dig.docbook revision f274cbeaed0e4c5fdbde9f5c30833d7f1da37cd3
5cd4555ad444fd391002ae32450572054369fd42Rob Austein<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
0af902c0df86a1ddfa54f68b4cf0fab7b469d4e7Mark Andrews "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein [<!ENTITY mdash "—">]>
1124950b35ae05a12e804e670607fe5ba775cb4aTinderbox User - Copyright (C) 2004-2011, 2013, 2014 Internet Systems Consortium, Inc. ("ISC")
dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews - Copyright (C) 2000-2003 Internet Software Consortium.
ec5347e2c775f027573ce5648b910361aa926c01Automatic Updater - Permission to use, copy, modify, and/or distribute this software for any
f202f2587b9ba4753afba49b796f599cc12b4d0fAndreas Gustafsson - purpose with or without fee is hereby granted, provided that the above
f202f2587b9ba4753afba49b796f599cc12b4d0fAndreas Gustafsson - copyright notice and this permission notice appear in all copies.
dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews - PERFORMANCE OF THIS SOFTWARE.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein <refentryinfo>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein </refentryinfo>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein <refnamediv>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein </refnamediv>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein </copyright>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein </copyright>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein <refsynopsisdiv>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein <cmdsynopsis>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein <arg><option>-b <replaceable class="parameter">address</replaceable></option></arg>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein <arg><option>-c <replaceable class="parameter">class</replaceable></option></arg>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein <arg><option>-f <replaceable class="parameter">filename</replaceable></option></arg>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein <arg><option>-k <replaceable class="parameter">filename</replaceable></option></arg>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein <arg><option>-p <replaceable class="parameter">port#</replaceable></option></arg>
a268fec7f54a89a0772a91da0511c8eae09e6157Mark Andrews <arg><option>-q <replaceable class="parameter">name</replaceable></option></arg>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein <arg><option>-t <replaceable class="parameter">type</replaceable></option></arg>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein <arg><option>-x <replaceable class="parameter">addr</replaceable></option></arg>
c6d4f781529d2f28693546b25b2967d44ec89e60Mark Andrews <arg><option>-y <replaceable class="parameter"><optional>hmac:</optional>name:key</replaceable></option></arg>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein </cmdsynopsis>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein <cmdsynopsis>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein </cmdsynopsis>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein <cmdsynopsis>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein <arg choice="opt" rep="repeat">global-queryopt</arg>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein </cmdsynopsis>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein </refsynopsisdiv>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein (domain information groper) is a flexible tool
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein for interrogating DNS name servers. It performs DNS lookups and
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein displays the answers that are returned from the name server(s) that
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein were queried. Most DNS administrators use <command>dig</command> to
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein troubleshoot DNS problems because of its flexibility, ease of use and
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein clarity of output. Other lookup tools tend to have less functionality
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein Although <command>dig</command> is normally used with
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein command-line
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein arguments, it also has a batch mode of operation for reading lookup
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein requests from a file. A brief summary of its command-line arguments
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein and options is printed when the <option>-h</option> option is given.
561a29af8c54a216e7d30b5b4f6e0d21661654ecMark Andrews Unlike earlier versions, the BIND 9 implementation of
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein <command>dig</command> allows multiple lookups to be issued
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein command line.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein Unless it is told to query a specific name server,
3b9d9ad58b2d85a10960819f5c7a4606b33e9ab2Evan Hunt <command>dig</command> will try each of the servers listed in
8012d70ea4906ba739036cc9903cb0ac0fc72e9fJeremy C. Reed <filename>/etc/resolv.conf</filename>. If no usable server addresses
3b9d9ad58b2d85a10960819f5c7a4606b33e9ab2Evan Hunt are found, <command>dig</command> will send the query to the local
d4f032db535ad5194d442fec535123f269422055Jeremy Reed When no command line arguments or options are given,
d4f032db535ad5194d442fec535123f269422055Jeremy Reed <command>dig</command> will perform an NS query for "." (the root).
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein It is possible to set per-user defaults for <command>dig</command> via
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein <filename>${HOME}/.digrc</filename>. This file is read and
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein any options in it
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein are applied before the command line arguments.
