dig.html revision 297342940ef8a75bd2008ec9e071baf03eef5226
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews - Copyright (C) 2004-2011, 2013, 2014 Internet Systems Consortium, Inc. ("ISC")
f6b909274159da7aaad8463c90f15018136cf6cbTinderbox User - Copyright (C) 2000-2003 Internet Software Consortium.
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews - Permission to use, copy, modify, and/or distribute this software for any
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews - purpose with or without fee is hereby granted, provided that the above
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews - copyright notice and this permission notice appear in all copies.
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews - PERFORMANCE OF THIS SOFTWARE.
dbb012765c735ee0d82dedb116cdc7cf18957814Evan Hunt<!-- $Id$ -->
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
cc51cd2d2076e33117c60c9effcb8caccde4983bWitold Krecicki<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<a name="man.dig"></a><div class="titlepage"></div>
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<div class="cmdsynopsis"><p><code class="command">dig</code> [@server] [<code class="option">-b <em class="replaceable"><code>address</code></em></code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-f <em class="replaceable"><code>filename</code></em></code>] [<code class="option">-k <em class="replaceable"><code>filename</code></em></code>] [<code class="option">-m</code>] [<code class="option">-p <em class="replaceable"><code>port#</code></em></code>] [<code class="option">-q <em class="replaceable"><code>name</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-v</code>] [<code class="option">-x <em class="replaceable"><code>addr</code></em></code>] [<code class="option">-y <em class="replaceable"><code>[<span class="optional">hmac:</span>]name:key</code></em></code>] [<code class="option">-4</code>] [<code class="option">-6</code>] [name] [type] [class] [queryopt...]</p></div>
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<div class="cmdsynopsis"><p><code class="command">dig</code> [<code class="option">-h</code>]</p></div>
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<div class="cmdsynopsis"><p><code class="command">dig</code> [global-queryopt...] [query...]</p></div>
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<p><span><strong class="command">dig</strong></span>
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews (domain information groper) is a flexible tool
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews for interrogating DNS name servers. It performs DNS lookups and
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews displays the answers that are returned from the name server(s) that
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews were queried. Most DNS administrators use <span><strong class="command">dig</strong></span> to
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews troubleshoot DNS problems because of its flexibility, ease of use and
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews clarity of output. Other lookup tools tend to have less functionality
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews than <span><strong class="command">dig</strong></span>.
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews Although <span><strong class="command">dig</strong></span> is normally used with
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews command-line
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews arguments, it also has a batch mode of operation for reading lookup
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews requests from a file. A brief summary of its command-line arguments
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews and options is printed when the <code class="option">-h</code> option is given.
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews Unlike earlier versions, the BIND 9 implementation of
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <span><strong class="command">dig</strong></span> allows multiple lookups to be issued
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews command line.
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews Unless it is told to query a specific name server,
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <span><strong class="command">dig</strong></span> will try each of the servers listed in
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <code class="filename">/etc/resolv.conf</code>. If no usable server addresses
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews are found, <span><strong class="command">dig</strong></span> will send the query to the local
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews When no command line arguments or options are given,
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <span><strong class="command">dig</strong></span> will perform an NS query for "." (the root).
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews It is possible to set per-user defaults for <span><strong class="command">dig</strong></span> via
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <code class="filename">${HOME}/.digrc</code>. This file is read and
ba751492fcc4f161a18b983d4f018a1a52938cb9Evan Hunt any options in it
ba751492fcc4f161a18b983d4f018a1a52938cb9Evan Hunt are applied before the command line arguments.
9f5443280fcfd625a06f63a1b457ed2335840278Mark Andrews The IN and CH class names overlap with the IN and CH top level
095c47be5456c17087d7b39dfc97ebee65e0dfbbMark Andrews domain names. Either use the <code class="option">-t</code> and
095c47be5456c17087d7b39dfc97ebee65e0dfbbMark Andrews <code class="option">-c</code> options to specify the type and class,
095c47be5456c17087d7b39dfc97ebee65e0dfbbMark Andrews use the <code class="option">-q</code> the specify the domain name, or
095c47be5456c17087d7b39dfc97ebee65e0dfbbMark Andrews use "IN." and "CH." when looking up these top level domains.
