dig.html revision de283bda6a902c2102a795192eeab3a769001c7d
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater - Copyright (C) 2004-2011, 2013-2015 Internet Systems Consortium, Inc. ("ISC")
7a2a1b8b14fc804ac80612d7b98064095e445be5Automatic Updater - Copyright (C) 2000-2003 Internet Software Consortium.
1167fc7904c5f0a472f8df207ac46dd52c7f1ec8Automatic Updater - Permission to use, copy, modify, and/or distribute this software for any
0c39b3ed9409ecb277d5e32fa763a4e4d6598df8Automatic Updater - purpose with or without fee is hereby granted, provided that the above
46da3117812814a29432a8d9a9ccf8acdbfdadceAutomatic Updater - copyright notice and this permission notice appear in all copies.
fe84edc17e0d582cf7b4270f8df9d4742a107b1cAutomatic Updater - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
79b273c187a4aa1016a62181983dfdd0521681aeMark Andrews - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
3349f0044fda807e1fd6681c833d3593a22dad86Tinderbox User - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
b253dcf9668f95e141bce9556dc88e30d3305a1dTinderbox User - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User - PERFORMANCE OF THIS SOFTWARE.
3cc98b8ecedcbc8465f1cf2740b966b315662430Automatic Updater<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
89623368b8f662d458d9964b923050f33c5f75b0Tinderbox User<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews<a name="man.dig"></a><div class="titlepage"></div>
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson<div class="cmdsynopsis"><p><code class="command">dig</code> [@server] [<code class="option">-b <em class="replaceable"><code>address</code></em></code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-f <em class="replaceable"><code>filename</code></em></code>] [<code class="option">-k <em class="replaceable"><code>filename</code></em></code>] [<code class="option">-m</code>] [<code class="option">-p <em class="replaceable"><code>port#</code></em></code>] [<code class="option">-q <em class="replaceable"><code>name</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-v</code>] [<code class="option">-x <em class="replaceable"><code>addr</code></em></code>] [<code class="option">-y <em class="replaceable"><code>[<span class="optional">hmac:</span>]name:key</code></em></code>] [<code class="option">-4</code>] [<code class="option">-6</code>] [name] [type] [class] [queryopt...]</p></div>
f2770f6b39a9b2a98afb7a11ed105f73f1570c1eAutomatic Updater<div class="cmdsynopsis"><p><code class="command">dig</code> [<code class="option">-h</code>]</p></div>
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User<div class="cmdsynopsis"><p><code class="command">dig</code> [global-queryopt...] [query...]</p></div>
e130ab53e992670e2a2ecf043976ac09f21358d1Automatic Updater<a name="id2543547"></a><h2>DESCRIPTION</h2>
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater<p><span><strong class="command">dig</strong></span>
aa9c561961e9d877946ebaa8795fa2be054ab7bfEvan Hunt (domain information groper) is a flexible tool
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater for interrogating DNS name servers. It performs DNS lookups and
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater displays the answers that are returned from the name server(s) that
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater were queried. Most DNS administrators use <span><strong class="command">dig</strong></span> to
aa9c561961e9d877946ebaa8795fa2be054ab7bfEvan Hunt troubleshoot DNS problems because of its flexibility, ease of use and
e130ab53e992670e2a2ecf043976ac09f21358d1Automatic Updater clarity of output. Other lookup tools tend to have less functionality
2d2dc37599979c83495510f8af8d1756753aa2c5Automatic Updater than <span><strong class="command">dig</strong></span>.
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater Although <span><strong class="command">dig</strong></span> is normally used with
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater arguments, it also has a batch mode of operation for reading lookup
cdfc81e048bd34c1d628380247bda6b80a89e20eAutomatic Updater requests from a file. A brief summary of its command-line arguments
cdfc81e048bd34c1d628380247bda6b80a89e20eAutomatic Updater and options is printed when the <code class="option">-h</code> option is given.
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater Unlike earlier versions, the BIND 9 implementation of
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater <span><strong class="command">dig</strong></span> allows multiple lookups to be issued
eabc9c3c07cd956d3c436bd7614cb162dabdda76Mark Andrews Unless it is told to query a specific name server,
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User <span><strong class="command">dig</strong></span> will try each of the servers listed in
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User <code class="filename">/etc/resolv.conf</code>. If no usable server addresses
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews are found, <span><strong class="command">dig</strong></span> will send the query to the local
930f6069e5aa157cf6987cdafd412f5757a5a558Automatic Updater When no command line arguments or options are given,
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews <span><strong class="command">dig</strong></span> will perform an NS query for "." (the root).