065c66d9bf1c349600027bb50e3759a3736f73abMark Andrews The IN and CH class names overlap with the IN and CH top level
79a1c7502d0d1c5e654d9892c948d0123c3b3e2fEvan Hunt domain names. Either use the <option>-t</option> and
d4f032db535ad5194d442fec535123f269422055Jeremy Reed <option>-c</option> options to specify the type and class,
d4f032db535ad5194d442fec535123f269422055Jeremy Reed use the <option>-q</option> the specify the domain name, or
065c66d9bf1c349600027bb50e3759a3736f73abMark Andrews use "IN." and "CH." when looking up these top level domains.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein A typical invocation of <command>dig</command> looks like:
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein <programlisting> dig @server name type </programlisting>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein <variablelist>
0af902c0df86a1ddfa54f68b4cf0fab7b469d4e7Mark Andrews <varlistentry>
0af902c0df86a1ddfa54f68b4cf0fab7b469d4e7Mark Andrews is the name or IP address of the name server to query. This
0af902c0df86a1ddfa54f68b4cf0fab7b469d4e7Mark Andrews can be an IPv4 address in dotted-decimal notation or an IPv6
0af902c0df86a1ddfa54f68b4cf0fab7b469d4e7Mark Andrews address in colon-delimited notation. When the supplied
0af902c0df86a1ddfa54f68b4cf0fab7b469d4e7Mark Andrews <parameter>server</parameter> argument is a hostname,
0af902c0df86a1ddfa54f68b4cf0fab7b469d4e7Mark Andrews <command>dig</command> resolves that name before querying
0af902c0df86a1ddfa54f68b4cf0fab7b469d4e7Mark Andrews that name server.
0af902c0df86a1ddfa54f68b4cf0fab7b469d4e7Mark Andrews If no <parameter>server</parameter> argument is
0af902c0df86a1ddfa54f68b4cf0fab7b469d4e7Mark Andrews address is found there, it queries the name server at
0af902c0df86a1ddfa54f68b4cf0fab7b469d4e7Mark Andrews that address. If either of the <option>-4</option> or
0af902c0df86a1ddfa54f68b4cf0fab7b469d4e7Mark Andrews only addresses for the corresponding transport
0af902c0df86a1ddfa54f68b4cf0fab7b469d4e7Mark Andrews will be tried. If no usable addresses are found,
0af902c0df86a1ddfa54f68b4cf0fab7b469d4e7Mark Andrews <command>dig</command> will send the query to the
0af902c0df86a1ddfa54f68b4cf0fab7b469d4e7Mark Andrews local host. The reply from the name server that
0af902c0df86a1ddfa54f68b4cf0fab7b469d4e7Mark Andrews responds is displayed.
0af902c0df86a1ddfa54f68b4cf0fab7b469d4e7Mark Andrews </varlistentry>
0af902c0df86a1ddfa54f68b4cf0fab7b469d4e7Mark Andrews <varlistentry>
0af902c0df86a1ddfa54f68b4cf0fab7b469d4e7Mark Andrews is the name of the resource record that is to be looked up.
0af902c0df86a1ddfa54f68b4cf0fab7b469d4e7Mark Andrews </varlistentry>
0af902c0df86a1ddfa54f68b4cf0fab7b469d4e7Mark Andrews <varlistentry>
0af902c0df86a1ddfa54f68b4cf0fab7b469d4e7Mark Andrews indicates what type of query is required —
0af902c0df86a1ddfa54f68b4cf0fab7b469d4e7Mark Andrews ANY, A, MX, SIG, etc.
0af902c0df86a1ddfa54f68b4cf0fab7b469d4e7Mark Andrews <parameter>type</parameter> can be any valid query
0af902c0df86a1ddfa54f68b4cf0fab7b469d4e7Mark Andrews <parameter>type</parameter> argument is supplied,
0af902c0df86a1ddfa54f68b4cf0fab7b469d4e7Mark Andrews <command>dig</command> will perform a lookup for an
0af902c0df86a1ddfa54f68b4cf0fab7b469d4e7Mark Andrews </varlistentry>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein </variablelist>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein The <option>-b</option> option sets the source IP address of the query
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein to <parameter>address</parameter>. This must be a valid
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein one of the host's network interfaces or "0.0.0.0" or "::". An optional
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein may be specified by appending "#<port>"
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein The default query class (IN for internet) is overridden by the
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein <option>-c</option> option. <parameter>class</parameter> is
0f78f780648806bcb3e374b7dafac73e6c558ea8Mark Andrews class, such as HS for Hesiod records or CH for Chaosnet records.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein The <option>-f</option> option makes <command>dig </command>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein in batch mode by reading a list of lookup requests to process from the
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein file <parameter>filename</parameter>. The file contains a
561a29af8c54a216e7d30b5b4f6e0d21661654ecMark Andrews queries, one per line. Each entry in the file should be organized in
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein the same way they would be presented as queries to
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein <command>dig</command> using the command-line interface.
0db6bf459f7afa1f9dc0690a521df19955c89dbfJeremy Reed The <option>-m</option> option enables memory usage debugging.
