dig.html revision 78ec962d9828200d18cd0e41b7d6b9792a74923d
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin - Copyright (C) 2004-2011, 2013, 2014 Internet Systems Consortium, Inc. ("ISC")
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin - Copyright (C) 2000-2003 Internet Software Consortium.
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin - Permission to use, copy, modify, and/or distribute this software for any
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin - purpose with or without fee is hereby granted, provided that the above
7c2fbfb345896881c631598ee3852ce9ce33fb07April Chin - copyright notice and this permission notice appear in all copies.
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin - PERFORMANCE OF THIS SOFTWARE.
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin<!-- $Id$ -->
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin<div class="cmdsynopsis"><p><code class="command">dig</code> [@server] [<code class="option">-b <em class="replaceable"><code>address</code></em></code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-f <em class="replaceable"><code>filename</code></em></code>] [<code class="option">-k <em class="replaceable"><code>filename</code></em></code>] [<code class="option">-m</code>] [<code class="option">-p <em class="replaceable"><code>port#</code></em></code>] [<code class="option">-q <em class="replaceable"><code>name</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-v</code>] [<code class="option">-x <em class="replaceable"><code>addr</code></em></code>] [<code class="option">-y <em class="replaceable"><code>[<span class="optional">hmac:</span>]name:key</code></em></code>] [<code class="option">-4</code>] [<code class="option">-6</code>] [name] [type] [class] [queryopt...]</p></div>
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin<div class="cmdsynopsis"><p><code class="command">dig</code> [<code class="option">-h</code>]</p></div>
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin<div class="cmdsynopsis"><p><code class="command">dig</code> [global-queryopt...] [query...]</p></div>
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin (domain information groper) is a flexible tool
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin for interrogating DNS name servers. It performs DNS lookups and
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin displays the answers that are returned from the name server(s) that
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin were queried. Most DNS administrators use <span><strong class="command">dig</strong></span> to
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin troubleshoot DNS problems because of its flexibility, ease of use and
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin clarity of output. Other lookup tools tend to have less functionality
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin than <span><strong class="command">dig</strong></span>.
34f9b3eef6fdadbda0a846aa4d68691ac40eace5Roland Mainz Although <span><strong class="command">dig</strong></span> is normally used with
34f9b3eef6fdadbda0a846aa4d68691ac40eace5Roland Mainz command-line
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin arguments, it also has a batch mode of operation for reading lookup
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin requests from a file. A brief summary of its command-line arguments
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin and options is printed when the <code class="option">-h</code> option is given.
34f9b3eef6fdadbda0a846aa4d68691ac40eace5Roland Mainz Unlike earlier versions, the BIND 9 implementation of
34f9b3eef6fdadbda0a846aa4d68691ac40eace5Roland Mainz <span><strong class="command">dig</strong></span> allows multiple lookups to be issued
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin command line.
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin Unless it is told to query a specific name server,
34f9b3eef6fdadbda0a846aa4d68691ac40eace5Roland Mainz <span><strong class="command">dig</strong></span> will try each of the servers listed in
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin <code class="filename">/etc/resolv.conf</code>. If no usable server addresses
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin are found, <span><strong class="command">dig</strong></span> will send the query to the local
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin When no command line arguments or options are given,
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin <span><strong class="command">dig</strong></span> will perform an NS query for "." (the root).
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin It is possible to set per-user defaults for <span><strong class="command">dig</strong></span> via
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin <code class="filename">${HOME}/.digrc</code>. This file is read and
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin any options in it
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin are applied before the command line arguments.
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin The IN and CH class names overlap with the IN and CH top level
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin domain names. Either use the <code class="option">-t</code> and
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin <code class="option">-c</code> options to specify the type and class,
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin use the <code class="option">-q</code> the specify the domain name, or
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin use "IN." and "CH." when looking up these top level domains.
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin A typical invocation of <span><strong class="command">dig</strong></span> looks like:
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin<pre class="programlisting"> dig @server name type </pre>
34f9b3eef6fdadbda0a846aa4d68691ac40eace5Roland Mainz<dt><span class="term"><code class="constant">server</code></span></dt>
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin is the name or IP address of the name server to query. This
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin can be an IPv4 address in dotted-decimal notation or an IPv6
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin address in colon-delimited notation. When the supplied
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin <em class="parameter"><code>server</code></em> argument is a hostname,
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin <span><strong class="command">dig</strong></span> resolves that name before querying
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin that name server.
