dig.docbook revision 0f78f780648806bcb3e374b7dafac73e6c558ea8
6ca0e6973c8176100f4a426444823ae5e777e28fsascha<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
6ca0e6973c8176100f4a426444823ae5e777e28fsascha "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
6ca0e6973c8176100f4a426444823ae5e777e28fsascha [<!ENTITY mdash "—">]>
6ca0e6973c8176100f4a426444823ae5e777e28fsascha - Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
6ca0e6973c8176100f4a426444823ae5e777e28fsascha - Copyright (C) 2000-2003 Internet Software Consortium.
6ca0e6973c8176100f4a426444823ae5e777e28fsascha - Permission to use, copy, modify, and distribute this software for any
6ca0e6973c8176100f4a426444823ae5e777e28fsascha - purpose with or without fee is hereby granted, provided that the above
6ca0e6973c8176100f4a426444823ae5e777e28fsascha - copyright notice and this permission notice appear in all copies.
6ca0e6973c8176100f4a426444823ae5e777e28fsascha - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
6ca0e6973c8176100f4a426444823ae5e777e28fsascha - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
6ca0e6973c8176100f4a426444823ae5e777e28fsascha - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
6ca0e6973c8176100f4a426444823ae5e777e28fsascha - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
6ca0e6973c8176100f4a426444823ae5e777e28fsascha - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
6ca0e6973c8176100f4a426444823ae5e777e28fsascha - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
6ca0e6973c8176100f4a426444823ae5e777e28fsascha - PERFORMANCE OF THIS SOFTWARE.
6ca0e6973c8176100f4a426444823ae5e777e28fsascha<!-- $Id: dig.docbook,v 1.37 2007/05/16 01:42:26 marka Exp $ -->
6ca0e6973c8176100f4a426444823ae5e777e28fsascha <refentryinfo>
6ca0e6973c8176100f4a426444823ae5e777e28fsascha </refentryinfo>
6ca0e6973c8176100f4a426444823ae5e777e28fsascha <refnamediv>
6ca0e6973c8176100f4a426444823ae5e777e28fsascha </refnamediv>
6ca0e6973c8176100f4a426444823ae5e777e28fsascha <copyright>
6ca0e6973c8176100f4a426444823ae5e777e28fsascha <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
6ca0e6973c8176100f4a426444823ae5e777e28fsascha </copyright>
6ca0e6973c8176100f4a426444823ae5e777e28fsascha <copyright>
f07a80771bc5d30b1e0cfcb7256c1a302da77675rbb </copyright>
6ca0e6973c8176100f4a426444823ae5e777e28fsascha <refsynopsisdiv>
6ca0e6973c8176100f4a426444823ae5e777e28fsascha <cmdsynopsis>
6ca0e6973c8176100f4a426444823ae5e777e28fsascha <arg><option>-b <replaceable class="parameter">address</replaceable></option></arg>
6ca0e6973c8176100f4a426444823ae5e777e28fsascha <arg><option>-c <replaceable class="parameter">class</replaceable></option></arg>
6ca0e6973c8176100f4a426444823ae5e777e28fsascha <arg><option>-f <replaceable class="parameter">filename</replaceable></option></arg>
6ca0e6973c8176100f4a426444823ae5e777e28fsascha <arg><option>-k <replaceable class="parameter">filename</replaceable></option></arg>
6ca0e6973c8176100f4a426444823ae5e777e28fsascha <arg><option>-p <replaceable class="parameter">port#</replaceable></option></arg>
6ca0e6973c8176100f4a426444823ae5e777e28fsascha <arg><option>-q <replaceable class="parameter">name</replaceable></option></arg>
6ca0e6973c8176100f4a426444823ae5e777e28fsascha <arg><option>-t <replaceable class="parameter">type</replaceable></option></arg>
6ca0e6973c8176100f4a426444823ae5e777e28fsascha <arg><option>-x <replaceable class="parameter">addr</replaceable></option></arg>
6ca0e6973c8176100f4a426444823ae5e777e28fsascha <arg><option>-y <replaceable class="parameter"><optional>hmac:</optional>name:key</replaceable></option></arg>
6ca0e6973c8176100f4a426444823ae5e777e28fsascha </cmdsynopsis>
22ad84685642948ad15cc1e881ecbc4ac8cbf98cmanoj <cmdsynopsis>
22ad84685642948ad15cc1e881ecbc4ac8cbf98cmanoj </cmdsynopsis>
22ad84685642948ad15cc1e881ecbc4ac8cbf98cmanoj <cmdsynopsis>
