dig.docbook revision b587e1d83f007ce68a9ae93097c461d8eb7aa373
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN">
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce - Copyright (C) 2000, 2001 Internet Software Consortium.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce - Permission to use, copy, modify, and distribute this software for any
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce - purpose with or without fee is hereby granted, provided that the above
841179549b6433e782c164a562eb3422f603533dAndreas Gustafsson - copyright notice and this permission notice appear in all copies.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce - THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM
fcc9f7f86c2fa2ceb8a5c16dc934fea7fa6887f2Andreas Gustafsson - DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce - IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce - INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT,
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce - FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce - NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce - WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
fcc9f7f86c2fa2ceb8a5c16dc934fea7fa6887f2Andreas Gustafsson<!-- $Id: dig.docbook,v 1.14 2003/02/07 01:13:10 marka Exp $ -->
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce<refentryinfo>
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce</refentryinfo>
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce<refsynopsisdiv>
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce<cmdsynopsis>
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce<arg><option>-b <replaceable class="parameter">address</replaceable></option></arg>
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce<arg><option>-c <replaceable class="parameter">class</replaceable></option></arg>
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce<arg><option>-f <replaceable class="parameter">filename</replaceable></option></arg>
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce<arg><option>-k <replaceable class="parameter">filename</replaceable></option></arg>
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce<arg><option>-p <replaceable class="parameter">port#</replaceable></option></arg>
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce<arg><option>-t <replaceable class="parameter">type</replaceable></option></arg>
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce<arg><option>-x <replaceable class="parameter">addr</replaceable></option></arg>
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce<arg><option>-y <replaceable class="parameter">name:key</replaceable></option></arg>
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce</cmdsynopsis>
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce<cmdsynopsis>
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce</cmdsynopsis>
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce<cmdsynopsis>
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce</cmdsynopsis>
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce</refsynopsisdiv>
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce<command>dig</command> (domain information groper) is a flexible tool
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucefor interrogating DNS name servers. It performs DNS lookups and
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucedisplays the answers that are returned from the name server(s) that
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucewere queried. Most DNS administrators use <command>dig</command> to
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucetroubleshoot DNS problems because of its flexibility, ease of use and
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceclarity of output. Other lookup tools tend to have less functionality
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceAlthough <command>dig</command> is normally used with command-line
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucearguments, it also has a batch mode of operation for reading lookup
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucerequests from a file. A brief summary of its command-line arguments
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceand options is printed when the <option>-h</option> option is given.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceUnlike earlier versions, the BIND9 implementation of
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce<command>dig</command> allows multiple lookups to be issued from the
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucecommand line.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceUnless it is told to query a specific name server,
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce<command>dig</command> will try each of the servers listed in
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceWhen no command line arguments or options are given, will perform an
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceNS query for "." (the root).
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceIt is possible to set per-user defaults for <command>dig</command> via
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce<filename>${HOME}/.digrc</filename>. This file is read and any options in it
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceare applied before the command line arguments.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceA typical invocation of <command>dig</command> looks like:
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce<programlisting> dig @server name type </programlisting> where:
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce<variablelist>
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce<varlistentry><term><constant>server</constant></term>
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceis the name or IP address of the name server to query. This can be an IPv4
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceaddress in dotted-decimal notation or an IPv6
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceaddress in colon-delimited notation. When the supplied
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce<parameter>server</parameter> argument is a hostname,
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce<command>dig</command> resolves that name before querying that name
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceserver. If no <parameter>server</parameter> argument is provided,
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce<command>dig</command> consults <filename>/etc/resolv.conf</filename>
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceand queries the name servers listed there. The reply from the name
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceserver that responds is displayed.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce<varlistentry><term><constant>name</constant></term>
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceis the name of the resource record that is to be looked up.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce<varlistentry><term><constant>type</constant></term>
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceindicates what type of query is required —
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceANY, A, MX, SIG, etc.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce<parameter>type</parameter> can be any valid query type. If no
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce<command>dig</command> will perform a lookup for an A record.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce</variablelist>
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceThe <option>-b</option> option sets the source IP address of the query
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceto <parameter>address</parameter>. This must be a valid address on
fcc9f7f86c2fa2ceb8a5c16dc934fea7fa6887f2Andreas Gustafssonone of the host's network interfaces.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceThe default query class (IN for internet) is overridden by the
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce<option>-c</option> option. <parameter>class</parameter> is any valid