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin If no <em class="parameter"><code>server</code></em> argument is
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin provided, <span><strong class="command">dig</strong></span> consults
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin address is found there, it queries the name server at
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin that address. If either of the <code class="option">-4</code> or
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin <code class="option">-6</code> options are in use, then
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin only addresses for the corresponding transport
34f9b3eef6fdadbda0a846aa4d68691ac40eace5Roland Mainz will be tried. If no usable addresses are found,
34f9b3eef6fdadbda0a846aa4d68691ac40eace5Roland Mainz <span><strong class="command">dig</strong></span> will send the query to the
34f9b3eef6fdadbda0a846aa4d68691ac40eace5Roland Mainz local host. The reply from the name server that
34f9b3eef6fdadbda0a846aa4d68691ac40eace5Roland Mainz responds is displayed.
34f9b3eef6fdadbda0a846aa4d68691ac40eace5Roland Mainz<dt><span class="term"><code class="constant">name</code></span></dt>
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin is the name of the resource record that is to be looked up.
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin<dt><span class="term"><code class="constant">type</code></span></dt>
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin indicates what type of query is required —
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin ANY, A, MX, SIG, etc.
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin <em class="parameter"><code>type</code></em> can be any valid query
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin type. If no
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin <em class="parameter"><code>type</code></em> argument is supplied,
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin <span><strong class="command">dig</strong></span> will perform a lookup for an
3e14f97f673e8a630f076077de35afdd43dc1587Roger A. Faulkner The <code class="option">-b</code> option sets the source IP address of the query
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin to <em class="parameter"><code>address</code></em>. This must be a valid
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin address on
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin one of the host's network interfaces or "0.0.0.0" or "::". An optional
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin may be specified by appending "#<port>"
34f9b3eef6fdadbda0a846aa4d68691ac40eace5Roland Mainz The default query class (IN for internet) is overridden by the
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin <code class="option">-c</code> option. <em class="parameter"><code>class</code></em> is
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin class, such as HS for Hesiod records or CH for Chaosnet records.
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin The <code class="option">-f</code> option makes <span><strong class="command">dig </strong></span>
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin in batch mode by reading a list of lookup requests to process from the
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin file <em class="parameter"><code>filename</code></em>. The file contains a
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin queries, one per line. Each entry in the file should be organized in
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin the same way they would be presented as queries to
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin <span><strong class="command">dig</strong></span> using the command-line interface.
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin The <code class="option">-m</code> option enables memory usage debugging.
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin If a non-standard port number is to be queried, the
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin <code class="option">-p</code> option is used. <em class="parameter"><code>port#</code></em> is
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin the port number that <span><strong class="command">dig</strong></span> will send its
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin instead of the standard DNS port number 53. This option would be used
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin to test a name server that has been configured to listen for queries
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin on a non-standard port number.
34f9b3eef6fdadbda0a846aa4d68691ac40eace5Roland Mainz The <code class="option">-4</code> option forces <span><strong class="command">dig</strong></span>
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin use IPv4 query transport. The <code class="option">-6</code> option forces
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin <span><strong class="command">dig</strong></span> to only use IPv6 query transport.
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin The <code class="option">-t</code> option sets the query type to
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin <em class="parameter"><code>type</code></em>. It can be any valid query type
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin supported in BIND 9. The default query type is "A", unless the
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin <code class="option">-x</code> option is supplied to indicate a reverse lookup.
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin A zone transfer can be requested by specifying a type of AXFR. When
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin an incremental zone transfer (IXFR) is required,
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin <em class="parameter"><code>type</code></em> is set to <code class="literal">ixfr=N</code>.
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin The incremental zone transfer will contain the changes made to the zone
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin since the serial number in the zone's SOA record was
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin The <code class="option">-q</code> option sets the query name to
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin <em class="parameter"><code>name</code></em>. This is useful to distinguish the
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin <em class="parameter"><code>name</code></em> from other arguments.
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin The <code class="option">-v</code> causes <span><strong class="command">dig</strong></span> to
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin print the version number and exit.
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin Reverse lookups — mapping addresses to names — are simplified by the
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin <code class="option">-x</code> option. <em class="parameter"><code>addr</code></em> is
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin address in dotted-decimal notation, or a colon-delimited IPv6 address.