0db6bf459f7afa1f9dc0690a521df19955c89dbfJeremy Reed <!-- It enables ISC_MEM_DEBUGTRACE and ISC_MEM_DEBUGRECORD
0af902c0df86a1ddfa54f68b4cf0fab7b469d4e7Mark Andrews documented in include/isc/mem.h -->
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein If a non-standard port number is to be queried, the
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein <option>-p</option> option is used. <parameter>port#</parameter> is
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein the port number that <command>dig</command> will send its
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein instead of the standard DNS port number 53. This option would be used
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein to test a name server that has been configured to listen for queries
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein on a non-standard port number.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein The <option>-4</option> option forces <command>dig</command>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein use IPv4 query transport. The <option>-6</option> option forces
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein <command>dig</command> to only use IPv6 query transport.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein The <option>-t</option> option sets the query type to
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein <parameter>type</parameter>. It can be any valid query type
8b9fc7617b8f54641708c985697848e6cc10a5bbMark Andrews supported in BIND 9. The default query type is "A", unless the
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein <option>-x</option> option is supplied to indicate a reverse lookup.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein A zone transfer can be requested by specifying a type of AXFR. When
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein an incremental zone transfer (IXFR) is required,
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein <parameter>type</parameter> is set to <literal>ixfr=N</literal>.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein The incremental zone transfer will contain the changes made to the zone
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein since the serial number in the zone's SOA record was
a268fec7f54a89a0772a91da0511c8eae09e6157Mark Andrews The <option>-q</option> option sets the query name to
79a1c7502d0d1c5e654d9892c948d0123c3b3e2fEvan Hunt <parameter>name</parameter>. This is useful to distinguish the
1425217e5c3a2cbab7f8344e600e0c16047289ffMark Andrews <parameter>name</parameter> from other arguments.
67d01dcacb2051a03377c8ec5c0e36604c17aea5Evan Hunt The <option>-v</option> causes <command>dig</command> to
67d01dcacb2051a03377c8ec5c0e36604c17aea5Evan Hunt print the version number and exit.
561a29af8c54a216e7d30b5b4f6e0d21661654ecMark Andrews Reverse lookups — mapping addresses to names — are simplified by the
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein <option>-x</option> option. <parameter>addr</parameter> is
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein address in dotted-decimal notation, or a colon-delimited IPv6 address.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein When this option is used, there is no need to provide the
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein <parameter>name</parameter>, <parameter>class</parameter> and
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein <parameter>type</parameter> arguments. <command>dig</command>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein automatically performs a lookup for a name like
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein <literal>11.12.13.10.in-addr.arpa</literal> and sets the
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein query type and
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein class to PTR and IN respectively. By default, IPv6 addresses are
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein looked up using nibble format under the IP6.ARPA domain.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein To use the older RFC1886 method using the IP6.INT domain
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein specify the <option>-i</option> option. Bit string labels (RFC2874)
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein are now experimental and are not attempted.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein To sign the DNS queries sent by <command>dig</command> and
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein responses using transaction signatures (TSIG), specify a TSIG key file
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein using the <option>-k</option> option. You can also specify the TSIG
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein key itself on the command line using the <option>-y</option> option;
c6d4f781529d2f28693546b25b2967d44ec89e60Mark Andrews <parameter>hmac</parameter> is the type of the TSIG, default HMAC-MD5,
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein <parameter>name</parameter> is the name of the TSIG key and
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein <parameter>key</parameter> is the actual key. The key is a
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein encoded string, typically generated by
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein <citerefentry>
0af902c0df86a1ddfa54f68b4cf0fab7b469d4e7Mark Andrews <refentrytitle>dnssec-keygen</refentrytitle><manvolnum>8</manvolnum>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein </citerefentry>.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein Caution should be taken when using the <option>-y</option> option on
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein multi-user systems as the key can be visible in the output from
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein <citerefentry>
0af902c0df86a1ddfa54f68b4cf0fab7b469d4e7Mark Andrews <refentrytitle>ps</refentrytitle><manvolnum>1</manvolnum>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein </citerefentry>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein or in the shell's history file. When
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein using TSIG authentication with <command>dig</command>, the name
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein server that is queried needs to know the key and algorithm that is
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein being used. In BIND, this is done by providing appropriate
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein <command>key</command> and <command>server</command> statements in
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein provides a number of query options which affect
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein the way in which lookups are made and the results displayed. Some of
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein these set or reset flag bits in the query header, some determine which
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein sections of the answer get printed, and others determine the timeout
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein and retry strategies.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein Each query option is identified by a keyword preceded by a plus sign
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein (<literal>+</literal>). Some keywords set or reset an
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein option. These may be preceded
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein by the string <literal>no</literal> to negate the meaning of
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein that keyword. Other
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein keywords assign values to options like the timeout interval. They
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein The query options are:
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein <variablelist>
0af902c0df86a1ddfa54f68b4cf0fab7b469d4e7Mark Andrews <varlistentry>
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews A synonym for <parameter>+[no]aaonly</parameter>.
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews </varlistentry>
0af902c0df86a1ddfa54f68b4cf0fab7b469d4e7Mark Andrews <varlistentry>
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews Sets the "aa" flag in the query.