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews It is possible to set per-user defaults for <span><strong class="command">dig</strong></span> via
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater <code class="filename">${HOME}/.digrc</code>. This file is read and
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews any options in it
114f7780384371121918624ae2c80ecfce545683Tinderbox User are applied before the command line arguments.
f2770f6b39a9b2a98afb7a11ed105f73f1570c1eAutomatic Updater The IN and CH class names overlap with the IN and CH top level
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson domain names. Either use the <code class="option">-t</code> and
f2770f6b39a9b2a98afb7a11ed105f73f1570c1eAutomatic Updater <code class="option">-c</code> options to specify the type and class,
f2770f6b39a9b2a98afb7a11ed105f73f1570c1eAutomatic Updater use the <code class="option">-q</code> the specify the domain name, or
efb0e886f18894a1d2489f1ad74ad14b579e11c7Mark Andrews use "IN." and "CH." when looking up these top level domains.
f2770f6b39a9b2a98afb7a11ed105f73f1570c1eAutomatic Updater<a name="id2543626"></a><h2>SIMPLE USAGE</h2>
f2770f6b39a9b2a98afb7a11ed105f73f1570c1eAutomatic Updater A typical invocation of <span><strong class="command">dig</strong></span> looks like:
b871c7156eb037d41f53828c6fcb9cc876128962Mark Andrews<pre class="programlisting"> dig @server name type </pre>
3349f0044fda807e1fd6681c833d3593a22dad86Tinderbox User<dt><span class="term"><code class="constant">server</code></span></dt>
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews is the name or IP address of the name server to query. This
3349f0044fda807e1fd6681c833d3593a22dad86Tinderbox User can be an IPv4 address in dotted-decimal notation or an IPv6
3349f0044fda807e1fd6681c833d3593a22dad86Tinderbox User address in colon-delimited notation. When the supplied
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews <em class="parameter"><code>server</code></em> argument is a hostname,
78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark Andrews <span><strong class="command">dig</strong></span> resolves that name before querying
24bf1e02f03577db0feb50b80238c4150c96d05dAutomatic Updater that name server.
78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark Andrews If no <em class="parameter"><code>server</code></em> argument is
7500521cecdff3c00e594ec41d3a17292332ffbcTinderbox User provided, <span><strong class="command">dig</strong></span> consults
a308b69ac66fadf66863484f301314d6e6a3f1d2Automatic Updater <code class="filename">/etc/resolv.conf</code>; if an
78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark Andrews address is found there, it queries the name server at
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews that address. If either of the <code class="option">-4</code> or
a01aa536188bb3535dfc1107a623e6355a8e6b7cMark Andrews <code class="option">-6</code> options are in use, then
89623368b8f662d458d9964b923050f33c5f75b0Tinderbox User only addresses for the corresponding transport
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews will be tried. If no usable addresses are found,
b871c7156eb037d41f53828c6fcb9cc876128962Mark Andrews <span><strong class="command">dig</strong></span> will send the query to the
b871c7156eb037d41f53828c6fcb9cc876128962Mark Andrews local host. The reply from the name server that
b871c7156eb037d41f53828c6fcb9cc876128962Mark Andrews responds is displayed.
b871c7156eb037d41f53828c6fcb9cc876128962Mark Andrews<dt><span class="term"><code class="constant">name</code></span></dt>
cdfc81e048bd34c1d628380247bda6b80a89e20eAutomatic Updater is the name of the resource record that is to be looked up.
fe80a4909bf62b602feaf246866e9d29f7654194Automatic Updater<dt><span class="term"><code class="constant">type</code></span></dt>
f2770f6b39a9b2a98afb7a11ed105f73f1570c1eAutomatic Updater indicates what type of query is required —
fe80a4909bf62b602feaf246866e9d29f7654194Automatic Updater ANY, A, MX, SIG, etc.
f2770f6b39a9b2a98afb7a11ed105f73f1570c1eAutomatic Updater <em class="parameter"><code>type</code></em> can be any valid query
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson <em class="parameter"><code>type</code></em> argument is supplied,
f2770f6b39a9b2a98afb7a11ed105f73f1570c1eAutomatic Updater <span><strong class="command">dig</strong></span> will perform a lookup for an
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson The <code class="option">-b</code> option sets the source IP address of the query
f2770f6b39a9b2a98afb7a11ed105f73f1570c1eAutomatic Updater to <em class="parameter"><code>address</code></em>. This must be a valid
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User one of the host's network interfaces or "0.0.0.0" or "::". An optional
1368e4b34cef64604c874fcc40201c78e548714cTinderbox User may be specified by appending "#<port>"
f132a836c4e386b1af045dd8fe7106ae61b90bffAutomatic Updater The default query class (IN for internet) is overridden by the
8f2c45a35dd8c40bcc9caba8f7d40ce64fc27bcdAutomatic Updater <code class="option">-c</code> option. <em class="parameter"><code>class</code></em> is
8f2c45a35dd8c40bcc9caba8f7d40ce64fc27bcdAutomatic Updater class, such as HS for Hesiod records or CH for Chaosnet records.
269519eeb959d905ed125f96426e01d725c3b597Tinderbox User The <code class="option">-f</code> option makes <span><strong class="command">dig </strong></span>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater in batch mode by reading a list of lookup requests to process from the
8f2c45a35dd8c40bcc9caba8f7d40ce64fc27bcdAutomatic Updater file <em class="parameter"><code>filename</code></em>. The file contains a
8f2c45a35dd8c40bcc9caba8f7d40ce64fc27bcdAutomatic Updater queries, one per line. Each entry in the file should be organized in
4e0e18467f8ec5a9e5d0c538ce46bf07409ecf9bTinderbox User the same way they would be presented as queries to
e85565067cf73f8cc21ee29b11761659f1d47ee9Automatic Updater <span><strong class="command">dig</strong></span> using the command-line interface.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater The <code class="option">-m</code> option enables memory usage debugging.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater If a non-standard port number is to be queried, the
7f79131f9a8e804b93c57f3c679065cce878b726Automatic Updater <code class="option">-p</code> option is used. <em class="parameter"><code>port#</code></em> is
59528addd704f8d5757b54e540520f74e588a7c7Automatic Updater the port number that <span><strong class="command">dig</strong></span> will send its
3f616e6f846be57b1717c6beaba0f74de9d5a7c6Automatic Updater instead of the standard DNS port number 53. This option would be used
8f2c45a35dd8c40bcc9caba8f7d40ce64fc27bcdAutomatic Updater to test a name server that has been configured to listen for queries
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater on a non-standard port number.