095c47be5456c17087d7b39dfc97ebee65e0dfbbMark Andrews A typical invocation of <span><strong class="command">dig</strong></span> looks like:
095c47be5456c17087d7b39dfc97ebee65e0dfbbMark Andrews<pre class="programlisting"> dig @server name type </pre>
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dt><span class="term"><code class="constant">server</code></span></dt>
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews is the name or IP address of the name server to query. This
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews can be an IPv4 address in dotted-decimal notation or an IPv6
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews address in colon-delimited notation. When the supplied
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <em class="parameter"><code>server</code></em> argument is a hostname,
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <span><strong class="command">dig</strong></span> resolves that name before querying
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews that name server.
1059bc2e42e8214f8b73d3b4cd181d8394a94a6aFrancis Dupont If no <em class="parameter"><code>server</code></em> argument is
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews provided, <span><strong class="command">dig</strong></span> consults
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <code class="filename">/etc/resolv.conf</code>; if an
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews address is found there, it queries the name server at
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews that address. If either of the <code class="option">-4</code> or
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <code class="option">-6</code> options are in use, then
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews only addresses for the corresponding transport
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews will be tried. If no usable addresses are found,
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <span><strong class="command">dig</strong></span> will send the query to the
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews local host. The reply from the name server that
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews responds is displayed.
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dt><span class="term"><code class="constant">name</code></span></dt>
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews is the name of the resource record that is to be looked up.
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dt><span class="term"><code class="constant">type</code></span></dt>
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews indicates what type of query is required —
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews ANY, A, MX, SIG, etc.
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <em class="parameter"><code>type</code></em> can be any valid query
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <em class="parameter"><code>type</code></em> argument is supplied,
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <span><strong class="command">dig</strong></span> will perform a lookup for an
cc51cd2d2076e33117c60c9effcb8caccde4983bWitold Krecicki The <code class="option">-b</code> option sets the source IP address of the query
cc51cd2d2076e33117c60c9effcb8caccde4983bWitold Krecicki to <em class="parameter"><code>address</code></em>. This must be a valid
cc51cd2d2076e33117c60c9effcb8caccde4983bWitold Krecicki one of the host's network interfaces or "0.0.0.0" or "::". An optional
cc51cd2d2076e33117c60c9effcb8caccde4983bWitold Krecicki may be specified by appending "#<port>"
cc51cd2d2076e33117c60c9effcb8caccde4983bWitold Krecicki The default query class (IN for internet) is overridden by the
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <code class="option">-c</code> option. <em class="parameter"><code>class</code></em> is
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews class, such as HS for Hesiod records or CH for Chaosnet records.
cc51cd2d2076e33117c60c9effcb8caccde4983bWitold Krecicki The <code class="option">-f</code> option makes <span><strong class="command">dig </strong></span>
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews in batch mode by reading a list of lookup requests to process from the
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews file <em class="parameter"><code>filename</code></em>. The file contains a
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews queries, one per line. Each entry in the file should be organized in
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews the same way they would be presented as queries to
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <span><strong class="command">dig</strong></span> using the command-line interface.
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews The <code class="option">-m</code> option enables memory usage debugging.
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews If a non-standard port number is to be queried, the
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <code class="option">-p</code> option is used. <em class="parameter"><code>port#</code></em> is
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews the port number that <span><strong class="command">dig</strong></span> will send its
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews instead of the standard DNS port number 53. This option would be used
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews to test a name server that has been configured to listen for queries
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews on a non-standard port number.
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews The <code class="option">-4</code> option forces <span><strong class="command">dig</strong></span>
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews use IPv4 query transport. The <code class="option">-6</code> option forces
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <span><strong class="command">dig</strong></span> to only use IPv6 query transport.