22ad84685642948ad15cc1e881ecbc4ac8cbf98cmanoj </cmdsynopsis>
22ad84685642948ad15cc1e881ecbc4ac8cbf98cmanoj </refsynopsisdiv>
22ad84685642948ad15cc1e881ecbc4ac8cbf98cmanoj (domain information groper) is a flexible tool
22ad84685642948ad15cc1e881ecbc4ac8cbf98cmanoj for interrogating DNS name servers. It performs DNS lookups and
aa811cad2eb3fc01d17a5c8eba274b915ab8cd20manoj displays the answers that are returned from the name server(s) that
aa811cad2eb3fc01d17a5c8eba274b915ab8cd20manoj were queried. Most DNS administrators use <command>dig</command> to
aa811cad2eb3fc01d17a5c8eba274b915ab8cd20manoj troubleshoot DNS problems because of its flexibility, ease of use and
aa811cad2eb3fc01d17a5c8eba274b915ab8cd20manoj clarity of output. Other lookup tools tend to have less functionality
5e02b58f37d5dcea1e75f35ed6b14cbb9af31a9amanoj command-line
5e02b58f37d5dcea1e75f35ed6b14cbb9af31a9amanoj arguments, it also has a batch mode of operation for reading lookup
5e02b58f37d5dcea1e75f35ed6b14cbb9af31a9amanoj requests from a file. A brief summary of its command-line arguments
aa811cad2eb3fc01d17a5c8eba274b915ab8cd20manoj and options is printed when the <option>-h</option> option is given.
aa811cad2eb3fc01d17a5c8eba274b915ab8cd20manoj Unlike earlier versions, the BIND 9 implementation of
b9e4a86f22b3e8666186b9fe08e9241cdaf50d26manoj <command>dig</command> allows multiple lookups to be issued
aa811cad2eb3fc01d17a5c8eba274b915ab8cd20manoj command line.
aa811cad2eb3fc01d17a5c8eba274b915ab8cd20manoj Unless it is told to query a specific name server,
aa811cad2eb3fc01d17a5c8eba274b915ab8cd20manoj <command>dig</command> will try each of the servers listed
aa811cad2eb3fc01d17a5c8eba274b915ab8cd20manoj When no command line arguments or options are given, will perform an
aa811cad2eb3fc01d17a5c8eba274b915ab8cd20manoj NS query for "." (the root).
b9e4a86f22b3e8666186b9fe08e9241cdaf50d26manoj It is possible to set per-user defaults for <command>dig</command> via
b9e4a86f22b3e8666186b9fe08e9241cdaf50d26manoj <filename>${HOME}/.digrc</filename>. This file is read and
d6baa4df51dd4759e4a7d26d3c864d7ef20e08bcmanoj any options in it
aa811cad2eb3fc01d17a5c8eba274b915ab8cd20manoj are applied before the command line arguments.
22ad84685642948ad15cc1e881ecbc4ac8cbf98cmanoj The IN and CH class names overlap with the IN and CH top level
22ad84685642948ad15cc1e881ecbc4ac8cbf98cmanoj <option>-c</option> options to specify the type and class or
22ad84685642948ad15cc1e881ecbc4ac8cbf98cmanoj use the <option>-q</option> the specify the domain name or
1e0f694465b978395b09bd1c8d6b8f9580378fb4rasmus use "IN." and "CH." when looking up these top level domains.
22ad84685642948ad15cc1e881ecbc4ac8cbf98cmanoj </refsect1>
0f47ee3ae8ede113e11f21bf34f3b11161d3e61drasmus A typical invocation of <command>dig</command> looks like:
0f47ee3ae8ede113e11f21bf34f3b11161d3e61drasmus <programlisting> dig @server name type </programlisting>
0f47ee3ae8ede113e11f21bf34f3b11161d3e61drasmus <variablelist>
0f47ee3ae8ede113e11f21bf34f3b11161d3e61drasmus <varlistentry>
561c0e65ea8f64d174139f090516b015ca100f84sascha is the name or IP address of the name server to query. This can
561c0e65ea8f64d174139f090516b015ca100f84sascha address in dotted-decimal notation or an IPv6
0f47ee3ae8ede113e11f21bf34f3b11161d3e61drasmus address in colon-delimited notation. When the supplied
561c0e65ea8f64d174139f090516b015ca100f84sascha querying that name
0f47ee3ae8ede113e11f21bf34f3b11161d3e61drasmus argument is provided,
561c0e65ea8f64d174139f090516b015ca100f84sascha <command>dig</command> consults <filename>/etc/resolv.conf</filename>
0f47ee3ae8ede113e11f21bf34f3b11161d3e61drasmus and queries the name servers listed there. The reply from the
0f47ee3ae8ede113e11f21bf34f3b11161d3e61drasmus server that responds is displayed.