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews </varlistentry>
0af902c0df86a1ddfa54f68b4cf0fab7b469d4e7Mark Andrews <varlistentry>
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews Display [do not display] the additional section of a
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews reply. The default is to display it.
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews </varlistentry>
0af902c0df86a1ddfa54f68b4cf0fab7b469d4e7Mark Andrews <varlistentry>
70f292a50f9840fc25b3dbecfed71cdf835d4094Mark Andrews Set [do not set] the AD (authentic data) bit in the
70f292a50f9840fc25b3dbecfed71cdf835d4094Mark Andrews query. This requests the server to return whether
70f292a50f9840fc25b3dbecfed71cdf835d4094Mark Andrews all of the answer and authority sections have all
70f292a50f9840fc25b3dbecfed71cdf835d4094Mark Andrews been validated as secure according to the security
70f292a50f9840fc25b3dbecfed71cdf835d4094Mark Andrews policy of the server. AD=1 indicates that all records
70f292a50f9840fc25b3dbecfed71cdf835d4094Mark Andrews have been validated as secure and the answer is not
70f292a50f9840fc25b3dbecfed71cdf835d4094Mark Andrews from a OPT-OUT range. AD=0 indicate that some part
3fb5bccf59abe5a0b545b4979181df0b17adee3bMark Andrews of the answer was insecure or not validated. This
3fb5bccf59abe5a0b545b4979181df0b17adee3bMark Andrews bit is set by default.
70f292a50f9840fc25b3dbecfed71cdf835d4094Mark Andrews </varlistentry>
0af902c0df86a1ddfa54f68b4cf0fab7b469d4e7Mark Andrews <varlistentry>
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews Set or clear all display flags.
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews </varlistentry>
0af902c0df86a1ddfa54f68b4cf0fab7b469d4e7Mark Andrews <varlistentry>
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews Display [do not display] the answer section of a
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews reply. The default is to display it.
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews </varlistentry>
0af902c0df86a1ddfa54f68b4cf0fab7b469d4e7Mark Andrews <varlistentry>
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews Display [do not display] the authority section of a
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews reply. The default is to display it.
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews </varlistentry>
0af902c0df86a1ddfa54f68b4cf0fab7b469d4e7Mark Andrews <varlistentry>
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews Attempt to display the contents of messages which are
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews malformed. The default is to not display malformed
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews </varlistentry>
0af902c0df86a1ddfa54f68b4cf0fab7b469d4e7Mark Andrews <varlistentry>
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews Set the UDP message buffer size advertised using EDNS0
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews to <parameter>B</parameter> bytes. The maximum and
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews minimum sizes of this buffer are 65535 and 0 respectively.
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews Values outside this range are rounded up or down
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews appropriately. Values other than zero will cause a
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews EDNS query to be sent.
3fb5bccf59abe5a0b545b4979181df0b17adee3bMark Andrews </varlistentry>
0af902c0df86a1ddfa54f68b4cf0fab7b469d4e7Mark Andrews <varlistentry>
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews Set [do not set] the CD (checking disabled) bit in
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews the query. This requests the server to not perform
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews DNSSEC validation of responses.
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews </varlistentry>
0af902c0df86a1ddfa54f68b4cf0fab7b469d4e7Mark Andrews <varlistentry>
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews Display [do not display] the CLASS when printing the
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews </varlistentry>
0af902c0df86a1ddfa54f68b4cf0fab7b469d4e7Mark Andrews <varlistentry>
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews Toggles the printing of the initial comment in the
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews output identifying the version of <command>dig</command>
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews and the query options that have been applied. This
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews comment is printed by default.
3fb5bccf59abe5a0b545b4979181df0b17adee3bMark Andrews </varlistentry>
0af902c0df86a1ddfa54f68b4cf0fab7b469d4e7Mark Andrews <varlistentry>
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews Toggle the display of comment lines in the output.
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews The default is to print comments.
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews </varlistentry>
0af902c0df86a1ddfa54f68b4cf0fab7b469d4e7Mark Andrews <varlistentry>
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews Toggle the display of cryptographic fields in DNSSEC
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews records. The contents of these field are unnecessary
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews to debug most DNSSEC validation failures and removing
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews them makes it easier to see the common failures. The
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews default is to display the fields. When omitted they
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews are replaced by the string "[omitted]" or in the
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews DNSKEY case the key id is displayed as the replacement,
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews e.g. "[ key id = value ]".
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews </varlistentry>
0af902c0df86a1ddfa54f68b4cf0fab7b469d4e7Mark Andrews <varlistentry>
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews Deprecated, treated as a synonym for
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews </varlistentry>
0af902c0df86a1ddfa54f68b4cf0fab7b469d4e7Mark Andrews <varlistentry>
2d0bc1e0f3f5ed26c8f43bc12dd08ffa6b9a6460Mark Andrews Requests DNSSEC records be sent by setting the DNSSEC
2d0bc1e0f3f5ed26c8f43bc12dd08ffa6b9a6460Mark Andrews OK bit (DO) in the OPT record in the additional section
2d0bc1e0f3f5ed26c8f43bc12dd08ffa6b9a6460Mark Andrews of the query.