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews The <code class="option">-t</code> option sets the query type to
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <em class="parameter"><code>type</code></em>. It can be any valid query type
98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt supported in BIND 9. The default query type is "A", unless the
98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt <code class="option">-x</code> option is supplied to indicate a reverse lookup.
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews A zone transfer can be requested by specifying a type of AXFR. When
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews an incremental zone transfer (IXFR) is required,
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <em class="parameter"><code>type</code></em> is set to <code class="literal">ixfr=N</code>.
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews The incremental zone transfer will contain the changes made to the zone
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews since the serial number in the zone's SOA record was
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews The <code class="option">-q</code> option sets the query name to
98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt <em class="parameter"><code>name</code></em>. This is useful to distinguish the
98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt <em class="parameter"><code>name</code></em> from other arguments.
98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt The <code class="option">-v</code> causes <span><strong class="command">dig</strong></span> to
98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt print the version number and exit.
98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt Reverse lookups — mapping addresses to names — are simplified by the
98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt <code class="option">-x</code> option. <em class="parameter"><code>addr</code></em> is
98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt address in dotted-decimal notation, or a colon-delimited IPv6 address.
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews When this option is used, there is no need to provide the
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <em class="parameter"><code>name</code></em>, <em class="parameter"><code>class</code></em> and
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <em class="parameter"><code>type</code></em> arguments. <span><strong class="command">dig</strong></span>
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews automatically performs a lookup for a name like
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <code class="literal">11.12.13.10.in-addr.arpa</code> and sets the
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews query type and
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews class to PTR and IN respectively. By default, IPv6 addresses are
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews looked up using nibble format under the IP6.ARPA domain.
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews To use the older RFC1886 method using the IP6.INT domain
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews specify the <code class="option">-i</code> option. Bit string labels (RFC2874)
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews are now experimental and are not attempted.
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews To sign the DNS queries sent by <span><strong class="command">dig</strong></span> and
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews responses using transaction signatures (TSIG), specify a TSIG key file
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews using the <code class="option">-k</code> option. You can also specify the TSIG
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews key itself on the command line using the <code class="option">-y</code> option;
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <em class="parameter"><code>hmac</code></em> is the type of the TSIG, default HMAC-MD5,
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <em class="parameter"><code>name</code></em> is the name of the TSIG key and
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <em class="parameter"><code>key</code></em> is the actual key. The key is a
2ae159b376dac23870d8005563c585acf85a4b5aEvan Hunt encoded string, typically generated by
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>.
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews Caution should be taken when using the <code class="option">-y</code> option on
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews multi-user systems as the key can be visible in the output from
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <span class="citerefentry"><span class="refentrytitle">ps</span>(1)</span>
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews or in the shell's history file. When
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews using TSIG authentication with <span><strong class="command">dig</strong></span>, the name
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews server that is queried needs to know the key and algorithm that is
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews being used. In BIND, this is done by providing appropriate
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <span><strong class="command">key</strong></span> and <span><strong class="command">server</strong></span> statements in
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<p><span><strong class="command">dig</strong></span>
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews provides a number of query options which affect
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews the way in which lookups are made and the results displayed. Some of
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews these set or reset flag bits in the query header, some determine which
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews sections of the answer get printed, and others determine the timeout
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews and retry strategies.
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews Each query option is identified by a keyword preceded by a plus sign
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews (<code class="literal">+</code>). Some keywords set or reset an
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews option. These may be preceded
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews by the string <code class="literal">no</code> to negate the meaning of
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews that keyword. Other
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews keywords assign values to options like the timeout interval. They
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews have the form <code class="option">+keyword=value</code>.
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews The query options are:
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dt><span class="term"><code class="option">+[no]tcp</code></span></dt>
ba751492fcc4f161a18b983d4f018a1a52938cb9Evan Hunt Use [do not use] TCP when querying name servers. The
ba751492fcc4f161a18b983d4f018a1a52938cb9Evan Hunt default behavior is to use UDP unless
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews an <code class="literal">ixfr=N</code> query is requested, in
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews which case the default is TCP.
