bin/dig/dig.docbook

	dig.docbook revision ce67023ae3ad39a77da5361d0187ab6f3f0219cb
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
990d0e893f5b70e735cdf990af66e9ec6e91fa78Tinderbox User           "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews           [<!ENTITY mdash "&#8212;">]>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<!--
4a14ce5ba00ab7bc55c99ffdcf59c7a4ab902721Automatic Updater - Copyright (C) 2004-2011, 2013-2015  Internet Systems Consortium, Inc. ("ISC")
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews - Copyright (C) 2000-2003  Internet Software Consortium.
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews -
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews - Permission to use, copy, modify, and/or distribute this software for any
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews - purpose with or without fee is hereby granted, provided that the above
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews - copyright notice and this permission notice appear in all copies.
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews -
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews - AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
ea94d370123a5892f6c47a97f21d1b28d44bb168Tinderbox User - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews - PERFORMANCE OF THIS SOFTWARE.
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews-->
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<refentry id="man.dig">
e21a2904f02a03fa06b6db04d348f65fe9c67b2bMark Andrews
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews  <refentryinfo>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews    <date>February 19, 2014</date>
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater  </refentryinfo>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews  <refmeta>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews    <refentrytitle>dig</refentrytitle>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews    <manvolnum>1</manvolnum>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews    <refmiscinfo>BIND9</refmiscinfo>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews  </refmeta>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews  <refnamediv>
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater    <refname>dig</refname>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews    <refpurpose>DNS lookup utility</refpurpose>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews  </refnamediv>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews  <docinfo>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews    <copyright>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews      <year>2004</year>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews      <year>2005</year>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews      <year>2006</year>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews      <year>2007</year>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews      <year>2008</year>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews      <year>2009</year>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews      <year>2010</year>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews      <year>2011</year>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews      <year>2013</year>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews      <year>2014</year>
d3ddafd7469d1f3430ccd1b0fe0d13ccbbaf5debTinderbox User      <year>2015</year>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews      <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews    </copyright>
d3ddafd7469d1f3430ccd1b0fe0d13ccbbaf5debTinderbox User    <copyright>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews      <year>2000</year>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews      <year>2001</year>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews      <year>2002</year>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews      <year>2003</year>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews      <holder>Internet Software Consortium.</holder>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews    </copyright>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews  </docinfo>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews  <refsynopsisdiv>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews    <cmdsynopsis>
b2f07642fd712c8fda81a116bcdde229ab291f33Tinderbox User      <command>dig</command>
b2f07642fd712c8fda81a116bcdde229ab291f33Tinderbox User      <arg choice="opt">@server</arg>
b2f07642fd712c8fda81a116bcdde229ab291f33Tinderbox User      <arg><option>-b <replaceable class="parameter">address</replaceable></option></arg>
c247e3f281613fabe1af362e9f3157e35ebbe52cMark Andrews      <arg><option>-c <replaceable class="parameter">class</replaceable></option></arg>
b2f07642fd712c8fda81a116bcdde229ab291f33Tinderbox User      <arg><option>-f <replaceable class="parameter">filename</replaceable></option></arg>
b2f07642fd712c8fda81a116bcdde229ab291f33Tinderbox User      <arg><option>-k <replaceable class="parameter">filename</replaceable></option></arg>
b2f07642fd712c8fda81a116bcdde229ab291f33Tinderbox User      <arg><option>-m</option></arg>
b2f07642fd712c8fda81a116bcdde229ab291f33Tinderbox User      <arg><option>-p <replaceable class="parameter">port#</replaceable></option></arg>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews      <arg><option>-q <replaceable class="parameter">name</replaceable></option></arg>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews      <arg><option>-t <replaceable class="parameter">type</replaceable></option></arg>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews      <arg><option>-v</option></arg>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews      <arg><option>-x <replaceable class="parameter">addr</replaceable></option></arg>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews      <arg><option>-y <replaceable class="parameter"><optional>hmac:</optional>name:key</replaceable></option></arg>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews      <arg><option>-4</option></arg>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews      <arg><option>-6</option></arg>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews      <arg choice="opt">name</arg>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews      <arg choice="opt">type</arg>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews      <arg choice="opt">class</arg>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews      <arg choice="opt" rep="repeat">queryopt</arg>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews    </cmdsynopsis>
d3ddafd7469d1f3430ccd1b0fe0d13ccbbaf5debTinderbox User
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews    <cmdsynopsis>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews      <command>dig</command>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews      <arg><option>-h</option></arg>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews    </cmdsynopsis>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews    <cmdsynopsis>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews      <command>dig</command>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews      <arg choice="opt" rep="repeat">global-queryopt</arg>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews      <arg choice="opt" rep="repeat">query</arg>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews    </cmdsynopsis>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews  </refsynopsisdiv>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews  <refsect1>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews    <title>DESCRIPTION</title>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews    <para><command>dig</command>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews      (domain information groper) is a flexible tool
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews      for interrogating DNS name servers.  It performs DNS lookups and
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews      displays the answers that are returned from the name server(s) that
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews      were queried.  Most DNS administrators use <command>dig</command> to
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews      troubleshoot DNS problems because of its flexibility, ease of use and
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews      clarity of output.  Other lookup tools tend to have less functionality
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews      than <command>dig</command>.
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews    </para>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews    <para>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews      Although <command>dig</command> is normally used with
1224c3b69b3d18f7127aa042644936af25a2d679Mark Andrews      command-line
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews      arguments, it also has a batch mode of operation for reading lookup
1224c3b69b3d18f7127aa042644936af25a2d679Mark Andrews      requests from a file.  A brief summary of its command-line arguments
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews      and options is printed when the <option>-h</option> option is given.
1224c3b69b3d18f7127aa042644936af25a2d679Mark Andrews      Unlike earlier versions, the BIND 9 implementation of
b2f07642fd712c8fda81a116bcdde229ab291f33Tinderbox User      <command>dig</command> allows multiple lookups to be issued
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews      from the
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews      command line.
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews    </para>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews    <para>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews      Unless it is told to query a specific name server,
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews      <command>dig</command> will try each of the servers listed in
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews      <filename>/etc/resolv.conf</filename>. If no usable server addresses
d3ddafd7469d1f3430ccd1b0fe0d13ccbbaf5debTinderbox User      are found, <command>dig</command> will send the query to the local
d3ddafd7469d1f3430ccd1b0fe0d13ccbbaf5debTinderbox User      host.
d3ddafd7469d1f3430ccd1b0fe0d13ccbbaf5debTinderbox User    </para>
d3ddafd7469d1f3430ccd1b0fe0d13ccbbaf5debTinderbox User
d3ddafd7469d1f3430ccd1b0fe0d13ccbbaf5debTinderbox User    <para>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews      When no command line arguments or options are given,
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews      <command>dig</command> will perform an NS query for "." (the root).
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews    </para>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews
c247e3f281613fabe1af362e9f3157e35ebbe52cMark Andrews    <para>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews      It is possible to set per-user defaults for <command>dig</command> via
c247e3f281613fabe1af362e9f3157e35ebbe52cMark Andrews      <filename>${HOME}/.digrc</filename>.  This file is read and
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews      any options in it
c247e3f281613fabe1af362e9f3157e35ebbe52cMark Andrews      are applied before the command line arguments.
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews    </para>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews    <para>
c247e3f281613fabe1af362e9f3157e35ebbe52cMark Andrews      The IN and CH class names overlap with the IN and CH top level
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews      domain names.  Either use the <option>-t</option> and
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews      <option>-c</option> options to specify the type and class,
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews      use the <option>-q</option> the specify the domain name, or
