dig.docbook revision c7463967dbcb31c2ec0dd513986a9dec05994a0a
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe [<!ENTITY mdash "—">]>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe - Copyright (C) 2004-2011, 2013-2015 Internet Systems Consortium, Inc. ("ISC")
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe - Copyright (C) 2000-2003 Internet Software Consortium.
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe - Permission to use, copy, modify, and/or distribute this software for any
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe - purpose with or without fee is hereby granted, provided that the above
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe - copyright notice and this permission notice appear in all copies.
a9478106a12424322498e53cf7cd75bd8a4d6004Yuri Pankov - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
d1515e527c5d324d2c75e58781f1dd47f18624d8Alexander Eremin - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
95c635efb7c3b86efc493e0447eaec7aecca3f0fGarrett D'Amore - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
a9478106a12424322498e53cf7cd75bd8a4d6004Yuri Pankov - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
a9478106a12424322498e53cf7cd75bd8a4d6004Yuri Pankov - PERFORMANCE OF THIS SOFTWARE.
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe <refentryinfo>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe </refentryinfo>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe <refnamediv>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe </refnamediv>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe </copyright>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe </copyright>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe <refsynopsisdiv>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe <cmdsynopsis>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe <arg><option>-b <replaceable class="parameter">address</replaceable></option></arg>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe <arg><option>-c <replaceable class="parameter">class</replaceable></option></arg>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe <arg><option>-f <replaceable class="parameter">filename</replaceable></option></arg>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe <arg><option>-k <replaceable class="parameter">filename</replaceable></option></arg>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe <arg><option>-p <replaceable class="parameter">port#</replaceable></option></arg>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe <arg><option>-q <replaceable class="parameter">name</replaceable></option></arg>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe <arg><option>-t <replaceable class="parameter">type</replaceable></option></arg>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe <arg><option>-x <replaceable class="parameter">addr</replaceable></option></arg>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe <arg><option>-y <replaceable class="parameter"><optional>hmac:</optional>name:key</replaceable></option></arg>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe </cmdsynopsis>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe <cmdsynopsis>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe </cmdsynopsis>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe <cmdsynopsis>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe <arg choice="opt" rep="repeat">global-queryopt</arg>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe </cmdsynopsis>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe </refsynopsisdiv>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe (domain information groper) is a flexible tool
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe for interrogating DNS name servers. It performs DNS lookups and
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe displays the answers that are returned from the name server(s) that
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe were queried. Most DNS administrators use <command>dig</command> to
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe troubleshoot DNS problems because of its flexibility, ease of use and
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe clarity of output. Other lookup tools tend to have less functionality
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe Although <command>dig</command> is normally used with
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe command-line
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe arguments, it also has a batch mode of operation for reading lookup
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe requests from a file. A brief summary of its command-line arguments
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe and options is printed when the <option>-h</option> option is given.
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe Unlike earlier versions, the BIND 9 implementation of
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe <command>dig</command> allows multiple lookups to be issued
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe command line.
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe Unless it is told to query a specific name server,
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe <command>dig</command> will try each of the servers listed in
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe <filename>/etc/resolv.conf</filename>. If no usable server addresses
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe are found, <command>dig</command> will send the query to the local
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe When no command line arguments or options are given,
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe <command>dig</command> will perform an NS query for "." (the root).
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe It is possible to set per-user defaults for <command>dig</command> via
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe <filename>${HOME}/.digrc</filename>. This file is read and
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe any options in it
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe are applied before the command line arguments.
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe The IN and CH class names overlap with the IN and CH top level
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe domain names. Either use the <option>-t</option> and
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe <option>-c</option> options to specify the type and class,
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe use the <option>-q</option> the specify the domain name, or
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe use "IN." and "CH." when looking up these top level domains.
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe A typical invocation of <command>dig</command> looks like:
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe <programlisting> dig @server name type </programlisting>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe <variablelist>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe <varlistentry>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe is the name or IP address of the name server to query. This
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe can be an IPv4 address in dotted-decimal notation or an IPv6
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe address in colon-delimited notation. When the supplied
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe <parameter>server</parameter> argument is a hostname,
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe <command>dig</command> resolves that name before querying
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe that name server.