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin When this option is used, there is no need to provide the
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin <em class="parameter"><code>name</code></em>, <em class="parameter"><code>class</code></em> and
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin <em class="parameter"><code>type</code></em> arguments. <span><strong class="command">dig</strong></span>
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin automatically performs a lookup for a name like
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin <code class="literal">11.12.13.10.in-addr.arpa</code> and sets the
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin query type and
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin class to PTR and IN respectively. By default, IPv6 addresses are
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin looked up using nibble format under the IP6.ARPA domain.
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin To use the older RFC1886 method using the IP6.INT domain
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin specify the <code class="option">-i</code> option. Bit string labels (RFC2874)
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin are now experimental and are not attempted.
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin To sign the DNS queries sent by <span><strong class="command">dig</strong></span> and
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin responses using transaction signatures (TSIG), specify a TSIG key file
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin using the <code class="option">-k</code> option. You can also specify the TSIG
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin key itself on the command line using the <code class="option">-y</code> option;
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin <em class="parameter"><code>hmac</code></em> is the type of the TSIG, default HMAC-MD5,
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin <em class="parameter"><code>name</code></em> is the name of the TSIG key and
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin <em class="parameter"><code>key</code></em> is the actual key. The key is a
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin encoded string, typically generated by
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin <span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>.
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin Caution should be taken when using the <code class="option">-y</code> option on
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin multi-user systems as the key can be visible in the output from
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin <span class="citerefentry"><span class="refentrytitle">ps</span>(1)</span>
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin or in the shell's history file. When
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin using TSIG authentication with <span><strong class="command">dig</strong></span>, the name
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin server that is queried needs to know the key and algorithm that is
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin being used. In BIND, this is done by providing appropriate
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin <span><strong class="command">key</strong></span> and <span><strong class="command">server</strong></span> statements in
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin provides a number of query options which affect
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin the way in which lookups are made and the results displayed. Some of
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin these set or reset flag bits in the query header, some determine which
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin sections of the answer get printed, and others determine the timeout
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin and retry strategies.
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin Each query option is identified by a keyword preceded by a plus sign
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin (<code class="literal">+</code>). Some keywords set or reset an
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin option. These may be preceded
34f9b3eef6fdadbda0a846aa4d68691ac40eace5Roland Mainz by the string <code class="literal">no</code> to negate the meaning of
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin that keyword. Other
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin keywords assign values to options like the timeout interval. They
34f9b3eef6fdadbda0a846aa4d68691ac40eace5Roland Mainz have the form <code class="option">+keyword=value</code>.
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin The query options are:
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin<dt><span class="term"><code class="option">+[no]aaflag</code></span></dt>
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin A synonym for <em class="parameter"><code>+[no]aaonly</code></em>.
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin<dt><span class="term"><code class="option">+[no]aaonly</code></span></dt>
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin Sets the "aa" flag in the query.
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin<dt><span class="term"><code class="option">+[no]additional</code></span></dt>
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin Display [do not display] the additional section of a
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin reply. The default is to display it.
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin<dt><span class="term"><code class="option">+[no]adflag</code></span></dt>
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin Set [do not set] the AD (authentic data) bit in the
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin query. This requests the server to return whether
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin all of the answer and authority sections have all
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin been validated as secure according to the security
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin policy of the server. AD=1 indicates that all records
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin have been validated as secure and the answer is not
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin from a OPT-OUT range. AD=0 indicate that some part
34f9b3eef6fdadbda0a846aa4d68691ac40eace5Roland Mainz of the answer was insecure or not validated. This
34f9b3eef6fdadbda0a846aa4d68691ac40eace5Roland Mainz bit is set by default.
34f9b3eef6fdadbda0a846aa4d68691ac40eace5Roland Mainz<dt><span class="term"><code class="option">+[no]all</code></span></dt>
34f9b3eef6fdadbda0a846aa4d68691ac40eace5Roland Mainz Set or clear all display flags.
34f9b3eef6fdadbda0a846aa4d68691ac40eace5Roland Mainz<dt><span class="term"><code class="option">+[no]answer</code></span></dt>
34f9b3eef6fdadbda0a846aa4d68691ac40eace5Roland Mainz Display [do not display] the answer section of a
34f9b3eef6fdadbda0a846aa4d68691ac40eace5Roland Mainz reply. The default is to display it.
