dig.docbook revision f9f11eb54be19b7deedf3978496f71d81432a5ee
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt [<!ENTITY mdash "—">]>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt - Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt - Copyright (C) 2000-2003 Internet Software Consortium.
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt - Permission to use, copy, modify, and/or distribute this software for any
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt - purpose with or without fee is hereby granted, provided that the above
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt - copyright notice and this permission notice appear in all copies.
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt - PERFORMANCE OF THIS SOFTWARE.
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<!-- $Id: dig.docbook,v 1.43 2009/01/20 20:06:29 jreed Exp $ -->
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt <refentryinfo>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt </refentryinfo>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt <refnamediv>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt </refnamediv>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt </copyright>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt </copyright>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt <refsynopsisdiv>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt <cmdsynopsis>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt <arg><option>-b <replaceable class="parameter">address</replaceable></option></arg>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt <arg><option>-c <replaceable class="parameter">class</replaceable></option></arg>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt <arg><option>-f <replaceable class="parameter">filename</replaceable></option></arg>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt <arg><option>-k <replaceable class="parameter">filename</replaceable></option></arg>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt <arg><option>-p <replaceable class="parameter">port#</replaceable></option></arg>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt <arg><option>-q <replaceable class="parameter">name</replaceable></option></arg>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt <arg><option>-t <replaceable class="parameter">type</replaceable></option></arg>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt <arg><option>-x <replaceable class="parameter">addr</replaceable></option></arg>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt <arg><option>-y <replaceable class="parameter"><optional>hmac:</optional>name:key</replaceable></option></arg>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt </cmdsynopsis>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt <cmdsynopsis>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt </cmdsynopsis>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt <cmdsynopsis>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt <arg choice="opt" rep="repeat">global-queryopt</arg>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt </cmdsynopsis>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt </refsynopsisdiv>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt (domain information groper) is a flexible tool
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt for interrogating DNS name servers. It performs DNS lookups and
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt displays the answers that are returned from the name server(s) that
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt were queried. Most DNS administrators use <command>dig</command> to
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt troubleshoot DNS problems because of its flexibility, ease of use and
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt clarity of output. Other lookup tools tend to have less functionality
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt Although <command>dig</command> is normally used with
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt command-line
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt arguments, it also has a batch mode of operation for reading lookup
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt requests from a file. A brief summary of its command-line arguments
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt and options is printed when the <option>-h</option> option is given.
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt Unlike earlier versions, the BIND 9 implementation of
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt <command>dig</command> allows multiple lookups to be issued
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt command line.
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt Unless it is told to query a specific name server,
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt <command>dig</command> will try each of the servers listed
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt When no command line arguments or options are given,
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt <command>dig</command> will perform an NS query for "." (the root).
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt It is possible to set per-user defaults for <command>dig</command> via
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt <filename>${HOME}/.digrc</filename>. This file is read and
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt any options in it
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt are applied before the command line arguments.
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt The IN and CH class names overlap with the IN and CH top level
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt domains names. Either use the <option>-t</option> and
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt <option>-c</option> options to specify the type and class,
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt use the <option>-q</option> the specify the domain name, or
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt use "IN." and "CH." when looking up these top level domains.
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt A typical invocation of <command>dig</command> looks like:
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt <programlisting> dig @server name type </programlisting>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt <variablelist>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt <varlistentry>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt is the name or IP address of the name server to query. This can
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt address in dotted-decimal notation or an IPv6
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt address in colon-delimited notation. When the supplied
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt querying that name
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt argument is provided,
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt <command>dig</command> consults <filename>/etc/resolv.conf</filename>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt and queries the name servers listed there. The reply from the
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt server that responds is displayed.
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt </varlistentry>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt <varlistentry>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt is the name of the resource record that is to be looked up.
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt </varlistentry>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt <varlistentry>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt indicates what type of query is required —
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt ANY, A, MX, SIG, etc.
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt <parameter>type</parameter> can be any valid query
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt <command>dig</command> will perform a lookup for an
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt </varlistentry>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt </variablelist>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt The <option>-b</option> option sets the source IP address of the query
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt to <parameter>address</parameter>. This must be a valid
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt one of the host's network interfaces or "0.0.0.0" or "::". An optional
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt may be specified by appending "#<port>"
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt The default query class (IN for internet) is overridden by the
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt <option>-c</option> option. <parameter>class</parameter> is
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt class, such as HS for Hesiod records or CH for Chaosnet records.