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceclass, such as HS for Hesiod records or CH for CHAOSNET records.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceThe <option>-f</option> option makes <command>dig </command> operate
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucein batch mode by reading a list of lookup requests to process from the
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucefile <parameter>filename</parameter>. The file contains a number of
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucequeries, one per line. Each entry in the file should be organised in
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucethe same way they would be presented as queries to
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce<command>dig</command> using the command-line interface.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceIf a non-standard port number is to be queried, the
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce<option>-p</option> option is used. <parameter>port#</parameter> is
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucethe port number that <command>dig</command> will send its queries
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceinstead of the standard DNS port number 53. This option would be used
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceto test a name server that has been configured to listen for queries
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceon a non-standard port number.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceThe <option>-t</option> option sets the query type to
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce<parameter>type</parameter>. It can be any valid query type which is
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucesupported in BIND9. The default query type "A", unless the
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce<option>-x</option> option is supplied to indicate a reverse lookup.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceA zone transfer can be requested by specifying a type of AXFR. When
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucean incremental zone transfer (IXFR) is required,
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce<parameter>type</parameter> is set to <literal>ixfr=N</literal>.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceThe incremental zone transfer will contain the changes made to the zone
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucesince the serial number in the zone's SOA record was
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceReverse lookups - mapping addresses to names - are simplified by the
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce<option>-x</option> option. <parameter>addr</parameter> is an IPv4
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceaddress in dotted-decimal notation, or a colon-delimited IPv6 address.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceWhen this option is used, there is no need to provide the
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce<parameter>name</parameter>, <parameter>class</parameter> and
5f09ce124cad9712a9675f17f83ddc915e734909Andreas Gustafsson<parameter>type</parameter> arguments. <command>dig</command>
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceautomatically performs a lookup for a name like
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce<literal>11.12.13.10.in-addr.arpa</literal> and sets the query type and
5f09ce124cad9712a9675f17f83ddc915e734909Andreas Gustafssonclass to PTR and IN respectively. By default, IPv6 addresses are
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucelooked up using nibble format under the IP6.ARPA domain.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceTo use the older RFC1886 method using the IP6.INT domain
5f09ce124cad9712a9675f17f83ddc915e734909Andreas Gustafssonspecify the <option>-i</option> option. Bit string labels (RFC2874)
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceare now experimental and are not attempted.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceTo sign the DNS queries sent by <command>dig</command> and their
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceresponses using transaction signatures (TSIG), specify a TSIG key file
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceusing the <option>-k</option> option. You can also specify the TSIG
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucekey itself on the command line using the <option>-y</option> option;
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce<parameter>name</parameter> is the name of the TSIG key and
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce<parameter>key</parameter> is the actual key. The key is a base-64
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceencoded string, typically generated by <citerefentry>
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce<refentrytitle>dnssec-keygen</refentrytitle><manvolnum>8</manvolnum>
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce</citerefentry>.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceCaution should be taken when using the <option>-y</option> option on
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucemulti-user systems as the key can be visible in the output from
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce<citerefentry> <refentrytitle>ps</refentrytitle><manvolnum>1
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce</manvolnum> </citerefentry> or in the shell's history file. When
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceusing TSIG authentication with <command>dig</command>, the name
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceserver that is queried needs to know the key and algorithm that is
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucebeing used. In BIND, this is done by providing appropriate
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce<command>key</command> and <command>server</command> statements in
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce<command>dig</command> provides a number of query options which affect
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucethe way in which lookups are made and the results displayed. Some of
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucethese set or reset flag bits in the query header, some determine which
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucesections of the answer get printed, and others determine the timeout
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceand retry strategies.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceEach query option is identified by a keyword preceded by a plus sign
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce(<literal>+</literal>). Some keywords set or reset an option. These may be preceded
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceby the string <literal>no</literal> to negate the meaning of that keyword. Other
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucekeywords assign values to options like the timeout interval. They
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceThe query options are:
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce<variablelist>
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce<varlistentry><term><option>+[no]tcp</option></term>
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceUse [do not use] TCP when querying name servers. The default
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucebehaviour is to use UDP unless an AXFR or IXFR query is requested, in
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucewhich case a TCP connection is used.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce<varlistentry><term><option>+[no]vc</option></term>
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceUse [do not use] TCP when querying name servers. This alternate
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucesyntax to <parameter>+[no]tcp</parameter> is provided for backwards
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucecompatibility. The "vc" stands for "virtual circuit".