34f9b3eef6fdadbda0a846aa4d68691ac40eace5Roland Mainz<dt><span class="term"><code class="option">+[no]authority</code></span></dt>
34f9b3eef6fdadbda0a846aa4d68691ac40eace5Roland Mainz Display [do not display] the authority section of a
34f9b3eef6fdadbda0a846aa4d68691ac40eace5Roland Mainz reply. The default is to display it.
34f9b3eef6fdadbda0a846aa4d68691ac40eace5Roland Mainz<dt><span class="term"><code class="option">+[no]besteffort</code></span></dt>
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin Attempt to display the contents of messages which are
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin malformed. The default is to not display malformed
34f9b3eef6fdadbda0a846aa4d68691ac40eace5Roland Mainz<dt><span class="term"><code class="option">+bufsize=B</code></span></dt>
34f9b3eef6fdadbda0a846aa4d68691ac40eace5Roland Mainz Set the UDP message buffer size advertised using EDNS0
34f9b3eef6fdadbda0a846aa4d68691ac40eace5Roland Mainz to <em class="parameter"><code>B</code></em> bytes. The maximum and
34f9b3eef6fdadbda0a846aa4d68691ac40eace5Roland Mainz minimum sizes of this buffer are 65535 and 0 respectively.
34f9b3eef6fdadbda0a846aa4d68691ac40eace5Roland Mainz Values outside this range are rounded up or down
34f9b3eef6fdadbda0a846aa4d68691ac40eace5Roland Mainz appropriately. Values other than zero will cause a
34f9b3eef6fdadbda0a846aa4d68691ac40eace5Roland Mainz EDNS query to be sent.
34f9b3eef6fdadbda0a846aa4d68691ac40eace5Roland Mainz<dt><span class="term"><code class="option">+[no]cdflag</code></span></dt>
34f9b3eef6fdadbda0a846aa4d68691ac40eace5Roland Mainz Set [do not set] the CD (checking disabled) bit in
34f9b3eef6fdadbda0a846aa4d68691ac40eace5Roland Mainz the query. This requests the server to not perform
34f9b3eef6fdadbda0a846aa4d68691ac40eace5Roland Mainz DNSSEC validation of responses.
34f9b3eef6fdadbda0a846aa4d68691ac40eace5Roland Mainz<dt><span class="term"><code class="option">+[no]cl</code></span></dt>
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin Display [do not display] the CLASS when printing the
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin<dt><span class="term"><code class="option">+[no]cmd</code></span></dt>
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin Toggles the printing of the initial comment in the
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin output identifying the version of <span><strong class="command">dig</strong></span>
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin and the query options that have been applied. This
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin comment is printed by default.
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin<dt><span class="term"><code class="option">+[no]comments</code></span></dt>
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin Toggle the display of comment lines in the output.
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin The default is to print comments.
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin<dt><span class="term"><code class="option">+[no]crypto</code></span></dt>
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin Toggle the display of cryptographic fields in DNSSEC
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin records. The contents of these field are unnecessary
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin to debug most DNSSEC validation failures and removing
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin them makes it easier to see the common failures. The
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin default is to display the fields. When omitted they
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin are replaced by the string "[omitted]" or in the
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin DNSKEY case the key id is displayed as the replacement,
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin e.g. "[ key id = value ]".
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin<dt><span class="term"><code class="option">+[no]defname</code></span></dt>
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin Deprecated, treated as a synonym for
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin<dt><span class="term"><code class="option">+[no]dnssec</code></span></dt>
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin Requests DNSSEC records be sent by setting the DNSSEC
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin OK bit (DO) in the OPT record in the additional section
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin of the query.
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin<dt><span class="term"><code class="option">+domain=somename</code></span></dt>
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin Set the search list to contain the single domain
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin <em class="parameter"><code>somename</code></em>, as if specified in
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin a <span><strong class="command">domain</strong></span> directive in
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin <code class="filename">/etc/resolv.conf</code>, and enable
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin search list processing as if the
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin <em class="parameter"><code>+search</code></em> option were given.
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin<dt><span class="term"><code class="option">+dscp=value</code></span></dt>
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin Set the DSCP code point to be used when sending the
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin query. Valid DSCP code points are in the range
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin [0..63]. By default no code point is explicitly set.