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews      use "IN." and "CH." when looking up these top level domains.
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews    </para>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews  </refsect1>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews  <refsect1>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews    <title>SIMPLE USAGE</title>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User    <para>
d3ddafd7469d1f3430ccd1b0fe0d13ccbbaf5debTinderbox User      A typical invocation of <command>dig</command> looks like:
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews      <programlisting> dig @server name type </programlisting>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User      where:
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews      <variablelist>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User    <varlistentry>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User      <term><constant>server</constant></term>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User      <listitem>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User        <para>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User          is the name or IP address of the name server to query.  This
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User          can be an IPv4 address in dotted-decimal notation or an IPv6
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User          address in colon-delimited notation.  When the supplied
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User          <parameter>server</parameter> argument is a hostname,
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User          <command>dig</command> resolves that name before querying
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User          that name server.
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User        </para>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User        <para>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User          If no <parameter>server</parameter> argument is
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User          provided, <command>dig</command> consults
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User          <filename>/etc/resolv.conf</filename>; if an
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User          address is found there, it queries the name server at
4f9cb7bd58e2c0a7407fee3758ea265aee329ac6Tinderbox User          that address. If either of the <option>-4</option> or
4f9cb7bd58e2c0a7407fee3758ea265aee329ac6Tinderbox User          <option>-6</option> options are in use, then
4f9cb7bd58e2c0a7407fee3758ea265aee329ac6Tinderbox User          only addresses for the corresponding transport
4f9cb7bd58e2c0a7407fee3758ea265aee329ac6Tinderbox User          will be tried.  If no usable addresses are found,
4f9cb7bd58e2c0a7407fee3758ea265aee329ac6Tinderbox User          <command>dig</command> will send the query to the
4f9cb7bd58e2c0a7407fee3758ea265aee329ac6Tinderbox User          local host.  The reply from the name server that
4f9cb7bd58e2c0a7407fee3758ea265aee329ac6Tinderbox User          responds is displayed.
4f9cb7bd58e2c0a7407fee3758ea265aee329ac6Tinderbox User        </para>
4f9cb7bd58e2c0a7407fee3758ea265aee329ac6Tinderbox User      </listitem>
4f9cb7bd58e2c0a7407fee3758ea265aee329ac6Tinderbox User    </varlistentry>
4f9cb7bd58e2c0a7407fee3758ea265aee329ac6Tinderbox User
4f9cb7bd58e2c0a7407fee3758ea265aee329ac6Tinderbox User    <varlistentry>
4f9cb7bd58e2c0a7407fee3758ea265aee329ac6Tinderbox User      <term><constant>name</constant></term>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User      <listitem>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User        <para>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User          is the name of the resource record that is to be looked up.
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User        </para>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User      </listitem>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User    </varlistentry>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User    <varlistentry>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User      <term><constant>type</constant></term>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User      <listitem>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User        <para>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User          indicates what type of query is required &mdash;
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User          ANY, A, MX, SIG, etc.
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User          <parameter>type</parameter> can be any valid query
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User          type.  If no
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User          <parameter>type</parameter> argument is supplied,
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User          <command>dig</command> will perform a lookup for an
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User          A record.
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User        </para>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User      </listitem>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User    </varlistentry>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User      </variablelist>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User    </para>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User  </refsect1>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User  <refsect1>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User    <title>OPTIONS</title>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User    <variablelist>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User      <varlistentry>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User    <term>-4</term>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User    <listitem>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User      <para>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User        Use IPv4 only.
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User      </para>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User    </listitem>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User      </varlistentry>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User      <varlistentry>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User    <term>-6</term>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User    <listitem>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User      <para>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User        Use IPv6 only.
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User      </para>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User    </listitem>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User      </varlistentry>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User      <varlistentry>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User    <term>-b <replaceable class="parameter">address<optional>#port</optional></replaceable></term>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User    <listitem>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User      <para>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User        Set the source IP address of the query.
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User        The <parameter>address</parameter> must be a valid address on
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User        one of the host's network interfaces, or "0.0.0.0" or "::". An
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User        optional port may be specified by appending "#&lt;port&gt;"
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User      </para>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User    </listitem>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User      </varlistentry>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User      <varlistentry>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User    <term>-c <replaceable class="parameter">class</replaceable></term>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User    <listitem>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User      <para>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User        Set the query class. The
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User        default <parameter>class</parameter> is IN; other classes
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User        are HS for Hesiod records or CH for Chaosnet records.
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User      </para>
f2016fcecf098726740507a5522dca04c49aeb82Tinderbox User    </listitem>
f2016fcecf098726740507a5522dca04c49aeb82Tinderbox User      </varlistentry>
f2016fcecf098726740507a5522dca04c49aeb82Tinderbox User
f2016fcecf098726740507a5522dca04c49aeb82Tinderbox User      <varlistentry>
f2016fcecf098726740507a5522dca04c49aeb82Tinderbox User    <term>-f <replaceable class="parameter">file</replaceable></term>
f2016fcecf098726740507a5522dca04c49aeb82Tinderbox User    <listitem>
f2016fcecf098726740507a5522dca04c49aeb82Tinderbox User      <para>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User        Batch mode: <command>dig</command> reads a list of lookup
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User        requests to process from the
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User        given <parameter>file</parameter>. Each line in the file
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User        should be organized in the same way they would be
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User        presented as queries to
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User        <command>dig</command> using the command-line interface.
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User      </para>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User    </listitem>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User      </varlistentry>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User      <varlistentry>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User    <term>-i</term>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User    <listitem>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User      <para>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User        Do reverse IPv6 lookups using the obsolete RFC1886 IP6.INT
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User        domain, which is no longer in use. Obsolete bit string
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User        label queries (RFC2874) are not attempted.
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User      </para>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User    </listitem>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User      </varlistentry>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User      <varlistentry>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User    <term>-k <replaceable class="parameter">keyfile</replaceable></term>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User    <listitem>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User      <para>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User        Sign queries using TSIG using a key read from the given file.
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User        Key files can be generated using
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User        <citerefentry>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User          <refentrytitle>tsig-keygen</refentrytitle><manvolnum>8</manvolnum>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User        </citerefentry>.
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User        When using TSIG authentication with <command>dig</command>,
