1170222Sdougb<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" 2170222Sdougb "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" 3153816Sdougb [<!ENTITY mdash "—">]> 4135446Strhodes<!-- 5254897Serwin - Copyright (C) 2004-2011, 2013 Internet Systems Consortium, Inc. ("ISC") 6135446Strhodes - Copyright (C) 2000-2003 Internet Software Consortium. 7135446Strhodes - 8174187Sdougb - Permission to use, copy, modify, and/or distribute this software for any 9135446Strhodes - purpose with or without fee is hereby granted, provided that the above 10135446Strhodes - copyright notice and this permission notice appear in all copies. 11135446Strhodes - 12135446Strhodes - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH 13135446Strhodes - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY 14135446Strhodes - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, 15135446Strhodes - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM 16135446Strhodes - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE 17135446Strhodes - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR 18135446Strhodes - PERFORMANCE OF THIS SOFTWARE. 19135446Strhodes--> 20135446Strhodes 21254897Serwin<!-- $Id: dig.docbook,v 1.51 2011/11/04 11:02:50 jreed Exp $ --> 22170222Sdougb<refentry id="man.dig"> 23135446Strhodes 24170222Sdougb <refentryinfo> 25262706Serwin <date>June 30, 2000</date> 26170222Sdougb </refentryinfo> 27135446Strhodes 28170222Sdougb <refmeta> 29170222Sdougb <refentrytitle>dig</refentrytitle> 30170222Sdougb <manvolnum>1</manvolnum> 31170222Sdougb <refmiscinfo>BIND9</refmiscinfo> 32170222Sdougb </refmeta> 33135446Strhodes 34170222Sdougb <refnamediv> 35170222Sdougb <refname>dig</refname> 36170222Sdougb <refpurpose>DNS lookup utility</refpurpose> 37170222Sdougb </refnamediv> 38135446Strhodes 39153816Sdougb <docinfo> 40153816Sdougb <copyright> 41153816Sdougb <year>2004</year> 42153816Sdougb <year>2005</year> 43170222Sdougb <year>2006</year> 44170222Sdougb <year>2007</year> 45186462Sdougb <year>2008</year> 46193149Sdougb <year>2009</year> 47224092Sdougb <year>2010</year> 48254897Serwin <year>2011</year> 49254402Serwin <year>2013</year> 50153816Sdougb <holder>Internet Systems Consortium, Inc. ("ISC")</holder> 51153816Sdougb </copyright> 52153816Sdougb <copyright> 53153816Sdougb <year>2000</year> 54153816Sdougb <year>2001</year> 55153816Sdougb <year>2002</year> 56153816Sdougb <year>2003</year> 57153816Sdougb <holder>Internet Software Consortium.</holder> 58153816Sdougb </copyright> 59153816Sdougb </docinfo> 60153816Sdougb 61170222Sdougb <refsynopsisdiv> 62170222Sdougb <cmdsynopsis> 63170222Sdougb <command>dig</command> 64170222Sdougb <arg choice="opt">@server</arg> 65170222Sdougb <arg><option>-b <replaceable class="parameter">address</replaceable></option></arg> 66170222Sdougb <arg><option>-c <replaceable class="parameter">class</replaceable></option></arg> 67170222Sdougb <arg><option>-f <replaceable class="parameter">filename</replaceable></option></arg> 68170222Sdougb <arg><option>-k <replaceable class="parameter">filename</replaceable></option></arg> 69186462Sdougb <arg><option>-m</option></arg> 70170222Sdougb <arg><option>-p <replaceable class="parameter">port#</replaceable></option></arg> 71170222Sdougb <arg><option>-q <replaceable class="parameter">name</replaceable></option></arg> 72170222Sdougb <arg><option>-t <replaceable class="parameter">type</replaceable></option></arg> 73170222Sdougb <arg><option>-x <replaceable class="parameter">addr</replaceable></option></arg> 74170222Sdougb <arg><option>-y <replaceable class="parameter"><optional>hmac:</optional>name:key</replaceable></option></arg> 75170222Sdougb <arg><option>-4</option></arg> 76170222Sdougb <arg><option>-6</option></arg> 77170222Sdougb <arg choice="opt">name</arg> 78170222Sdougb <arg choice="opt">type</arg> 79170222Sdougb <arg choice="opt">class</arg> 80170222Sdougb <arg choice="opt" rep="repeat">queryopt</arg> 81170222Sdougb </cmdsynopsis> 82135446Strhodes 83170222Sdougb <cmdsynopsis> 84170222Sdougb <command>dig</command> 85170222Sdougb <arg><option>-h</option></arg> 86170222Sdougb </cmdsynopsis> 87135446Strhodes 88170222Sdougb <cmdsynopsis> 89170222Sdougb <command>dig</command> 90170222Sdougb <arg choice="opt" rep="repeat">global-queryopt</arg> 91170222Sdougb <arg choice="opt" rep="repeat">query</arg> 92170222Sdougb </cmdsynopsis> 93170222Sdougb </refsynopsisdiv> 94135446Strhodes 95170222Sdougb <refsect1> 96170222Sdougb <title>DESCRIPTION</title> 97170222Sdougb <para><command>dig</command> 98170222Sdougb (domain information groper) is a flexible tool 99170222Sdougb for interrogating DNS name servers. It performs DNS lookups and 100170222Sdougb displays the answers that are returned from the name server(s) that 101170222Sdougb were queried. Most DNS administrators use <command>dig</command> to 102170222Sdougb troubleshoot DNS problems because of its flexibility, ease of use and 103170222Sdougb clarity of output. Other lookup tools tend to have less functionality 104170222Sdougb than <command>dig</command>. 105170222Sdougb </para> 106135446Strhodes 107170222Sdougb <para> 108170222Sdougb Although <command>dig</command> is normally used with 109170222Sdougb command-line 110170222Sdougb arguments, it also has a batch mode of operation for reading lookup 111170222Sdougb requests from a file. A brief summary of its command-line arguments 112170222Sdougb and options is printed when the <option>-h</option> option is given. 