dig.html revision 1879ff49326b49a9e4eadaca193c631409bf8575
13faa91230bde46da937bf33010b9accc5bdeb59sd - Copyright (C) 2004-2011, 2013-2015 Internet Systems Consortium, Inc. ("ISC")
13faa91230bde46da937bf33010b9accc5bdeb59sd - Copyright (C) 2000-2003 Internet Software Consortium.
13faa91230bde46da937bf33010b9accc5bdeb59sd - Permission to use, copy, modify, and/or distribute this software for any
13faa91230bde46da937bf33010b9accc5bdeb59sd - purpose with or without fee is hereby granted, provided that the above
13faa91230bde46da937bf33010b9accc5bdeb59sd - copyright notice and this permission notice appear in all copies.
13faa91230bde46da937bf33010b9accc5bdeb59sd - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
13faa91230bde46da937bf33010b9accc5bdeb59sd - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
13faa91230bde46da937bf33010b9accc5bdeb59sd - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
13faa91230bde46da937bf33010b9accc5bdeb59sd - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
13faa91230bde46da937bf33010b9accc5bdeb59sd - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
13faa91230bde46da937bf33010b9accc5bdeb59sd - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
13faa91230bde46da937bf33010b9accc5bdeb59sd - PERFORMANCE OF THIS SOFTWARE.
13faa91230bde46da937bf33010b9accc5bdeb59sd<!-- $Id$ -->
13faa91230bde46da937bf33010b9accc5bdeb59sd<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
13faa91230bde46da937bf33010b9accc5bdeb59sd<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
13faa91230bde46da937bf33010b9accc5bdeb59sd<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
13faa91230bde46da937bf33010b9accc5bdeb59sd<div class="cmdsynopsis"><p><code class="command">dig</code> [@server] [<code class="option">-b <em class="replaceable"><code>address</code></em></code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-f <em class="replaceable"><code>filename</code></em></code>] [<code class="option">-k <em class="replaceable"><code>filename</code></em></code>] [<code class="option">-m</code>] [<code class="option">-p <em class="replaceable"><code>port#</code></em></code>] [<code class="option">-q <em class="replaceable"><code>name</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-v</code>] [<code class="option">-x <em class="replaceable"><code>addr</code></em></code>] [<code class="option">-y <em class="replaceable"><code>[<span class="optional">hmac:</span>]name:key</code></em></code>] [<code class="option">-4</code>] [<code class="option">-6</code>] [name] [type] [class] [queryopt...]</p></div>
13faa91230bde46da937bf33010b9accc5bdeb59sd<div class="cmdsynopsis"><p><code class="command">dig</code> [<code class="option">-h</code>]</p></div>
13faa91230bde46da937bf33010b9accc5bdeb59sd<div class="cmdsynopsis"><p><code class="command">dig</code> [global-queryopt...] [query...]</p></div>
13faa91230bde46da937bf33010b9accc5bdeb59sd (domain information groper) is a flexible tool
13faa91230bde46da937bf33010b9accc5bdeb59sd for interrogating DNS name servers. It performs DNS lookups and
13faa91230bde46da937bf33010b9accc5bdeb59sd displays the answers that are returned from the name server(s) that
13faa91230bde46da937bf33010b9accc5bdeb59sd were queried. Most DNS administrators use <span><strong class="command">dig</strong></span> to
13faa91230bde46da937bf33010b9accc5bdeb59sd troubleshoot DNS problems because of its flexibility, ease of use and
13faa91230bde46da937bf33010b9accc5bdeb59sd clarity of output. Other lookup tools tend to have less functionality
13faa91230bde46da937bf33010b9accc5bdeb59sd Although <span><strong class="command">dig</strong></span> is normally used with
13faa91230bde46da937bf33010b9accc5bdeb59sd command-line
13faa91230bde46da937bf33010b9accc5bdeb59sd arguments, it also has a batch mode of operation for reading lookup
13faa91230bde46da937bf33010b9accc5bdeb59sd requests from a file. A brief summary of its command-line arguments
13faa91230bde46da937bf33010b9accc5bdeb59sd and options is printed when the <code class="option">-h</code> option is given.
13faa91230bde46da937bf33010b9accc5bdeb59sd Unlike earlier versions, the BIND 9 implementation of
13faa91230bde46da937bf33010b9accc5bdeb59sd <span><strong class="command">dig</strong></span> allows multiple lookups to be issued
13faa91230bde46da937bf33010b9accc5bdeb59sd command line.
13faa91230bde46da937bf33010b9accc5bdeb59sd Unless it is told to query a specific name server,
13faa91230bde46da937bf33010b9accc5bdeb59sd <span><strong class="command">dig</strong></span> will try each of the servers listed in
13faa91230bde46da937bf33010b9accc5bdeb59sd <code class="filename">/etc/resolv.conf</code>. If no usable server addresses
13faa91230bde46da937bf33010b9accc5bdeb59sd are found, <span><strong class="command">dig</strong></span> will send the query to the local
13faa91230bde46da937bf33010b9accc5bdeb59sd When no command line arguments or options are given,
13faa91230bde46da937bf33010b9accc5bdeb59sd <span><strong class="command">dig</strong></span> will perform an NS query for "." (the root).