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User        the name server that is queried needs to know the key and
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User        algorithm that is being used. In BIND, this is done by
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User        providing appropriate <command>key</command>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User        and <command>server</command> statements in
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User        <filename>named.conf</filename>.
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User      </para>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User    </listitem>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User      </varlistentry>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User      <varlistentry>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User    <term>-m</term>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User    <listitem>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User      <para>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User        Enable memory usage debugging.
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User        <!-- It enables ISC_MEM_DEBUGTRACE and ISC_MEM_DEBUGRECORD
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User         documented in include/isc/mem.h -->
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User      </para>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User    </listitem>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User      </varlistentry>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User      <varlistentry>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User    <term>-p <replaceable class="parameter">port</replaceable></term>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User    <listitem>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User      <para>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User        Send the query to a non-standard port on the server,
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User        instead of the defaut port 53. This option would be used
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User        to test a name server that has been configured to listen
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User        for queries on a non-standard port number.
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User      </para>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User    </listitem>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User      </varlistentry>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User      <varlistentry>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User    <term>-q <replaceable class="parameter">name</replaceable></term>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User    <listitem>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User      <para>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User        The domain name to query. This is useful to distinguish
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User        the <parameter>name</parameter> from other arguments.
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User      </para>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User    </listitem>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User      </varlistentry>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User      <varlistentry>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User    <term>-t <replaceable class="parameter">type</replaceable></term>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User    <listitem>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User      <para>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User        The resource record type to query. It can be any valid query type
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User        which is
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User        supported in BIND 9.  The default query type is "A", unless the
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User        <option>-x</option> option is supplied to indicate a reverse lookup.
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User        A zone transfer can be requested by specifying a type of AXFR.  When
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User        an incremental zone transfer (IXFR) is required, set the
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User        <parameter>type</parameter> to <literal>ixfr=N</literal>.
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User        The incremental zone transfer will contain the changes
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User        made to the zone since the serial number in the zone's SOA
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User        record was
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User        <parameter>N</parameter>.
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User      </para>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User    </listitem>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User      </varlistentry>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User      <varlistentry>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User    <term>-v</term>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User    <listitem>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User      <para>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User        Print the version number and exit.
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User      </para>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User    </listitem>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User      </varlistentry>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User      <varlistentry>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User    <term>-x <replaceable class="parameter">addr</replaceable></term>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User    <listitem>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User      <para>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User        Simplified reverse lookups, for mapping addresses to
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User        names. The <parameter>addr</parameter> is an IPv4 address
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User        in dotted-decimal notation, or a colon-delimited IPv6
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User        address. When the <option>-x</option> is used, there is no
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User        need to provide
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User        the <parameter>name</parameter>, <parameter>class</parameter>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User        and <parameter>type</parameter>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User        arguments. <command>dig</command> automatically performs a
94479b38340a00f0daf0ae0e1d3d673f845609ffTinderbox User        lookup for a name like
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User        <literal>94.2.0.192.in-addr.arpa</literal> and sets the
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User        query type and class to PTR and IN respectively. IPv6
ccee3948124ab4c8bc3afa4369177913edb1fca2Tinderbox User        addresses are looked up using nibble format under the
ccee3948124ab4c8bc3afa4369177913edb1fca2Tinderbox User        IP6.ARPA domain (but see also the <option>-i</option>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User        option).
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User      </para>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User    </listitem>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User      </varlistentry>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User      <varlistentry>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User    <term>-y <replaceable class="parameter"><optional>hmac:</optional>keyname:secret</replaceable></term>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User    <listitem>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User      <para>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User        Sign queries using TSIG with the given authentication key.
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User        <parameter>keyname</parameter> is the name of the key, and
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User        <parameter>secret</parameter> is the base64 encoded shared secret.
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User        <parameter>hmac</parameter> is the name of the key algorithm;
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User        valid choices are <literal>hmac-md5</literal>,
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User        <literal>hmac-sha1</literal>, <literal>hmac-sha224</literal>,
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User        <literal>hmac-sha256</literal>, <literal>hmac-sha384</literal>, or
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User        <literal>hmac-sha512</literal>.  If <parameter>hmac</parameter>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User        is not specified, the default is <literal>hmac-md5</literal>.
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User      </para>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User      <para>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User        NOTE: You should use the <option>-k</option> option and
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User        avoid the <option>-y</option> option, because
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User        with <option>-y</option> the shared secret is supplied as
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User        a command line argument in clear text. This may be visible
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User        in the output from
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User        <citerefentry>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User          <refentrytitle>ps</refentrytitle><manvolnum>1</manvolnum>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User        </citerefentry>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User        or in a history file maintained by the user's shell.
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User      </para>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User    </listitem>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User      </varlistentry>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User    </variablelist>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User  </refsect1>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User  <refsect1>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User    <title>QUERY OPTIONS</title>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User    <para><command>dig</command>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User      provides a number of query options which affect
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User      the way in which lookups are made and the results displayed.  Some of
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User      these set or reset flag bits in the query header, some determine which
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User      sections of the answer get printed, and others determine the timeout
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User      and retry strategies.
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User    </para>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User    <para>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User      Each query option is identified by a keyword preceded by a plus sign
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User      (<literal>+</literal>).  Some keywords set or reset an