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater The <code class="option">-4</code> option forces <span><strong class="command">dig</strong></span>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater use IPv4 query transport. The <code class="option">-6</code> option forces
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <span><strong class="command">dig</strong></span> to only use IPv6 query transport.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater The <code class="option">-t</code> option sets the query type to
71bd43eebd9d6e42dbcae62b730f5b6508d5acd8Automatic Updater <em class="parameter"><code>type</code></em>. It can be any valid query type
7262eb86f2b465822206122921e2f357218f0cfdAutomatic Updater supported in BIND 9. The default query type is "A", unless the
96ea71632887c58a9d00f47eb318bf76b35903c3Mark Andrews <code class="option">-x</code> option is supplied to indicate a reverse lookup.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater A zone transfer can be requested by specifying a type of AXFR. When
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater an incremental zone transfer (IXFR) is required,
bbb069be941f649228760edcc241122933c066d2Automatic Updater <em class="parameter"><code>type</code></em> is set to <code class="literal">ixfr=N</code>.
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater The incremental zone transfer will contain the changes made to the zone
4cda4fd158d6ded5586bacea8c388445d99611eaAutomatic Updater since the serial number in the zone's SOA record was
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews The <code class="option">-q</code> option sets the query name to
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <em class="parameter"><code>name</code></em>. This is useful to distinguish the
a382ca49c874d38ad3ac8995b49f9f27128e4ca9Automatic Updater <em class="parameter"><code>name</code></em> from other arguments.
89623368b8f662d458d9964b923050f33c5f75b0Tinderbox User The <code class="option">-v</code> causes <span><strong class="command">dig</strong></span> to
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews print the version number and exit.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Reverse lookups — mapping addresses to names — are simplified by the
7a2a1b8b14fc804ac80612d7b98064095e445be5Automatic Updater <code class="option">-x</code> option. <em class="parameter"><code>addr</code></em> is
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater address in dotted-decimal notation, or a colon-delimited IPv6 address.
1368e4b34cef64604c874fcc40201c78e548714cTinderbox User When this option is used, there is no need to provide the
f7a71eef29bcbf892270460269c79664f600cffdAutomatic Updater <em class="parameter"><code>name</code></em>, <em class="parameter"><code>class</code></em> and
3e5340279d8875d136a4dd815cccad0044aa2644Automatic Updater <em class="parameter"><code>type</code></em> arguments. <span><strong class="command">dig</strong></span>
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User automatically performs a lookup for a name like
fe84edc17e0d582cf7b4270f8df9d4742a107b1cAutomatic Updater <code class="literal">11.12.13.10.in-addr.arpa</code> and sets the
cf7e98f59148b559946a7f1ca728471374f1eef3Automatic Updater query type and
930f6069e5aa157cf6987cdafd412f5757a5a558Automatic Updater class to PTR and IN respectively. By default, IPv6 addresses are
8ccd7da886e93cd490fcb6f4c4e98a6514f35820Automatic Updater looked up using nibble format under the IP6.ARPA domain.
8711e5c73ca872d59810760af0332194cbdd619bAutomatic Updater To use the older RFC1886 method using the IP6.INT domain
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater specify the <code class="option">-i</code> option. Bit string labels (RFC2874)
cf7e98f59148b559946a7f1ca728471374f1eef3Automatic Updater are now experimental and are not attempted.
c3fd32ed29e9e419bb56583f4272a506773b1ea0Automatic Updater To sign the DNS queries sent by <span><strong class="command">dig</strong></span> and
a382ca49c874d38ad3ac8995b49f9f27128e4ca9Automatic Updater responses using transaction signatures (TSIG), specify a TSIG key file
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User using the <code class="option">-k</code> option. You can also specify the TSIG
8f2c45a35dd8c40bcc9caba8f7d40ce64fc27bcdAutomatic Updater key itself on the command line using the <code class="option">-y</code> option;
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User <em class="parameter"><code>hmac</code></em> is the type of the TSIG, default HMAC-MD5,
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User <em class="parameter"><code>name</code></em> is the name of the TSIG key and
3857cb6fcabeb79d85de4b3e3e4ab99912b701f8Mark Andrews <em class="parameter"><code>key</code></em> is the actual key. The key is a
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User encoded string, typically generated by
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews <span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>.