13faa91230bde46da937bf33010b9accc5bdeb59sd It is possible to set per-user defaults for <span><strong class="command">dig</strong></span> via
13faa91230bde46da937bf33010b9accc5bdeb59sd <code class="filename">${HOME}/.digrc</code>. This file is read and
13faa91230bde46da937bf33010b9accc5bdeb59sd any options in it
13faa91230bde46da937bf33010b9accc5bdeb59sd are applied before the command line arguments.
13faa91230bde46da937bf33010b9accc5bdeb59sd The IN and CH class names overlap with the IN and CH top level
13faa91230bde46da937bf33010b9accc5bdeb59sd domain names. Either use the <code class="option">-t</code> and
13faa91230bde46da937bf33010b9accc5bdeb59sd <code class="option">-c</code> options to specify the type and class,
13faa91230bde46da937bf33010b9accc5bdeb59sd use the <code class="option">-q</code> the specify the domain name, or
13faa91230bde46da937bf33010b9accc5bdeb59sd use "IN." and "CH." when looking up these top level domains.
13faa91230bde46da937bf33010b9accc5bdeb59sd A typical invocation of <span><strong class="command">dig</strong></span> looks like:
13faa91230bde46da937bf33010b9accc5bdeb59sd<dt><span class="term"><code class="constant">server</code></span></dt>
13faa91230bde46da937bf33010b9accc5bdeb59sd is the name or IP address of the name server to query. This
13faa91230bde46da937bf33010b9accc5bdeb59sd can be an IPv4 address in dotted-decimal notation or an IPv6
13faa91230bde46da937bf33010b9accc5bdeb59sd address in colon-delimited notation. When the supplied
13faa91230bde46da937bf33010b9accc5bdeb59sd <em class="parameter"><code>server</code></em> argument is a hostname,
25351652d920ae27c5a56c199da581033ce763f6Vuong Nguyen <span><strong class="command">dig</strong></span> resolves that name before querying
13faa91230bde46da937bf33010b9accc5bdeb59sd that name server.
13faa91230bde46da937bf33010b9accc5bdeb59sd If no <em class="parameter"><code>server</code></em> argument is
13faa91230bde46da937bf33010b9accc5bdeb59sd provided, <span><strong class="command">dig</strong></span> consults
13faa91230bde46da937bf33010b9accc5bdeb59sd address is found there, it queries the name server at
67d4b2f88b8e27bb035d67a046d5aad7db3bfc71gk that address. If either of the <code class="option">-4</code> or
13faa91230bde46da937bf33010b9accc5bdeb59sd only addresses for the corresponding transport
13faa91230bde46da937bf33010b9accc5bdeb59sd will be tried. If no usable addresses are found,
13faa91230bde46da937bf33010b9accc5bdeb59sd <span><strong class="command">dig</strong></span> will send the query to the
13faa91230bde46da937bf33010b9accc5bdeb59sd local host. The reply from the name server that
13faa91230bde46da937bf33010b9accc5bdeb59sd responds is displayed.
13faa91230bde46da937bf33010b9accc5bdeb59sd<dt><span class="term"><code class="constant">name</code></span></dt>
25351652d920ae27c5a56c199da581033ce763f6Vuong Nguyen is the name of the resource record that is to be looked up.
25351652d920ae27c5a56c199da581033ce763f6Vuong Nguyen<dt><span class="term"><code class="constant">type</code></span></dt>
25351652d920ae27c5a56c199da581033ce763f6Vuong Nguyen indicates what type of query is required —
25351652d920ae27c5a56c199da581033ce763f6Vuong Nguyen ANY, A, MX, SIG, etc.
25351652d920ae27c5a56c199da581033ce763f6Vuong Nguyen <em class="parameter"><code>type</code></em> can be any valid query
13faa91230bde46da937bf33010b9accc5bdeb59sd type. If no
13faa91230bde46da937bf33010b9accc5bdeb59sd <em class="parameter"><code>type</code></em> argument is supplied,
67d4b2f88b8e27bb035d67a046d5aad7db3bfc71gk <span><strong class="command">dig</strong></span> will perform a lookup for an
13faa91230bde46da937bf33010b9accc5bdeb59sd Use IPv4 only.
13faa91230bde46da937bf33010b9accc5bdeb59sd Use IPv6 only.
13faa91230bde46da937bf33010b9accc5bdeb59sd<dt><span class="term">-b <em class="replaceable"><code>address[<span class="optional">#port</span>]</code></em></span></dt>
67d4b2f88b8e27bb035d67a046d5aad7db3bfc71gk Set the source IP address of the query.
13faa91230bde46da937bf33010b9accc5bdeb59sd The <em class="parameter"><code>address</code></em> must be a valid address on
13faa91230bde46da937bf33010b9accc5bdeb59sd one of the host's network interfaces, or "0.0.0.0" or "::". An
13faa91230bde46da937bf33010b9accc5bdeb59sd optional port may be specified by appending "#<port>"
13faa91230bde46da937bf33010b9accc5bdeb59sd<dt><span class="term">-c <em class="replaceable"><code>class</code></em></span></dt>
13faa91230bde46da937bf33010b9accc5bdeb59sd Set the query class. The
13faa91230bde46da937bf33010b9accc5bdeb59sd default <em class="parameter"><code>class</code></em> is IN; other classes
13faa91230bde46da937bf33010b9accc5bdeb59sd are HS for Hesiod records or CH for Chaosnet records.