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe If no <parameter>server</parameter> argument is
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe address is found there, it queries the name server at
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe that address. If either of the <option>-4</option> or
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe only addresses for the corresponding transport
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe will be tried. If no usable addresses are found,
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe <command>dig</command> will send the query to the
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe local host. The reply from the name server that
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe responds is displayed.
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe </varlistentry>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe <varlistentry>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe is the name of the resource record that is to be looked up.
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe </varlistentry>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe <varlistentry>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe indicates what type of query is required —
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe ANY, A, MX, SIG, etc.
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe <parameter>type</parameter> can be any valid query
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe <parameter>type</parameter> argument is supplied,
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe <command>dig</command> will perform a lookup for an
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe </varlistentry>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe </variablelist>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe <variablelist>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe <varlistentry>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe Use IPv4 only.
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe </varlistentry>
95c635efb7c3b86efc493e0447eaec7aecca3f0fGarrett D'Amore <varlistentry>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe Use IPv6 only.
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe </varlistentry>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe <varlistentry>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe <term>-b <replaceable class="parameter">address<optional>#port</optional></replaceable></term>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe Set the source IP address of the query.
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe The <parameter>address</parameter> must be a valid address on
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe one of the host's network interfaces, or "0.0.0.0" or "::". An
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe optional port may be specified by appending "#<port>"
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe </varlistentry>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe <varlistentry>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe <term>-c <replaceable class="parameter">class</replaceable></term>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe Set the query class. The
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe default <parameter>class</parameter> is IN; other classes
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe are HS for Hesiod records or CH for Chaosnet records.
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe </varlistentry>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe <varlistentry>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe <term>-f <replaceable class="parameter">file</replaceable></term>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe Batch mode: <command>dig</command> reads a list of lookup
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe requests to process from the
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe given <parameter>file</parameter>. Each line in the file
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe should be organized in the same way they would be
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe presented as queries to
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe <command>dig</command> using the command-line interface.
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe </varlistentry>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe <varlistentry>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe Do reverse IPv6 lookups using the obsolete RFC1886 IP6.INT
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe domain, which is no longer in use. Obsolete bit string
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe label queries (RFC2874) are not attempted.
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe </varlistentry>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe <varlistentry>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe <term>-k <replaceable class="parameter">keyfile</replaceable></term>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe Sign queries using TSIG using a key read from the given file.
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe Key files can be generated using
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe <citerefentry>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe <refentrytitle>tsig-keygen</refentrytitle><manvolnum>8</manvolnum>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe </citerefentry>.
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe When using TSIG authentication with <command>dig</command>,
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe the name server that is queried needs to know the key and
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe algorithm that is being used. In BIND, this is done by
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe </varlistentry>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe <varlistentry>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe Enable memory usage debugging.
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe <!-- It enables ISC_MEM_DEBUGTRACE and ISC_MEM_DEBUGRECORD
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe documented in include/isc/mem.h -->
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe </varlistentry>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe <varlistentry>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe <term>-p <replaceable class="parameter">port</replaceable></term>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe Send the query to a non-standard port on the server,
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe instead of the defaut port 53. This option would be used
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe to test a name server that has been configured to listen
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe for queries on a non-standard port number.
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe </varlistentry>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe <varlistentry>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe <term>-q <replaceable class="parameter">name</replaceable></term>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe The domain name to query. This is useful to distinguish
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe the <parameter>name</parameter> from other arguments.
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe </varlistentry>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe <varlistentry>
75614fd9696d97522ed7ed8009a66eb3544d61adAlexander Pyhalov <term>-t <replaceable class="parameter">type</replaceable></term>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe The resource record type to query. It can be any valid query type
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe supported in BIND 9. The default query type is "A", unless the
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe <option>-x</option> option is supplied to indicate a reverse lookup.
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe A zone transfer can be requested by specifying a type of AXFR. When
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe an incremental zone transfer (IXFR) is required, set the
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe <parameter>type</parameter> to <literal>ixfr=N</literal>.
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe The incremental zone transfer will contain the changes
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe made to the zone since the serial number in the zone's SOA
75614fd9696d97522ed7ed8009a66eb3544d61adAlexander Pyhalov </varlistentry>
75614fd9696d97522ed7ed8009a66eb3544d61adAlexander Pyhalov <varlistentry>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe Print the version number and exit.