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin<dt><span class="term"><code class="option">+[no]edns[=#]</code></span></dt>
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin Specify the EDNS version to query with. Valid values
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin are 0 to 255. Setting the EDNS version will cause
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin a EDNS query to be sent. <code class="option">+noedns</code>
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin clears the remembered EDNS version. EDNS is set to
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin 0 by default.
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin<dt><span class="term"><code class="option">+[no]ednsflags[=#]</code></span></dt>
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin Set the must-be-zero EDNS flags bits (Z bits) to the
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin specified value. Decimal, hex and octal encodings are
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin accepted. Setting a named flag (e.g. DO) will silently be
34f9b3eef6fdadbda0a846aa4d68691ac40eace5Roland Mainz ignored. By default, no Z bits are set.
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin<dt><span class="term"><code class="option">+[no]ednsopt[=code[:value]]</code></span></dt>
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin Specify EDNS option with code point <code class="option">code</code>
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin and optionally payload of <code class="option">value</code> as a
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin hexadecimal string. <code class="option">+noednsopt</code>
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin clears the EDNS options to be sent.
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin<dt><span class="term"><code class="option">+[no]expire</code></span></dt>
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin Send an EDNS Expire option.
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin<dt><span class="term"><code class="option">+[no]fail</code></span></dt>
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin Do not try the next server if you receive a SERVFAIL.
34f9b3eef6fdadbda0a846aa4d68691ac40eace5Roland Mainz The default is to not try the next server which is
34f9b3eef6fdadbda0a846aa4d68691ac40eace5Roland Mainz the reverse of normal stub resolver behavior.
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin<dt><span class="term"><code class="option">+[no]identify</code></span></dt>
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin Show [or do not show] the IP address and port number
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin that supplied the answer when the
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin <em class="parameter"><code>+short</code></em> option is enabled. If
34f9b3eef6fdadbda0a846aa4d68691ac40eace5Roland Mainz short form answers are requested, the default is not
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin to show the source address and port number of the
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin server that provided the answer.
34f9b3eef6fdadbda0a846aa4d68691ac40eace5Roland Mainz<dt><span class="term"><code class="option">+[no]ignore</code></span></dt>
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin Ignore truncation in UDP responses instead of retrying
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin with TCP. By default, TCP retries are performed.
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin<dt><span class="term"><code class="option">+[no]keepopen</code></span></dt>
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin Keep the TCP socket open between queries and reuse
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin it rather than creating a new TCP socket for each
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin lookup. The default is <code class="option">+nokeepopen</code>.
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin<dt><span class="term"><code class="option">+[no]multiline</code></span></dt>
34f9b3eef6fdadbda0a846aa4d68691ac40eace5Roland Mainz Print records like the SOA records in a verbose
34f9b3eef6fdadbda0a846aa4d68691ac40eace5Roland Mainz multi-line format with human-readable comments. The
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin default is to print each record on a single line, to
34f9b3eef6fdadbda0a846aa4d68691ac40eace5Roland Mainz facilitate machine parsing of the <span><strong class="command">dig</strong></span>
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin<dt><span class="term"><code class="option">+ndots=D</code></span></dt>
34f9b3eef6fdadbda0a846aa4d68691ac40eace5Roland Mainz Set the number of dots that have to appear in
34f9b3eef6fdadbda0a846aa4d68691ac40eace5Roland Mainz <em class="parameter"><code>name</code></em> to <em class="parameter"><code>D</code></em>
34f9b3eef6fdadbda0a846aa4d68691ac40eace5Roland Mainz for it to be considered absolute. The default value
34f9b3eef6fdadbda0a846aa4d68691ac40eace5Roland Mainz is that defined using the ndots statement in
34f9b3eef6fdadbda0a846aa4d68691ac40eace5Roland Mainz <code class="filename">/etc/resolv.conf</code>, or 1 if no
34f9b3eef6fdadbda0a846aa4d68691ac40eace5Roland Mainz ndots statement is present. Names with fewer dots
34f9b3eef6fdadbda0a846aa4d68691ac40eace5Roland Mainz are interpreted as relative names and will be searched
34f9b3eef6fdadbda0a846aa4d68691ac40eace5Roland Mainz for in the domains listed in the <code class="option">search</code>
34f9b3eef6fdadbda0a846aa4d68691ac40eace5Roland Mainz or <code class="option">domain</code> directive in
34f9b3eef6fdadbda0a846aa4d68691ac40eace5Roland Mainz <code class="filename">/etc/resolv.conf</code> if