0f47ee3ae8ede113e11f21bf34f3b11161d3e61drasmus </listitem>
6ca0e6973c8176100f4a426444823ae5e777e28fsascha </varlistentry>
6ca0e6973c8176100f4a426444823ae5e777e28fsascha <varlistentry>
6ca0e6973c8176100f4a426444823ae5e777e28fsascha is the name of the resource record that is to be looked up.
6ca0e6973c8176100f4a426444823ae5e777e28fsascha </listitem>
6ca0e6973c8176100f4a426444823ae5e777e28fsascha </varlistentry>
6ca0e6973c8176100f4a426444823ae5e777e28fsascha <varlistentry>
6ca0e6973c8176100f4a426444823ae5e777e28fsascha indicates what type of query is required —
6ca0e6973c8176100f4a426444823ae5e777e28fsascha ANY, A, MX, SIG, etc.
6ca0e6973c8176100f4a426444823ae5e777e28fsascha type. If no
6ca0e6973c8176100f4a426444823ae5e777e28fsascha </listitem>
0f47ee3ae8ede113e11f21bf34f3b11161d3e61drasmus </varlistentry>
e2f1d8336d48264cf7715e104b1a69bac57bcbfctrawick </variablelist>
e2f1d8336d48264cf7715e104b1a69bac57bcbfctrawick </refsect1>
e2f1d8336d48264cf7715e104b1a69bac57bcbfctrawick The <option>-b</option> option sets the source IP address of the query
e2f1d8336d48264cf7715e104b1a69bac57bcbfctrawick to <parameter>address</parameter>. This must be a valid
e2f1d8336d48264cf7715e104b1a69bac57bcbfctrawick one of the host's network interfaces or "0.0.0.0" or "::". An optional
e2f1d8336d48264cf7715e104b1a69bac57bcbfctrawick may be specified by appending "#<port>"
6ca0e6973c8176100f4a426444823ae5e777e28fsascha The default query class (IN for internet) is overridden by the
6ca0e6973c8176100f4a426444823ae5e777e28fsascha <option>-c</option> option. <parameter>class</parameter> is
6ca0e6973c8176100f4a426444823ae5e777e28fsascha class, such as HS for Hesiod records or CH for Chaosnet records.
6ca0e6973c8176100f4a426444823ae5e777e28fsascha The <option>-f</option> option makes <command>dig </command>
6ca0e6973c8176100f4a426444823ae5e777e28fsascha in batch mode by reading a list of lookup requests to process from the
6ca0e6973c8176100f4a426444823ae5e777e28fsascha file <parameter>filename</parameter>. The file contains a
6ca0e6973c8176100f4a426444823ae5e777e28fsascha queries, one per line. Each entry in the file should be organized in
6ca0e6973c8176100f4a426444823ae5e777e28fsascha the same way they would be presented as queries to
6ca0e6973c8176100f4a426444823ae5e777e28fsascha <command>dig</command> using the command-line interface.
6ca0e6973c8176100f4a426444823ae5e777e28fsascha If a non-standard port number is to be queried, the
6ca0e6973c8176100f4a426444823ae5e777e28fsascha <option>-p</option> option is used. <parameter>port#</parameter> is
6ca0e6973c8176100f4a426444823ae5e777e28fsascha the port number that <command>dig</command> will send its
6ca0e6973c8176100f4a426444823ae5e777e28fsascha instead of the standard DNS port number 53. This option would be used
6ca0e6973c8176100f4a426444823ae5e777e28fsascha to test a name server that has been configured to listen for queries
6ca0e6973c8176100f4a426444823ae5e777e28fsascha on a non-standard port number.