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce<varlistentry><term><option>+[no]ignore</option></term>
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceIgnore truncation in UDP responses instead of retrying with TCP. By
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucedefault, TCP retries are performed.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce<varlistentry><term><option>+domain=somename</option></term>
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceSet the search list to contain the single domain
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce<parameter>somename</parameter>, as if specified in a
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce<filename>/etc/resolv.conf</filename>, and enable search list
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceprocessing as if the <parameter>+search</parameter> option were given.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce<varlistentry><term><option>+[no]search</option></term>
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceUse [do not use] the search list defined by the searchlist or domain
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucedirective in <filename>resolv.conf</filename> (if any).
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceThe search list is not used by default.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce<varlistentry><term><option>+[no]defname</option></term>
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceDeprecated, treated as a synonym for <parameter>+[no]search</parameter>
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce<varlistentry><term><option>+[no]aaonly</option></term>
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceThis option does nothing. It is provided for compatibility with old
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceversions of <command>dig</command> where it set an unimplemented
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceresolver flag.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce<varlistentry><term><option>+[no]adflag</option></term>
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceSet [do not set] the AD (authentic data) bit in the query. The AD bit
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucecurrently has a standard meaning only in responses, not in queries,
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucebut the ability to set the bit in the query is provided for
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucecompleteness.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce<varlistentry><term><option>+[no]cdflag</option></term>
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceSet [do not set] the CD (checking disabled) bit in the query. This
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucerequests the server to not perform DNSSEC validation of responses.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce<varlistentry><term><option>+[no]cl</option></term>
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceDisplay [do not display] the CLASS when printing the record.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce<varlistentry><term><option>+[no]ttlid</option></term>
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceDisplay [do not display] the TTL when printing the record.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce<varlistentry><term><option>+[no]recurse</option></term>
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceToggle the setting of the RD (recursion desired) bit in the query.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceThis bit is set by default, which means <command>dig</command>
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucenormally sends recursive queries. Recursion is automatically disabled
5f09ce124cad9712a9675f17f83ddc915e734909Andreas Gustafssonwhen the <parameter>+nssearch</parameter> or
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce<parameter>+trace</parameter> query options are used.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce<varlistentry><term><option>+[no]nssearch</option></term>
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceWhen this option is set, <command>dig</command> attempts to find the
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceauthoritative name servers for the zone containing the name being
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucelooked up and display the SOA record that each name server has for the
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce<varlistentry><term><option>+[no]trace</option></term>
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceToggle tracing of the delegation path from the root name servers for
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucethe name being looked up. Tracing is disabled by default. When
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucetracing is enabled, <command>dig</command> makes iterative queries to
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceresolve the name being looked up. It will follow referrals from the
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceroot servers, showing the answer from each server that was used to
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceresolve the lookup.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce<varlistentry><term><option>+[no]cmd</option></term>
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucetoggles the printing of the initial comment in the output identifying
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucethe version of <command>dig</command> and the query options that have
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucebeen applied. This comment is printed by default.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce<varlistentry><term><option>+[no]short</option></term>
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceProvide a terse answer. The default is to print the answer in a
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceverbose form.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce<varlistentry><term><option>+[no]identify</option></term>
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceShow [or do not show] the IP address and port number that supplied the
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceanswer when the <parameter>+short</parameter> option is enabled. If
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceshort form answers are requested, the default is not to show the
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucesource address and port number of the server that provided the answer.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce<varlistentry><term><option>+[no]comments</option></term>
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceToggle the display of comment lines in the output. The default is to
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceprint comments.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce<varlistentry><term><option>+[no]stats</option></term>
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceThis query option toggles the printing of statistics: when the query
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucewas made, the size of the reply and so on. The default behaviour is
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceto print the query statistics.
ab19d688255b3a333a41b4ebe6f4213538e89c2aEric Luce<varlistentry><term><option>+[no]qr</option></term>
ab19d688255b3a333a41b4ebe6f4213538e89c2aEric LucePrint [do not print] the query as it is sent.