67d4b2f88b8e27bb035d67a046d5aad7db3bfc71gk<dt><span class="term">-f <em class="replaceable"><code>file</code></em></span></dt>
13faa91230bde46da937bf33010b9accc5bdeb59sd Batch mode: <span><strong class="command">dig</strong></span> reads a list of lookup
13faa91230bde46da937bf33010b9accc5bdeb59sd requests to process from the
13faa91230bde46da937bf33010b9accc5bdeb59sd given <em class="parameter"><code>file</code></em>. Each line in the file
13faa91230bde46da937bf33010b9accc5bdeb59sd should be organized in the same way they would be
13faa91230bde46da937bf33010b9accc5bdeb59sd presented as queries to
13faa91230bde46da937bf33010b9accc5bdeb59sd <span><strong class="command">dig</strong></span> using the command-line interface.
13faa91230bde46da937bf33010b9accc5bdeb59sd Do reverse IPv6 lookups using the obsolete RFC1886 IP6.INT
13faa91230bde46da937bf33010b9accc5bdeb59sd domain, which is no longer in use. Obsolete bit string
13faa91230bde46da937bf33010b9accc5bdeb59sd label queries (RFC2874) are not attempted.
13faa91230bde46da937bf33010b9accc5bdeb59sd<dt><span class="term">-k <em class="replaceable"><code>keyfile</code></em></span></dt>
13faa91230bde46da937bf33010b9accc5bdeb59sd Sign queries using TSIG using a key read from the given file.
13faa91230bde46da937bf33010b9accc5bdeb59sd Key files can be generated using
13faa91230bde46da937bf33010b9accc5bdeb59sd <span class="citerefentry"><span class="refentrytitle">tsig-keygen</span>(8)</span>.
13faa91230bde46da937bf33010b9accc5bdeb59sd When using TSIG authentication with <span><strong class="command">dig</strong></span>,
13faa91230bde46da937bf33010b9accc5bdeb59sd the name server that is queried needs to know the key and
13faa91230bde46da937bf33010b9accc5bdeb59sd algorithm that is being used. In BIND, this is done by
67d4b2f88b8e27bb035d67a046d5aad7db3bfc71gk providing appropriate <span><strong class="command">key</strong></span>
13faa91230bde46da937bf33010b9accc5bdeb59sd and <span><strong class="command">server</strong></span> statements in
13faa91230bde46da937bf33010b9accc5bdeb59sd Enable memory usage debugging.
13faa91230bde46da937bf33010b9accc5bdeb59sd<dt><span class="term">-p <em class="replaceable"><code>port</code></em></span></dt>
13faa91230bde46da937bf33010b9accc5bdeb59sd Send the query to a non-standard port on the server,
13faa91230bde46da937bf33010b9accc5bdeb59sd instead of the defaut port 53. This option would be used
13faa91230bde46da937bf33010b9accc5bdeb59sd to test a name server that has been configured to listen
13faa91230bde46da937bf33010b9accc5bdeb59sd for queries on a non-standard port number.
13faa91230bde46da937bf33010b9accc5bdeb59sd<dt><span class="term">-q <em class="replaceable"><code>name</code></em></span></dt>
13faa91230bde46da937bf33010b9accc5bdeb59sd The domain name to query. This is useful to distinguish
13faa91230bde46da937bf33010b9accc5bdeb59sd the <em class="parameter"><code>name</code></em> from other arguments.
13faa91230bde46da937bf33010b9accc5bdeb59sd<dt><span class="term">-t <em class="replaceable"><code>type</code></em></span></dt>
13faa91230bde46da937bf33010b9accc5bdeb59sd The resource record type to query. It can be any valid query type
13faa91230bde46da937bf33010b9accc5bdeb59sd supported in BIND 9. The default query type is "A", unless the
13faa91230bde46da937bf33010b9accc5bdeb59sd <code class="option">-x</code> option is supplied to indicate a reverse lookup.
13faa91230bde46da937bf33010b9accc5bdeb59sd A zone transfer can be requested by specifying a type of AXFR. When
67d4b2f88b8e27bb035d67a046d5aad7db3bfc71gk an incremental zone transfer (IXFR) is required, set the
13faa91230bde46da937bf33010b9accc5bdeb59sd <em class="parameter"><code>type</code></em> to <code class="literal">ixfr=N</code>.
13faa91230bde46da937bf33010b9accc5bdeb59sd The incremental zone transfer will contain the changes
13faa91230bde46da937bf33010b9accc5bdeb59sd made to the zone since the serial number in the zone's SOA
13faa91230bde46da937bf33010b9accc5bdeb59sd record was
13faa91230bde46da937bf33010b9accc5bdeb59sd Print the version number and exit.