113174187Sdougb Unlike earlier versions, the BIND 9 implementation of 114170222Sdougb <command>dig</command> allows multiple lookups to be issued 115170222Sdougb from the 116170222Sdougb command line. 117170222Sdougb </para> 118135446Strhodes 119170222Sdougb <para> 120170222Sdougb Unless it is told to query a specific name server, 121254402Serwin <command>dig</command> will try each of the servers listed in 122262706Serwin <filename>/etc/resolv.conf</filename>. If no usable server addresses 123254402Serwin are found, <command>dig</command> will send the query to the local 124254402Serwin host. 125170222Sdougb </para> 126135446Strhodes 127170222Sdougb <para> 128186462Sdougb When no command line arguments or options are given, 129186462Sdougb <command>dig</command> will perform an NS query for "." (the root). 130170222Sdougb </para> 131135446Strhodes 132170222Sdougb <para> 133170222Sdougb It is possible to set per-user defaults for <command>dig</command> via 134170222Sdougb <filename>${HOME}/.digrc</filename>. This file is read and 135170222Sdougb any options in it 136170222Sdougb are applied before the command line arguments. 137170222Sdougb </para> 138135446Strhodes 139170222Sdougb <para> 140170222Sdougb The IN and CH class names overlap with the IN and CH top level 141170222Sdougb domains names. Either use the <option>-t</option> and 142186462Sdougb <option>-c</option> options to specify the type and class, 143186462Sdougb use the <option>-q</option> the specify the domain name, or 144170222Sdougb use "IN." and "CH." when looking up these top level domains. 145170222Sdougb </para> 146135446Strhodes 147170222Sdougb </refsect1> 148135446Strhodes 149170222Sdougb <refsect1> 150170222Sdougb <title>SIMPLE USAGE</title> 151135446Strhodes 152170222Sdougb <para> 153170222Sdougb A typical invocation of <command>dig</command> looks like: 154170222Sdougb <programlisting> dig @server name type </programlisting> 155170222Sdougb where: 156135446Strhodes 157170222Sdougb <variablelist> 158135446Strhodes 159170222Sdougb <varlistentry> 160170222Sdougb <term><constant>server</constant></term> 161170222Sdougb <listitem> 162170222Sdougb <para> 163254402Serwin is the name or IP address of the name server to query. This 164254402Serwin can be an IPv4 address in dotted-decimal notation or an IPv6 165170222Sdougb address in colon-delimited notation. When the supplied 166254402Serwin <parameter>server</parameter> argument is a hostname, 167254402Serwin <command>dig</command> resolves that name before querying 168254402Serwin that name server. 169170222Sdougb </para> 170254402Serwin <para> 171254402Serwin If no <parameter>server</parameter> argument is 172254402Serwin provided, <command>dig</command> consults 173254402Serwin <filename>/etc/resolv.conf</filename>; if an 174254402Serwin address is found there, it queries the name server at 175254402Serwin that address. If either of the <option>-4</option> or 176254402Serwin <option>-6</option> options are in use, then 177254402Serwin only addresses for the corresponding transport 178254402Serwin will be tried. If no usable addresses are found, 179254402Serwin <command>dig</command> will send the query to the 180254402Serwin local host. The reply from the name server that 181254402Serwin responds is displayed. 182254402Serwin </para> 183170222Sdougb </listitem> 184170222Sdougb </varlistentry> 185135446Strhodes 186170222Sdougb <varlistentry> 187170222Sdougb <term><constant>name</constant></term> 188170222Sdougb <listitem> 189170222Sdougb <para> 190170222Sdougb is the name of the resource record that is to be looked up. 191170222Sdougb </para> 192170222Sdougb </listitem> 193170222Sdougb </varlistentry> 194135446Strhodes 195170222Sdougb <varlistentry> 196170222Sdougb <term><constant>type</constant></term> 197170222Sdougb <listitem> 198170222Sdougb <para> 199170222Sdougb indicates what type of query is required — 200170222Sdougb ANY, A, MX, SIG, etc. 201170222Sdougb <parameter>type</parameter> can be any valid query 202170222Sdougb type. If no 203170222Sdougb <parameter>type</parameter> argument is supplied, 204170222Sdougb <command>dig</command> will perform a lookup for an 205170222Sdougb A record. 206170222Sdougb </para> 207170222Sdougb </listitem> 208170222Sdougb </varlistentry> 209135446Strhodes 210170222Sdougb </variablelist> 211170222Sdougb </para> 212135446Strhodes 213170222Sdougb </refsect1> 214135446Strhodes 215170222Sdougb <refsect1> 216170222Sdougb <title>OPTIONS</title> 217135446Strhodes 218170222Sdougb <para> 219170222Sdougb The <option>-b</option> option sets the source IP address of the query 220170222Sdougb to <parameter>address</parameter>. This must be a valid 221170222Sdougb address on 222170222Sdougb one of the host's network interfaces or "0.0.0.0" or "::". An optional 223170222Sdougb port 224170222Sdougb may be specified by appending "#<port>" 225170222Sdougb </para> 226135446Strhodes 227170222Sdougb <para> 228170222Sdougb The default query class (IN for internet) is overridden by the 229170222Sdougb <option>-c</option> option. <parameter>class</parameter> is 230170222Sdougb any valid 231174187Sdougb class, such as HS for Hesiod records or CH for Chaosnet records. 232170222Sdougb </para> 233135446Strhodes 234170222Sdougb <para> 235170222Sdougb The <option>-f</option> option makes <command>dig </command> 236170222Sdougb operate 237170222Sdougb in batch mode by reading a list of lookup requests to process from the 238170222Sdougb file <parameter>filename</parameter>. The file contains a 239170222Sdougb number of 240174187Sdougb queries, one per line. Each entry in the file should be organized in 241170222Sdougb the same way they would be presented as queries to 242170222Sdougb <command>dig</command> using the command-line interface. 