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews AXFR queries always use TCP.
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dt><span class="term"><code class="option">+[no]vc</code></span></dt>
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews Use [do not use] TCP when querying name servers. This alternate
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews syntax to <em class="parameter"><code>+[no]tcp</code></em> is
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews provided for backwards
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews compatibility. The "vc" stands for "virtual circuit".
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dt><span class="term"><code class="option">+[no]ignore</code></span></dt>
1059bc2e42e8214f8b73d3b4cd181d8394a94a6aFrancis Dupont Ignore truncation in UDP responses instead of retrying with TCP.
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews default, TCP retries are performed.
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dt><span class="term"><code class="option">+domain=somename</code></span></dt>
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews Set the search list to contain the single domain
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <em class="parameter"><code>somename</code></em>, as if specified in
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <span><strong class="command">domain</strong></span> directive in
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <code class="filename">/etc/resolv.conf</code>, and enable
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews processing as if the <em class="parameter"><code>+search</code></em>
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews option were given.
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dt><span class="term"><code class="option">+[no]search</code></span></dt>
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews Use [do not use] the search list defined by the searchlist or
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews directive in <code class="filename">resolv.conf</code> (if
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews The search list is not used by default.
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dt><span class="term"><code class="option">+[no]showsearch</code></span></dt>
cc51cd2d2076e33117c60c9effcb8caccde4983bWitold Krecicki Perform [do not perform] a search showing intermediate
45fd95544cd650a8e6a0fc39b656d1109b811ac0Evan Hunt<dt><span class="term"><code class="option">+[no]defname</code></span></dt>
cc51cd2d2076e33117c60c9effcb8caccde4983bWitold Krecicki Deprecated, treated as a synonym for <em class="parameter"><code>+[no]search</code></em>
cc51cd2d2076e33117c60c9effcb8caccde4983bWitold Krecicki<dt><span class="term"><code class="option">+[no]aaonly</code></span></dt>
cc51cd2d2076e33117c60c9effcb8caccde4983bWitold Krecicki Sets the "aa" flag in the query.
cc51cd2d2076e33117c60c9effcb8caccde4983bWitold Krecicki<dt><span class="term"><code class="option">+[no]aaflag</code></span></dt>
cc51cd2d2076e33117c60c9effcb8caccde4983bWitold Krecicki A synonym for <em class="parameter"><code>+[no]aaonly</code></em>.
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dt><span class="term"><code class="option">+[no]adflag</code></span></dt>
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews Set [do not set] the AD (authentic data) bit in the
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews query. This requests the server to return whether
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews all of the answer and authority sections have all
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews been validated as secure according to the security
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews policy of the server. AD=1 indicates that all records
cc51cd2d2076e33117c60c9effcb8caccde4983bWitold Krecicki have been validated as secure and the answer is not
cc51cd2d2076e33117c60c9effcb8caccde4983bWitold Krecicki from a OPT-OUT range. AD=0 indicate that some part
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews of the answer was insecure or not validated. This
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews bit is set by default.
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dt><span class="term"><code class="option">+[no]cdflag</code></span></dt>
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews Set [do not set] the CD (checking disabled) bit in the query.
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews requests the server to not perform DNSSEC validation of
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dt><span class="term"><code class="option">+[no]cl</code></span></dt>
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews Display [do not display] the CLASS when printing the record.
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dt><span class="term"><code class="option">+[no]ttlid</code></span></dt>
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews Display [do not display] the TTL when printing the record.
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dt><span class="term"><code class="option">+[no]ttlunits</code></span></dt>
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews Display [do not display] the TTL in friendly human-readable
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews time units of "s", "m", "h", "d", and "w", representing
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews seconds, minutes, hours, days and weeks. Implies +ttlid.