13faa91230bde46da937bf33010b9accc5bdeb59sd<dt><span class="term">-x <em class="replaceable"><code>addr</code></em></span></dt>
13faa91230bde46da937bf33010b9accc5bdeb59sd Simplified reverse lookups, for mapping addresses to
13faa91230bde46da937bf33010b9accc5bdeb59sd names. The <em class="parameter"><code>addr</code></em> is an IPv4 address
13faa91230bde46da937bf33010b9accc5bdeb59sd in dotted-decimal notation, or a colon-delimited IPv6
13faa91230bde46da937bf33010b9accc5bdeb59sd address. When the <code class="option">-x</code> is used, there is no
13faa91230bde46da937bf33010b9accc5bdeb59sd need to provide
13faa91230bde46da937bf33010b9accc5bdeb59sd the <em class="parameter"><code>name</code></em>, <em class="parameter"><code>class</code></em>
13faa91230bde46da937bf33010b9accc5bdeb59sd arguments. <span><strong class="command">dig</strong></span> automatically performs a
13faa91230bde46da937bf33010b9accc5bdeb59sd lookup for a name like
13faa91230bde46da937bf33010b9accc5bdeb59sd <code class="literal">94.2.0.192.in-addr.arpa</code> and sets the
13faa91230bde46da937bf33010b9accc5bdeb59sd query type and class to PTR and IN respectively. IPv6
13faa91230bde46da937bf33010b9accc5bdeb59sd addresses are looked up using nibble format under the
13faa91230bde46da937bf33010b9accc5bdeb59sd IP6.ARPA domain (but see also the <code class="option">-i</code>
13faa91230bde46da937bf33010b9accc5bdeb59sd<dt><span class="term">-y <em class="replaceable"><code>[<span class="optional">hmac:</span>]keyname:secret</code></em></span></dt>
13faa91230bde46da937bf33010b9accc5bdeb59sd Sign queries using TSIG with the given authentication key.
13faa91230bde46da937bf33010b9accc5bdeb59sd <em class="parameter"><code>keyname</code></em> is the name of the key, and
13faa91230bde46da937bf33010b9accc5bdeb59sd <em class="parameter"><code>secret</code></em> is the base64 encoded shared secret.
13faa91230bde46da937bf33010b9accc5bdeb59sd <em class="parameter"><code>hmac</code></em> is the name of the key algorithm;
13faa91230bde46da937bf33010b9accc5bdeb59sd <code class="literal">hmac-sha1</code>, <code class="literal">hmac-sha224</code>,
13faa91230bde46da937bf33010b9accc5bdeb59sd <code class="literal">hmac-sha256</code>, <code class="literal">hmac-sha384</code>, or
13faa91230bde46da937bf33010b9accc5bdeb59sd <code class="literal">hmac-sha512</code>. If <em class="parameter"><code>hmac</code></em>
13faa91230bde46da937bf33010b9accc5bdeb59sd is not specified, the default is <code class="literal">hmac-md5</code>.
13faa91230bde46da937bf33010b9accc5bdeb59sd NOTE: You should use the <code class="option">-k</code> option and
13faa91230bde46da937bf33010b9accc5bdeb59sd with <code class="option">-y</code> the shared secret is supplied as
13faa91230bde46da937bf33010b9accc5bdeb59sd a command line argument in clear text. This may be visible
13faa91230bde46da937bf33010b9accc5bdeb59sd in the output from
13faa91230bde46da937bf33010b9accc5bdeb59sd <span class="citerefentry"><span class="refentrytitle">ps</span>(1)</span>
13faa91230bde46da937bf33010b9accc5bdeb59sd or in a history file maintained by the user's shell.
13faa91230bde46da937bf33010b9accc5bdeb59sd provides a number of query options which affect
13faa91230bde46da937bf33010b9accc5bdeb59sd the way in which lookups are made and the results displayed. Some of
13faa91230bde46da937bf33010b9accc5bdeb59sd these set or reset flag bits in the query header, some determine which
13faa91230bde46da937bf33010b9accc5bdeb59sd sections of the answer get printed, and others determine the timeout
13faa91230bde46da937bf33010b9accc5bdeb59sd and retry strategies.
13faa91230bde46da937bf33010b9accc5bdeb59sd Each query option is identified by a keyword preceded by a plus sign
13faa91230bde46da937bf33010b9accc5bdeb59sd (<code class="literal">+</code>). Some keywords set or reset an
13faa91230bde46da937bf33010b9accc5bdeb59sd option. These may be preceded
13faa91230bde46da937bf33010b9accc5bdeb59sd by the string <code class="literal">no</code> to negate the meaning of
13faa91230bde46da937bf33010b9accc5bdeb59sd that keyword. Other
9c94f155585ea35e938fea603bc227c685223abdCheng Sean Ye keywords assign values to options like the timeout interval. They
9c94f155585ea35e938fea603bc227c685223abdCheng Sean Ye have the form <code class="option">+keyword=value</code>.