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe </varlistentry>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe <varlistentry>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe <term>-x <replaceable class="parameter">addr</replaceable></term>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe Simplified reverse lookups, for mapping addresses to
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe names. The <parameter>addr</parameter> is an IPv4 address
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe in dotted-decimal notation, or a colon-delimited IPv6
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe address. When the <option>-x</option> is used, there is no
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe need to provide
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe the <parameter>name</parameter>, <parameter>class</parameter>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe arguments. <command>dig</command> automatically performs a
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe lookup for a name like
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe <literal>94.2.0.192.in-addr.arpa</literal> and sets the
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe query type and class to PTR and IN respectively. IPv6
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe addresses are looked up using nibble format under the
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe IP6.ARPA domain (but see also the <option>-i</option>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe </varlistentry>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe <varlistentry>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe <term>-y <replaceable class="parameter"><optional>hmac:</optional>keyname:secret</replaceable></term>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe Sign queries using TSIG with the given authentication key.
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe <parameter>keyname</parameter> is the name of the key, and
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe <parameter>secret</parameter> is the base64 encoded shared secret.
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe <parameter>hmac</parameter> is the name of the key algorithm;
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe <literal>hmac-sha1</literal>, <literal>hmac-sha224</literal>,
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe <literal>hmac-sha256</literal>, <literal>hmac-sha384</literal>, or
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe <literal>hmac-sha512</literal>. If <parameter>hmac</parameter>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe is not specified, the default is <literal>hmac-md5</literal>.
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe NOTE: You should use the <option>-k</option> option and
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe with <option>-y</option> the shared secret is supplied as
71d45228ba245d505c3beae1d756e775616f6d5aAlexander Eremin a command line argument in clear text. This may be visible
71d45228ba245d505c3beae1d756e775616f6d5aAlexander Eremin in the output from
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe <citerefentry>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe <refentrytitle>ps</refentrytitle><manvolnum>1</manvolnum>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe </citerefentry>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe or in a history file maintained by the user's shell.
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe </varlistentry>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe </variablelist>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe provides a number of query options which affect
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe the way in which lookups are made and the results displayed. Some of
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe these set or reset flag bits in the query header, some determine which
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe sections of the answer get printed, and others determine the timeout
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe and retry strategies.
a9478106a12424322498e53cf7cd75bd8a4d6004Yuri Pankov Each query option is identified by a keyword preceded by a plus sign
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe (<literal>+</literal>). Some keywords set or reset an
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe option. These may be preceded
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe by the string <literal>no</literal> to negate the meaning of
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe that keyword. Other
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe keywords assign values to options like the timeout interval. They
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe The query options are:
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe <variablelist>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe <varlistentry>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe A synonym for <parameter>+[no]aaonly</parameter>.
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe </varlistentry>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe <varlistentry>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe Sets the "aa" flag in the query.
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe </varlistentry>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe <varlistentry>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe Display [do not display] the additional section of a
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe reply. The default is to display it.
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe </varlistentry>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe <varlistentry>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe Set [do not set] the AD (authentic data) bit in the
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe query. This requests the server to return whether
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe all of the answer and authority sections have all
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe been validated as secure according to the security
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe policy of the server. AD=1 indicates that all records
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe have been validated as secure and the answer is not
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe from a OPT-OUT range. AD=0 indicate that some part
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe of the answer was insecure or not validated. This
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe bit is set by default.
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe </varlistentry>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe <varlistentry>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe Set or clear all display flags.
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe </varlistentry>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe <varlistentry>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe Display [do not display] the answer section of a
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe reply. The default is to display it.
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe </varlistentry>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe <varlistentry>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe Display [do not display] the authority section of a
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe reply. The default is to display it.
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe </varlistentry>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe <varlistentry>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe Attempt to display the contents of messages which are
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe malformed. The default is to not display malformed
75614fd9696d97522ed7ed8009a66eb3544d61adAlexander Pyhalov </varlistentry>
75614fd9696d97522ed7ed8009a66eb3544d61adAlexander Pyhalov <varlistentry>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe Set the UDP message buffer size advertised using EDNS0
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe to <parameter>B</parameter> bytes. The maximum and
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe minimum sizes of this buffer are 65535 and 0 respectively.
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe Values outside this range are rounded up or down
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe appropriately. Values other than zero will cause a
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe EDNS query to be sent.
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe </varlistentry>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe <varlistentry>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe Set [do not set] the CD (checking disabled) bit in
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe the query. This requests the server to not perform
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe DNSSEC validation of responses.