243170222Sdougb </para> 244135446Strhodes 245170222Sdougb <para> 246186462Sdougb The <option>-m</option> option enables memory usage debugging. 247186462Sdougb <!-- It enables ISC_MEM_DEBUGTRACE and ISC_MEM_DEBUGRECORD 248186462Sdougb documented in include/isc/mem.h --> 249186462Sdougb </para> 250186462Sdougb 251186462Sdougb <para> 252170222Sdougb If a non-standard port number is to be queried, the 253170222Sdougb <option>-p</option> option is used. <parameter>port#</parameter> is 254170222Sdougb the port number that <command>dig</command> will send its 255170222Sdougb queries 256170222Sdougb instead of the standard DNS port number 53. This option would be used 257170222Sdougb to test a name server that has been configured to listen for queries 258170222Sdougb on a non-standard port number. 259170222Sdougb </para> 260135446Strhodes 261170222Sdougb <para> 262170222Sdougb The <option>-4</option> option forces <command>dig</command> 263170222Sdougb to only 264170222Sdougb use IPv4 query transport. The <option>-6</option> option forces 265170222Sdougb <command>dig</command> to only use IPv6 query transport. 266170222Sdougb </para> 267135446Strhodes 268170222Sdougb <para> 269170222Sdougb The <option>-t</option> option sets the query type to 270170222Sdougb <parameter>type</parameter>. It can be any valid query type 271170222Sdougb which is 272174187Sdougb supported in BIND 9. The default query type is "A", unless the 273170222Sdougb <option>-x</option> option is supplied to indicate a reverse lookup. 274170222Sdougb A zone transfer can be requested by specifying a type of AXFR. When 275170222Sdougb an incremental zone transfer (IXFR) is required, 276170222Sdougb <parameter>type</parameter> is set to <literal>ixfr=N</literal>. 277170222Sdougb The incremental zone transfer will contain the changes made to the zone 278170222Sdougb since the serial number in the zone's SOA record was 279170222Sdougb <parameter>N</parameter>. 280170222Sdougb </para> 281135446Strhodes 282170222Sdougb <para> 283170222Sdougb The <option>-q</option> option sets the query name to 284174187Sdougb <parameter>name</parameter>. This useful do distinguish the 285170222Sdougb <parameter>name</parameter> from other arguments. 286170222Sdougb </para> 287135446Strhodes 288170222Sdougb <para> 289174187Sdougb Reverse lookups — mapping addresses to names — are simplified by the 290170222Sdougb <option>-x</option> option. <parameter>addr</parameter> is 291170222Sdougb an IPv4 292170222Sdougb address in dotted-decimal notation, or a colon-delimited IPv6 address. 293170222Sdougb When this option is used, there is no need to provide the 294170222Sdougb <parameter>name</parameter>, <parameter>class</parameter> and 295170222Sdougb <parameter>type</parameter> arguments. <command>dig</command> 296170222Sdougb automatically performs a lookup for a name like 297170222Sdougb <literal>11.12.13.10.in-addr.arpa</literal> and sets the 298170222Sdougb query type and 299170222Sdougb class to PTR and IN respectively. By default, IPv6 addresses are 300170222Sdougb looked up using nibble format under the IP6.ARPA domain. 301170222Sdougb To use the older RFC1886 method using the IP6.INT domain 302170222Sdougb specify the <option>-i</option> option. Bit string labels (RFC2874) 303170222Sdougb are now experimental and are not attempted. 304170222Sdougb </para> 305135446Strhodes 306170222Sdougb <para> 307170222Sdougb To sign the DNS queries sent by <command>dig</command> and 308170222Sdougb their 309170222Sdougb responses using transaction signatures (TSIG), specify a TSIG key file 310170222Sdougb using the <option>-k</option> option. You can also specify the TSIG 311170222Sdougb key itself on the command line using the <option>-y</option> option; 312170222Sdougb <parameter>hmac</parameter> is the type of the TSIG, default HMAC-MD5, 313170222Sdougb <parameter>name</parameter> is the name of the TSIG key and 314170222Sdougb <parameter>key</parameter> is the actual key. The key is a 315170222Sdougb base-64 316170222Sdougb encoded string, typically generated by 317170222Sdougb <citerefentry> 318170222Sdougb <refentrytitle>dnssec-keygen</refentrytitle><manvolnum>8</manvolnum> 319170222Sdougb </citerefentry>. 320135446Strhodes 321170222Sdougb Caution should be taken when using the <option>-y</option> option on 322170222Sdougb multi-user systems as the key can be visible in the output from 323170222Sdougb <citerefentry> 324170222Sdougb <refentrytitle>ps</refentrytitle><manvolnum>1</manvolnum> 325170222Sdougb </citerefentry> 326170222Sdougb or in the shell's history file. When 327170222Sdougb using TSIG authentication with <command>dig</command>, the name 328170222Sdougb server that is queried needs to know the key and algorithm that is 329170222Sdougb being used. In BIND, this is done by providing appropriate 330170222Sdougb <command>key</command> and <command>server</command> statements in 331170222Sdougb <filename>named.conf</filename>. 