34f9b3eef6fdadbda0a846aa4d68691ac40eace5Roland Mainz<dt><span class="term"><code class="option">+[no]nsid</code></span></dt>
34f9b3eef6fdadbda0a846aa4d68691ac40eace5Roland Mainz Include an EDNS name server ID request when sending
34f9b3eef6fdadbda0a846aa4d68691ac40eace5Roland Mainz<dt><span class="term"><code class="option">+[no]nssearch</code></span></dt>
34f9b3eef6fdadbda0a846aa4d68691ac40eace5Roland Mainz When this option is set, <span><strong class="command">dig</strong></span>
34f9b3eef6fdadbda0a846aa4d68691ac40eace5Roland Mainz attempts to find the authoritative name servers for
34f9b3eef6fdadbda0a846aa4d68691ac40eace5Roland Mainz the zone containing the name being looked up and
34f9b3eef6fdadbda0a846aa4d68691ac40eace5Roland Mainz display the SOA record that each name server has for
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin<dt><span class="term"><code class="option">+[no]onesoa</code></span></dt>
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin Print only one (starting) SOA record when performing
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin an AXFR. The default is to print both the starting
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin and ending SOA records.
34f9b3eef6fdadbda0a846aa4d68691ac40eace5Roland Mainz<dt><span class="term"><code class="option">+[no]qr</code></span></dt>
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin Print [do not print] the query as it is sent. By
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin default, the query is not printed.
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin<dt><span class="term"><code class="option">+[no]question</code></span></dt>
34f9b3eef6fdadbda0a846aa4d68691ac40eace5Roland Mainz Print [do not print] the question section of a query
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin when an answer is returned. The default is to print
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin the question section as a comment.
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin<dt><span class="term"><code class="option">+[no]recurse</code></span></dt>
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin Toggle the setting of the RD (recursion desired) bit
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin in the query. This bit is set by default, which means
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin <span><strong class="command">dig</strong></span> normally sends recursive
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin queries. Recursion is automatically disabled when
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin the <em class="parameter"><code>+nssearch</code></em> or
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin <em class="parameter"><code>+trace</code></em> query options are used.
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin<dt><span class="term"><code class="option">+retry=T</code></span></dt>
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin Sets the number of times to retry UDP queries to
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin server to <em class="parameter"><code>T</code></em> instead of the
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin default, 2. Unlike <em class="parameter"><code>+tries</code></em>,
34f9b3eef6fdadbda0a846aa4d68691ac40eace5Roland Mainz this does not include the initial query.
34f9b3eef6fdadbda0a846aa4d68691ac40eace5Roland Mainz<dt><span class="term"><code class="option">+[no]rrcomments</code></span></dt>
34f9b3eef6fdadbda0a846aa4d68691ac40eace5Roland Mainz Toggle the display of per-record comments in the
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin output (for example, human-readable key information
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin about DNSKEY records). The default is not to print
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin record comments unless multiline mode is active.
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin<dt><span class="term"><code class="option">+[no]search</code></span></dt>
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin Use [do not use] the search list defined by the
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin searchlist or domain directive in
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin <code class="filename">resolv.conf</code> (if any). The search
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin list is not used by default.
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin 'ndots' from <code class="filename">resolv.conf</code> (default 1)
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin which may be overridden by <em class="parameter"><code>+ndots</code></em>
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin determines if the name will be treated as relative
3e14f97f673e8a630f076077de35afdd43dc1587Roger A. Faulkner or not and hence whether a search is eventually
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin performed or not.
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin<dt><span class="term"><code class="option">+[no]short</code></span></dt>
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin Provide a terse answer. The default is to print the
34f9b3eef6fdadbda0a846aa4d68691ac40eace5Roland Mainz answer in a verbose form.
34f9b3eef6fdadbda0a846aa4d68691ac40eace5Roland Mainz<dt><span class="term"><code class="option">+[no]showsearch</code></span></dt>
34f9b3eef6fdadbda0a846aa4d68691ac40eace5Roland Mainz Perform [do not perform] a search showing intermediate
34f9b3eef6fdadbda0a846aa4d68691ac40eace5Roland Mainz<dt><span class="term"><code class="option">+[no]sigchase</code></span></dt>
34f9b3eef6fdadbda0a846aa4d68691ac40eace5Roland Mainz Chase DNSSEC signature chains. Requires dig be
34f9b3eef6fdadbda0a846aa4d68691ac40eace5Roland Mainz compiled with -DDIG_SIGCHASE.
