dig.docbook revision aed0e61611268afd72a023a7fbba88698bc6bbeb
d6fa26d0adaec6c910115be34fe7a5a5f402c14fMark Andrews<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
17e9d6023e9fec06511e93303836ec0f106379d2Tinderbox User "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
46bb3884a0738664862e3a36b7848aa374aebd45Tinderbox User [<!ENTITY mdash "—">]>
5347c0fcb04eaea19d9f39795646239f487c6207Tinderbox User - Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
5347c0fcb04eaea19d9f39795646239f487c6207Tinderbox User - Copyright (C) 2000-2003 Internet Software Consortium.
17e9d6023e9fec06511e93303836ec0f106379d2Tinderbox User - Permission to use, copy, modify, and/or distribute this software for any
d6fa26d0adaec6c910115be34fe7a5a5f402c14fMark Andrews - purpose with or without fee is hereby granted, provided that the above
17e9d6023e9fec06511e93303836ec0f106379d2Tinderbox User - copyright notice and this permission notice appear in all copies.
17e9d6023e9fec06511e93303836ec0f106379d2Tinderbox User - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
17e9d6023e9fec06511e93303836ec0f106379d2Tinderbox User - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
17e9d6023e9fec06511e93303836ec0f106379d2Tinderbox User - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
17e9d6023e9fec06511e93303836ec0f106379d2Tinderbox User - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
17e9d6023e9fec06511e93303836ec0f106379d2Tinderbox User - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User - PERFORMANCE OF THIS SOFTWARE.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<!-- $Id: dig.docbook,v 1.39 2008/05/13 23:59:18 each Exp $ -->
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User <refentryinfo>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User </refentryinfo>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User </refnamediv>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User <holder>Internet Software Consortium.</holder>
05da080bbd0c35705081c034cbb1985c274c2656Tinderbox User <refsynopsisdiv>
17e9d6023e9fec06511e93303836ec0f106379d2Tinderbox User <cmdsynopsis>
17e9d6023e9fec06511e93303836ec0f106379d2Tinderbox User <arg><option>-b <replaceable class="parameter">address</replaceable></option></arg>
7e71f05d8643aca84914437c900cb716444507e4Tinderbox User <arg><option>-c <replaceable class="parameter">class</replaceable></option></arg>
17e9d6023e9fec06511e93303836ec0f106379d2Tinderbox User <arg><option>-f <replaceable class="parameter">filename</replaceable></option></arg>
17e9d6023e9fec06511e93303836ec0f106379d2Tinderbox User <arg><option>-k <replaceable class="parameter">filename</replaceable></option></arg>
17e9d6023e9fec06511e93303836ec0f106379d2Tinderbox User <arg><option>-p <replaceable class="parameter">port#</replaceable></option></arg>
17e9d6023e9fec06511e93303836ec0f106379d2Tinderbox User <arg><option>-q <replaceable class="parameter">name</replaceable></option></arg>
17e9d6023e9fec06511e93303836ec0f106379d2Tinderbox User <arg><option>-t <replaceable class="parameter">type</replaceable></option></arg>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User <arg><option>-x <replaceable class="parameter">addr</replaceable></option></arg>
17e9d6023e9fec06511e93303836ec0f106379d2Tinderbox User <arg><option>-y <replaceable class="parameter"><optional>hmac:</optional>name:key</replaceable></option></arg>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User <arg choice="opt" rep="repeat">queryopt</arg>
17e9d6023e9fec06511e93303836ec0f106379d2Tinderbox User </cmdsynopsis>
17e9d6023e9fec06511e93303836ec0f106379d2Tinderbox User <cmdsynopsis>
17e9d6023e9fec06511e93303836ec0f106379d2Tinderbox User </cmdsynopsis>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User <cmdsynopsis>
17e9d6023e9fec06511e93303836ec0f106379d2Tinderbox User <arg choice="opt" rep="repeat">global-queryopt</arg>
17e9d6023e9fec06511e93303836ec0f106379d2Tinderbox User </cmdsynopsis>
17e9d6023e9fec06511e93303836ec0f106379d2Tinderbox User </refsynopsisdiv>
17e9d6023e9fec06511e93303836ec0f106379d2Tinderbox User (domain information groper) is a flexible tool
17e9d6023e9fec06511e93303836ec0f106379d2Tinderbox User for interrogating DNS name servers. It performs DNS lookups and
17e9d6023e9fec06511e93303836ec0f106379d2Tinderbox User displays the answers that are returned from the name server(s) that
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User were queried. Most DNS administrators use <command>dig</command> to
17e9d6023e9fec06511e93303836ec0f106379d2Tinderbox User troubleshoot DNS problems because of its flexibility, ease of use and
17e9d6023e9fec06511e93303836ec0f106379d2Tinderbox User clarity of output. Other lookup tools tend to have less functionality
17e9d6023e9fec06511e93303836ec0f106379d2Tinderbox User Although <command>dig</command> is normally used with
17e9d6023e9fec06511e93303836ec0f106379d2Tinderbox User arguments, it also has a batch mode of operation for reading lookup
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User requests from a file. A brief summary of its command-line arguments
bfb7b680bf88c1fdd9949197b71c512c532280a4Tinderbox User and options is printed when the <option>-h</option> option is given.