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User      option.  These may be preceded
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User      by the string <literal>no</literal> to negate the meaning of
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User      that keyword.  Other
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User      keywords assign values to options like the timeout interval.  They
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User      have the form <option>+keyword=value</option>.
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User      Keywords may be abbreviated, provided the abbreviation is
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User      unambiguous; for example, <literal>+cd</literal> is equivalent
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User      to <literal>+cdflag</literal>.
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User      The query options are:
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User      <variablelist>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User    <varlistentry>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User      <term><option>+[no]aaflag</option></term>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User      <listitem>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User        <para>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User          A synonym for <parameter>+[no]aaonly</parameter>.
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User        </para>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User      </listitem>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User    </varlistentry>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User    <varlistentry>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User      <term><option>+[no]aaonly</option></term>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User      <listitem>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User        <para>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User          Sets the "aa" flag in the query.
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User        </para>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User      </listitem>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User    </varlistentry>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User    <varlistentry>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User      <term><option>+[no]additional</option></term>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User      <listitem>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User        <para>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User          Display [do not display] the additional section of a
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User          reply.  The default is to display it.
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User        </para>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User      </listitem>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User    </varlistentry>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User    <varlistentry>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User      <term><option>+[no]adflag</option></term>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User      <listitem>
74ae031d9d7780015c11242b71cecca905ada695Tinderbox User        <para>
74ae031d9d7780015c11242b71cecca905ada695Tinderbox User          Set [do not set] the AD (authentic data) bit in the
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User          query.  This requests the server to return whether
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User          all of the answer and authority sections have all
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User          been validated as secure according to the security
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User          policy of the server.  AD=1 indicates that all records
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User          have been validated as secure and the answer is not
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User          from a OPT-OUT range.  AD=0 indicate that some part
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User          of the answer was insecure or not validated.  This
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User          bit is set by default.
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User        </para>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User      </listitem>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User    </varlistentry>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User    <varlistentry>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User      <term><option>+[no]all</option></term>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User      <listitem>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User        <para>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User          Set or clear all display flags.
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User        </para>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User      </listitem>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User    </varlistentry>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User    <varlistentry>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User      <term><option>+[no]answer</option></term>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User      <listitem>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User        <para>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User          Display [do not display] the answer section of a
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User          reply.  The default is to display it.
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User        </para>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User      </listitem>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User    </varlistentry>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User    <varlistentry>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User      <term><option>+[no]authority</option></term>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User      <listitem>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User        <para>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User          Display [do not display] the authority section of a
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User          reply.  The default is to display it.
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User        </para>
03c0efc6892ef2ed17338b2ecbb2c5f23fbad0c9Tinderbox User      </listitem>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User    </varlistentry>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User    <varlistentry>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User      <term><option>+[no]badcookie</option></term>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User      <listitem>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User        <para>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User          Retry lookup with the new server cookie if a
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User          BADCOOKIE response is received.
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User        </para>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User      </listitem>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User    </varlistentry>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User    <varlistentry>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User      <term><option>+[no]besteffort</option></term>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User      <listitem>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User        <para>
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User          Attempt to display the contents of messages which are
0ccb0e98c77a9b9636a036f8f64f5679a430aaf4Tinderbox User          malformed.  The default is to not display malformed
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews          answers.
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews        </para>
d3ddafd7469d1f3430ccd1b0fe0d13ccbbaf5debTinderbox User      </listitem>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews    </varlistentry>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews    <varlistentry>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews      <term><option>+bufsize=B</option></term>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews      <listitem>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews        <para>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews          Set the UDP message buffer size advertised using EDNS0
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews          to <parameter>B</parameter> bytes.  The maximum and
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews          minimum sizes of this buffer are 65535 and 0 respectively.
d3ddafd7469d1f3430ccd1b0fe0d13ccbbaf5debTinderbox User          Values outside this range are rounded up or down
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews          appropriately.  Values other than zero will cause a
1d216bfaa764f2b40c57cf61987453c5a6fa9b0aMark Andrews          EDNS query to be sent.
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews        </para>
d71e2e0c61df16ff37c9934c371a4a60c08974f7Mark Andrews      </listitem>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews    </varlistentry>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews    <varlistentry>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews      <term><option>+[no]cdflag</option></term>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews      <listitem>
d3ddafd7469d1f3430ccd1b0fe0d13ccbbaf5debTinderbox User        <para>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews          Set [do not set] the CD (checking disabled) bit in
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews          the query.  This requests the server to not perform
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews          DNSSEC validation of responses.
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews        </para>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews      </listitem>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews    </varlistentry>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews    <varlistentry>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews      <term><option>+[no]class</option></term>
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater      <listitem>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews        <para>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews          Display [do not display] the CLASS when printing the
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews          record.
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews        </para>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews      </listitem>
4abdfc917e6635a7c81d1f931a0c79227e72d025Mark Andrews    </varlistentry>
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews    <varlistentry>
4abdfc917e6635a7c81d1f931a0c79227e72d025Mark Andrews      <term><option>+[no]cmd</option></term>
4abdfc917e6635a7c81d1f931a0c79227e72d025Mark Andrews      <listitem>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews        <para>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews          Toggles the printing of the initial comment in the
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews          output identifying the version of <command>dig</command>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews          and the query options that have been applied.  This
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews          comment is printed by default.
        </para>
      </listitem>
    </varlistentry>