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt The <option>-f</option> option makes <command>dig </command>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt in batch mode by reading a list of lookup requests to process from the
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt file <parameter>filename</parameter>. The file contains a
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt queries, one per line. Each entry in the file should be organized in
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt the same way they would be presented as queries to
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt <command>dig</command> using the command-line interface.
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt The <option>-m</option> option enables memory usage debugging.
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt <!-- It enables ISC_MEM_DEBUGTRACE and ISC_MEM_DEBUGRECORD
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt documented in include/isc/mem.h -->
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt If a non-standard port number is to be queried, the
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt <option>-p</option> option is used. <parameter>port#</parameter> is
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt the port number that <command>dig</command> will send its
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt instead of the standard DNS port number 53. This option would be used
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt to test a name server that has been configured to listen for queries
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt on a non-standard port number.
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt The <option>-4</option> option forces <command>dig</command>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt use IPv4 query transport. The <option>-6</option> option forces
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt <command>dig</command> to only use IPv6 query transport.
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt The <option>-t</option> option sets the query type to
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt <parameter>type</parameter>. It can be any valid query type
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt supported in BIND 9. The default query type is "A", unless the
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt <option>-x</option> option is supplied to indicate a reverse lookup.
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt A zone transfer can be requested by specifying a type of AXFR. When
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt an incremental zone transfer (IXFR) is required,
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt <parameter>type</parameter> is set to <literal>ixfr=N</literal>.
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt The incremental zone transfer will contain the changes made to the zone
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt since the serial number in the zone's SOA record was
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt The <option>-q</option> option sets the query name to
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt <parameter>name</parameter>. This useful do distinguish the
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt Reverse lookups — mapping addresses to names — are simplified by the
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt <option>-x</option> option. <parameter>addr</parameter> is
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt address in dotted-decimal notation, or a colon-delimited IPv6 address.
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt When this option is used, there is no need to provide the
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt <parameter>name</parameter>, <parameter>class</parameter> and
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt <parameter>type</parameter> arguments. <command>dig</command>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt automatically performs a lookup for a name like
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt <literal>11.12.13.10.in-addr.arpa</literal> and sets the
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt query type and
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt class to PTR and IN respectively. By default, IPv6 addresses are
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt looked up using nibble format under the IP6.ARPA domain.
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt To use the older RFC1886 method using the IP6.INT domain
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt specify the <option>-i</option> option. Bit string labels (RFC2874)
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt are now experimental and are not attempted.
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt To sign the DNS queries sent by <command>dig</command> and
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt responses using transaction signatures (TSIG), specify a TSIG key file
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt using the <option>-k</option> option. You can also specify the TSIG
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt key itself on the command line using the <option>-y</option> option;
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt <parameter>hmac</parameter> is the type of the TSIG, default HMAC-MD5,
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt <parameter>name</parameter> is the name of the TSIG key and
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt <parameter>key</parameter> is the actual key. The key is a
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt encoded string, typically generated by
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt <citerefentry>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt <refentrytitle>dnssec-keygen</refentrytitle><manvolnum>8</manvolnum>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt </citerefentry>.
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt Caution should be taken when using the <option>-y</option> option on
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt multi-user systems as the key can be visible in the output from
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt <citerefentry>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt <refentrytitle>ps</refentrytitle><manvolnum>1</manvolnum>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt </citerefentry>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt or in the shell's history file. When
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt using TSIG authentication with <command>dig</command>, the name
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt server that is queried needs to know the key and algorithm that is
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt being used. In BIND, this is done by providing appropriate
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt <command>key</command> and <command>server</command> statements in
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt provides a number of query options which affect
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt the way in which lookups are made and the results displayed. Some of
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt these set or reset flag bits in the query header, some determine which
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt sections of the answer get printed, and others determine the timeout
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt and retry strategies.
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt Each query option is identified by a keyword preceded by a plus sign
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt (<literal>+</literal>). Some keywords set or reset an
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt option. These may be preceded
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt by the string <literal>no</literal> to negate the meaning of
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt that keyword. Other
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt keywords assign values to options like the timeout interval. They
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt The query options are:
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt <variablelist>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt <varlistentry>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt Use [do not use] TCP when querying name servers. The default
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt behavior is to use UDP unless an AXFR or IXFR query is
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt requested, in
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt which case a TCP connection is used.
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt </varlistentry>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt <varlistentry>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt Use [do not use] TCP when querying name servers. This alternate
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt provided for backwards
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt compatibility. The "vc" stands for "virtual circuit".
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt </varlistentry>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt <varlistentry>