6ca0e6973c8176100f4a426444823ae5e777e28fsascha The <option>-4</option> option forces <command>dig</command>
6ca0e6973c8176100f4a426444823ae5e777e28fsascha use IPv4 query transport. The <option>-6</option> option forces
6ca0e6973c8176100f4a426444823ae5e777e28fsascha <command>dig</command> to only use IPv6 query transport.
6ca0e6973c8176100f4a426444823ae5e777e28fsascha The <option>-t</option> option sets the query type to
6ca0e6973c8176100f4a426444823ae5e777e28fsascha <parameter>type</parameter>. It can be any valid query type
6ca0e6973c8176100f4a426444823ae5e777e28fsascha supported in BIND 9. The default query type is "A", unless the
6ca0e6973c8176100f4a426444823ae5e777e28fsascha <option>-x</option> option is supplied to indicate a reverse lookup.
6ca0e6973c8176100f4a426444823ae5e777e28fsascha A zone transfer can be requested by specifying a type of AXFR. When
6ca0e6973c8176100f4a426444823ae5e777e28fsascha an incremental zone transfer (IXFR) is required,
6ca0e6973c8176100f4a426444823ae5e777e28fsascha <parameter>type</parameter> is set to <literal>ixfr=N</literal>.
6ca0e6973c8176100f4a426444823ae5e777e28fsascha The incremental zone transfer will contain the changes made to the zone
6ca0e6973c8176100f4a426444823ae5e777e28fsascha since the serial number in the zone's SOA record was
6ca0e6973c8176100f4a426444823ae5e777e28fsascha The <option>-q</option> option sets the query name to
6ca0e6973c8176100f4a426444823ae5e777e28fsascha <parameter>name</parameter>. This useful do distinguish the
f07a80771bc5d30b1e0cfcb7256c1a302da77675rbb Reverse lookups — mapping addresses to names — are simplified by the
6ca0e6973c8176100f4a426444823ae5e777e28fsascha <option>-x</option> option. <parameter>addr</parameter> is
6ca0e6973c8176100f4a426444823ae5e777e28fsascha address in dotted-decimal notation, or a colon-delimited IPv6 address.
6ca0e6973c8176100f4a426444823ae5e777e28fsascha When this option is used, there is no need to provide the
6ca0e6973c8176100f4a426444823ae5e777e28fsascha <parameter>name</parameter>, <parameter>class</parameter> and
6ca0e6973c8176100f4a426444823ae5e777e28fsascha <parameter>type</parameter> arguments. <command>dig</command>
6ca0e6973c8176100f4a426444823ae5e777e28fsascha automatically performs a lookup for a name like
6ca0e6973c8176100f4a426444823ae5e777e28fsascha <literal>11.12.13.10.in-addr.arpa</literal> and sets the
6ca0e6973c8176100f4a426444823ae5e777e28fsascha query type and
6ca0e6973c8176100f4a426444823ae5e777e28fsascha class to PTR and IN respectively. By default, IPv6 addresses are
6ca0e6973c8176100f4a426444823ae5e777e28fsascha looked up using nibble format under the IP6.ARPA domain.
6ca0e6973c8176100f4a426444823ae5e777e28fsascha To use the older RFC1886 method using the IP6.INT domain
6ca0e6973c8176100f4a426444823ae5e777e28fsascha specify the <option>-i</option> option. Bit string labels (RFC2874)
6ca0e6973c8176100f4a426444823ae5e777e28fsascha are now experimental and are not attempted.
6ca0e6973c8176100f4a426444823ae5e777e28fsascha To sign the DNS queries sent by <command>dig</command> and
6ca0e6973c8176100f4a426444823ae5e777e28fsascha responses using transaction signatures (TSIG), specify a TSIG key file
6ca0e6973c8176100f4a426444823ae5e777e28fsascha using the <option>-k</option> option. You can also specify the TSIG
6ca0e6973c8176100f4a426444823ae5e777e28fsascha key itself on the command line using the <option>-y</option> option;
6ca0e6973c8176100f4a426444823ae5e777e28fsascha <parameter>hmac</parameter> is the type of the TSIG, default HMAC-MD5,
6ca0e6973c8176100f4a426444823ae5e777e28fsascha <parameter>name</parameter> is the name of the TSIG key and
6ca0e6973c8176100f4a426444823ae5e777e28fsascha <parameter>key</parameter> is the actual key. The key is a
6ca0e6973c8176100f4a426444823ae5e777e28fsascha encoded string, typically generated by
6ca0e6973c8176100f4a426444823ae5e777e28fsascha <citerefentry>
6ca0e6973c8176100f4a426444823ae5e777e28fsascha <refentrytitle>dnssec-keygen</refentrytitle><manvolnum>8</manvolnum>
6ca0e6973c8176100f4a426444823ae5e777e28fsascha </citerefentry>.