    <varlistentry>
      <term><option>+[no]comments</option></term>
      <listitem>
        <para>
          Toggle the display of comment lines in the output.
          The default is to print comments.
        </para>
      </listitem>
    </varlistentry>

    <varlistentry>
      <term><option>+[no]cookie<optional>=####</optional></option></term>
      <listitem>
        <para>
          Send a COOKIE EDNS option, with optional
          value.  Replaying a COOKIE from a previous response will
          allow the server to identify a previous client.  The
          default is <option>+cookie</option>.
        </para>
        <para>
          <command>+cookie</command> is also set when +trace
          is set to better emulate the default queries from a
          nameserver.
        </para>
      </listitem>
    </varlistentry>

    <varlistentry>
      <term><option>+[no]crypto</option></term>
      <listitem>
        <para>
          Toggle the display of cryptographic fields in DNSSEC
          records.  The contents of these field are unnecessary
          to debug most DNSSEC validation failures and removing
          them makes it easier to see the common failures.  The
          default is to display the fields.  When omitted they
          are replaced by the string "[omitted]" or in the
          DNSKEY case the key id is displayed as the replacement,
          e.g. "[ key id = value ]".
        </para>
      </listitem>
    </varlistentry>

    <varlistentry>
      <term><option>+[no]defname</option></term>
      <listitem>
        <para>
          Deprecated, treated as a synonym for
          <parameter>+[no]search</parameter>
        </para>
      </listitem>
    </varlistentry>

    <varlistentry>
      <term><option>+[no]dnssec</option></term>
      <listitem>
        <para>
          Requests DNSSEC records be sent by setting the DNSSEC
          OK bit (DO) in the OPT record in the additional section
          of the query.
        </para>
      </listitem>
    </varlistentry>

    <varlistentry>
      <term><option>+domain=somename</option></term>
      <listitem>
        <para>
          Set the search list to contain the single domain
          <parameter>somename</parameter>, as if specified in
          a <command>domain</command> directive in
          <filename>/etc/resolv.conf</filename>, and enable
          search list processing as if the
          <parameter>+search</parameter> option were given.
        </para>
      </listitem>
    </varlistentry>