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson Caution should be taken when using the <code class="option">-y</code> option on
e2caa7536302de34de6cc04025abcd53dc3a499aAutomatic Updater multi-user systems as the key can be visible in the output from
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User <span class="citerefentry"><span class="refentrytitle">ps</span>(1)</span>
8292deab031e7599cd7622aa7675fbe139ca6095Mark Andrews or in the shell's history file. When
0b57424d28c9a67018107133f9fbc0a7dcf057e2Mark Andrews using TSIG authentication with <span><strong class="command">dig</strong></span>, the name
0b57424d28c9a67018107133f9fbc0a7dcf057e2Mark Andrews server that is queried needs to know the key and algorithm that is
0b57424d28c9a67018107133f9fbc0a7dcf057e2Mark Andrews being used. In BIND, this is done by providing appropriate
dc11390a658e02e1a03accd4dbe14c94fa9de556Automatic Updater <span><strong class="command">key</strong></span> and <span><strong class="command">server</strong></span> statements in
78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark Andrews<p><span><strong class="command">dig</strong></span>
3351ccbd5c1961404044f8273d54dad405f53960Mark Andrews provides a number of query options which affect
7d12a6b412fe47e6d6582923fd6954ab8cd0baebAutomatic Updater the way in which lookups are made and the results displayed. Some of
78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark Andrews these set or reset flag bits in the query header, some determine which
78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark Andrews sections of the answer get printed, and others determine the timeout
3351ccbd5c1961404044f8273d54dad405f53960Mark Andrews and retry strategies.
0b57424d28c9a67018107133f9fbc0a7dcf057e2Mark Andrews Each query option is identified by a keyword preceded by a plus sign
7d12a6b412fe47e6d6582923fd6954ab8cd0baebAutomatic Updater (<code class="literal">+</code>). Some keywords set or reset an
0b57424d28c9a67018107133f9fbc0a7dcf057e2Mark Andrews option. These may be preceded
e8fc8c884b44371784805e1e0d3100da403dd3f1Automatic Updater by the string <code class="literal">no</code> to negate the meaning of
e8fc8c884b44371784805e1e0d3100da403dd3f1Automatic Updater that keyword. Other
e8fc8c884b44371784805e1e0d3100da403dd3f1Automatic Updater keywords assign values to options like the timeout interval. They
e8fc8c884b44371784805e1e0d3100da403dd3f1Automatic Updater have the form <code class="option">+keyword=value</code>.
e8fc8c884b44371784805e1e0d3100da403dd3f1Automatic Updater The query options are:
e8fc8c884b44371784805e1e0d3100da403dd3f1Automatic Updater<dt><span class="term"><code class="option">+[no]aaflag</code></span></dt>
b253dcf9668f95e141bce9556dc88e30d3305a1dTinderbox User A synonym for <em class="parameter"><code>+[no]aaonly</code></em>.
b253dcf9668f95e141bce9556dc88e30d3305a1dTinderbox User<dt><span class="term"><code class="option">+[no]aaonly</code></span></dt>
01a5c5503482fb3ba52088bf0178a7213273bf96Mark Andrews Sets the "aa" flag in the query.
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User<dt><span class="term"><code class="option">+[no]additional</code></span></dt>
59528addd704f8d5757b54e540520f74e588a7c7Automatic Updater Display [do not display] the additional section of a
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews reply. The default is to display it.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<dt><span class="term"><code class="option">+[no]adflag</code></span></dt>
4b2cb1422c7c600fbc13b1cb06a8b4693bc11af8Mark Andrews Set [do not set] the AD (authentic data) bit in the
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews query. This requests the server to return whether
4b2cb1422c7c600fbc13b1cb06a8b4693bc11af8Mark Andrews all of the answer and authority sections have all
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews been validated as secure according to the security
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater policy of the server. AD=1 indicates that all records
7f79131f9a8e804b93c57f3c679065cce878b726Automatic Updater have been validated as secure and the answer is not
f2770f6b39a9b2a98afb7a11ed105f73f1570c1eAutomatic Updater from a OPT-OUT range. AD=0 indicate that some part
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson of the answer was insecure or not validated. This
f2770f6b39a9b2a98afb7a11ed105f73f1570c1eAutomatic Updater bit is set by default.
efb0e886f18894a1d2489f1ad74ad14b579e11c7Mark Andrews<dt><span class="term"><code class="option">+[no]all</code></span></dt>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington Set or clear all display flags.
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User<dt><span class="term"><code class="option">+[no]answer</code></span></dt>
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User Display [do not display] the answer section of a
b13d89bd89878137c81b36a36596cca3920f27a4Automatic Updater reply. The default is to display it.
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User<dt><span class="term"><code class="option">+[no]authority</code></span></dt>
f7369b2881b5e63d69600adcedc8ba938303d30cTinderbox User Display [do not display] the authority section of a
f7369b2881b5e63d69600adcedc8ba938303d30cTinderbox User reply. The default is to display it.
bc0a4c01beede169df81a3ee5b614ed9e82339dbAutomatic Updater<dt><span class="term"><code class="option">+[no]besteffort</code></span></dt>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington Attempt to display the contents of messages which are
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington malformed. The default is to not display malformed
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<dt><span class="term"><code class="option">+bufsize=B</code></span></dt>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington Set the UDP message buffer size advertised using EDNS0
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington to <em class="parameter"><code>B</code></em> bytes. The maximum and
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington minimum sizes of this buffer are 65535 and 0 respectively.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington Values outside this range are rounded up or down
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington appropriately. Values other than zero will cause a
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington EDNS query to be sent.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<dt><span class="term"><code class="option">+[no]cdflag</code></span></dt>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington Set [do not set] the CD (checking disabled) bit in
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington the query. This requests the server to not perform
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington DNSSEC validation of responses.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<dt><span class="term"><code class="option">+[no]cl</code></span></dt>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington Display [do not display] the CLASS when printing the
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<dt><span class="term"><code class="option">+[no]cmd</code></span></dt>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington Toggles the printing of the initial comment in the
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington output identifying the version of <span><strong class="command">dig</strong></span>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington and the query options that have been applied. This
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington comment is printed by default.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<dt><span class="term"><code class="option">+[no]comments</code></span></dt>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington Toggle the display of comment lines in the output.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington The default is to print comments.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<dt><span class="term"><code class="option">+[no]crypto</code></span></dt>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington Toggle the display of cryptographic fields in DNSSEC
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington records. The contents of these field are unnecessary
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington to debug most DNSSEC validation failures and removing
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington them makes it easier to see the common failures. The
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington default is to display the fields. When omitted they
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington are replaced by the string "[omitted]" or in the
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington DNSKEY case the key id is displayed as the replacement,
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington e.g. "[ key id = value ]".