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews </varlistentry>
0af902c0df86a1ddfa54f68b4cf0fab7b469d4e7Mark Andrews <varlistentry>
2d0bc1e0f3f5ed26c8f43bc12dd08ffa6b9a6460Mark Andrews Set the search list to contain the single domain
2d0bc1e0f3f5ed26c8f43bc12dd08ffa6b9a6460Mark Andrews <parameter>somename</parameter>, as if specified in
2d0bc1e0f3f5ed26c8f43bc12dd08ffa6b9a6460Mark Andrews <filename>/etc/resolv.conf</filename>, and enable
2d0bc1e0f3f5ed26c8f43bc12dd08ffa6b9a6460Mark Andrews search list processing as if the
2d0bc1e0f3f5ed26c8f43bc12dd08ffa6b9a6460Mark Andrews <parameter>+search</parameter> option were given.
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews </varlistentry>
2064e46209f35d2afad526622d975647f9c2098bMark Andrews <varlistentry>
2064e46209f35d2afad526622d975647f9c2098bMark Andrews <term><option>+dscp=value</option></term> <listitem>
2064e46209f35d2afad526622d975647f9c2098bMark Andrews Set the DSCP code point to be used when sending the
2064e46209f35d2afad526622d975647f9c2098bMark Andrews query. Valid DSCP code points are in the range
821350367e2c7313c02eb275e8e05d5193b47cfdJeremy C. Reed [0..63]. By default no code point is explicitly set.
2064e46209f35d2afad526622d975647f9c2098bMark Andrews </varlistentry>
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews <varlistentry>
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews Specify the EDNS version to query with. Valid values
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews are 0 to 255. Setting the EDNS version will cause
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews a EDNS query to be sent. <option>+noedns</option>
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews clears the remembered EDNS version. EDNS is set to
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews 0 by default.
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews </varlistentry>
3867312e4cc5c53d20f4020cc5b2459154406135Mark Andrews <varlistentry>
3867312e4cc5c53d20f4020cc5b2459154406135Mark Andrews <term><option>+[no]ednsflags[=#]</option></term>
3867312e4cc5c53d20f4020cc5b2459154406135Mark Andrews Set the must-be-zero EDNS flags bits (Z bits) to the
3867312e4cc5c53d20f4020cc5b2459154406135Mark Andrews specified value. Decimal, hex and octal encodings are
3867312e4cc5c53d20f4020cc5b2459154406135Mark Andrews accepted. Setting a named flag (e.g. DO) will silently be
3867312e4cc5c53d20f4020cc5b2459154406135Mark Andrews ignored. By default, no Z bits are set.
3867312e4cc5c53d20f4020cc5b2459154406135Mark Andrews </varlistentry>
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews <varlistentry>
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews <term><option>+[no]ednsopt[=code[:value]]</option></term>
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews Specify EDNS option with code point <option>code</option>
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews and optionally payload of <option>value</option> as a
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews hexadecimal string. <option>+noednsopt</option>
97553eec86d43d4d886401e7ea17dc0172fb5759Mark Andrews clears the EDNS options to be sent.
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews </varlistentry>
0af902c0df86a1ddfa54f68b4cf0fab7b469d4e7Mark Andrews <varlistentry>
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews Send an EDNS Expire option.
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews </varlistentry>
0af902c0df86a1ddfa54f68b4cf0fab7b469d4e7Mark Andrews <varlistentry>
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews Do not try the next server if you receive a SERVFAIL.
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews The default is to not try the next server which is
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews the reverse of normal stub resolver behavior.
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews </varlistentry>
f274cbeaed0e4c5fdbde9f5c30833d7f1da37cd3Mark Andrews <varlistentry>
f274cbeaed0e4c5fdbde9f5c30833d7f1da37cd3Mark Andrews Send a query with a DNS header without a question section.
f274cbeaed0e4c5fdbde9f5c30833d7f1da37cd3Mark Andrews The default is to add a question section. The query type
f274cbeaed0e4c5fdbde9f5c30833d7f1da37cd3Mark Andrews and query name are ignored when this is set.
f274cbeaed0e4c5fdbde9f5c30833d7f1da37cd3Mark Andrews </varlistentry>
0af902c0df86a1ddfa54f68b4cf0fab7b469d4e7Mark Andrews <varlistentry>
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews Show [or do not show] the IP address and port number
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews that supplied the answer when the
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews <parameter>+short</parameter> option is enabled. If
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews short form answers are requested, the default is not
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews to show the source address and port number of the
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews server that provided the answer.