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe </varlistentry>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe <varlistentry>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe Display [do not display] the CLASS when printing the
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe </varlistentry>
95c635efb7c3b86efc493e0447eaec7aecca3f0fGarrett D'Amore <varlistentry>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe Toggles the printing of the initial comment in the
a9478106a12424322498e53cf7cd75bd8a4d6004Yuri Pankov output identifying the version of <command>dig</command>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe and the query options that have been applied. This
a9478106a12424322498e53cf7cd75bd8a4d6004Yuri Pankov comment is printed by default.
a9478106a12424322498e53cf7cd75bd8a4d6004Yuri Pankov </varlistentry>
a9478106a12424322498e53cf7cd75bd8a4d6004Yuri Pankov <varlistentry>
a9478106a12424322498e53cf7cd75bd8a4d6004Yuri Pankov Toggle the display of comment lines in the output.
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe The default is to print comments.
a9478106a12424322498e53cf7cd75bd8a4d6004Yuri Pankov </varlistentry>
a9478106a12424322498e53cf7cd75bd8a4d6004Yuri Pankov <varlistentry>
a9478106a12424322498e53cf7cd75bd8a4d6004Yuri Pankov Toggle the display of cryptographic fields in DNSSEC
a9478106a12424322498e53cf7cd75bd8a4d6004Yuri Pankov records. The contents of these field are unnecessary
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe to debug most DNSSEC validation failures and removing
a9478106a12424322498e53cf7cd75bd8a4d6004Yuri Pankov them makes it easier to see the common failures. The
a9478106a12424322498e53cf7cd75bd8a4d6004Yuri Pankov default is to display the fields. When omitted they
a9478106a12424322498e53cf7cd75bd8a4d6004Yuri Pankov are replaced by the string "[omitted]" or in the
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe DNSKEY case the key id is displayed as the replacement,
a9478106a12424322498e53cf7cd75bd8a4d6004Yuri Pankov e.g. "[ key id = value ]".
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe </varlistentry>
a9478106a12424322498e53cf7cd75bd8a4d6004Yuri Pankov <varlistentry>
a9478106a12424322498e53cf7cd75bd8a4d6004Yuri Pankov Deprecated, treated as a synonym for
a9478106a12424322498e53cf7cd75bd8a4d6004Yuri Pankov </varlistentry>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe <varlistentry>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe Requests DNSSEC records be sent by setting the DNSSEC
a9478106a12424322498e53cf7cd75bd8a4d6004Yuri Pankov OK bit (DO) in the OPT record in the additional section
a9478106a12424322498e53cf7cd75bd8a4d6004Yuri Pankov of the query.
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe </varlistentry>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe <varlistentry>
10d63b7db37a83b39c7f511cf9426c9d03ea0760Richard Lowe Set the search list to contain the single domain
a9478106a12424322498e53cf7cd75bd8a4d6004Yuri Pankov <parameter>somename</parameter>, as if specified in
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe <filename>/etc/resolv.conf</filename>, and enable
a9478106a12424322498e53cf7cd75bd8a4d6004Yuri Pankov search list processing as if the
a9478106a12424322498e53cf7cd75bd8a4d6004Yuri Pankov <parameter>+search</parameter> option were given.
a9478106a12424322498e53cf7cd75bd8a4d6004Yuri Pankov </varlistentry>
a9478106a12424322498e53cf7cd75bd8a4d6004Yuri Pankov <varlistentry>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe <term><option>+dscp=value</option></term> <listitem>
a9478106a12424322498e53cf7cd75bd8a4d6004Yuri Pankov Set the DSCP code point to be used when sending the
a9478106a12424322498e53cf7cd75bd8a4d6004Yuri Pankov query. Valid DSCP code points are in the range
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe [0..63]. By default no code point is explicitly set.
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe </varlistentry>
a9478106a12424322498e53cf7cd75bd8a4d6004Yuri Pankov <varlistentry>
a9478106a12424322498e53cf7cd75bd8a4d6004Yuri Pankov Specify the EDNS version to query with. Valid values
a9478106a12424322498e53cf7cd75bd8a4d6004Yuri Pankov are 0 to 255. Setting the EDNS version will cause
a9478106a12424322498e53cf7cd75bd8a4d6004Yuri Pankov a EDNS query to be sent. <option>+noedns</option>
a9478106a12424322498e53cf7cd75bd8a4d6004Yuri Pankov clears the remembered EDNS version. EDNS is set to
a9478106a12424322498e53cf7cd75bd8a4d6004Yuri Pankov 0 by default.