332170222Sdougb </para> 333135446Strhodes 334170222Sdougb </refsect1> 335135446Strhodes 336170222Sdougb <refsect1> 337170222Sdougb <title>QUERY OPTIONS</title> 338135446Strhodes 339170222Sdougb <para><command>dig</command> 340170222Sdougb provides a number of query options which affect 341170222Sdougb the way in which lookups are made and the results displayed. Some of 342170222Sdougb these set or reset flag bits in the query header, some determine which 343170222Sdougb sections of the answer get printed, and others determine the timeout 344170222Sdougb and retry strategies. 345170222Sdougb </para> 346135446Strhodes 347170222Sdougb <para> 348170222Sdougb Each query option is identified by a keyword preceded by a plus sign 349170222Sdougb (<literal>+</literal>). Some keywords set or reset an 350170222Sdougb option. These may be preceded 351170222Sdougb by the string <literal>no</literal> to negate the meaning of 352170222Sdougb that keyword. Other 353170222Sdougb keywords assign values to options like the timeout interval. They 354170222Sdougb have the form <option>+keyword=value</option>. 355170222Sdougb The query options are: 356135446Strhodes 357170222Sdougb <variablelist> 358135446Strhodes 359170222Sdougb <varlistentry> 360170222Sdougb <term><option>+[no]tcp</option></term> 361170222Sdougb <listitem> 362170222Sdougb <para> 363170222Sdougb Use [do not use] TCP when querying name servers. The default 364174187Sdougb behavior is to use UDP unless an AXFR or IXFR query is 365170222Sdougb requested, in 366170222Sdougb which case a TCP connection is used. 367170222Sdougb </para> 368170222Sdougb </listitem> 369170222Sdougb </varlistentry> 370135446Strhodes 371170222Sdougb <varlistentry> 372170222Sdougb <term><option>+[no]vc</option></term> 373170222Sdougb <listitem> 374170222Sdougb <para> 375170222Sdougb Use [do not use] TCP when querying name servers. This alternate 376170222Sdougb syntax to <parameter>+[no]tcp</parameter> is 377170222Sdougb provided for backwards 378170222Sdougb compatibility. The "vc" stands for "virtual circuit". 379170222Sdougb </para> 380170222Sdougb </listitem> 381170222Sdougb </varlistentry> 382135446Strhodes 383170222Sdougb <varlistentry> 384170222Sdougb <term><option>+[no]ignore</option></term> 385170222Sdougb <listitem> 386170222Sdougb <para> 387170222Sdougb Ignore truncation in UDP responses instead of retrying with TCP. 388170222Sdougb By 389170222Sdougb default, TCP retries are performed. 390170222Sdougb </para> 391170222Sdougb </listitem> 392170222Sdougb </varlistentry> 393135446Strhodes 394170222Sdougb <varlistentry> 395170222Sdougb <term><option>+domain=somename</option></term> 396170222Sdougb <listitem> 397170222Sdougb <para> 398170222Sdougb Set the search list to contain the single domain 399170222Sdougb <parameter>somename</parameter>, as if specified in 400170222Sdougb a 401170222Sdougb <command>domain</command> directive in 402170222Sdougb <filename>/etc/resolv.conf</filename>, and enable 403170222Sdougb search list 404170222Sdougb processing as if the <parameter>+search</parameter> 405170222Sdougb option were given. 406170222Sdougb </para> 407170222Sdougb </listitem> 408170222Sdougb </varlistentry> 409135446Strhodes 410170222Sdougb <varlistentry> 411170222Sdougb <term><option>+[no]search</option></term> 412170222Sdougb <listitem> 413170222Sdougb <para> 414170222Sdougb Use [do not use] the search list defined by the searchlist or 415170222Sdougb domain 416170222Sdougb directive in <filename>resolv.conf</filename> (if 417170222Sdougb any). 418170222Sdougb The search list is not used by default. 419170222Sdougb </para> 420170222Sdougb </listitem> 421170222Sdougb </varlistentry> 422135446Strhodes 423170222Sdougb <varlistentry> 424170222Sdougb <term><option>+[no]showsearch</option></term> 425170222Sdougb <listitem> 426170222Sdougb <para> 427170222Sdougb Perform [do not perform] a search showing intermediate 428170222Sdougb results. 429170222Sdougb </para> 430170222Sdougb </listitem> 431170222Sdougb </varlistentry> 432135446Strhodes 433170222Sdougb <varlistentry> 434170222Sdougb <term><option>+[no]defname</option></term> 435170222Sdougb <listitem> 436170222Sdougb <para> 437170222Sdougb Deprecated, treated as a synonym for <parameter>+[no]search</parameter> 438170222Sdougb </para> 439170222Sdougb </listitem> 440170222Sdougb </varlistentry> 441135446Strhodes 442170222Sdougb <varlistentry> 443170222Sdougb <term><option>+[no]aaonly</option></term> 444170222Sdougb <listitem> 445170222Sdougb <para> 446170222Sdougb Sets the "aa" flag in the query. 447170222Sdougb </para> 448170222Sdougb </listitem> 449170222Sdougb </varlistentry> 450135446Strhodes 451170222Sdougb <varlistentry> 452170222Sdougb <term><option>+[no]aaflag</option></term> 453170222Sdougb <listitem> 454170222Sdougb <para> 455170222Sdougb A synonym for <parameter>+[no]aaonly</parameter>. 456170222Sdougb </para> 457170222Sdougb </listitem> 458170222Sdougb </varlistentry> 459135446Strhodes 460170222Sdougb <varlistentry> 461170222Sdougb <term><option>+[no]adflag</option></term> 462193149Sdougb <listitem> 463193149Sdougb <para> 464193149Sdougb Set [do not set] the AD (authentic data) bit in the 465193149Sdougb query. This requests the server to return whether 466193149Sdougb all of the answer and authority sections have all 467193149Sdougb been validated as secure according to the security 468193149Sdougb policy of the server. AD=1 indicates that all records 469193149Sdougb have been validated as secure and the answer is not 470193149Sdougb from a OPT-OUT range. AD=0 indicate that some part 471254897Serwin of the answer was insecure or not validated. This 472254897Serwin bit is set by default. 