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<dt><span class="term"><code class="option">+[no]defname</code></span></dt>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington Deprecated, treated as a synonym for
e130ab53e992670e2a2ecf043976ac09f21358d1Automatic Updater <em class="parameter"><code>+[no]search</code></em>
ae7e54b14c946e0984c191554db9abb4893f9349Automatic Updater<dt><span class="term"><code class="option">+[no]dnssec</code></span></dt>
ae7e54b14c946e0984c191554db9abb4893f9349Automatic Updater Requests DNSSEC records be sent by setting the DNSSEC
ae7e54b14c946e0984c191554db9abb4893f9349Automatic Updater OK bit (DO) in the OPT record in the additional section
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User<dt><span class="term"><code class="option">+domain=somename</code></span></dt>
ae7e54b14c946e0984c191554db9abb4893f9349Automatic Updater Set the search list to contain the single domain
ae7e54b14c946e0984c191554db9abb4893f9349Automatic Updater <em class="parameter"><code>somename</code></em>, as if specified in
ae7e54b14c946e0984c191554db9abb4893f9349Automatic Updater a <span><strong class="command">domain</strong></span> directive in
ae7e54b14c946e0984c191554db9abb4893f9349Automatic Updater <code class="filename">/etc/resolv.conf</code>, and enable
ae7e54b14c946e0984c191554db9abb4893f9349Automatic Updater search list processing as if the
ae7e54b14c946e0984c191554db9abb4893f9349Automatic Updater <em class="parameter"><code>+search</code></em> option were given.
ec8755f605d7dcb2de1076040e77bc2d7ec33b4aTinderbox User<dt><span class="term"><code class="option">+dscp=value</code></span></dt>
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington Set the DSCP code point to be used when sending the
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington query. Valid DSCP code points are in the range
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington [0..63]. By default no code point is explicitly set.
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews<dt><span class="term"><code class="option">+[no]edns[=#]</code></span></dt>
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews Specify the EDNS version to query with. Valid values
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington are 0 to 255. Setting the EDNS version will cause
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews a EDNS query to be sent. <code class="option">+noedns</code>
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User clears the remembered EDNS version. EDNS is set to
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington 0 by default.
099b86fb8136a7dff81df85cf395978c16eb254cAutomatic Updater<dt><span class="term"><code class="option">+[no]ednsflags[=#]</code></span></dt>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington Set the must-be-zero EDNS flags bits (Z bits) to the
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington specified value. Decimal, hex and octal encodings are
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington accepted. Setting a named flag (e.g. DO) will silently be
e10d61d84e0b735f1e8eca18644cfdb1b06cad33Tinderbox User ignored. By default, no Z bits are set.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<dt><span class="term"><code class="option">+[no]ednsnegotiation</code></span></dt>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Enable / disable EDNS version negotiation. By default
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater EDNS version negotiation is enabled.
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User<dt><span class="term"><code class="option">+[no]ednsopt[=code[:value]]</code></span></dt>
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User Specify EDNS option with code point <code class="option">code</code>
c01dec514a81ecf8c17ca3ef8c3ba95e437295ebAutomatic Updater and optionally payload of <code class="option">value</code> as a
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater hexadecimal string. <code class="option">+noednsopt</code>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater clears the EDNS options to be sent.
3de6db3208d51de1e138b63b9670430c03f99694Automatic Updater<dt><span class="term"><code class="option">+[no]expire</code></span></dt>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Send an EDNS Expire option.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<dt><span class="term"><code class="option">+[no]fail</code></span></dt>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington Do not try the next server if you receive a SERVFAIL.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington The default is to not try the next server which is
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington the reverse of normal stub resolver behavior.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<dt><span class="term"><code class="option">+[no]header-only</code></span></dt>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington Send a query with a DNS header without a question section.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington The default is to add a question section. The query type
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington and query name are ignored when this is set.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<dt><span class="term"><code class="option">+[no]identify</code></span></dt>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington Show [or do not show] the IP address and port number
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington that supplied the answer when the
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington <em class="parameter"><code>+short</code></em> option is enabled. If
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington short form answers are requested, the default is not
7adcb4de92bf4383a4c5624c4ed256736d02bc6dMark Andrews to show the source address and port number of the
7adcb4de92bf4383a4c5624c4ed256736d02bc6dMark Andrews server that provided the answer.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<dt><span class="term"><code class="option">+[no]ignore</code></span></dt>
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater Ignore truncation in UDP responses instead of retrying
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User with TCP. By default, TCP retries are performed.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<dt><span class="term"><code class="option">+[no]keepopen</code></span></dt>
79cea03ba823e2d3a34895f0ba91d7fb5ad799e7Automatic Updater Keep the TCP socket open between queries and reuse
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User it rather than creating a new TCP socket for each
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington lookup. The default is <code class="option">+nokeepopen</code>.