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dt><span class="term"><code class="option">+[no]recurse</code></span></dt>
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews Toggle the setting of the RD (recursion desired) bit
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews in the query. This bit is set by default, which means
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <span><strong class="command">dig</strong></span> normally sends recursive
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews queries. Recursion is automatically disabled when
98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt the <em class="parameter"><code>+nssearch</code></em> or
98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt <em class="parameter"><code>+trace</code></em> query options are used.
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dt><span class="term"><code class="option">+[no]nssearch</code></span></dt>
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews When this option is set, <span><strong class="command">dig</strong></span>
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews attempts to find the
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews authoritative name servers for the zone containing the name
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews looked up and display the SOA record that each name server has
98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt<dt><span class="term"><code class="option">+[no]trace</code></span></dt>
98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt Toggle tracing of the delegation path from the root
98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt name servers for the name being looked up. Tracing
98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt is disabled by default. When tracing is enabled,
98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt <span><strong class="command">dig</strong></span> makes iterative queries to
98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt resolve the name being looked up. It will follow
98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt referrals from the root servers, showing the answer
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews from each server that was used to resolve the lookup.
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <span><strong class="command">+dnssec</strong></span> is also set when +trace is
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews set to better emulate the default queries from a nameserver.
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dt><span class="term"><code class="option">+[no]cmd</code></span></dt>
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews Toggles the printing of the initial comment in the output
98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt the version of <span><strong class="command">dig</strong></span> and the query
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews options that have
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews been applied. This comment is printed by default.
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dt><span class="term"><code class="option">+[no]short</code></span></dt>
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews Provide a terse answer. The default is to print the answer in a
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews verbose form.
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dt><span class="term"><code class="option">+[no]identify</code></span></dt>
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews Show [or do not show] the IP address and port number that
98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt supplied the
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews answer when the <em class="parameter"><code>+short</code></em> option
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews is enabled. If
78608b0a454246d0e1e0169f1d671b8427e48199Francis Dupont short form answers are requested, the default is not to show the
78608b0a454246d0e1e0169f1d671b8427e48199Francis Dupont source address and port number of the server that provided the
ba751492fcc4f161a18b983d4f018a1a52938cb9Evan Hunt<dt><span class="term"><code class="option">+[no]comments</code></span></dt>
78608b0a454246d0e1e0169f1d671b8427e48199Francis Dupont Toggle the display of comment lines in the output. The default
ba751492fcc4f161a18b983d4f018a1a52938cb9Evan Hunt is to print comments.
343aeac7176d28c4a1b9d246b1f7311b4cd5da7dFrancis Dupont<dt><span class="term"><code class="option">+[no]rrcomments</code></span></dt>
343aeac7176d28c4a1b9d246b1f7311b4cd5da7dFrancis Dupont Toggle the display of per-record comments in the output (for
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews example, human-readable key information about DNSKEY records).
12bf5d4796505b4c20680531da96a31e6c2c1144Evan Hunt The default is not to print record comments unless multiline
98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt mode is active.
98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt<dt><span class="term"><code class="option">+[no]crypto</code></span></dt>
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews Toggle the display of cryptographic fields in DNSSEC records.
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews The contents of these field are unnecessary to debug most DNSSEC
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews validation failures and removing them makes it easier to see
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews the common failures. The default is to display the fields.
cf24cbd837617c5cb89f04ba97b262be21a925bfEvan Hunt When omitted they are replaced by the string "[omitted]" or
cf24cbd837617c5cb89f04ba97b262be21a925bfEvan Hunt in the DNSKEY case the key id is displayed as the replacement,
821ff5e8fa1df2e09fea157ee3e298eef6cf4ec9Evan Hunt e.g. "[ key id = value ]".