34f9b3eef6fdadbda0a846aa4d68691ac40eace5Roland Mainz<dt><span class="term"><code class="option">+[no]sit[<span class="optional">=####</span>]</code></span></dt>
34f9b3eef6fdadbda0a846aa4d68691ac40eace5Roland Mainz Send a Source Identity Token EDNS option, with optional
34f9b3eef6fdadbda0a846aa4d68691ac40eace5Roland Mainz value. Replaying a SIT from a previous response will
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin allow the server to identify a previous client. The
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin default is <code class="option">+nosit</code>. Currently using
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin experimental value 65001 for the option code.
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin<dt><span class="term"><code class="option">+split=W</code></span></dt>
34f9b3eef6fdadbda0a846aa4d68691ac40eace5Roland Mainz Split long hex- or base64-formatted fields in resource
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin records into chunks of <em class="parameter"><code>W</code></em>
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin characters (where <em class="parameter"><code>W</code></em> is rounded
34f9b3eef6fdadbda0a846aa4d68691ac40eace5Roland Mainz up to the nearest multiple of 4).
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin <em class="parameter"><code>+split=0</code></em> causes fields not to
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin be split at all. The default is 56 characters, or
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin 44 characters when multiline mode is active.
34f9b3eef6fdadbda0a846aa4d68691ac40eace5Roland Mainz<dt><span class="term"><code class="option">+[no]stats</code></span></dt>
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin This query option toggles the printing of statistics:
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin when the query was made, the size of the reply and
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin so on. The default behavior is to print the query
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin statistics.
34f9b3eef6fdadbda0a846aa4d68691ac40eace5Roland Mainz<dt><span class="term"><code class="option">+[no]subnet=addr/prefix</code></span></dt>
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin Send an EDNS Client Subnet option with the specified
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin IP address or network prefix.
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin<dt><span class="term"><code class="option">+[no]tcp</code></span></dt>
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin Use [do not use] TCP when querying name servers. The
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin default behavior is to use UDP unless an
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin <code class="literal">ixfr=N</code> query is requested, in which
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin case the default is TCP. AXFR queries always use
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin<dt><span class="term"><code class="option">+time=T</code></span></dt>
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin Sets the timeout for a query to
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin <em class="parameter"><code>T</code></em> seconds. The default
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin timeout is 5 seconds.
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin An attempt to set <em class="parameter"><code>T</code></em> to less
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin than 1 will result
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin in a query timeout of 1 second being applied.
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin<dt><span class="term"><code class="option">+[no]topdown</code></span></dt>
34f9b3eef6fdadbda0a846aa4d68691ac40eace5Roland Mainz When chasing DNSSEC signature chains perform a top-down
34f9b3eef6fdadbda0a846aa4d68691ac40eace5Roland Mainz validation. Requires dig be compiled with -DDIG_SIGCHASE.
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin<dt><span class="term"><code class="option">+[no]trace</code></span></dt>
34f9b3eef6fdadbda0a846aa4d68691ac40eace5Roland Mainz Toggle tracing of the delegation path from the root
34f9b3eef6fdadbda0a846aa4d68691ac40eace5Roland Mainz name servers for the name being looked up. Tracing
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin is disabled by default. When tracing is enabled,
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin <span><strong class="command">dig</strong></span> makes iterative queries to
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin resolve the name being looked up. It will follow
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin referrals from the root servers, showing the answer
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin from each server that was used to resolve the lookup.
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin <span><strong class="command">+dnssec</strong></span> is also set when +trace
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin is set to better emulate the default queries from a
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin nameserver.
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin<dt><span class="term"><code class="option">+tries=T</code></span></dt>
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin Sets the number of times to try UDP queries to server
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin to <em class="parameter"><code>T</code></em> instead of the default,
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin 3. If <em class="parameter"><code>T</code></em> is less than or equal
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin to zero, the number of tries is silently rounded up
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin<dt><span class="term"><code class="option">+trusted-key=####</code></span></dt>
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin Specifies a file containing trusted keys to be used
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin with <code class="option">+sigchase</code>. Each DNSKEY record
34f9b3eef6fdadbda0a846aa4d68691ac40eace5Roland Mainz must be on its own line.