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews </varlistentry>
0af902c0df86a1ddfa54f68b4cf0fab7b469d4e7Mark Andrews <varlistentry>
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews Ignore truncation in UDP responses instead of retrying
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews with TCP. By default, TCP retries are performed.
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews </varlistentry>
0af902c0df86a1ddfa54f68b4cf0fab7b469d4e7Mark Andrews <varlistentry>
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews Keep the TCP socket open between queries and reuse
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews it rather than creating a new TCP socket for each
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews lookup. The default is <option>+nokeepopen</option>.
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews </varlistentry>
0af902c0df86a1ddfa54f68b4cf0fab7b469d4e7Mark Andrews <varlistentry>
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews Print records like the SOA records in a verbose
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews multi-line format with human-readable comments. The
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews default is to print each record on a single line, to
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews facilitate machine parsing of the <command>dig</command>
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews </varlistentry>
0af902c0df86a1ddfa54f68b4cf0fab7b469d4e7Mark Andrews <varlistentry>
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews Set the number of dots that have to appear in
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews <parameter>name</parameter> to <parameter>D</parameter>
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews for it to be considered absolute. The default value
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews is that defined using the ndots statement in
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews <filename>/etc/resolv.conf</filename>, or 1 if no
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews ndots statement is present. Names with fewer dots
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews are interpreted as relative names and will be searched
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews for in the domains listed in the <option>search</option>
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews </varlistentry>
0af902c0df86a1ddfa54f68b4cf0fab7b469d4e7Mark Andrews <varlistentry>
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews Include an EDNS name server ID request when sending
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews </varlistentry>
0af902c0df86a1ddfa54f68b4cf0fab7b469d4e7Mark Andrews <varlistentry>
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews When this option is set, <command>dig</command>
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews attempts to find the authoritative name servers for
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews the zone containing the name being looked up and
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews display the SOA record that each name server has for
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews </varlistentry>
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews <varlistentry>
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews Print only one (starting) SOA record when performing
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews an AXFR. The default is to print both the starting
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews and ending SOA records.
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews </varlistentry>
0af902c0df86a1ddfa54f68b4cf0fab7b469d4e7Mark Andrews <varlistentry>
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews Print [do not print] the query as it is sent. By
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews default, the query is not printed.
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews </varlistentry>
0af902c0df86a1ddfa54f68b4cf0fab7b469d4e7Mark Andrews <varlistentry>
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews Print [do not print] the question section of a query
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews when an answer is returned. The default is to print
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews the question section as a comment.
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews </varlistentry>
0af902c0df86a1ddfa54f68b4cf0fab7b469d4e7Mark Andrews <varlistentry>
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews Toggle the setting of the RD (recursion desired) bit
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews in the query. This bit is set by default, which means
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews <command>dig</command> normally sends recursive
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews queries. Recursion is automatically disabled when
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews <parameter>+trace</parameter> query options are used.
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews </varlistentry>
0af902c0df86a1ddfa54f68b4cf0fab7b469d4e7Mark Andrews <varlistentry>
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews Sets the number of times to retry UDP queries to
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews server to <parameter>T</parameter> instead of the
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews default, 2. Unlike <parameter>+tries</parameter>,
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews this does not include the initial query.
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews </varlistentry>
0af902c0df86a1ddfa54f68b4cf0fab7b469d4e7Mark Andrews <varlistentry>
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews Toggle the display of per-record comments in the
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews output (for example, human-readable key information
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews about DNSKEY records). The default is not to print
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews record comments unless multiline mode is active.
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews </varlistentry>
0af902c0df86a1ddfa54f68b4cf0fab7b469d4e7Mark Andrews <varlistentry>
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews Use [do not use] the search list defined by the
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews searchlist or domain directive in
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews <filename>resolv.conf</filename> (if any). The search
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews list is not used by default.
40b28f54029a5399fc17d895dd9e8bbcd97d6b70Mark Andrews 'ndots' from <filename>resolv.conf</filename> (default 1)
40b28f54029a5399fc17d895dd9e8bbcd97d6b70Mark Andrews which may be overridden by <parameter>+ndots</parameter>
40b28f54029a5399fc17d895dd9e8bbcd97d6b70Mark Andrews determines if the name will be treated as relative
40b28f54029a5399fc17d895dd9e8bbcd97d6b70Mark Andrews or not and hence whether a search is eventually
40b28f54029a5399fc17d895dd9e8bbcd97d6b70Mark Andrews performed or not.
e560fbdf77b08ff23ab71b107f022829bcd552dbMark Andrews </varlistentry>
0af902c0df86a1ddfa54f68b4cf0fab7b469d4e7Mark Andrews <varlistentry>
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews Provide a terse answer. The default is to print the
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews answer in a verbose form.