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dt><span class="term"><code class="option">+split=W</code></span></dt>
1bb2f53b9f74a8ca9812cbe9243ef41190b4da14Evan Hunt Split long hex- or base64-formatted fields in resource
98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt records into chunks of <em class="parameter"><code>W</code></em> characters
98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt (where <em class="parameter"><code>W</code></em> is rounded up to the nearest
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews multiple of 4).
cc51cd2d2076e33117c60c9effcb8caccde4983bWitold Krecicki <em class="parameter"><code>+nosplit</code></em> or
cc51cd2d2076e33117c60c9effcb8caccde4983bWitold Krecicki <em class="parameter"><code>+split=0</code></em> causes fields not to be
cc51cd2d2076e33117c60c9effcb8caccde4983bWitold Krecicki split at all. The default is 56 characters, or 44 characters
cc51cd2d2076e33117c60c9effcb8caccde4983bWitold Krecicki when multiline mode is active.
cc51cd2d2076e33117c60c9effcb8caccde4983bWitold Krecicki<dt><span class="term"><code class="option">+[no]stats</code></span></dt>
cc51cd2d2076e33117c60c9effcb8caccde4983bWitold Krecicki This query option toggles the printing of statistics: when the
cc51cd2d2076e33117c60c9effcb8caccde4983bWitold Krecicki was made, the size of the reply and so on. The default
cc51cd2d2076e33117c60c9effcb8caccde4983bWitold Krecicki to print the query statistics.
cc51cd2d2076e33117c60c9effcb8caccde4983bWitold Krecicki<dt><span class="term"><code class="option">+[no]qr</code></span></dt>
cc51cd2d2076e33117c60c9effcb8caccde4983bWitold Krecicki Print [do not print] the query as it is sent.
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews By default, the query is not printed.
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dt><span class="term"><code class="option">+[no]question</code></span></dt>
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews Print [do not print] the question section of a query when an
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews returned. The default is to print the question section as a
343aeac7176d28c4a1b9d246b1f7311b4cd5da7dFrancis Dupont<dt><span class="term"><code class="option">+[no]answer</code></span></dt>
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews Display [do not display] the answer section of a reply. The
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews is to display it.
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dt><span class="term"><code class="option">+[no]authority</code></span></dt>
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews Display [do not display] the authority section of a reply. The
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews default is to display it.
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dt><span class="term"><code class="option">+[no]additional</code></span></dt>
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews Display [do not display] the additional section of a reply.
343aeac7176d28c4a1b9d246b1f7311b4cd5da7dFrancis Dupont The default is to display it.
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dt><span class="term"><code class="option">+[no]all</code></span></dt>
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews Set or clear all display flags.
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dt><span class="term"><code class="option">+time=T</code></span></dt>
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews Sets the timeout for a query to
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <em class="parameter"><code>T</code></em> seconds. The default
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews timeout is 5 seconds.
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews An attempt to set <em class="parameter"><code>T</code></em> to less
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews than 1 will result
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews in a query timeout of 1 second being applied.
343aeac7176d28c4a1b9d246b1f7311b4cd5da7dFrancis Dupont<dt><span class="term"><code class="option">+tries=T</code></span></dt>
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews Sets the number of times to try UDP queries to server to
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <em class="parameter"><code>T</code></em> instead of the default, 3.
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <em class="parameter"><code>T</code></em> is less than or equal to
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews zero, the number of
b7c6138405d62bae04bd4d065d4a2057ff125707Francis Dupont tries is silently rounded up to 1.
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dt><span class="term"><code class="option">+retry=T</code></span></dt>
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews Sets the number of times to retry UDP queries to server to
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <em class="parameter"><code>T</code></em> instead of the default, 2.
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <em class="parameter"><code>+tries</code></em>, this does not include
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dt><span class="term"><code class="option">+ndots=D</code></span></dt>
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews Set the number of dots that have to appear in
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <em class="parameter"><code>name</code></em> to <em class="parameter"><code>D</code></em> for it to be
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews considered absolute. The default value is that defined using
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews ndots statement in <code class="filename">/etc/resolv.conf</code>, or 1 if no
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews ndots statement is present. Names with fewer dots are
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews interpreted as
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews relative names and will be searched for in the domains listed in
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <code class="option">search</code> or <code class="option">domain</code> directive in
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <code class="filename">/etc/resolv.conf</code>.
ba751492fcc4f161a18b983d4f018a1a52938cb9Evan Hunt<dt><span class="term"><code class="option">+bufsize=B</code></span></dt>
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews Set the UDP message buffer size advertised using EDNS0 to
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <em class="parameter"><code>B</code></em> bytes. The maximum and minimum sizes
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews of this buffer are 65535 and 0 respectively. Values outside
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews this range are rounded up or down appropriately.