13faa91230bde46da937bf33010b9accc5bdeb59sd Keywords may be abbreviated, provided the abbreviation is
13faa91230bde46da937bf33010b9accc5bdeb59sd unambiguous; for example, <code class="literal">+cd</code> is equivalent
13faa91230bde46da937bf33010b9accc5bdeb59sd The query options are:
13faa91230bde46da937bf33010b9accc5bdeb59sd<dt><span class="term"><code class="option">+[no]aaflag</code></span></dt>
13faa91230bde46da937bf33010b9accc5bdeb59sd A synonym for <em class="parameter"><code>+[no]aaonly</code></em>.
13faa91230bde46da937bf33010b9accc5bdeb59sd<dt><span class="term"><code class="option">+[no]aaonly</code></span></dt>
13faa91230bde46da937bf33010b9accc5bdeb59sd Sets the "aa" flag in the query.
13faa91230bde46da937bf33010b9accc5bdeb59sd<dt><span class="term"><code class="option">+[no]additional</code></span></dt>
13faa91230bde46da937bf33010b9accc5bdeb59sd Display [do not display] the additional section of a
13faa91230bde46da937bf33010b9accc5bdeb59sd reply. The default is to display it.
13faa91230bde46da937bf33010b9accc5bdeb59sd<dt><span class="term"><code class="option">+[no]adflag</code></span></dt>
13faa91230bde46da937bf33010b9accc5bdeb59sd Set [do not set] the AD (authentic data) bit in the
13faa91230bde46da937bf33010b9accc5bdeb59sd query. This requests the server to return whether
13faa91230bde46da937bf33010b9accc5bdeb59sd all of the answer and authority sections have all
13faa91230bde46da937bf33010b9accc5bdeb59sd been validated as secure according to the security
13faa91230bde46da937bf33010b9accc5bdeb59sd policy of the server. AD=1 indicates that all records
13faa91230bde46da937bf33010b9accc5bdeb59sd have been validated as secure and the answer is not
13faa91230bde46da937bf33010b9accc5bdeb59sd from a OPT-OUT range. AD=0 indicate that some part
13faa91230bde46da937bf33010b9accc5bdeb59sd of the answer was insecure or not validated. This
13faa91230bde46da937bf33010b9accc5bdeb59sd bit is set by default.
13faa91230bde46da937bf33010b9accc5bdeb59sd<dt><span class="term"><code class="option">+[no]all</code></span></dt>
13faa91230bde46da937bf33010b9accc5bdeb59sd Set or clear all display flags.
13faa91230bde46da937bf33010b9accc5bdeb59sd<dt><span class="term"><code class="option">+[no]answer</code></span></dt>
13faa91230bde46da937bf33010b9accc5bdeb59sd Display [do not display] the answer section of a
13faa91230bde46da937bf33010b9accc5bdeb59sd reply. The default is to display it.
13faa91230bde46da937bf33010b9accc5bdeb59sd<dt><span class="term"><code class="option">+[no]authority</code></span></dt>
13faa91230bde46da937bf33010b9accc5bdeb59sd Display [do not display] the authority section of a
13faa91230bde46da937bf33010b9accc5bdeb59sd reply. The default is to display it.
13faa91230bde46da937bf33010b9accc5bdeb59sd<dt><span class="term"><code class="option">+[no]badcookie</code></span></dt>
13faa91230bde46da937bf33010b9accc5bdeb59sd Retry lookup with the new server cookie if a
13faa91230bde46da937bf33010b9accc5bdeb59sd BADCOOKIE response is received.
13faa91230bde46da937bf33010b9accc5bdeb59sd<dt><span class="term"><code class="option">+[no]besteffort</code></span></dt>
13faa91230bde46da937bf33010b9accc5bdeb59sd Attempt to display the contents of messages which are
13faa91230bde46da937bf33010b9accc5bdeb59sd malformed. The default is to not display malformed
13faa91230bde46da937bf33010b9accc5bdeb59sd<dt><span class="term"><code class="option">+bufsize=B</code></span></dt>
13faa91230bde46da937bf33010b9accc5bdeb59sd Set the UDP message buffer size advertised using EDNS0
13faa91230bde46da937bf33010b9accc5bdeb59sd to <em class="parameter"><code>B</code></em> bytes. The maximum and
13faa91230bde46da937bf33010b9accc5bdeb59sd minimum sizes of this buffer are 65535 and 0 respectively.
13faa91230bde46da937bf33010b9accc5bdeb59sd Values outside this range are rounded up or down
13faa91230bde46da937bf33010b9accc5bdeb59sd appropriately. Values other than zero will cause a
13faa91230bde46da937bf33010b9accc5bdeb59sd EDNS query to be sent.
13faa91230bde46da937bf33010b9accc5bdeb59sd<dt><span class="term"><code class="option">+[no]cdflag</code></span></dt>
13faa91230bde46da937bf33010b9accc5bdeb59sd Set [do not set] the CD (checking disabled) bit in
13faa91230bde46da937bf33010b9accc5bdeb59sd the query. This requests the server to not perform
13faa91230bde46da937bf33010b9accc5bdeb59sd DNSSEC validation of responses.