473193149Sdougb </para> 474193149Sdougb </listitem> 475193149Sdougb </varlistentry> 476135446Strhodes 477170222Sdougb <varlistentry> 478170222Sdougb <term><option>+[no]cdflag</option></term> 479170222Sdougb <listitem> 480170222Sdougb <para> 481170222Sdougb Set [do not set] the CD (checking disabled) bit in the query. 482170222Sdougb This 483170222Sdougb requests the server to not perform DNSSEC validation of 484170222Sdougb responses. 485170222Sdougb </para> 486170222Sdougb </listitem> 487170222Sdougb </varlistentry> 488135446Strhodes 489170222Sdougb <varlistentry> 490170222Sdougb <term><option>+[no]cl</option></term> 491170222Sdougb <listitem> 492170222Sdougb <para> 493170222Sdougb Display [do not display] the CLASS when printing the record. 494170222Sdougb </para> 495170222Sdougb </listitem> 496170222Sdougb </varlistentry> 497135446Strhodes 498170222Sdougb <varlistentry> 499170222Sdougb <term><option>+[no]ttlid</option></term> 500170222Sdougb <listitem> 501170222Sdougb <para> 502170222Sdougb Display [do not display] the TTL when printing the record. 503170222Sdougb </para> 504170222Sdougb </listitem> 505170222Sdougb </varlistentry> 506135446Strhodes 507170222Sdougb <varlistentry> 508170222Sdougb <term><option>+[no]recurse</option></term> 509254897Serwin <listitem> 510254897Serwin <para> 511254897Serwin Toggle the setting of the RD (recursion desired) bit 512254897Serwin in the query. This bit is set by default, which means 513254897Serwin <command>dig</command> normally sends recursive 514254897Serwin queries. Recursion is automatically disabled when 515254897Serwin the <parameter>+nssearch</parameter> or 516254897Serwin <parameter>+trace</parameter> query options are used. 517254897Serwin </para> 518254897Serwin </listitem> 519254897Serwin </varlistentry> 520135446Strhodes 521170222Sdougb <varlistentry> 522170222Sdougb <term><option>+[no]nssearch</option></term> 523170222Sdougb <listitem> 524170222Sdougb <para> 525170222Sdougb When this option is set, <command>dig</command> 526170222Sdougb attempts to find the 527170222Sdougb authoritative name servers for the zone containing the name 528170222Sdougb being 529170222Sdougb looked up and display the SOA record that each name server has 530170222Sdougb for the 531170222Sdougb zone. 532170222Sdougb </para> 533170222Sdougb </listitem> 534170222Sdougb </varlistentry> 535135446Strhodes 536170222Sdougb <varlistentry> 537170222Sdougb <term><option>+[no]trace</option></term> 538170222Sdougb <listitem> 539254897Serwin <para> 540254897Serwin Toggle tracing of the delegation path from the root 541254897Serwin name servers for the name being looked up. Tracing 542254897Serwin is disabled by default. When tracing is enabled, 543254897Serwin <command>dig</command> makes iterative queries to 544254897Serwin resolve the name being looked up. It will follow 545254897Serwin referrals from the root servers, showing the answer 546254897Serwin from each server that was used to resolve the lookup. 547254897Serwin </para> 548254897Serwin <para> 549254897Serwin <command>+dnssec</command> is also set when +trace is 550254897Serwin set to better emulate the default queries from a nameserver. 551254897Serwin </para> 552254897Serwin </listitem> 553254897Serwin </varlistentry> 554135446Strhodes 555170222Sdougb <varlistentry> 556170222Sdougb <term><option>+[no]cmd</option></term> 557170222Sdougb <listitem> 558170222Sdougb <para> 559174187Sdougb Toggles the printing of the initial comment in the output 560170222Sdougb identifying 561170222Sdougb the version of <command>dig</command> and the query 562170222Sdougb options that have 563170222Sdougb been applied. This comment is printed by default. 564170222Sdougb </para> 565170222Sdougb </listitem> 566170222Sdougb </varlistentry> 567135446Strhodes 568170222Sdougb <varlistentry> 569170222Sdougb <term><option>+[no]short</option></term> 570170222Sdougb <listitem> 571170222Sdougb <para> 572170222Sdougb Provide a terse answer. The default is to print the answer in a 573170222Sdougb verbose form. 574170222Sdougb </para> 575170222Sdougb </listitem> 576170222Sdougb </varlistentry> 577135446Strhodes 578170222Sdougb <varlistentry> 579170222Sdougb <term><option>+[no]identify</option></term> 580170222Sdougb <listitem> 581170222Sdougb <para> 582170222Sdougb Show [or do not show] the IP address and port number that 583170222Sdougb supplied the 584170222Sdougb answer when the <parameter>+short</parameter> option 585170222Sdougb is enabled. If 586170222Sdougb short form answers are requested, the default is not to show the 587170222Sdougb source address and port number of the server that provided the 588170222Sdougb answer. 589170222Sdougb </para> 590170222Sdougb </listitem> 591170222Sdougb </varlistentry> 592135446Strhodes 593170222Sdougb <varlistentry> 594170222Sdougb <term><option>+[no]comments</option></term> 595170222Sdougb <listitem> 596170222Sdougb <para> 597170222Sdougb Toggle the display of comment lines in the output. The default 598254897Serwin is to print comments. 599170222Sdougb </para> 600170222Sdougb </listitem> 601170222Sdougb </varlistentry> 602135446Strhodes 603170222Sdougb <varlistentry> 604254897Serwin <term><option>+[no]rrcomments</option></term> 605254897Serwin <listitem> 606254897Serwin <para> 607254897Serwin Toggle the display of per-record comments in the output (for 608254897Serwin example, human-readable key information about DNSKEY records). 609254897Serwin The default is not to print record comments unless multiline 610254897Serwin mode is active. 