bfb7b680bf88c1fdd9949197b71c512c532280a4Tinderbox User Unlike earlier versions, the BIND 9 implementation of
bfb7b680bf88c1fdd9949197b71c512c532280a4Tinderbox User <command>dig</command> allows multiple lookups to be issued
bfb7b680bf88c1fdd9949197b71c512c532280a4Tinderbox User command line.
17e9d6023e9fec06511e93303836ec0f106379d2Tinderbox User Unless it is told to query a specific name server,
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User <command>dig</command> will try each of the servers listed
bfb7b680bf88c1fdd9949197b71c512c532280a4Tinderbox User When no command line arguments or options are given, will perform an
bfb7b680bf88c1fdd9949197b71c512c532280a4Tinderbox User NS query for "." (the root).
bfb7b680bf88c1fdd9949197b71c512c532280a4Tinderbox User It is possible to set per-user defaults for <command>dig</command> via
05da080bbd0c35705081c034cbb1985c274c2656Tinderbox User <filename>${HOME}/.digrc</filename>. This file is read and
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User any options in it
bfb7b680bf88c1fdd9949197b71c512c532280a4Tinderbox User are applied before the command line arguments.
bfb7b680bf88c1fdd9949197b71c512c532280a4Tinderbox User The IN and CH class names overlap with the IN and CH top level
bfb7b680bf88c1fdd9949197b71c512c532280a4Tinderbox User domains names. Either use the <option>-t</option> and
05da080bbd0c35705081c034cbb1985c274c2656Tinderbox User <option>-c</option> options to specify the type and class or
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User use the <option>-q</option> the specify the domain name or
bfb7b680bf88c1fdd9949197b71c512c532280a4Tinderbox User use "IN." and "CH." when looking up these top level domains.
bfb7b680bf88c1fdd9949197b71c512c532280a4Tinderbox User A typical invocation of <command>dig</command> looks like:
bfb7b680bf88c1fdd9949197b71c512c532280a4Tinderbox User <programlisting> dig @server name type </programlisting>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User <variablelist>
bfb7b680bf88c1fdd9949197b71c512c532280a4Tinderbox User <varlistentry>
17e9d6023e9fec06511e93303836ec0f106379d2Tinderbox User is the name or IP address of the name server to query. This can
bfb7b680bf88c1fdd9949197b71c512c532280a4Tinderbox User address in dotted-decimal notation or an IPv6
bfb7b680bf88c1fdd9949197b71c512c532280a4Tinderbox User address in colon-delimited notation. When the supplied
bfb7b680bf88c1fdd9949197b71c512c532280a4Tinderbox User <command>dig</command> resolves that name before
05da080bbd0c35705081c034cbb1985c274c2656Tinderbox User querying that name
bfb7b680bf88c1fdd9949197b71c512c532280a4Tinderbox User argument is provided,
bfb7b680bf88c1fdd9949197b71c512c532280a4Tinderbox User <command>dig</command> consults <filename>/etc/resolv.conf</filename>
bfb7b680bf88c1fdd9949197b71c512c532280a4Tinderbox User and queries the name servers listed there. The reply from the
05da080bbd0c35705081c034cbb1985c274c2656Tinderbox User server that responds is displayed.