    <varlistentry>
      <term><option>+dscp=value</option></term> <listitem>
        <para>
          Set the DSCP code point to be used when sending the
          query.  Valid DSCP code points are in the range
          [0..63].  By default no code point is explicitly set.
        </para>
      </listitem>
    </varlistentry>

    <varlistentry>
      <term><option>+[no]edns[=#]</option></term>
      <listitem>
        <para>
           Specify the EDNS version to query with.  Valid values
           are 0 to 255.  Setting the EDNS version will cause
           a EDNS query to be sent.  <option>+noedns</option>
           clears the remembered EDNS version.  EDNS is set to
           0 by default.
        </para>
      </listitem>
    </varlistentry>

    <varlistentry>
      <term><option>+[no]ednsflags[=#]</option></term>
      <listitem>
        <para>
          Set the must-be-zero EDNS flags bits (Z bits) to the
          specified value. Decimal, hex and octal encodings are
          accepted. Setting a named flag (e.g. DO) will silently be
          ignored. By default, no Z bits are set.
        </para>
      </listitem>
    </varlistentry>

    <varlistentry>
      <term><option>+[no]ednsnegotiation</option></term>
      <listitem>
        <para>
          Enable / disable EDNS version negotiation. By default
          EDNS version negotiation is enabled.
        </para>
      </listitem>
    </varlistentry>

    <varlistentry>
      <term><option>+[no]ednsopt[=code[:value]]</option></term>
      <listitem>
        <para>
          Specify EDNS option with code point <option>code</option>
          and optionally payload of <option>value</option> as a
          hexadecimal string.  <option>+noednsopt</option>
          clears the EDNS options to be sent.
        </para>
      </listitem>
    </varlistentry>

    <varlistentry>
      <term><option>+[no]expire</option></term>
      <listitem>
        <para>
          Send an EDNS Expire option.
        </para>
      </listitem>
    </varlistentry>

    <varlistentry>
      <term><option>+[no]fail</option></term>
      <listitem>
        <para>
          Do not try the next server if you receive a SERVFAIL.
          The default is to not try the next server which is
          the reverse of normal stub resolver behavior.
        </para>
      </listitem>
    </varlistentry>

    <varlistentry>
      <term><option>+[no]header-only</option></term>
      <listitem>
        <para>
          Send a query with a DNS header without a question section.
          The default is to add a question section.  The query type
          and query name are ignored when this is set.
        </para>
      </listitem>
    </varlistentry>

    <varlistentry>
      <term><option>+[no]identify</option></term>
      <listitem>
        <para>
          Show [or do not show] the IP address and port number
          that supplied the answer when the
          <parameter>+short</parameter> option is enabled.  If
          short form answers are requested, the default is not
          to show the source address and port number of the
          server that provided the answer.
        </para>
      </listitem>
    </varlistentry>

    <varlistentry>
      <term><option>+[no]ignore</option></term>
      <listitem>
        <para>
          Ignore truncation in UDP responses instead of retrying
          with TCP.  By default, TCP retries are performed.
        </para>
      </listitem>
    </varlistentry>

    <varlistentry>
      <term><option>+[no]keepopen</option></term>
      <listitem>
        <para>
          Keep the TCP socket open between queries and reuse
          it rather than creating a new TCP socket for each
          lookup.  The default is <option>+nokeepopen</option>.
        </para>
      </listitem>
    </varlistentry>

    <varlistentry>
      <term><option>+[no]multiline</option></term>
      <listitem>
        <para>
          Print records like the SOA records in a verbose
          multi-line format with human-readable comments.  The
          default is to print each record on a single line, to
          facilitate machine parsing of the <command>dig</command>
          output.
        </para>
      </listitem>
    </varlistentry>

    <varlistentry>
      <term><option>+ndots=D</option></term>
      <listitem>
        <para>
          Set the number of dots that have to appear in
          <parameter>name</parameter> to <parameter>D</parameter>
          for it to be considered absolute.  The default value
          is that defined using the ndots statement in
          <filename>/etc/resolv.conf</filename>, or 1 if no
          ndots statement is present.  Names with fewer dots
          are interpreted as relative names and will be searched
          for in the domains listed in the <option>search</option>
          or <option>domain</option> directive in
          <filename>/etc/resolv.conf</filename> if
          <option>+search</option> is set.
        </para>
      </listitem>
    </varlistentry>

    <varlistentry>
      <term><option>+[no]nsid</option></term>
      <listitem>
        <para>
          Include an EDNS name server ID request when sending
          a query.
        </para>
      </listitem>
    </varlistentry>

    <varlistentry>
      <term><option>+[no]nssearch</option></term>
      <listitem>
        <para>
          When this option is set, <command>dig</command>
          attempts to find the authoritative name servers for
          the zone containing the name being looked up and
          display the SOA record that each name server has for
          the zone.
        </para>
      </listitem>
    </varlistentry>

    <varlistentry>
      <term><option>+[no]onesoa</option></term>
      <listitem>
        <para>
          Print only one (starting) SOA record when performing
          an AXFR. The default is to print both the starting
          and ending SOA records.
        </para>
      </listitem>
    </varlistentry>

    <varlistentry>
      <term><option>+[no]opcode=value</option></term>
      <listitem>
        <para>
          Set [restore] the DNS message opcode to the specified
          value.  The default value is QUERY (0).
        </para>
      </listitem>
    </varlistentry>