611254897Serwin </para> 612254897Serwin </listitem> 613254897Serwin </varlistentry> 614254897Serwin 615254897Serwin <varlistentry> 616254897Serwin <term><option>+split=W</option></term> 617254897Serwin <listitem> 618254897Serwin <para> 619254897Serwin Split long hex- or base64-formatted fields in resource 620254897Serwin records into chunks of <parameter>W</parameter> characters 621254897Serwin (where <parameter>W</parameter> is rounded up to the nearest 622254897Serwin multiple of 4). 623254897Serwin <parameter>+nosplit</parameter> or 624254897Serwin <parameter>+split=0</parameter> causes fields not to be 625254897Serwin split at all. The default is 56 characters, or 44 characters 626254897Serwin when multiline mode is active. 627254897Serwin </para> 628254897Serwin </listitem> 629254897Serwin </varlistentry> 630254897Serwin 631254897Serwin <varlistentry> 632170222Sdougb <term><option>+[no]stats</option></term> 633170222Sdougb <listitem> 634170222Sdougb <para> 635170222Sdougb This query option toggles the printing of statistics: when the 636170222Sdougb query 637170222Sdougb was made, the size of the reply and so on. The default 638174187Sdougb behavior is 639170222Sdougb to print the query statistics. 640170222Sdougb </para> 641170222Sdougb </listitem> 642170222Sdougb </varlistentry> 643135446Strhodes 644170222Sdougb <varlistentry> 645170222Sdougb <term><option>+[no]qr</option></term> 646170222Sdougb <listitem> 647170222Sdougb <para> 648170222Sdougb Print [do not print] the query as it is sent. 649170222Sdougb By default, the query is not printed. 650170222Sdougb </para> 651170222Sdougb </listitem> 652170222Sdougb </varlistentry> 653135446Strhodes 654170222Sdougb <varlistentry> 655170222Sdougb <term><option>+[no]question</option></term> 656170222Sdougb <listitem> 657170222Sdougb <para> 658170222Sdougb Print [do not print] the question section of a query when an 659170222Sdougb answer is 660170222Sdougb returned. The default is to print the question section as a 661170222Sdougb comment. 662170222Sdougb </para> 663170222Sdougb </listitem> 664170222Sdougb </varlistentry> 665135446Strhodes 666170222Sdougb <varlistentry> 667170222Sdougb <term><option>+[no]answer</option></term> 668170222Sdougb <listitem> 669170222Sdougb <para> 670170222Sdougb Display [do not display] the answer section of a reply. The 671170222Sdougb default 672170222Sdougb is to display it. 673170222Sdougb </para> 674170222Sdougb </listitem> 675170222Sdougb </varlistentry> 676135446Strhodes 677170222Sdougb <varlistentry> 678170222Sdougb <term><option>+[no]authority</option></term> 679170222Sdougb <listitem> 680170222Sdougb <para> 681170222Sdougb Display [do not display] the authority section of a reply. The 682170222Sdougb default is to display it. 683170222Sdougb </para> 684170222Sdougb </listitem> 685170222Sdougb </varlistentry> 686135446Strhodes 687170222Sdougb <varlistentry> 688170222Sdougb <term><option>+[no]additional</option></term> 689170222Sdougb <listitem> 690170222Sdougb <para> 691170222Sdougb Display [do not display] the additional section of a reply. 692170222Sdougb The default is to display it. 693170222Sdougb </para> 694170222Sdougb </listitem> 695170222Sdougb </varlistentry> 696135446Strhodes 697170222Sdougb <varlistentry> 698170222Sdougb <term><option>+[no]all</option></term> 699170222Sdougb <listitem> 700170222Sdougb <para> 701170222Sdougb Set or clear all display flags. 702170222Sdougb </para> 703170222Sdougb </listitem> 704170222Sdougb </varlistentry> 705135446Strhodes 706170222Sdougb <varlistentry> 707170222Sdougb <term><option>+time=T</option></term> 708170222Sdougb <listitem> 709170222Sdougb <para> 710135446Strhodes 711170222Sdougb Sets the timeout for a query to 712174187Sdougb <parameter>T</parameter> seconds. The default 713174187Sdougb timeout is 5 seconds. 714170222Sdougb An attempt to set <parameter>T</parameter> to less 715170222Sdougb than 1 will result 716170222Sdougb in a query timeout of 1 second being applied. 717170222Sdougb </para> 718170222Sdougb </listitem> 719170222Sdougb </varlistentry> 720135446Strhodes 721170222Sdougb <varlistentry> 722170222Sdougb <term><option>+tries=T</option></term> 723170222Sdougb <listitem> 724170222Sdougb <para> 725170222Sdougb Sets the number of times to try UDP queries to server to 726170222Sdougb <parameter>T</parameter> instead of the default, 3. 727170222Sdougb If 728170222Sdougb <parameter>T</parameter> is less than or equal to 729170222Sdougb zero, the number of 730170222Sdougb tries is silently rounded up to 1. 731170222Sdougb </para> 732170222Sdougb </listitem> 733170222Sdougb </varlistentry> 734135446Strhodes 735170222Sdougb <varlistentry> 736170222Sdougb <term><option>+retry=T</option></term> 737170222Sdougb <listitem> 738170222Sdougb <para> 739170222Sdougb Sets the number of times to retry UDP queries to server to 740170222Sdougb <parameter>T</parameter> instead of the default, 2. 741170222Sdougb Unlike 742170222Sdougb <parameter>+tries</parameter>, this does not include 743170222Sdougb the initial 744170222Sdougb query. 