05da080bbd0c35705081c034cbb1985c274c2656Tinderbox User </varlistentry>
bfb7b680bf88c1fdd9949197b71c512c532280a4Tinderbox User <varlistentry>
bfb7b680bf88c1fdd9949197b71c512c532280a4Tinderbox User is the name of the resource record that is to be looked up.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User </varlistentry>
05da080bbd0c35705081c034cbb1985c274c2656Tinderbox User <varlistentry>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User indicates what type of query is required —
bfb7b680bf88c1fdd9949197b71c512c532280a4Tinderbox User ANY, A, MX, SIG, etc.
bfb7b680bf88c1fdd9949197b71c512c532280a4Tinderbox User <parameter>type</parameter> can be any valid query
bfb7b680bf88c1fdd9949197b71c512c532280a4Tinderbox User <parameter>type</parameter> argument is supplied,
bfb7b680bf88c1fdd9949197b71c512c532280a4Tinderbox User <command>dig</command> will perform a lookup for an
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User </varlistentry>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User </variablelist>
05da080bbd0c35705081c034cbb1985c274c2656Tinderbox User The <option>-b</option> option sets the source IP address of the query
05da080bbd0c35705081c034cbb1985c274c2656Tinderbox User to <parameter>address</parameter>. This must be a valid
05da080bbd0c35705081c034cbb1985c274c2656Tinderbox User one of the host's network interfaces or "0.0.0.0" or "::". An optional
05da080bbd0c35705081c034cbb1985c274c2656Tinderbox User may be specified by appending "#<port>"
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User The default query class (IN for internet) is overridden by the
05da080bbd0c35705081c034cbb1985c274c2656Tinderbox User <option>-c</option> option. <parameter>class</parameter> is
05da080bbd0c35705081c034cbb1985c274c2656Tinderbox User class, such as HS for Hesiod records or CH for Chaosnet records.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User The <option>-f</option> option makes <command>dig </command>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User in batch mode by reading a list of lookup requests to process from the
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User file <parameter>filename</parameter>. The file contains a
05da080bbd0c35705081c034cbb1985c274c2656Tinderbox User queries, one per line. Each entry in the file should be organized in
05da080bbd0c35705081c034cbb1985c274c2656Tinderbox User the same way they would be presented as queries to
05da080bbd0c35705081c034cbb1985c274c2656Tinderbox User <command>dig</command> using the command-line interface.
17e9d6023e9fec06511e93303836ec0f106379d2Tinderbox User If a non-standard port number is to be queried, the
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User <option>-p</option> option is used. <parameter>port#</parameter> is
17e9d6023e9fec06511e93303836ec0f106379d2Tinderbox User the port number that <command>dig</command> will send its
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User instead of the standard DNS port number 53. This option would be used
17e9d6023e9fec06511e93303836ec0f106379d2Tinderbox User to test a name server that has been configured to listen for queries
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User on a non-standard port number.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User The <option>-4</option> option forces <command>dig</command>
17e9d6023e9fec06511e93303836ec0f106379d2Tinderbox User use IPv4 query transport. The <option>-6</option> option forces
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User <command>dig</command> to only use IPv6 query transport.
bfb7b680bf88c1fdd9949197b71c512c532280a4Tinderbox User The <option>-t</option> option sets the query type to
05da080bbd0c35705081c034cbb1985c274c2656Tinderbox User <parameter>type</parameter>. It can be any valid query type
05da080bbd0c35705081c034cbb1985c274c2656Tinderbox User supported in BIND 9. The default query type is "A", unless the
bfb7b680bf88c1fdd9949197b71c512c532280a4Tinderbox User <option>-x</option> option is supplied to indicate a reverse lookup.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User A zone transfer can be requested by specifying a type of AXFR. When
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User an incremental zone transfer (IXFR) is required,
17e9d6023e9fec06511e93303836ec0f106379d2Tinderbox User <parameter>type</parameter> is set to <literal>ixfr=N</literal>.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User The incremental zone transfer will contain the changes made to the zone
bfb7b680bf88c1fdd9949197b71c512c532280a4Tinderbox User since the serial number in the zone's SOA record was
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User The <option>-q</option> option sets the query name to
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User <parameter>name</parameter>. This useful do distinguish the
05da080bbd0c35705081c034cbb1985c274c2656Tinderbox User <parameter>name</parameter> from other arguments.
bfb7b680bf88c1fdd9949197b71c512c532280a4Tinderbox User Reverse lookups — mapping addresses to names — are simplified by the
bfb7b680bf88c1fdd9949197b71c512c532280a4Tinderbox User <option>-x</option> option. <parameter>addr</parameter> is
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User address in dotted-decimal notation, or a colon-delimited IPv6 address.