    <varlistentry>
      <term><option>+[no]qr</option></term>
      <listitem>
        <para>
          Print [do not print] the query as it is sent.  By
          default, the query is not printed.
        </para>
      </listitem>
    </varlistentry>

    <varlistentry>
      <term><option>+[no]question</option></term>
      <listitem>
        <para>
          Print [do not print] the question section of a query
          when an answer is returned.  The default is to print
          the question section as a comment.
        </para>
      </listitem>
    </varlistentry>

    <varlistentry>
      <term><option>+[no]rdflag</option></term>
      <listitem>
        <para>
          A synonym for <parameter>+[no]recurse</parameter>.
        </para>
      </listitem>
    </varlistentry>

    <varlistentry>
      <term><option>+[no]recurse</option></term>
      <listitem>
        <para>
          Toggle the setting of the RD (recursion desired) bit
          in the query.  This bit is set by default, which means
          <command>dig</command> normally sends recursive
          queries.  Recursion is automatically disabled when
          the <parameter>+nssearch</parameter> or
          <parameter>+trace</parameter> query options are used.
        </para>
      </listitem>
    </varlistentry>

    <varlistentry>
      <term><option>+retry=T</option></term>
      <listitem>
        <para>
          Sets the number of times to retry UDP queries to
          server to <parameter>T</parameter> instead of the
          default, 2.  Unlike <parameter>+tries</parameter>,
          this does not include the initial query.
        </para>
      </listitem>
    </varlistentry>

    <varlistentry>
      <term><option>+[no]rrcomments</option></term>
      <listitem>
        <para>
          Toggle the display of per-record comments in the
          output (for example, human-readable key information
          about DNSKEY records).  The default is not to print
          record comments unless multiline mode is active.
        </para>
      </listitem>
    </varlistentry>

    <varlistentry>
      <term><option>+[no]search</option></term>
      <listitem>
        <para>
          Use [do not use] the search list defined by the
          searchlist or domain directive in
          <filename>resolv.conf</filename> (if any).  The search
          list is not used by default.
        </para>
        <para>
          'ndots' from <filename>resolv.conf</filename> (default 1)
           which may be overridden by <parameter>+ndots</parameter>
          determines if the name will be treated as relative
          or not and hence whether a search is eventually
          performed or not.
        </para>
      </listitem>
    </varlistentry>

    <varlistentry>
      <term><option>+[no]short</option></term>
      <listitem>
        <para>
          Provide a terse answer.  The default is to print the
          answer in a verbose form.
        </para>
      </listitem>
    </varlistentry>

    <varlistentry>
      <term><option>+[no]showsearch</option></term>
      <listitem>
        <para>
          Perform [do not perform] a search showing intermediate
          results.
        </para>
      </listitem>
    </varlistentry>

    <varlistentry>
      <term><option>+[no]sigchase</option></term>
      <listitem>
        <para>
          Chase DNSSEC signature chains.  Requires dig be
          compiled with -DDIG_SIGCHASE.
        </para>
      </listitem>
    </varlistentry>

    <varlistentry>
      <term><option>+split=W</option></term>
      <listitem>
        <para>
          Split long hex- or base64-formatted fields in resource
          records into chunks of <parameter>W</parameter>
          characters (where <parameter>W</parameter> is rounded
          up to the nearest multiple of 4).
          <parameter>+nosplit</parameter> or
          <parameter>+split=0</parameter> causes fields not to
          be split at all.  The default is 56 characters, or
          44 characters when multiline mode is active.
        </para>
      </listitem>
    </varlistentry>

    <varlistentry>
      <term><option>+[no]stats</option></term>
      <listitem>
        <para>
          This query option toggles the printing of statistics:
          when the query was made, the size of the reply and
          so on.  The default behavior is to print the query
          statistics.
        </para>
      </listitem>
    </varlistentry>

    <varlistentry>
      <term><option>+[no]subnet=addr/prefix</option></term>
      <listitem>
        <para>
          Send an EDNS Client Subnet option with the specified
          IP address or network prefix.
        </para>
      </listitem>
    </varlistentry>

    <varlistentry>
      <term><option>+[no]tcp</option></term>
      <listitem>
        <para>
          Use [do not use] TCP when querying name servers. The
          default behavior is to use UDP unless an
          <literal>ixfr=N</literal> query is requested, in which
          case the default is TCP.  AXFR queries always use
          TCP.
        </para>
      </listitem>
    </varlistentry>

    <varlistentry>
      <term><option>+timeout=T</option></term>
      <listitem>
        <para>

          Sets the timeout for a query to
          <parameter>T</parameter> seconds.  The default
          timeout is 5 seconds.
          An attempt to set <parameter>T</parameter> to less
          than 1 will result
          in a query timeout of 1 second being applied.
        </para>
      </listitem>
    </varlistentry>

    <varlistentry>
      <term><option>+[no]topdown</option></term>
      <listitem>
        <para>
          When chasing DNSSEC signature chains perform a top-down
          validation.  Requires dig be compiled with -DDIG_SIGCHASE.
        </para>
      </listitem>
    </varlistentry>

    <varlistentry>
      <term><option>+[no]trace</option></term>
      <listitem>
        <para>
          Toggle tracing of the delegation path from the root
          name servers for the name being looked up.  Tracing
          is disabled by default.  When tracing is enabled,
          <command>dig</command> makes iterative queries to
          resolve the name being looked up.  It will follow
          referrals from the root servers, showing the answer
          from each server that was used to resolve the lookup.
        </para> <para>
          <command>+dnssec</command> is also set when +trace
          is set to better emulate the default queries from a
          nameserver.
        </para>
      </listitem>
    </varlistentry>