7adcb4de92bf4383a4c5624c4ed256736d02bc6dMark Andrews<dt><span class="term"><code class="option">+[no]multiline</code></span></dt>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington Print records like the SOA records in a verbose
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington multi-line format with human-readable comments. The
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington default is to print each record on a single line, to
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington facilitate machine parsing of the <span><strong class="command">dig</strong></span>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<dt><span class="term"><code class="option">+ndots=D</code></span></dt>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington Set the number of dots that have to appear in
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington <em class="parameter"><code>name</code></em> to <em class="parameter"><code>D</code></em>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington for it to be considered absolute. The default value
7adcb4de92bf4383a4c5624c4ed256736d02bc6dMark Andrews is that defined using the ndots statement in
7adcb4de92bf4383a4c5624c4ed256736d02bc6dMark Andrews <code class="filename">/etc/resolv.conf</code>, or 1 if no
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington ndots statement is present. Names with fewer dots
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington are interpreted as relative names and will be searched
7adcb4de92bf4383a4c5624c4ed256736d02bc6dMark Andrews for in the domains listed in the <code class="option">search</code>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington or <code class="option">domain</code> directive in
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington <code class="filename">/etc/resolv.conf</code> if
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington <code class="option">+search</code> is set.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<dt><span class="term"><code class="option">+[no]nsid</code></span></dt>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington Include an EDNS name server ID request when sending
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<dt><span class="term"><code class="option">+[no]nssearch</code></span></dt>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington When this option is set, <span><strong class="command">dig</strong></span>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington attempts to find the authoritative name servers for
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater the zone containing the name being looked up and
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater display the SOA record that each name server has for
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<dt><span class="term"><code class="option">+[no]onesoa</code></span></dt>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Print only one (starting) SOA record when performing
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater an AXFR. The default is to print both the starting
56effd2e3f579fd77b1fb37d47871d1bf1286bc4Automatic Updater and ending SOA records.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<dt><span class="term"><code class="option">+[no]qr</code></span></dt>
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User Print [do not print] the query as it is sent. By
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington default, the query is not printed.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<dt><span class="term"><code class="option">+[no]question</code></span></dt>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington Print [do not print] the question section of a query
7adcb4de92bf4383a4c5624c4ed256736d02bc6dMark Andrews when an answer is returned. The default is to print
7adcb4de92bf4383a4c5624c4ed256736d02bc6dMark Andrews the question section as a comment.
7adcb4de92bf4383a4c5624c4ed256736d02bc6dMark Andrews<dt><span class="term"><code class="option">+[no]recurse</code></span></dt>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington Toggle the setting of the RD (recursion desired) bit
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington in the query. This bit is set by default, which means
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington <span><strong class="command">dig</strong></span> normally sends recursive
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington queries. Recursion is automatically disabled when
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington the <em class="parameter"><code>+nssearch</code></em> or
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington <em class="parameter"><code>+trace</code></em> query options are used.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<dt><span class="term"><code class="option">+retry=T</code></span></dt>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington Sets the number of times to retry UDP queries to
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington server to <em class="parameter"><code>T</code></em> instead of the
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington default, 2. Unlike <em class="parameter"><code>+tries</code></em>,
e130ab53e992670e2a2ecf043976ac09f21358d1Automatic Updater this does not include the initial query.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<dt><span class="term"><code class="option">+[no]rrcomments</code></span></dt>
79cea03ba823e2d3a34895f0ba91d7fb5ad799e7Automatic Updater Toggle the display of per-record comments in the
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User output (for example, human-readable key information
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User about DNSKEY records). The default is not to print
f7369b2881b5e63d69600adcedc8ba938303d30cTinderbox User record comments unless multiline mode is active.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<dt><span class="term"><code class="option">+[no]search</code></span></dt>
b0d566a2ce0f5a67f537ee7f8233f82f2584cc61Automatic Updater Use [do not use] the search list defined by the
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User searchlist or domain directive in
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <code class="filename">resolv.conf</code> (if any). The search
1fdd58445074579ee3b65c871137a7a1740eb542Mark Andrews list is not used by default.
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User 'ndots' from <code class="filename">resolv.conf</code> (default 1)
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User which may be overridden by <em class="parameter"><code>+ndots</code></em>
cc5a9ce75af9870f2cb9e2bf00548c2f7e6398d6Automatic Updater determines if the name will be treated as relative
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater or not and hence whether a search is eventually
ec8755f605d7dcb2de1076040e77bc2d7ec33b4aTinderbox User performed or not.
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User<dt><span class="term"><code class="option">+[no]short</code></span></dt>
532d27b39244fadfcf8d8b4593f4c65434c9c664Automatic Updater Provide a terse answer. The default is to print the
532d27b39244fadfcf8d8b4593f4c65434c9c664Automatic Updater answer in a verbose form.
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User<dt><span class="term"><code class="option">+[no]showsearch</code></span></dt>
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User Perform [do not perform] a search showing intermediate
665ba746c0585088d0c314dcfc4671aa2c7b2dc1Automatic Updater<dt><span class="term"><code class="option">+[no]sigchase</code></span></dt>
665ba746c0585088d0c314dcfc4671aa2c7b2dc1Automatic Updater Chase DNSSEC signature chains. Requires dig be
665ba746c0585088d0c314dcfc4671aa2c7b2dc1Automatic Updater compiled with -DDIG_SIGCHASE.