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews Values other than zero will cause a EDNS query to be sent.
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dt><span class="term"><code class="option">+edns=#</code></span></dt>
98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt Specify the EDNS version to query with. Valid values
98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt are 0 to 255. Setting the EDNS version will cause
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews a EDNS query to be sent. <code class="option">+noedns</code>
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews clears the remembered EDNS version. EDNS is set to
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews 0 by default.
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dt><span class="term"><code class="option">+[no]ednsopt[=code[:value]]</code></span></dt>
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews Specify EDNS option with code point <code class="option">code</code>
98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt and optionally payload of <code class="option">value</code> as a
cc51cd2d2076e33117c60c9effcb8caccde4983bWitold Krecicki hexadecimal string. <code class="option">+noednsopt</code>
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews clears the EDNS options to to be sent.
343aeac7176d28c4a1b9d246b1f7311b4cd5da7dFrancis Dupont<dt><span class="term"><code class="option">+[no]multiline</code></span></dt>
343aeac7176d28c4a1b9d246b1f7311b4cd5da7dFrancis Dupont Print records like the SOA records in a verbose multi-line
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews format with human-readable comments. The default is to print
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews each record on a single line, to facilitate machine parsing
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews of the <span><strong class="command">dig</strong></span> output.
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dt><span class="term"><code class="option">+[no]onesoa</code></span></dt>
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews Print only one (starting) SOA record when performing
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews an AXFR. The default is to print both the starting and
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews ending SOA records.
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dt><span class="term"><code class="option">+[no]fail</code></span></dt>
84f95ddb2572641022619950a211aff49e331c98Mukund Sivaraman Do not try the next server if you receive a SERVFAIL. The
343aeac7176d28c4a1b9d246b1f7311b4cd5da7dFrancis Dupont to not try the next server which is the reverse of normal stub
98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt<dt><span class="term"><code class="option">+[no]besteffort</code></span></dt>
98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt Attempt to display the contents of messages which are malformed.
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews The default is to not display malformed answers.
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dt><span class="term"><code class="option">+[no]dnssec</code></span></dt>
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews Requests DNSSEC records be sent by setting the DNSSEC OK bit
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews in the OPT record in the additional section of the query.
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dt><span class="term"><code class="option">+[no]sigchase</code></span></dt>
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews Chase DNSSEC signature chains. Requires dig be compiled with
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews -DDIG_SIGCHASE.
98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt<dt><span class="term"><code class="option">+trusted-key=####</code></span></dt>
98091cb21da79b0c7fd329fd64497dcb03402467Evan Hunt Specifies a file containing trusted keys to be used with
343aeac7176d28c4a1b9d246b1f7311b4cd5da7dFrancis Dupont <code class="option">+sigchase</code>. Each DNSKEY record must be
343aeac7176d28c4a1b9d246b1f7311b4cd5da7dFrancis Dupont on its own line.
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews If not specified, <span><strong class="command">dig</strong></span> will look for
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <code class="filename">/etc/trusted-key.key</code> then
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <code class="filename">trusted-key.key</code> in the current directory.
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews Requires dig be compiled with -DDIG_SIGCHASE.
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dt><span class="term"><code class="option">+[no]topdown</code></span></dt>
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews When chasing DNSSEC signature chains perform a top-down
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews Requires dig be compiled with -DDIG_SIGCHASE.
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dt><span class="term"><code class="option">+[no]nsid</code></span></dt>
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews Include an EDNS name server ID request when sending a query.