6ca0e6973c8176100f4a426444823ae5e777e28fsascha Caution should be taken when using the <option>-y</option> option on
6ca0e6973c8176100f4a426444823ae5e777e28fsascha multi-user systems as the key can be visible in the output from
6ca0e6973c8176100f4a426444823ae5e777e28fsascha <citerefentry>
6ca0e6973c8176100f4a426444823ae5e777e28fsascha <refentrytitle>ps</refentrytitle><manvolnum>1</manvolnum>
6ca0e6973c8176100f4a426444823ae5e777e28fsascha </citerefentry>
6ca0e6973c8176100f4a426444823ae5e777e28fsascha or in the shell's history file. When
6ca0e6973c8176100f4a426444823ae5e777e28fsascha using TSIG authentication with <command>dig</command>, the name
6ca0e6973c8176100f4a426444823ae5e777e28fsascha server that is queried needs to know the key and algorithm that is
6ca0e6973c8176100f4a426444823ae5e777e28fsascha being used. In BIND, this is done by providing appropriate
6ca0e6973c8176100f4a426444823ae5e777e28fsascha <command>key</command> and <command>server</command> statements in
6ca0e6973c8176100f4a426444823ae5e777e28fsascha </refsect1>
6ca0e6973c8176100f4a426444823ae5e777e28fsascha provides a number of query options which affect
6ca0e6973c8176100f4a426444823ae5e777e28fsascha the way in which lookups are made and the results displayed. Some of
6ca0e6973c8176100f4a426444823ae5e777e28fsascha these set or reset flag bits in the query header, some determine which
6ca0e6973c8176100f4a426444823ae5e777e28fsascha sections of the answer get printed, and others determine the timeout
6ca0e6973c8176100f4a426444823ae5e777e28fsascha and retry strategies.
6ca0e6973c8176100f4a426444823ae5e777e28fsascha Each query option is identified by a keyword preceded by a plus sign
6ca0e6973c8176100f4a426444823ae5e777e28fsascha (<literal>+</literal>). Some keywords set or reset an
6ca0e6973c8176100f4a426444823ae5e777e28fsascha option. These may be preceded
6ca0e6973c8176100f4a426444823ae5e777e28fsascha by the string <literal>no</literal> to negate the meaning of
6ca0e6973c8176100f4a426444823ae5e777e28fsascha that keyword. Other
6ca0e6973c8176100f4a426444823ae5e777e28fsascha keywords assign values to options like the timeout interval. They
6ca0e6973c8176100f4a426444823ae5e777e28fsascha The query options are:
6ca0e6973c8176100f4a426444823ae5e777e28fsascha <variablelist>
6ca0e6973c8176100f4a426444823ae5e777e28fsascha <varlistentry>
6ca0e6973c8176100f4a426444823ae5e777e28fsascha Use [do not use] TCP when querying name servers. The default
6ca0e6973c8176100f4a426444823ae5e777e28fsascha behavior is to use UDP unless an AXFR or IXFR query is
6ca0e6973c8176100f4a426444823ae5e777e28fsascha requested, in
6ca0e6973c8176100f4a426444823ae5e777e28fsascha which case a TCP connection is used.
6ca0e6973c8176100f4a426444823ae5e777e28fsascha </listitem>
6ca0e6973c8176100f4a426444823ae5e777e28fsascha </varlistentry>
6ca0e6973c8176100f4a426444823ae5e777e28fsascha <varlistentry>
6ca0e6973c8176100f4a426444823ae5e777e28fsascha Use [do not use] TCP when querying name servers. This alternate
6ca0e6973c8176100f4a426444823ae5e777e28fsascha provided for backwards
6ca0e6973c8176100f4a426444823ae5e777e28fsascha compatibility. The "vc" stands for "virtual circuit".
6ca0e6973c8176100f4a426444823ae5e777e28fsascha </listitem>
6ca0e6973c8176100f4a426444823ae5e777e28fsascha </varlistentry>
6ca0e6973c8176100f4a426444823ae5e777e28fsascha <varlistentry>