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User<dt><span class="term"><code class="option">+[no]sit[<span class="optional">=####</span>]</code></span></dt>
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater Send a Source Identity Token EDNS option, with optional
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater value. Replaying a SIT from a previous response will
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater allow the server to identify a previous client. The
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater default is <code class="option">+nosit</code>. Currently using
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater experimental value 65001 for the option code.
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater<dt><span class="term"><code class="option">+split=W</code></span></dt>
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater Split long hex- or base64-formatted fields in resource
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater records into chunks of <em class="parameter"><code>W</code></em>
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater characters (where <em class="parameter"><code>W</code></em> is rounded
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater up to the nearest multiple of 4).
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater <em class="parameter"><code>+nosplit</code></em> or
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater <em class="parameter"><code>+split=0</code></em> causes fields not to
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater be split at all. The default is 56 characters, or
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater 44 characters when multiline mode is active.
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater<dt><span class="term"><code class="option">+[no]stats</code></span></dt>
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater This query option toggles the printing of statistics:
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater when the query was made, the size of the reply and
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater so on. The default behavior is to print the query
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater<dt><span class="term"><code class="option">+[no]subnet=addr/prefix</code></span></dt>
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater Send an EDNS Client Subnet option with the specified
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater IP address or network prefix.
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater<dt><span class="term"><code class="option">+[no]tcp</code></span></dt>
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater Use [do not use] TCP when querying name servers. The
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater default behavior is to use UDP unless an
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater <code class="literal">ixfr=N</code> query is requested, in which
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater case the default is TCP. AXFR queries always use
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater<dt><span class="term"><code class="option">+timeout=T</code></span></dt>
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater Sets the timeout for a query to
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater <em class="parameter"><code>T</code></em> seconds. The default
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater timeout is 5 seconds.
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater An attempt to set <em class="parameter"><code>T</code></em> to less
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User than 1 will result
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User in a query timeout of 1 second being applied.
a382ca49c874d38ad3ac8995b49f9f27128e4ca9Automatic Updater<dt><span class="term"><code class="option">+[no]topdown</code></span></dt>
31a540386a9abaf681d8952f1b2cdf5c75a0ba6cAutomatic Updater When chasing DNSSEC signature chains perform a top-down
ff8ec39ce4afc2d774ce99f2386474d2c8539cd4Automatic Updater validation. Requires dig be compiled with -DDIG_SIGCHASE.
bf8c3776f1bf1a1270e5e0443ae5a8df022632a8Mark Andrews<dt><span class="term"><code class="option">+[no]trace</code></span></dt>
ff8ec39ce4afc2d774ce99f2386474d2c8539cd4Automatic Updater Toggle tracing of the delegation path from the root
31a540386a9abaf681d8952f1b2cdf5c75a0ba6cAutomatic Updater name servers for the name being looked up. Tracing
31a540386a9abaf681d8952f1b2cdf5c75a0ba6cAutomatic Updater is disabled by default. When tracing is enabled,
31a540386a9abaf681d8952f1b2cdf5c75a0ba6cAutomatic Updater <span><strong class="command">dig</strong></span> makes iterative queries to
ff8ec39ce4afc2d774ce99f2386474d2c8539cd4Automatic Updater resolve the name being looked up. It will follow
31a540386a9abaf681d8952f1b2cdf5c75a0ba6cAutomatic Updater referrals from the root servers, showing the answer
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User from each server that was used to resolve the lookup.
ec8755f605d7dcb2de1076040e77bc2d7ec33b4aTinderbox User <span><strong class="command">+dnssec</strong></span> is also set when +trace
4ea3649f028ea6a1e42377082a7ccf8f789fb950Automatic Updater is set to better emulate the default queries from a
a382ca49c874d38ad3ac8995b49f9f27128e4ca9Automatic Updater<dt><span class="term"><code class="option">+tries=T</code></span></dt>
60d5d17479b47c03b9c7c86f54269718103750b8Automatic Updater Sets the number of times to try UDP queries to server
ff8ec39ce4afc2d774ce99f2386474d2c8539cd4Automatic Updater to <em class="parameter"><code>T</code></em> instead of the default,
ff8ec39ce4afc2d774ce99f2386474d2c8539cd4Automatic Updater 3. If <em class="parameter"><code>T</code></em> is less than or equal
31a540386a9abaf681d8952f1b2cdf5c75a0ba6cAutomatic Updater to zero, the number of tries is silently rounded up
ff8ec39ce4afc2d774ce99f2386474d2c8539cd4Automatic Updater<dt><span class="term"><code class="option">+trusted-key=####</code></span></dt>
31a540386a9abaf681d8952f1b2cdf5c75a0ba6cAutomatic Updater Specifies a file containing trusted keys to be used
31a540386a9abaf681d8952f1b2cdf5c75a0ba6cAutomatic Updater with <code class="option">+sigchase</code>. Each DNSKEY record
31a540386a9abaf681d8952f1b2cdf5c75a0ba6cAutomatic Updater must be on its own line.