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dt><span class="term"><code class="option">+[no]keepopen</code></span></dt>
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews Keep the TCP socket open between queries and reuse it rather
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews than creating a new TCP socket for each lookup. The default
ba751492fcc4f161a18b983d4f018a1a52938cb9Evan Hunt<dt><span class="term"><code class="option">+[no]sit[<span class="optional">=####</span>]</code></span></dt>
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews Send a Source Identity Token EDNS option, with optional value.
5c4e0c7800b5c7783e7f8b9ce80a6f8dc47f8856Mark Andrews Replaying a SIT from a previous response will allow the
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews server to identify a previous client. The default is
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <code class="option">+nosit</code>. Currently using experimental value
84f95ddb2572641022619950a211aff49e331c98Mukund Sivaraman 65001 for the option code.
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dt><span class="term"><code class="option">+[no]subnet=addr/prefix</code></span></dt>
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews Send an EDNS Client Subnet option with the speciifed
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews IP address or network prefix.
98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt<dt><span class="term"><code class="option">+[no]expire</code></span></dt>
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews Send an EDNS Expire option. Currently using experimental
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews value 65002 for the option code.
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<a name="id2545531"></a><h2>MULTIPLE QUERIES</h2>
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews The BIND 9 implementation of <span><strong class="command">dig </strong></span>
343aeac7176d28c4a1b9d246b1f7311b4cd5da7dFrancis Dupont specifying multiple queries on the command line (in addition to
ba751492fcc4f161a18b983d4f018a1a52938cb9Evan Hunt supporting the <code class="option">-f</code> batch file option). Each of those
98091cb21da79b0c7fd329fd64497dcb03402467Evan Hunt queries can be supplied with its own set of flags, options and query
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews In this case, each <em class="parameter"><code>query</code></em> argument
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews represent an
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews individual query in the command-line syntax described above. Each
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews consists of any of the standard options and flags, the name to be
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews looked up, an optional query type and class and any query options that
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews should be applied to that query.
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews A global set of query options, which should be applied to all queries,
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews can also be supplied. These global query options must precede the
ba751492fcc4f161a18b983d4f018a1a52938cb9Evan Hunt first tuple of name, class, type, options, flags, and query options
98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt supplied on the command line. Any global query options (except
5c4e0c7800b5c7783e7f8b9ce80a6f8dc47f8856Mark Andrews the <code class="option">+[no]cmd</code> option) can be
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews overridden by a query-specific set of query options. For example:
84f95ddb2572641022619950a211aff49e331c98Mukund Sivaramandig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews shows how <span><strong class="command">dig</strong></span> could be used from the
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews command line
cc51cd2d2076e33117c60c9effcb8caccde4983bWitold Krecicki to make three lookups: an ANY query for <code class="literal">www.isc.org</code>, a
98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt reverse lookup of 127.0.0.1 and a query for the NS records of
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews A global query option of <em class="parameter"><code>+qr</code></em> is
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews that <span><strong class="command">dig</strong></span> shows the initial query it made
78608b0a454246d0e1e0169f1d671b8427e48199Francis Dupont lookup. The final query has a local query option of
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <em class="parameter"><code>+noqr</code></em> which means that <span><strong class="command">dig</strong></span>
12bf5d4796505b4c20680531da96a31e6c2c1144Evan Hunt will not print the initial query when it looks up the NS records for
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews If <span><strong class="command">dig</strong></span> has been built with IDN (internationalized
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews domain name) support, it can accept and display non-ASCII domain names.
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <span><strong class="command">dig</strong></span> appropriately converts character encoding of
cc51cd2d2076e33117c60c9effcb8caccde4983bWitold Krecicki domain name before sending a request to DNS server or displaying a
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews reply from the server.
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews If you'd like to turn off the IDN support for some reason, defines
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews the <code class="envar">IDN_DISABLE</code> environment variable.
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews The IDN support is disabled if the variable is set when
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <span><strong class="command">dig</strong></span> runs.
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<p><code class="filename">/etc/resolv.conf</code>
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<p><span class="citerefentry"><span class="refentrytitle">host</span>(1)</span>,
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews There are probably too many query options.