ab19d688255b3a333a41b4ebe6f4213538e89c2aEric LuceBy default, the query is not printed.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce<varlistentry><term><option>+[no]question</option></term>
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LucePrint [do not print] the question section of a query when an answer is
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucereturned. The default is to print the question section as a comment.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce<varlistentry><term><option>+[no]answer</option></term>
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceDisplay [do not display] the answer section of a reply. The default
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceis to display it.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce<varlistentry><term><option>+[no]authority</option></term>
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceDisplay [do not display] the authority section of a reply. The
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucedefault is to display it.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce<varlistentry><term><option>+[no]additional</option></term>
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceDisplay [do not display] the additional section of a reply.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceThe default is to display it.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce<varlistentry><term><option>+[no]all</option></term>
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceSet or clear all display flags.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce<varlistentry><term><option>+time=T</option></term>
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceSets the timeout for a query to
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce<parameter>T</parameter> seconds. The default time out is 5 seconds.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceAn attempt to set <parameter>T</parameter> to less than 1 will result
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucein a query timeout of 1 second being applied.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce<varlistentry><term><option>+tries=T</option></term>
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceSets the number of times to try UDP queries to server to
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce<parameter>T</parameter> instead of the default, 3. If
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce<parameter>T</parameter> is less than or equal to zero, the number of
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucetries is silently rounded up to 1.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce<varlistentry><term><option>+retry=T</option></term>
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceSets the number of times to retry UDP queries to server to
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce<parameter>T</parameter> instead of the default, 2. Unlike
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce<parameter>+tries</parameter>, this does not include the initial
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce<varlistentry><term><option>+ndots=D</option></term>
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceSet the number of dots that have to appear in
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce<parameter>name</parameter> to <parameter>D</parameter> for it to be
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceconsidered absolute. The default value is that defined using the
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucendots statement in <filename>/etc/resolv.conf</filename>, or 1 if no
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucendots statement is present. Names with fewer dots are interpreted as
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucerelative names and will be searched for in the domains listed in the
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce<option>search</option> or <option>domain</option> directive in
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce<varlistentry><term><option>+bufsize=B</option></term>
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceSet the UDP message buffer size advertised using EDNS0 to
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce<parameter>B</parameter> bytes. The maximum and minimum sizes of this
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucebuffer are 65535 and 0 respectively. Values outside this range are
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucerounded up or down appropriately.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce<varlistentry><term><option>+[no]multiline</option></term>
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LucePrint records like the SOA records in a verbose multi-line
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceformat with human-readable comments. The default is to print
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceeach record on a single line, to facilitate machine parsing
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce<varlistentry><term><option>+[no]fail</option></term>
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceDo not try the next server if you receive a SERVFAIL. The default is
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceto not try the next server which is the reverse of normal stub resolver
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce<varlistentry><term><option>+[no]besteffort</option></term>
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceAttempt to display the contents of messages which are malformed.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceThe default is to not display malformed answers.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce<varlistentry><term><option>+[no]dnssec</option></term>
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceRequests DNSSEC records be sent by setting the DNSSEC OK bit (DO)
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucein the the OPT record in the additional section of the query.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce</variablelist>
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceThe BIND 9 implementation of <command>dig </command> supports
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucespecifying multiple queries on the command line (in addition to
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucesupporting the <option>-f</option> batch file option). Each of those
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucequeries can be supplied with its own set of flags, options and query
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceIn this case, each <parameter>query</parameter> argument represent an
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceindividual query in the command-line syntax described above. Each
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceconsists of any of the standard options and flags, the name to be
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucelooked up, an optional query type and class and any query options that
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceshould be applied to that query.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceA global set of query options, which should be applied to all queries,
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucecan also be supplied. These global query options must precede the
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucefirst tuple of name, class, type, options, flags, and query options
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucesupplied on the command line. Any global query options (except
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceoverridden by a query-specific set of query options. For example:
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce<programlisting>
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucedig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce</programlisting>
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceshows how <command>dig</command> could be used from the command line
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceto make three lookups: an ANY query for <literal>www.isc.org</literal>, a
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucereverse lookup of 127.0.0.1 and a query for the NS records of
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceA global query option of <parameter>+qr</parameter> is applied, so
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucethat <command>dig</command> shows the initial query it made for each
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucelookup. The final query has a local query option of
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce<parameter>+noqr</parameter> which means that <command>dig</command>
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Lucewill not print the initial query when it looks up the NS records for
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce<citerefentry>
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce<refentrytitle>host</refentrytitle><manvolnum>1</manvolnum>
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce</citerefentry>,
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce<citerefentry>
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce<refentrytitle>named</refentrytitle><manvolnum>8</manvolnum>
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce</citerefentry>,
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce<refentrytitle>dnssec-keygen</refentrytitle><manvolnum>8</manvolnum>
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce</citerefentry>,
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric LuceThere are probably too many query options.