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin If not specified, <span><strong class="command">dig</strong></span> will look
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin for <code class="filename">/etc/trusted-key.key</code> then
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin <code class="filename">trusted-key.key</code> in the current
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin directory.
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin Requires dig be compiled with -DDIG_SIGCHASE.
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin<dt><span class="term"><code class="option">+[no]ttlid</code></span></dt>
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin Display [do not display] the TTL when printing the
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin<dt><span class="term"><code class="option">+[no]ttlunits</code></span></dt>
3e14f97f673e8a630f076077de35afdd43dc1587Roger A. Faulkner Display [do not display] the TTL in friendly human-readable
3e14f97f673e8a630f076077de35afdd43dc1587Roger A. Faulkner time units of "s", "m", "h", "d", and "w", representing
3e14f97f673e8a630f076077de35afdd43dc1587Roger A. Faulkner seconds, minutes, hours, days and weeks. Implies +ttlid.
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin<dt><span class="term"><code class="option">+[no]vc</code></span></dt>
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin Use [do not use] TCP when querying name servers. This
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin alternate syntax to <em class="parameter"><code>+[no]tcp</code></em>
3e14f97f673e8a630f076077de35afdd43dc1587Roger A. Faulkner is provided for backwards compatibility. The "vc"
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin stands for "virtual circuit".
3e14f97f673e8a630f076077de35afdd43dc1587Roger A. Faulkner<a name="id2545313"></a><h2>MULTIPLE QUERIES</h2>
3e14f97f673e8a630f076077de35afdd43dc1587Roger A. Faulkner The BIND 9 implementation of <span><strong class="command">dig </strong></span>
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin specifying multiple queries on the command line (in addition to
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin supporting the <code class="option">-f</code> batch file option). Each of those
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin queries can be supplied with its own set of flags, options and query
3e14f97f673e8a630f076077de35afdd43dc1587Roger A. Faulkner In this case, each <em class="parameter"><code>query</code></em> argument
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin individual query in the command-line syntax described above. Each
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin consists of any of the standard options and flags, the name to be
3e14f97f673e8a630f076077de35afdd43dc1587Roger A. Faulkner looked up, an optional query type and class and any query options that
3e14f97f673e8a630f076077de35afdd43dc1587Roger A. Faulkner should be applied to that query.
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin A global set of query options, which should be applied to all queries,
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin can also be supplied. These global query options must precede the
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin first tuple of name, class, type, options, flags, and query options
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin supplied on the command line. Any global query options (except
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin the <code class="option">+[no]cmd</code> option) can be
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin overridden by a query-specific set of query options. For example:
34f9b3eef6fdadbda0a846aa4d68691ac40eace5Roland Mainz shows how <span><strong class="command">dig</strong></span> could be used from the
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin command line
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin to make three lookups: an ANY query for <code class="literal">www.isc.org</code>, a
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin reverse lookup of 127.0.0.1 and a query for the NS records of
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin A global query option of <em class="parameter"><code>+qr</code></em> is
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin applied, so
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin that <span><strong class="command">dig</strong></span> shows the initial query it made
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin lookup. The final query has a local query option of
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin <em class="parameter"><code>+noqr</code></em> which means that <span><strong class="command">dig</strong></span>
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin will not print the initial query when it looks up the NS records for
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin If <span><strong class="command">dig</strong></span> has been built with IDN (internationalized
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin domain name) support, it can accept and display non-ASCII domain names.
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin <span><strong class="command">dig</strong></span> appropriately converts character encoding of
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin domain name before sending a request to DNS server or displaying a
3e14f97f673e8a630f076077de35afdd43dc1587Roger A. Faulkner reply from the server.
3e14f97f673e8a630f076077de35afdd43dc1587Roger A. Faulkner If you'd like to turn off the IDN support for some reason, defines
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin the <code class="envar">IDN_DISABLE</code> environment variable.
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin The IDN support is disabled if the variable is set when
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin <span><strong class="command">dig</strong></span> runs.
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin<p><span class="citerefentry"><span class="refentrytitle">host</span>(1)</span>,
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin <span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin <span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin There are probably too many query options.