13faa91230bde46da937bf33010b9accc5bdeb59sd<dt><span class="term"><code class="option">+[no]class</code></span></dt>
13faa91230bde46da937bf33010b9accc5bdeb59sd Display [do not display] the CLASS when printing the
13faa91230bde46da937bf33010b9accc5bdeb59sd<dt><span class="term"><code class="option">+[no]cmd</code></span></dt>
13faa91230bde46da937bf33010b9accc5bdeb59sd Toggles the printing of the initial comment in the
13faa91230bde46da937bf33010b9accc5bdeb59sd output identifying the version of <span><strong class="command">dig</strong></span>
13faa91230bde46da937bf33010b9accc5bdeb59sd and the query options that have been applied. This
13faa91230bde46da937bf33010b9accc5bdeb59sd comment is printed by default.
13faa91230bde46da937bf33010b9accc5bdeb59sd<dt><span class="term"><code class="option">+[no]comments</code></span></dt>
13faa91230bde46da937bf33010b9accc5bdeb59sd Toggle the display of comment lines in the output.
13faa91230bde46da937bf33010b9accc5bdeb59sd The default is to print comments.
13faa91230bde46da937bf33010b9accc5bdeb59sd<dt><span class="term"><code class="option">+[no]cookie[<span class="optional">=####</span>]</code></span></dt>
13faa91230bde46da937bf33010b9accc5bdeb59sd Send a COOKIE EDNS option, with optional
13faa91230bde46da937bf33010b9accc5bdeb59sd value. Replaying a COOKIE from a previous response will
13faa91230bde46da937bf33010b9accc5bdeb59sd allow the server to identify a previous client. The
13faa91230bde46da937bf33010b9accc5bdeb59sd <span><strong class="command">+cookie</strong></span> is also set when +trace
13faa91230bde46da937bf33010b9accc5bdeb59sd is set to better emulate the default queries from a
13faa91230bde46da937bf33010b9accc5bdeb59sd nameserver.
13faa91230bde46da937bf33010b9accc5bdeb59sd<dt><span class="term"><code class="option">+[no]crypto</code></span></dt>
13faa91230bde46da937bf33010b9accc5bdeb59sd Toggle the display of cryptographic fields in DNSSEC
13faa91230bde46da937bf33010b9accc5bdeb59sd records. The contents of these field are unnecessary
13faa91230bde46da937bf33010b9accc5bdeb59sd to debug most DNSSEC validation failures and removing
13faa91230bde46da937bf33010b9accc5bdeb59sd them makes it easier to see the common failures. The
13faa91230bde46da937bf33010b9accc5bdeb59sd default is to display the fields. When omitted they
13faa91230bde46da937bf33010b9accc5bdeb59sd are replaced by the string "[omitted]" or in the
13faa91230bde46da937bf33010b9accc5bdeb59sd DNSKEY case the key id is displayed as the replacement,
13faa91230bde46da937bf33010b9accc5bdeb59sd e.g. "[ key id = value ]".
13faa91230bde46da937bf33010b9accc5bdeb59sd<dt><span class="term"><code class="option">+[no]defname</code></span></dt>
13faa91230bde46da937bf33010b9accc5bdeb59sd Deprecated, treated as a synonym for
13faa91230bde46da937bf33010b9accc5bdeb59sd<dt><span class="term"><code class="option">+[no]dnssec</code></span></dt>
13faa91230bde46da937bf33010b9accc5bdeb59sd Requests DNSSEC records be sent by setting the DNSSEC
13faa91230bde46da937bf33010b9accc5bdeb59sd OK bit (DO) in the OPT record in the additional section
13faa91230bde46da937bf33010b9accc5bdeb59sd of the query.
13faa91230bde46da937bf33010b9accc5bdeb59sd<dt><span class="term"><code class="option">+domain=somename</code></span></dt>
13faa91230bde46da937bf33010b9accc5bdeb59sd Set the search list to contain the single domain
13faa91230bde46da937bf33010b9accc5bdeb59sd <em class="parameter"><code>somename</code></em>, as if specified in
13faa91230bde46da937bf33010b9accc5bdeb59sd a <span><strong class="command">domain</strong></span> directive in
13faa91230bde46da937bf33010b9accc5bdeb59sd <code class="filename">/etc/resolv.conf</code>, and enable
13faa91230bde46da937bf33010b9accc5bdeb59sd search list processing as if the
13faa91230bde46da937bf33010b9accc5bdeb59sd <em class="parameter"><code>+search</code></em> option were given.
13faa91230bde46da937bf33010b9accc5bdeb59sd<dt><span class="term"><code class="option">+dscp=value</code></span></dt>
13faa91230bde46da937bf33010b9accc5bdeb59sd Set the DSCP code point to be used when sending the
13faa91230bde46da937bf33010b9accc5bdeb59sd query. Valid DSCP code points are in the range
13faa91230bde46da937bf33010b9accc5bdeb59sd [0..63]. By default no code point is explicitly set.
13faa91230bde46da937bf33010b9accc5bdeb59sd<dt><span class="term"><code class="option">+[no]edns[=#]</code></span></dt>
13faa91230bde46da937bf33010b9accc5bdeb59sd Specify the EDNS version to query with. Valid values
13faa91230bde46da937bf33010b9accc5bdeb59sd are 0 to 255. Setting the EDNS version will cause
13faa91230bde46da937bf33010b9accc5bdeb59sd a EDNS query to be sent. <code class="option">+noedns</code>
13faa91230bde46da937bf33010b9accc5bdeb59sd clears the remembered EDNS version. EDNS is set to
13faa91230bde46da937bf33010b9accc5bdeb59sd 0 by default.
