> 772 Set the UDP message buffer size advertised using EDNS0 to 773 <parameter>B</parameter> bytes. The maximum and minimum sizes 774 of this buffer are 65535 and 0 respectively. Values outside 775 this range are rounded up or down appropriately. 776 Values other than zero will cause a EDNS query to be sent. 777 </para> 778 </listitem> 779 </varlistentry> 780 781 <varlistentry> 782 <term><option>+edns=#</option></term> 783 <listitem> 784 <para> 785 Specify the EDNS version to query with. Valid values 786 are 0 to 255. Setting the EDNS version will cause 787 a EDNS query to be sent. <option>+noedns</option> 788 clears the remembered EDNS version. EDNS is set to 789 0 by default. 790 </para> 791 </listitem> 792 </varlistentry> 793 794 <varlistentry> 795 <term><option>+[no]multiline</option></term> 796 <listitem> 797 <para> 798 Print records like the SOA records in a verbose multi-line 799 format with human-readable comments. The default is to print 800 each record on a single line, to facilitate machine parsing 801 of the <command>dig</command> output. 802 </para> 803 </listitem> 804 </varlistentry> 805 806 <varlistentry> 807 <term><option>+[no]onesoa</option></term> 808 <listitem> 809 <para> 810 Print only one (starting) SOA record when performing 811 an AXFR. The default is to print both the starting and 812 ending SOA records. 813 </para> 814 </listitem> 815 </varlistentry> 816 817 <varlistentry> 818 <term><option>+[no]fail</option></term> 819 <listitem> 820 <para> 821 Do not try the next server if you receive a SERVFAIL. The 822 default is 823 to not try the next server which is the reverse of normal stub 824 resolver 825 behavior. 826 </para> 827 </listitem> 828 </varlistentry> 829 830 <varlistentry> 831 <term><option>+[no]besteffort</option></term> 832 <listitem> 833 <para> 834 Attempt to display the contents of messages which are malformed. 835 The default is to not display malformed answers. 836 </para> 837 </listitem> 838 </varlistentry> 839 840 <varlistentry> 841 <term><option>+[no]dnssec</option></term> 842 <listitem> 843 <para> 844 Requests DNSSEC records be sent by setting the DNSSEC OK bit 845 (DO) 846 in the OPT record in the additional section of the query. 847 </para> 848 </listitem> 849 </varlistentry> 850 851 <varlistentry> 852 <term><option>+[no]sigchase</option></term> 853 <listitem> 854 <para> 855 Chase DNSSEC signature chains. Requires dig be compiled with 856 -DDIG_SIGCHASE. 857 </para> 858 </listitem> 859 </varlistentry> 860 861 <varlistentry> 862 <term><option>+trusted-key=####</option></term> 863 <listitem> 864 <para> 865 Specifies a file containing trusted keys to be used with 866 <option>+sigchase</option>. Each DNSKEY record must be 867 on its own line. 868 </para> 869 <para> 870 If not specified, <command>dig</command> will look for 871 <filename>/etc/trusted-key.key</filename> then 872 <filename>trusted-key.key</filename> in the current directory. 873 </para> 874 <para> 875 Requires dig be compiled with -DDIG_SIGCHASE. 876 </para> 877 </listitem> 878 </varlistentry> 879 880 <varlistentry> 881 <term><option>+[no]topdown</option></term> 882 <listitem> 883 <para> 884 When chasing DNSSEC signature chains perform a top-down 885 validation. 886 Requires dig be compiled with -DDIG_SIGCHASE. 887 </para> 888 </listitem> 889 </varlistentry> 890 891 <varlistentry> 892 <term><option>+[no]nsid</option></term> 893 <listitem> 894 <para> 895 Include an EDNS name server ID request when sending a query. 896 </para> 897 </listitem> 898 </varlistentry> 899 900 <varlistentry> 901 <term><option>+[no]keepopen</option></term> 902 <listitem> 903 <para> 904 Keep the TCP socket open between queries and reuse it rather 905 than creating a new TCP socket for each lookup. The default 906 is <option>+nokeepopen</option>. 907 </para> 908 </listitem> 909 </varlistentry> 910 911 </variablelist> 912 913 </para> 914 </refsect1> 915 916 <refsect1> 917 <title>MULTIPLE QUERIES</title> 918 919 <para> 920 The BIND 9 implementation of <command>dig </command> 921 supports 922 specifying multiple queries on the command line (in addition to 923 supporting the <option>-f</option> batch file option). Each of those 924 queries can be supplied with its own set of flags, options and query 925 options. 926 </para> 927 928 <para> 929 In this case, each <parameter>query</parameter> argument 930 represent an 931 individual query in the command-line syntax described above. Each 932 consists of any of the standard options and flags, the name to be 933 looked up, an optional query type and class and any query options that 934 should be applied to that query. 935 </para> 936 937 <para> 938 A global set of query options, which should be applied to all queries, 939 can also be supplied. These global query options must precede the 940 first tuple of name, class, type, options, flags, and query options 941 supplied on the command line. Any global query options (except 942 the <option>+[no]cmd</option> option) can be 943 overridden by a query-specific set of query options. For example: 944 <programlisting> 945dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr 946</programlisting> 947 shows how <command>dig</command> could be used from the 948 command line 949 to make three lookups: an ANY query for <literal>www.isc.org</literal>, a 950 reverse lookup of 127.0.0.1 and a query for the NS records of 951 <literal>isc.org</literal>. 952 953 A global query option of <parameter>+qr</parameter> is 954 applied, so 955 that <command>dig</command> shows the initial query it made 956 for each 957 lookup. The final query has a local query option of 958 <parameter>+noqr</parameter> which means that <command>dig</command> 959 will not print the initial query when it looks up the NS records for 960 <literal>isc.org</literal>. 961 </para> 962 963 </refsect1> 964 965 <refsect1> 966 <title>IDN SUPPORT</title> 967 <para> 968 If <command>dig</command> has been built with IDN (internationalized 969 domain name) support, it can accept and display non-ASCII domain names. 970 <command>dig</command> appropriately converts character encoding of 971 domain name before sending a request to DNS server or displaying a 972 reply from the server. 973 If you'd like to turn off the IDN support for some reason, defines 974 the <envar>IDN_DISABLE</envar> environment variable. 975 The IDN support is disabled if the variable is set when 976 <command>dig</command> runs. 977 </para> 978 </refsect1> 979 980 <refsect1> 981 <title>FILES</title> 982 <para><filename>/etc/resolv.conf</filename> 983 </para> 984 <para><filename>${HOME}/.digrc</filename> 985 </para> 986 </refsect1> 987 988 <refsect1> 989 <title>SEE ALSO</title> 990 <para><citerefentry> 991 <refentrytitle>host</refentrytitle><manvolnum>1</manvolnum> 992 </citerefentry>, 993 <citerefentry> 994 <refentrytitle>named</refentrytitle><manvolnum>8</manvolnum> 995 </citerefentry>, 996 <citerefentry> 997 <refentrytitle>dnssec-keygen</refentrytitle><manvolnum>8</manvolnum> 998 </citerefentry>, 999 <citetitle>RFC1035</citetitle>. 1000 </para> 1001 </refsect1> 1002 1003 <refsect1> 1004 <title>BUGS</title> 1005 <para> 1006 There are probably too many query options. 1007 </para> 1008 </refsect1> 1009</refentry><!-- 1010 - Local variables: 1011 - mode: sgml 1012 - End: 1013--> 1014