31a540386a9abaf681d8952f1b2cdf5c75a0ba6cAutomatic Updater If not specified, <span><strong class="command">dig</strong></span> will look
31a540386a9abaf681d8952f1b2cdf5c75a0ba6cAutomatic Updater for <code class="filename">/etc/trusted-key.key</code> then
31a540386a9abaf681d8952f1b2cdf5c75a0ba6cAutomatic Updater <code class="filename">trusted-key.key</code> in the current
a308b69ac66fadf66863484f301314d6e6a3f1d2Automatic Updater Requires dig be compiled with -DDIG_SIGCHASE.
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User<dt><span class="term"><code class="option">+[no]ttlid</code></span></dt>
016614bf32c25cbd3f2b39f68455b8c98a1a22b3Automatic Updater Display [do not display] the TTL when printing the
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User<dt><span class="term"><code class="option">+[no]ttlunits</code></span></dt>
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington Display [do not display] the TTL in friendly human-readable
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater time units of "s", "m", "h", "d", and "w", representing
01f91b9cd440833f66e7476e43659655cb52ad10Automatic Updater seconds, minutes, hours, days and weeks. Implies +ttlid.
3e5b24a74c03d5b52f32d138e64e427bd2cbc8f3Automatic Updater<dt><span class="term"><code class="option">+[no]vc</code></span></dt>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Use [do not use] TCP when querying name servers. This
a7d1ba12482d7b9f4c0fc9b193f4fc3716ed4b6aMark Andrews alternate syntax to <em class="parameter"><code>+[no]tcp</code></em>
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User is provided for backwards compatibility. The "vc"
789875a1bd6d50c00d3bd883cad17ead1d3c21cdMark Andrews stands for "virtual circuit".
789875a1bd6d50c00d3bd883cad17ead1d3c21cdMark Andrews<dt><span class="term"><code class="option">+[no]zflag</code></span></dt>
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User Set [do not set] the last unassigned DNS header flag in a
b253dcf9668f95e141bce9556dc88e30d3305a1dTinderbox User DNS query. This flag is off by default.
b123be91958e0bc58a10c165be64d47661199e3bEvan Hunt The BIND 9 implementation of <span><strong class="command">dig </strong></span>
b253dcf9668f95e141bce9556dc88e30d3305a1dTinderbox User specifying multiple queries on the command line (in addition to
b123be91958e0bc58a10c165be64d47661199e3bEvan Hunt supporting the <code class="option">-f</code> batch file option). Each of those
b123be91958e0bc58a10c165be64d47661199e3bEvan Hunt queries can be supplied with its own set of flags, options and query
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater In this case, each <em class="parameter"><code>query</code></em> argument
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater individual query in the command-line syntax described above. Each
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater consists of any of the standard options and flags, the name to be
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater looked up, an optional query type and class and any query options that
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater should be applied to that query.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater A global set of query options, which should be applied to all queries,
fd7c65dce9c2b1a3d12ca4df9074cd38019fdb5fAutomatic Updater can also be supplied. These global query options must precede the
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater first tuple of name, class, type, options, flags, and query options
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User supplied on the command line. Any global query options (except
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User the <code class="option">+[no]cmd</code> option) can be
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User overridden by a query-specific set of query options. For example:
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox Userdig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater shows how <span><strong class="command">dig</strong></span> could be used from the
d9f94d668f4b9342e9367d80e9fc6e81fab303a0Mark Andrews command line
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater to make three lookups: an ANY query for <code class="literal">www.isc.org</code>, a
1368e4b34cef64604c874fcc40201c78e548714cTinderbox User reverse lookup of 127.0.0.1 and a query for the NS records of
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater A global query option of <em class="parameter"><code>+qr</code></em> is
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User that <span><strong class="command">dig</strong></span> shows the initial query it made
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater lookup. The final query has a local query option of
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <em class="parameter"><code>+noqr</code></em> which means that <span><strong class="command">dig</strong></span>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater will not print the initial query when it looks up the NS records for
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User If <span><strong class="command">dig</strong></span> has been built with IDN (internationalized
7f814b8b164ae04916a8487cdc5e88ee3ff51a58Automatic Updater domain name) support, it can accept and display non-ASCII domain names.
7f814b8b164ae04916a8487cdc5e88ee3ff51a58Automatic Updater <span><strong class="command">dig</strong></span> appropriately converts character encoding of
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater domain name before sending a request to DNS server or displaying a
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User reply from the server.
88d58d79c5bc7ce3c20a42461a5070116c736836Automatic Updater If you'd like to turn off the IDN support for some reason, defines
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater the <code class="envar">IDN_DISABLE</code> environment variable.
7f814b8b164ae04916a8487cdc5e88ee3ff51a58Automatic Updater The IDN support is disabled if the variable is set when
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User <span><strong class="command">dig</strong></span> runs.
7f814b8b164ae04916a8487cdc5e88ee3ff51a58Automatic Updater<p><code class="filename">/etc/resolv.conf</code>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<p><code class="filename">${HOME}/.digrc</code>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<p><span class="citerefentry"><span class="refentrytitle">host</span>(1)</span>,
48b36fa08b2b5bc0d552dc2a4425b3f7007b3d59Automatic Updater <span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
9fa39c73fc1d8bc44fdbbb79a1d26b837e7dd555Mark Andrews <span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
1959fd489a8832e4e3d311670f64ae18e5d08156Automatic Updater There are probably too many query options.