13faa91230bde46da937bf33010b9accc5bdeb59sd<dt><span class="term"><code class="option">+[no]ednsflags[=#]</code></span></dt>
13faa91230bde46da937bf33010b9accc5bdeb59sd Set the must-be-zero EDNS flags bits (Z bits) to the
13faa91230bde46da937bf33010b9accc5bdeb59sd specified value. Decimal, hex and octal encodings are
13faa91230bde46da937bf33010b9accc5bdeb59sd accepted. Setting a named flag (e.g. DO) will silently be
13faa91230bde46da937bf33010b9accc5bdeb59sd ignored. By default, no Z bits are set.
13faa91230bde46da937bf33010b9accc5bdeb59sd<dt><span class="term"><code class="option">+[no]ednsnegotiation</code></span></dt>
13faa91230bde46da937bf33010b9accc5bdeb59sd Enable / disable EDNS version negotiation. By default
b64bfe7dc77dc5c5561cdcd10c80b0b550701a24Trang Do EDNS version negotiation is enabled.
b64bfe7dc77dc5c5561cdcd10c80b0b550701a24Trang Do<dt><span class="term"><code class="option">+[no]ednsopt[=code[:value]]</code></span></dt>
b64bfe7dc77dc5c5561cdcd10c80b0b550701a24Trang Do Specify EDNS option with code point <code class="option">code</code>
b64bfe7dc77dc5c5561cdcd10c80b0b550701a24Trang Do and optionally payload of <code class="option">value</code> as a
b64bfe7dc77dc5c5561cdcd10c80b0b550701a24Trang Do hexadecimal string. <code class="option">+noednsopt</code>
b64bfe7dc77dc5c5561cdcd10c80b0b550701a24Trang Do clears the EDNS options to be sent.
b64bfe7dc77dc5c5561cdcd10c80b0b550701a24Trang Do<dt><span class="term"><code class="option">+[no]expire</code></span></dt>
b64bfe7dc77dc5c5561cdcd10c80b0b550701a24Trang Do Send an EDNS Expire option.
b64bfe7dc77dc5c5561cdcd10c80b0b550701a24Trang Do<dt><span class="term"><code class="option">+[no]fail</code></span></dt>
b64bfe7dc77dc5c5561cdcd10c80b0b550701a24Trang Do Do not try the next server if you receive a SERVFAIL.
13faa91230bde46da937bf33010b9accc5bdeb59sd The default is to not try the next server which is
13faa91230bde46da937bf33010b9accc5bdeb59sd the reverse of normal stub resolver behavior.
13faa91230bde46da937bf33010b9accc5bdeb59sd<dt><span class="term"><code class="option">+[no]header-only</code></span></dt>
13faa91230bde46da937bf33010b9accc5bdeb59sd Send a query with a DNS header without a question section.
13faa91230bde46da937bf33010b9accc5bdeb59sd The default is to add a question section. The query type
13faa91230bde46da937bf33010b9accc5bdeb59sd and query name are ignored when this is set.
13faa91230bde46da937bf33010b9accc5bdeb59sd<dt><span class="term"><code class="option">+[no]identify</code></span></dt>
13faa91230bde46da937bf33010b9accc5bdeb59sd Show [or do not show] the IP address and port number
13faa91230bde46da937bf33010b9accc5bdeb59sd that supplied the answer when the
13faa91230bde46da937bf33010b9accc5bdeb59sd <em class="parameter"><code>+short</code></em> option is enabled. If
13faa91230bde46da937bf33010b9accc5bdeb59sd short form answers are requested, the default is not
13faa91230bde46da937bf33010b9accc5bdeb59sd to show the source address and port number of the
13faa91230bde46da937bf33010b9accc5bdeb59sd server that provided the answer.
13faa91230bde46da937bf33010b9accc5bdeb59sd<dt><span class="term"><code class="option">+[no]ignore</code></span></dt>
13faa91230bde46da937bf33010b9accc5bdeb59sd Ignore truncation in UDP responses instead of retrying
13faa91230bde46da937bf33010b9accc5bdeb59sd with TCP. By default, TCP retries are performed.
13faa91230bde46da937bf33010b9accc5bdeb59sd<dt><span class="term"><code class="option">+[no]keepopen</code></span></dt>
67d4b2f88b8e27bb035d67a046d5aad7db3bfc71gk Keep the TCP socket open between queries and reuse
67d4b2f88b8e27bb035d67a046d5aad7db3bfc71gk it rather than creating a new TCP socket for each
67d4b2f88b8e27bb035d67a046d5aad7db3bfc71gk lookup. The default is <code class="option">+nokeepopen</code>.