745170222Sdougb </para> 746170222Sdougb </listitem> 747170222Sdougb </varlistentry> 748135446Strhodes 749170222Sdougb <varlistentry> 750170222Sdougb <term><option>+ndots=D</option></term> 751170222Sdougb <listitem> 752170222Sdougb <para> 753170222Sdougb Set the number of dots that have to appear in 754170222Sdougb <parameter>name</parameter> to <parameter>D</parameter> for it to be 755170222Sdougb considered absolute. The default value is that defined using 756170222Sdougb the 757170222Sdougb ndots statement in <filename>/etc/resolv.conf</filename>, or 1 if no 758170222Sdougb ndots statement is present. Names with fewer dots are 759170222Sdougb interpreted as 760170222Sdougb relative names and will be searched for in the domains listed in 761170222Sdougb the 762170222Sdougb <option>search</option> or <option>domain</option> directive in 763170222Sdougb <filename>/etc/resolv.conf</filename>. 764170222Sdougb </para> 765170222Sdougb </listitem> 766170222Sdougb </varlistentry> 767135446Strhodes 768170222Sdougb <varlistentry> 769170222Sdougb <term><option>+bufsize=B</option></term> 770170222Sdougb <listitem> 771170222Sdougb <para> 772170222Sdougb Set the UDP message buffer size advertised using EDNS0 to 773170222Sdougb <parameter>B</parameter> bytes. The maximum and minimum sizes 774170222Sdougb of this buffer are 65535 and 0 respectively. Values outside 775170222Sdougb this range are rounded up or down appropriately. 776170222Sdougb Values other than zero will cause a EDNS query to be sent. 777170222Sdougb </para> 778170222Sdougb </listitem> 779170222Sdougb </varlistentry> 780135446Strhodes 781170222Sdougb <varlistentry> 782170222Sdougb <term><option>+edns=#</option></term> 783170222Sdougb <listitem> 784170222Sdougb <para> 785170222Sdougb Specify the EDNS version to query with. Valid values 786254897Serwin are 0 to 255. Setting the EDNS version will cause 787254897Serwin a EDNS query to be sent. <option>+noedns</option> 788254897Serwin clears the remembered EDNS version. EDNS is set to 789254897Serwin 0 by default. 790170222Sdougb </para> 791170222Sdougb </listitem> 792170222Sdougb </varlistentry> 793135446Strhodes 794170222Sdougb <varlistentry> 795170222Sdougb <term><option>+[no]multiline</option></term> 796170222Sdougb <listitem> 797170222Sdougb <para> 798170222Sdougb Print records like the SOA records in a verbose multi-line 799170222Sdougb format with human-readable comments. The default is to print 800170222Sdougb each record on a single line, to facilitate machine parsing 801170222Sdougb of the <command>dig</command> output. 802170222Sdougb </para> 803170222Sdougb </listitem> 804170222Sdougb </varlistentry> 805135446Strhodes 806224092Sdougb <varlistentry> 807224092Sdougb <term><option>+[no]onesoa</option></term> 808224092Sdougb <listitem> 809224092Sdougb <para> 810224092Sdougb Print only one (starting) SOA record when performing 811224092Sdougb an AXFR. The default is to print both the starting and 812224092Sdougb ending SOA records. 813224092Sdougb </para> 814224092Sdougb </listitem> 815224092Sdougb </varlistentry> 816224092Sdougb 817170222Sdougb <varlistentry> 818170222Sdougb <term><option>+[no]fail</option></term> 819170222Sdougb <listitem> 820170222Sdougb <para> 821170222Sdougb Do not try the next server if you receive a SERVFAIL. The 822170222Sdougb default is 823170222Sdougb to not try the next server which is the reverse of normal stub 824170222Sdougb resolver 825174187Sdougb behavior. 826170222Sdougb </para> 827170222Sdougb </listitem> 828170222Sdougb </varlistentry> 829135446Strhodes 830170222Sdougb <varlistentry> 831170222Sdougb <term><option>+[no]besteffort</option></term> 832170222Sdougb <listitem> 833170222Sdougb <para> 834170222Sdougb Attempt to display the contents of messages which are malformed. 835170222Sdougb The default is to not display malformed answers. 836170222Sdougb </para> 837170222Sdougb </listitem> 838170222Sdougb </varlistentry> 839170222Sdougb 840170222Sdougb <varlistentry> 841170222Sdougb <term><option>+[no]dnssec</option></term> 842170222Sdougb <listitem> 843170222Sdougb <para> 844170222Sdougb Requests DNSSEC records be sent by setting the DNSSEC OK bit 845170222Sdougb (DO) 846170222Sdougb in the OPT record in the additional section of the query. 847170222Sdougb </para> 848170222Sdougb </listitem> 849170222Sdougb </varlistentry> 850170222Sdougb 851170222Sdougb <varlistentry> 852170222Sdougb <term><option>+[no]sigchase</option></term> 853170222Sdougb <listitem> 854170222Sdougb <para> 855170222Sdougb Chase DNSSEC signature chains. Requires dig be compiled with 856170222Sdougb -DDIG_SIGCHASE. 857170222Sdougb </para> 858170222Sdougb </listitem> 859170222Sdougb </varlistentry> 860170222Sdougb 861170222Sdougb <varlistentry> 862170222Sdougb <term><option>+trusted-key=####</option></term> 863170222Sdougb <listitem> 864170222Sdougb <para> 865170222Sdougb Specifies a file containing trusted keys to be used with 866153816Sdougb <option>+sigchase</option>. Each DNSKEY record must be 867153816Sdougb on its own line. 868170222Sdougb </para> 869153816Sdougb <para> 870193149Sdougb If not specified, <command>dig</command> will look for 871153816Sdougb <filename>/etc/trusted-key.key</filename> then 872153816Sdougb <filename>trusted-key.key</filename> in the current directory. 873153816Sdougb </para> 874153816Sdougb <para> 875170222Sdougb Requires dig be compiled with -DDIG_SIGCHASE. 876153816Sdougb </para> 877170222Sdougb </listitem> 878170222Sdougb </varlistentry> 879135446Strhodes 880170222Sdougb <varlistentry> 881170222Sdougb <term><option>+[no]topdown</option></term> 882170222Sdougb <listitem> 883170222Sdougb <para> 884174187Sdougb When chasing DNSSEC signature chains perform a top-down 885170222Sdougb validation. 886170222Sdougb Requires dig be compiled with -DDIG_SIGCHASE. 