1fc4793844c9613b17866c33dbeab8aaa94b66ffMark Andrews </varlistentry>
0af902c0df86a1ddfa54f68b4cf0fab7b469d4e7Mark Andrews <varlistentry>
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews Perform [do not perform] a search showing intermediate
13396661f46572d7b94703a25721aad040fbd91aMark Andrews </varlistentry>
0af902c0df86a1ddfa54f68b4cf0fab7b469d4e7Mark Andrews <varlistentry>
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews Chase DNSSEC signature chains. Requires dig be
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews compiled with -DDIG_SIGCHASE.
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews </varlistentry>
0af902c0df86a1ddfa54f68b4cf0fab7b469d4e7Mark Andrews <varlistentry>
0af902c0df86a1ddfa54f68b4cf0fab7b469d4e7Mark Andrews <term><option>+[no]sit<optional>=####</optional></option></term>
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews Send a Source Identity Token EDNS option, with optional
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews value. Replaying a SIT from a previous response will
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews allow the server to identify a previous client. The
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews default is <option>+nosit</option>. Currently using
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews experimental value 65001 for the option code.
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews </varlistentry>
0af902c0df86a1ddfa54f68b4cf0fab7b469d4e7Mark Andrews <varlistentry>
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews Split long hex- or base64-formatted fields in resource
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews records into chunks of <parameter>W</parameter>
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews characters (where <parameter>W</parameter> is rounded
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews up to the nearest multiple of 4).
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews <parameter>+split=0</parameter> causes fields not to
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews be split at all. The default is 56 characters, or
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews 44 characters when multiline mode is active.
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews </varlistentry>
0af902c0df86a1ddfa54f68b4cf0fab7b469d4e7Mark Andrews <varlistentry>
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews This query option toggles the printing of statistics:
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews when the query was made, the size of the reply and
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews so on. The default behavior is to print the query
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews </varlistentry>
0af902c0df86a1ddfa54f68b4cf0fab7b469d4e7Mark Andrews <varlistentry>
0af902c0df86a1ddfa54f68b4cf0fab7b469d4e7Mark Andrews <term><option>+[no]subnet=addr/prefix</option></term>
821350367e2c7313c02eb275e8e05d5193b47cfdJeremy C. Reed Send an EDNS Client Subnet option with the specified
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews IP address or network prefix.
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews </varlistentry>
0af902c0df86a1ddfa54f68b4cf0fab7b469d4e7Mark Andrews <varlistentry>
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews Use [do not use] TCP when querying name servers. The
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews default behavior is to use UDP unless an
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews <literal>ixfr=N</literal> query is requested, in which
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews case the default is TCP. AXFR queries always use
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews </varlistentry>
0af902c0df86a1ddfa54f68b4cf0fab7b469d4e7Mark Andrews <varlistentry>
0af902c0df86a1ddfa54f68b4cf0fab7b469d4e7Mark Andrews Sets the timeout for a query to
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews timeout is 5 seconds.
0af902c0df86a1ddfa54f68b4cf0fab7b469d4e7Mark Andrews An attempt to set <parameter>T</parameter> to less
0af902c0df86a1ddfa54f68b4cf0fab7b469d4e7Mark Andrews than 1 will result
0af902c0df86a1ddfa54f68b4cf0fab7b469d4e7Mark Andrews in a query timeout of 1 second being applied.
0af902c0df86a1ddfa54f68b4cf0fab7b469d4e7Mark Andrews </varlistentry>
0af902c0df86a1ddfa54f68b4cf0fab7b469d4e7Mark Andrews <varlistentry>
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews When chasing DNSSEC signature chains perform a top-down
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews validation. Requires dig be compiled with -DDIG_SIGCHASE.
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews </varlistentry>
0af902c0df86a1ddfa54f68b4cf0fab7b469d4e7Mark Andrews <varlistentry>
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews Toggle tracing of the delegation path from the root
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews name servers for the name being looked up. Tracing
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews is disabled by default. When tracing is enabled,
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews <command>dig</command> makes iterative queries to
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews resolve the name being looked up. It will follow
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews referrals from the root servers, showing the answer
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews from each server that was used to resolve the lookup.
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews <command>+dnssec</command> is also set when +trace
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews is set to better emulate the default queries from a
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews </varlistentry>
0af902c0df86a1ddfa54f68b4cf0fab7b469d4e7Mark Andrews <varlistentry>
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews Sets the number of times to try UDP queries to server
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews to <parameter>T</parameter> instead of the default,
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews 3. If <parameter>T</parameter> is less than or equal
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews to zero, the number of tries is silently rounded up
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews </varlistentry>
0af902c0df86a1ddfa54f68b4cf0fab7b469d4e7Mark Andrews <varlistentry>
0af902c0df86a1ddfa54f68b4cf0fab7b469d4e7Mark Andrews <term><option>+trusted-key=####</option></term>
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews Specifies a file containing trusted keys to be used
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews with <option>+sigchase</option>. Each DNSKEY record
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews must be on its own line.