    <varlistentry>
      <term><option>+tries=T</option></term>
      <listitem>
        <para>
          Sets the number of times to try UDP queries to server
          to <parameter>T</parameter> instead of the default,
          3.  If <parameter>T</parameter> is less than or equal
          to zero, the number of tries is silently rounded up
          to 1.
        </para>
      </listitem>
    </varlistentry>

    <varlistentry>
      <term><option>+trusted-key=####</option></term>
      <listitem>
        <para>
          Specifies a file containing trusted keys to be used
          with <option>+sigchase</option>.  Each DNSKEY record
          must be on its own line.
        </para> <para>
          If not specified, <command>dig</command> will look
          for <filename>/etc/trusted-key.key</filename> then
          <filename>trusted-key.key</filename> in the current
          directory.
        </para> <para>
          Requires dig be compiled with -DDIG_SIGCHASE.
        </para>
      </listitem>
    </varlistentry>

    <varlistentry>
      <term><option>+[no]ttlid</option></term>
      <listitem>
        <para>
          Display [do not display] the TTL when printing the
          record.
        </para>
      </listitem>
    </varlistentry>

    <varlistentry>
      <term><option>+[no]ttlunits</option></term>
      <listitem>
        <para>
          Display [do not display] the TTL in friendly human-readable
          time units of "s", "m", "h", "d", and "w", representing
          seconds, minutes, hours, days and weeks.  Implies +ttlid.
        </para>
      </listitem>
    </varlistentry>

    <varlistentry>
      <term><option>+[no]vc</option></term>
      <listitem>
        <para>
          Use [do not use] TCP when querying name servers.  This
          alternate syntax to <parameter>+[no]tcp</parameter>
          is provided for backwards compatibility.  The "vc"
          stands for "virtual circuit".
        </para>
      </listitem>
    </varlistentry>

    <varlistentry>
      <term><option>+[no]zflag</option></term>
      <listitem>
        <para>
          Set [do not set] the last unassigned DNS header flag in a
          DNS query.  This flag is off by default.
        </para>
      </listitem>
    </varlistentry>

      </variablelist>

    </para>
  </refsect1>

  <refsect1>
    <title>MULTIPLE QUERIES</title>

    <para>
      The BIND 9 implementation of <command>dig </command>
      supports
      specifying multiple queries on the command line (in addition to
      supporting the <option>-f</option> batch file option).  Each of those
      queries can be supplied with its own set of flags, options and query
      options.
    </para>

    <para>
      In this case, each <parameter>query</parameter> argument
      represent an
      individual query in the command-line syntax described above.  Each
      consists of any of the standard options and flags, the name to be
      looked up, an optional query type and class and any query options that
      should be applied to that query.
    </para>

    <para>
      A global set of query options, which should be applied to all queries,
      can also be supplied.  These global query options must precede the
      first tuple of name, class, type, options, flags, and query options
      supplied on the command line.  Any global query options (except
      the <option>+[no]cmd</option> option) can be
      overridden by a query-specific set of query options.  For example:
      <programlisting>
dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
</programlisting>
      shows how <command>dig</command> could be used from the
      command line
      to make three lookups: an ANY query for <literal>www.isc.org</literal>, a
      reverse lookup of 127.0.0.1 and a query for the NS records of
      <literal>isc.org</literal>.

      A global query option of <parameter>+qr</parameter> is
      applied, so
      that <command>dig</command> shows the initial query it made
      for each
      lookup.  The final query has a local query option of
      <parameter>+noqr</parameter> which means that <command>dig</command>
      will not print the initial query when it looks up the NS records for
      <literal>isc.org</literal>.
    </para>

  </refsect1>

  <refsect1>
    <title>IDN SUPPORT</title>
    <para>
      If <command>dig</command> has been built with IDN (internationalized
      domain name) support, it can accept and display non-ASCII domain names.
      <command>dig</command> appropriately converts character encoding of
      domain name before sending a request to DNS server or displaying a
      reply from the server.
      If you'd like to turn off the IDN support for some reason, defines
      the <envar>IDN_DISABLE</envar> environment variable.
      The IDN support is disabled if the variable is set when
      <command>dig</command> runs.
    </para>
  </refsect1>

  <refsect1>
    <title>FILES</title>
    <para><filename>/etc/resolv.conf</filename>
    </para>
    <para><filename>${HOME}/.digrc</filename>
    </para>
  </refsect1>

  <refsect1>
    <title>SEE ALSO</title>
    <para><citerefentry>
    <refentrytitle>host</refentrytitle><manvolnum>1</manvolnum>
      </citerefentry>,
      <citerefentry>
    <refentrytitle>named</refentrytitle><manvolnum>8</manvolnum>
      </citerefentry>,
      <citerefentry>
    <refentrytitle>dnssec-keygen</refentrytitle><manvolnum>8</manvolnum>
      </citerefentry>,
      <citetitle>RFC1035</citetitle>.
    </para>
  </refsect1>

  <refsect1>
    <title>BUGS</title>
    <para>
      There are probably too many query options.
    </para>
  </refsect1>
</refentry><!--
 - Local variables:
 - mode: sgml
 - End:
-->