67d4b2f88b8e27bb035d67a046d5aad7db3bfc71gk<dt><span class="term"><code class="option">+[no]multiline</code></span></dt>
67d4b2f88b8e27bb035d67a046d5aad7db3bfc71gk Print records like the SOA records in a verbose
67d4b2f88b8e27bb035d67a046d5aad7db3bfc71gk multi-line format with human-readable comments. The
67d4b2f88b8e27bb035d67a046d5aad7db3bfc71gk default is to print each record on a single line, to
67d4b2f88b8e27bb035d67a046d5aad7db3bfc71gk facilitate machine parsing of the <span><strong class="command">dig</strong></span>
67d4b2f88b8e27bb035d67a046d5aad7db3bfc71gk<dt><span class="term"><code class="option">+ndots=D</code></span></dt>
67d4b2f88b8e27bb035d67a046d5aad7db3bfc71gk Set the number of dots that have to appear in
67d4b2f88b8e27bb035d67a046d5aad7db3bfc71gk <em class="parameter"><code>name</code></em> to <em class="parameter"><code>D</code></em>
67d4b2f88b8e27bb035d67a046d5aad7db3bfc71gk for it to be considered absolute. The default value
67d4b2f88b8e27bb035d67a046d5aad7db3bfc71gk is that defined using the ndots statement in
67d4b2f88b8e27bb035d67a046d5aad7db3bfc71gk <code class="filename">/etc/resolv.conf</code>, or 1 if no
13faa91230bde46da937bf33010b9accc5bdeb59sd ndots statement is present. Names with fewer dots
b64bfe7dc77dc5c5561cdcd10c80b0b550701a24Trang Do are interpreted as relative names and will be searched
b64bfe7dc77dc5c5561cdcd10c80b0b550701a24Trang Do for in the domains listed in the <code class="option">search</code>
13faa91230bde46da937bf33010b9accc5bdeb59sd<dt><span class="term"><code class="option">+[no]nsid</code></span></dt>
13faa91230bde46da937bf33010b9accc5bdeb59sd Include an EDNS name server ID request when sending
13faa91230bde46da937bf33010b9accc5bdeb59sd<dt><span class="term"><code class="option">+[no]nssearch</code></span></dt>
13faa91230bde46da937bf33010b9accc5bdeb59sd When this option is set, <span><strong class="command">dig</strong></span>
13faa91230bde46da937bf33010b9accc5bdeb59sd attempts to find the authoritative name servers for
b64bfe7dc77dc5c5561cdcd10c80b0b550701a24Trang Do the zone containing the name being looked up and
13faa91230bde46da937bf33010b9accc5bdeb59sd display the SOA record that each name server has for
13faa91230bde46da937bf33010b9accc5bdeb59sd<dt><span class="term"><code class="option">+[no]onesoa</code></span></dt>
13faa91230bde46da937bf33010b9accc5bdeb59sd Print only one (starting) SOA record when performing
13faa91230bde46da937bf33010b9accc5bdeb59sd an AXFR. The default is to print both the starting
b64bfe7dc77dc5c5561cdcd10c80b0b550701a24Trang Do and ending SOA records.
13faa91230bde46da937bf33010b9accc5bdeb59sd<dt><span class="term"><code class="option">+[no]opcode=value</code></span></dt>
13faa91230bde46da937bf33010b9accc5bdeb59sd Set [restore] the DNS message opcode to the specified
13faa91230bde46da937bf33010b9accc5bdeb59sd value. The default value is QUERY (0).
b64bfe7dc77dc5c5561cdcd10c80b0b550701a24Trang Do<dt><span class="term"><code class="option">+[no]qr</code></span></dt>
13faa91230bde46da937bf33010b9accc5bdeb59sd Print [do not print] the query as it is sent. By
13faa91230bde46da937bf33010b9accc5bdeb59sd default, the query is not printed.
13faa91230bde46da937bf33010b9accc5bdeb59sd<dt><span class="term"><code class="option">+[no]question</code></span></dt>
13faa91230bde46da937bf33010b9accc5bdeb59sd Print [do not print] the question section of a query
13faa91230bde46da937bf33010b9accc5bdeb59sd when an answer is returned. The default is to print
b64bfe7dc77dc5c5561cdcd10c80b0b550701a24Trang Do the question section as a comment.
13faa91230bde46da937bf33010b9accc5bdeb59sd<dt><span class="term"><code class="option">+[no]rdflag</code></span></dt>
13faa91230bde46da937bf33010b9accc5bdeb59sd A synonym for <em class="parameter"><code>+[no]recurse</code></em>.
13faa91230bde46da937bf33010b9accc5bdeb59sd<dt><span class="term"><code class="option">+[no]recurse</code></span></dt>
13faa91230bde46da937bf33010b9accc5bdeb59sd Toggle the setting of the RD (recursion desired) bit
b64bfe7dc77dc5c5561cdcd10c80b0b550701a24Trang Do in the query. This bit is set by default, which means
13faa91230bde46da937bf33010b9accc5bdeb59sd <span><strong class="command">dig</strong></span> normally sends recursive
13faa91230bde46da937bf33010b9accc5bdeb59sd queries. Recursion is automatically disabled when
b64bfe7dc77dc5c5561cdcd10c80b0b550701a24Trang Do <em class="parameter"><code>+trace</code></em> query options are used.
13faa91230bde46da937bf33010b9accc5bdeb59sd<dt><span class="term"><code class="option">+retry=T</code></span></dt>