887170222Sdougb </para> 888170222Sdougb </listitem> 889170222Sdougb </varlistentry> 890135446Strhodes 891193149Sdougb <varlistentry> 892193149Sdougb <term><option>+[no]nsid</option></term> 893193149Sdougb <listitem> 894193149Sdougb <para> 895193149Sdougb Include an EDNS name server ID request when sending a query. 896193149Sdougb </para> 897193149Sdougb </listitem> 898193149Sdougb </varlistentry> 899135446Strhodes 900262706Serwin <varlistentry> 901262706Serwin <term><option>+[no]keepopen</option></term> 902262706Serwin <listitem> 903262706Serwin <para> 904262706Serwin Keep the TCP socket open between queries and reuse it rather 905262706Serwin than creating a new TCP socket for each lookup. The default 906262706Serwin is <option>+nokeepopen</option>. 907262706Serwin </para> 908262706Serwin </listitem> 909262706Serwin </varlistentry> 910135446Strhodes 911170222Sdougb </variablelist> 912135446Strhodes 913170222Sdougb </para> 914170222Sdougb </refsect1> 915135446Strhodes 916170222Sdougb <refsect1> 917170222Sdougb <title>MULTIPLE QUERIES</title> 918135446Strhodes 919170222Sdougb <para> 920170222Sdougb The BIND 9 implementation of <command>dig </command> 921170222Sdougb supports 922170222Sdougb specifying multiple queries on the command line (in addition to 923170222Sdougb supporting the <option>-f</option> batch file option). Each of those 924170222Sdougb queries can be supplied with its own set of flags, options and query 925170222Sdougb options. 926170222Sdougb </para> 927135446Strhodes 928170222Sdougb <para> 929170222Sdougb In this case, each <parameter>query</parameter> argument 930170222Sdougb represent an 931170222Sdougb individual query in the command-line syntax described above. Each 932170222Sdougb consists of any of the standard options and flags, the name to be 933170222Sdougb looked up, an optional query type and class and any query options that 934170222Sdougb should be applied to that query. 935170222Sdougb </para> 936135446Strhodes 937170222Sdougb <para> 938170222Sdougb A global set of query options, which should be applied to all queries, 939170222Sdougb can also be supplied. These global query options must precede the 940170222Sdougb first tuple of name, class, type, options, flags, and query options 941170222Sdougb supplied on the command line. Any global query options (except 942170222Sdougb the <option>+[no]cmd</option> option) can be 943170222Sdougb overridden by a query-specific set of query options. For example: 944170222Sdougb <programlisting> 945135446Strhodesdig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr 946135446Strhodes</programlisting> 947170222Sdougb shows how <command>dig</command> could be used from the 948170222Sdougb command line 949170222Sdougb to make three lookups: an ANY query for <literal>www.isc.org</literal>, a 950170222Sdougb reverse lookup of 127.0.0.1 and a query for the NS records of 951170222Sdougb <literal>isc.org</literal>. 952135446Strhodes 953170222Sdougb A global query option of <parameter>+qr</parameter> is 954170222Sdougb applied, so 955170222Sdougb that <command>dig</command> shows the initial query it made 956170222Sdougb for each 957170222Sdougb lookup. The final query has a local query option of 958170222Sdougb <parameter>+noqr</parameter> which means that <command>dig</command> 959170222Sdougb will not print the initial query when it looks up the NS records for 960170222Sdougb <literal>isc.org</literal>. 961170222Sdougb </para> 962135446Strhodes 963170222Sdougb </refsect1> 964135446Strhodes 965170222Sdougb <refsect1> 966170222Sdougb <title>IDN SUPPORT</title> 967170222Sdougb <para> 968170222Sdougb If <command>dig</command> has been built with IDN (internationalized 969170222Sdougb domain name) support, it can accept and display non-ASCII domain names. 970170222Sdougb <command>dig</command> appropriately converts character encoding of 971170222Sdougb domain name before sending a request to DNS server or displaying a 972170222Sdougb reply from the server. 973170222Sdougb If you'd like to turn off the IDN support for some reason, defines 974170222Sdougb the <envar>IDN_DISABLE</envar> environment variable. 975170222Sdougb The IDN support is disabled if the variable is set when 976170222Sdougb <command>dig</command> runs. 977170222Sdougb </para> 978170222Sdougb </refsect1> 979135446Strhodes 980170222Sdougb <refsect1> 981170222Sdougb <title>FILES</title> 982170222Sdougb <para><filename>/etc/resolv.conf</filename> 983170222Sdougb </para> 984170222Sdougb <para><filename>${HOME}/.digrc</filename> 985170222Sdougb </para> 986170222Sdougb </refsect1> 987135446Strhodes 988170222Sdougb <refsect1> 989170222Sdougb <title>SEE ALSO</title> 990170222Sdougb <para><citerefentry> 991170222Sdougb <refentrytitle>host</refentrytitle><manvolnum>1</manvolnum> 992170222Sdougb </citerefentry>, 993170222Sdougb <citerefentry> 994170222Sdougb <refentrytitle>named</refentrytitle><manvolnum>8</manvolnum> 995170222Sdougb </citerefentry>, 996170222Sdougb <citerefentry> 997170222Sdougb <refentrytitle>dnssec-keygen</refentrytitle><manvolnum>8</manvolnum> 998170222Sdougb </citerefentry>, 999170222Sdougb <citetitle>RFC1035</citetitle>. 1000170222Sdougb </para> 1001170222Sdougb </refsect1> 1002170222Sdougb 1003170222Sdougb <refsect1> 1004170222Sdougb <title>BUGS</title> 1005170222Sdougb <para> 1006170222Sdougb There are probably too many query options. 1007170222Sdougb </para> 1008170222Sdougb </refsect1> 1009170222Sdougb</refentry><!-- 1010170222Sdougb - Local variables: 1011170222Sdougb - mode: sgml 1012170222Sdougb - End: 1013170222Sdougb--> 1014