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews If not specified, <command>dig</command> will look
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews for <filename>/etc/trusted-key.key</filename> then
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews <filename>trusted-key.key</filename> in the current
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews Requires dig be compiled with -DDIG_SIGCHASE.
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews </varlistentry>
0af902c0df86a1ddfa54f68b4cf0fab7b469d4e7Mark Andrews <varlistentry>
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews Display [do not display] the TTL when printing the
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews </varlistentry>
0af902c0df86a1ddfa54f68b4cf0fab7b469d4e7Mark Andrews <varlistentry>
0af902c0df86a1ddfa54f68b4cf0fab7b469d4e7Mark Andrews Display [do not display] the TTL in friendly human-readable
0af902c0df86a1ddfa54f68b4cf0fab7b469d4e7Mark Andrews time units of "s", "m", "h", "d", and "w", representing
0af902c0df86a1ddfa54f68b4cf0fab7b469d4e7Mark Andrews seconds, minutes, hours, days and weeks. Implies +ttlid.
0af902c0df86a1ddfa54f68b4cf0fab7b469d4e7Mark Andrews </varlistentry>
0af902c0df86a1ddfa54f68b4cf0fab7b469d4e7Mark Andrews <varlistentry>
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews Use [do not use] TCP when querying name servers. This
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews alternate syntax to <parameter>+[no]tcp</parameter>
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews is provided for backwards compatibility. The "vc"
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews stands for "virtual circuit".
9c36846e41822f3a933d5e7d91d5008879cdd1cdMark Andrews </varlistentry>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein </variablelist>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein The BIND 9 implementation of <command>dig </command>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein specifying multiple queries on the command line (in addition to
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein supporting the <option>-f</option> batch file option). Each of those
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein queries can be supplied with its own set of flags, options and query
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein In this case, each <parameter>query</parameter> argument
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein represent an
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein individual query in the command-line syntax described above. Each
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein consists of any of the standard options and flags, the name to be
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein looked up, an optional query type and class and any query options that
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein should be applied to that query.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein A global set of query options, which should be applied to all queries,
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein can also be supplied. These global query options must precede the
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein first tuple of name, class, type, options, flags, and query options
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein supplied on the command line. Any global query options (except
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein overridden by a query-specific set of query options. For example:
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein <programlisting>
f202f2587b9ba4753afba49b796f599cc12b4d0fAndreas Gustafssondig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
f202f2587b9ba4753afba49b796f599cc12b4d0fAndreas Gustafsson</programlisting>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein shows how <command>dig</command> could be used from the
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein command line
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein to make three lookups: an ANY query for <literal>www.isc.org</literal>, a
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein reverse lookup of 127.0.0.1 and a query for the NS records of
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein A global query option of <parameter>+qr</parameter> is
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein that <command>dig</command> shows the initial query it made
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein lookup. The final query has a local query option of
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein <parameter>+noqr</parameter> which means that <command>dig</command>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein will not print the initial query when it looks up the NS records for
6cf369f528c4acd8182eada41ad83b8d97623db8Mark Andrews If <command>dig</command> has been built with IDN (internationalized
6cf369f528c4acd8182eada41ad83b8d97623db8Mark Andrews domain name) support, it can accept and display non-ASCII domain names.
6cf369f528c4acd8182eada41ad83b8d97623db8Mark Andrews <command>dig</command> appropriately converts character encoding of
6cf369f528c4acd8182eada41ad83b8d97623db8Mark Andrews domain name before sending a request to DNS server or displaying a
6cf369f528c4acd8182eada41ad83b8d97623db8Mark Andrews reply from the server.
6cf369f528c4acd8182eada41ad83b8d97623db8Mark Andrews If you'd like to turn off the IDN support for some reason, defines
6cf369f528c4acd8182eada41ad83b8d97623db8Mark Andrews the <envar>IDN_DISABLE</envar> environment variable.
6cf369f528c4acd8182eada41ad83b8d97623db8Mark Andrews The IDN support is disabled if the variable is set when
0af902c0df86a1ddfa54f68b4cf0fab7b469d4e7Mark Andrews <refentrytitle>host</refentrytitle><manvolnum>1</manvolnum>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein </citerefentry>,
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein <citerefentry>
0af902c0df86a1ddfa54f68b4cf0fab7b469d4e7Mark Andrews <refentrytitle>named</refentrytitle><manvolnum>8</manvolnum>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein </citerefentry>,
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein <citerefentry>
0af902c0df86a1ddfa54f68b4cf0fab7b469d4e7Mark Andrews <refentrytitle>dnssec-keygen</refentrytitle><manvolnum>8</manvolnum>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein </citerefentry>,
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein There are probably too many query options.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein - Local variables:
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein - mode: sgml