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe </varlistentry>
a9478106a12424322498e53cf7cd75bd8a4d6004Yuri Pankov <varlistentry>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe <term><option>+[no]ednsflags[=#]</option></term>
a9478106a12424322498e53cf7cd75bd8a4d6004Yuri Pankov Set the must-be-zero EDNS flags bits (Z bits) to the
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe specified value. Decimal, hex and octal encodings are
a9478106a12424322498e53cf7cd75bd8a4d6004Yuri Pankov accepted. Setting a named flag (e.g. DO) will silently be
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe ignored. By default, no Z bits are set.
a9478106a12424322498e53cf7cd75bd8a4d6004Yuri Pankov </varlistentry>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe <varlistentry>
a9478106a12424322498e53cf7cd75bd8a4d6004Yuri Pankov <term><option>+[no]ednsnegotiation</option></term>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe Enable / disable EDNS version negotiation. By default
a9478106a12424322498e53cf7cd75bd8a4d6004Yuri Pankov EDNS version negotiation is enabled.
a9478106a12424322498e53cf7cd75bd8a4d6004Yuri Pankov </varlistentry>
a9478106a12424322498e53cf7cd75bd8a4d6004Yuri Pankov <varlistentry>
a9478106a12424322498e53cf7cd75bd8a4d6004Yuri Pankov <term><option>+[no]ednsopt[=code[:value]]</option></term>
a9478106a12424322498e53cf7cd75bd8a4d6004Yuri Pankov Specify EDNS option with code point <option>code</option>
a9478106a12424322498e53cf7cd75bd8a4d6004Yuri Pankov and optionally payload of <option>value</option> as a
a9478106a12424322498e53cf7cd75bd8a4d6004Yuri Pankov clears the EDNS options to be sent.
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe </varlistentry>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe <varlistentry>
a9478106a12424322498e53cf7cd75bd8a4d6004Yuri Pankov Send an EDNS Expire option.
a9478106a12424322498e53cf7cd75bd8a4d6004Yuri Pankov </varlistentry>
a9478106a12424322498e53cf7cd75bd8a4d6004Yuri Pankov <varlistentry>
a9478106a12424322498e53cf7cd75bd8a4d6004Yuri Pankov Do not try the next server if you receive a SERVFAIL.
a9478106a12424322498e53cf7cd75bd8a4d6004Yuri Pankov The default is to not try the next server which is
a9478106a12424322498e53cf7cd75bd8a4d6004Yuri Pankov the reverse of normal stub resolver behavior.
a9478106a12424322498e53cf7cd75bd8a4d6004Yuri Pankov </varlistentry>
a9478106a12424322498e53cf7cd75bd8a4d6004Yuri Pankov <varlistentry>
75614fd9696d97522ed7ed8009a66eb3544d61adAlexander Pyhalov Send a query with a DNS header without a question section.
75614fd9696d97522ed7ed8009a66eb3544d61adAlexander Pyhalov The default is to add a question section. The query type
75614fd9696d97522ed7ed8009a66eb3544d61adAlexander Pyhalov and query name are ignored when this is set.
75614fd9696d97522ed7ed8009a66eb3544d61adAlexander Pyhalov </varlistentry>
75614fd9696d97522ed7ed8009a66eb3544d61adAlexander Pyhalov <varlistentry>
75614fd9696d97522ed7ed8009a66eb3544d61adAlexander Pyhalov <term><option>+[no]identify</option></term>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe Show [or do not show] the IP address and port number
a9478106a12424322498e53cf7cd75bd8a4d6004Yuri Pankov that supplied the answer when the
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe <parameter>+short</parameter> option is enabled. If
a9478106a12424322498e53cf7cd75bd8a4d6004Yuri Pankov short form answers are requested, the default is not
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe to show the source address and port number of the
a9478106a12424322498e53cf7cd75bd8a4d6004Yuri Pankov server that provided the answer.
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe </varlistentry>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe <varlistentry>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe Ignore truncation in UDP responses instead of retrying
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe with TCP. By default, TCP retries are performed.
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe </varlistentry>