17e9d6023e9fec06511e93303836ec0f106379d2Tinderbox User When this option is used, there is no need to provide the
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User <parameter>name</parameter>, <parameter>class</parameter> and
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User <parameter>type</parameter> arguments. <command>dig</command>
05da080bbd0c35705081c034cbb1985c274c2656Tinderbox User automatically performs a lookup for a name like
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User <literal>11.12.13.10.in-addr.arpa</literal> and sets the
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User query type and
17e9d6023e9fec06511e93303836ec0f106379d2Tinderbox User class to PTR and IN respectively. By default, IPv6 addresses are
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User looked up using nibble format under the IP6.ARPA domain.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User To use the older RFC1886 method using the IP6.INT domain
05da080bbd0c35705081c034cbb1985c274c2656Tinderbox User specify the <option>-i</option> option. Bit string labels (RFC2874)
05da080bbd0c35705081c034cbb1985c274c2656Tinderbox User are now experimental and are not attempted.
05da080bbd0c35705081c034cbb1985c274c2656Tinderbox User To sign the DNS queries sent by <command>dig</command> and
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User responses using transaction signatures (TSIG), specify a TSIG key file
17e9d6023e9fec06511e93303836ec0f106379d2Tinderbox User using the <option>-k</option> option. You can also specify the TSIG
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User key itself on the command line using the <option>-y</option> option;
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User <parameter>hmac</parameter> is the type of the TSIG, default HMAC-MD5,
05da080bbd0c35705081c034cbb1985c274c2656Tinderbox User <parameter>name</parameter> is the name of the TSIG key and
bfb7b680bf88c1fdd9949197b71c512c532280a4Tinderbox User <parameter>key</parameter> is the actual key. The key is a
05da080bbd0c35705081c034cbb1985c274c2656Tinderbox User encoded string, typically generated by
05da080bbd0c35705081c034cbb1985c274c2656Tinderbox User <citerefentry>
bfb7b680bf88c1fdd9949197b71c512c532280a4Tinderbox User <refentrytitle>dnssec-keygen</refentrytitle><manvolnum>8</manvolnum>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User </citerefentry>.
17e9d6023e9fec06511e93303836ec0f106379d2Tinderbox User Caution should be taken when using the <option>-y</option> option on
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User multi-user systems as the key can be visible in the output from
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User <citerefentry>
05da080bbd0c35705081c034cbb1985c274c2656Tinderbox User <refentrytitle>ps</refentrytitle><manvolnum>1</manvolnum>
05da080bbd0c35705081c034cbb1985c274c2656Tinderbox User </citerefentry>
05da080bbd0c35705081c034cbb1985c274c2656Tinderbox User or in the shell's history file. When
05da080bbd0c35705081c034cbb1985c274c2656Tinderbox User using TSIG authentication with <command>dig</command>, the name
bfb7b680bf88c1fdd9949197b71c512c532280a4Tinderbox User server that is queried needs to know the key and algorithm that is
bfb7b680bf88c1fdd9949197b71c512c532280a4Tinderbox User being used. In BIND, this is done by providing appropriate
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User <command>key</command> and <command>server</command> statements in
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User provides a number of query options which affect
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User the way in which lookups are made and the results displayed. Some of
17e9d6023e9fec06511e93303836ec0f106379d2Tinderbox User these set or reset flag bits in the query header, some determine which
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User sections of the answer get printed, and others determine the timeout
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User and retry strategies.
bfb7b680bf88c1fdd9949197b71c512c532280a4Tinderbox User Each query option is identified by a keyword preceded by a plus sign
bfb7b680bf88c1fdd9949197b71c512c532280a4Tinderbox User (<literal>+</literal>). Some keywords set or reset an
bfb7b680bf88c1fdd9949197b71c512c532280a4Tinderbox User option. These may be preceded
bfb7b680bf88c1fdd9949197b71c512c532280a4Tinderbox User by the string <literal>no</literal> to negate the meaning of
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User that keyword. Other
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User keywords assign values to options like the timeout interval. They
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User have the form <option>+keyword=value</option>.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User The query options are:
bfb7b680bf88c1fdd9949197b71c512c532280a4Tinderbox User <variablelist>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User <varlistentry>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User Use [do not use] TCP when querying name servers. The default
17e9d6023e9fec06511e93303836ec0f106379d2Tinderbox User behavior is to use UDP unless an AXFR or IXFR query is
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User requested, in
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User which case a TCP connection is used.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User </varlistentry>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User <varlistentry>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User Use [do not use] TCP when querying name servers. This alternate
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User provided for backwards
17e9d6023e9fec06511e93303836ec0f106379d2Tinderbox User compatibility. The "vc" stands for "virtual circuit".
17e9d6023e9fec06511e93303836ec0f106379d2Tinderbox User </varlistentry>