man.dig.html revision 990d0e893f5b70e735cdf990af66e9ec6e91fa78
359deb60c25147e91a69c227ace686654ea7f484Lennart Poettering - Copyright (C) 2004-2014 Internet Systems Consortium, Inc. ("ISC")
359deb60c25147e91a69c227ace686654ea7f484Lennart Poettering - Copyright (C) 2000-2003 Internet Software Consortium.
359deb60c25147e91a69c227ace686654ea7f484Lennart Poettering - Permission to use, copy, modify, and/or distribute this software for any
359deb60c25147e91a69c227ace686654ea7f484Lennart Poettering - purpose with or without fee is hereby granted, provided that the above
359deb60c25147e91a69c227ace686654ea7f484Lennart Poettering - copyright notice and this permission notice appear in all copies.
359deb60c25147e91a69c227ace686654ea7f484Lennart Poettering - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
359deb60c25147e91a69c227ace686654ea7f484Lennart Poettering - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
359deb60c25147e91a69c227ace686654ea7f484Lennart Poettering - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
359deb60c25147e91a69c227ace686654ea7f484Lennart Poettering - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
359deb60c25147e91a69c227ace686654ea7f484Lennart Poettering - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
359deb60c25147e91a69c227ace686654ea7f484Lennart Poettering - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
359deb60c25147e91a69c227ace686654ea7f484Lennart Poettering - PERFORMANCE OF THIS SOFTWARE.
359deb60c25147e91a69c227ace686654ea7f484Lennart Poettering<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
359deb60c25147e91a69c227ace686654ea7f484Lennart Poettering<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
359deb60c25147e91a69c227ace686654ea7f484Lennart Poettering<link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
21ac6ff143cc8bebfbd1818af28e8c6f82cd5265Zbigniew Jędrzejewski-Szmek<link rel="up" href="Bv9ARM.ch10.html" title="Manual pages">
21ac6ff143cc8bebfbd1818af28e8c6f82cd5265Zbigniew Jędrzejewski-Szmek<link rel="prev" href="Bv9ARM.ch10.html" title="Manual pages">
359deb60c25147e91a69c227ace686654ea7f484Lennart Poettering<link rel="next" href="man.host.html" title="host">
359deb60c25147e91a69c227ace686654ea7f484Lennart Poettering<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
359deb60c25147e91a69c227ace686654ea7f484Lennart Poettering<table width="100%" summary="Navigation header">
359deb60c25147e91a69c227ace686654ea7f484Lennart Poettering<tr><th colspan="3" align="center">dig</th></tr>
359deb60c25147e91a69c227ace686654ea7f484Lennart Poettering<a accesskey="p" href="Bv9ARM.ch10.html">Prev</a>�</td>
359deb60c25147e91a69c227ace686654ea7f484Lennart Poettering<th width="60%" align="center">Manual pages</th>
359deb60c25147e91a69c227ace686654ea7f484Lennart Poettering<td width="20%" align="right">�<a accesskey="n" href="man.host.html">Next</a>
bb150966c0687d2fa94da0a36dabba90c1a84b8bHarald Hoyer<a name="man.dig"></a><div class="titlepage"></div>
359deb60c25147e91a69c227ace686654ea7f484Lennart Poettering<div class="cmdsynopsis"><p><code class="command">dig</code> [@server] [<code class="option">-b <em class="replaceable"><code>address</code></em></code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-f <em class="replaceable"><code>filename</code></em></code>] [<code class="option">-k <em class="replaceable"><code>filename</code></em></code>] [<code class="option">-m</code>] [<code class="option">-p <em class="replaceable"><code>port#</code></em></code>] [<code class="option">-q <em class="replaceable"><code>name</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-x <em class="replaceable"><code>addr</code></em></code>] [<code class="option">-y <em class="replaceable"><code>[<span class="optional">hmac:</span>]name:key</code></em></code>] [<code class="option">-4</code>] [<code class="option">-6</code>] [name] [type] [class] [queryopt...]</p></div>
359deb60c25147e91a69c227ace686654ea7f484Lennart Poettering<div class="cmdsynopsis"><p><code class="command">dig</code> [<code class="option">-h</code>]</p></div>
359deb60c25147e91a69c227ace686654ea7f484Lennart Poettering<div class="cmdsynopsis"><p><code class="command">dig</code> [global-queryopt...] [query...]</p></div>
359deb60c25147e91a69c227ace686654ea7f484Lennart Poettering<a name="id2613210"></a><h2>DESCRIPTION</h2>
359deb60c25147e91a69c227ace686654ea7f484Lennart Poettering<p><span><strong class="command">dig</strong></span>
359deb60c25147e91a69c227ace686654ea7f484Lennart Poettering (domain information groper) is a flexible tool
359deb60c25147e91a69c227ace686654ea7f484Lennart Poettering for interrogating DNS name servers. It performs DNS lookups and
fa3868c6d317b88715c55422b898f9070afe6575Zbigniew Jędrzejewski-Szmek displays the answers that are returned from the name server(s) that
fa3868c6d317b88715c55422b898f9070afe6575Zbigniew Jędrzejewski-Szmek were queried. Most DNS administrators use <span><strong class="command">dig</strong></span> to
fa3868c6d317b88715c55422b898f9070afe6575Zbigniew Jędrzejewski-Szmek troubleshoot DNS problems because of its flexibility, ease of use and
359deb60c25147e91a69c227ace686654ea7f484Lennart Poettering clarity of output. Other lookup tools tend to have less functionality
359deb60c25147e91a69c227ace686654ea7f484Lennart Poettering than <span><strong class="command">dig</strong></span>.
fa3868c6d317b88715c55422b898f9070afe6575Zbigniew Jędrzejewski-Szmek Although <span><strong class="command">dig</strong></span> is normally used with
bb150966c0687d2fa94da0a36dabba90c1a84b8bHarald Hoyer arguments, it also has a batch mode of operation for reading lookup
fa3868c6d317b88715c55422b898f9070afe6575Zbigniew Jędrzejewski-Szmek requests from a file. A brief summary of its command-line arguments
fa3868c6d317b88715c55422b898f9070afe6575Zbigniew Jędrzejewski-Szmek and options is printed when the <code class="option">-h</code> option is given.
fa3868c6d317b88715c55422b898f9070afe6575Zbigniew Jędrzejewski-Szmek Unlike earlier versions, the BIND 9 implementation of
fa3868c6d317b88715c55422b898f9070afe6575Zbigniew Jędrzejewski-Szmek <span><strong class="command">dig</strong></span> allows multiple lookups to be issued
fa3868c6d317b88715c55422b898f9070afe6575Zbigniew Jędrzejewski-Szmek Unless it is told to query a specific name server,
fa3868c6d317b88715c55422b898f9070afe6575Zbigniew Jędrzejewski-Szmek <span><strong class="command">dig</strong></span> will try each of the servers listed in
359deb60c25147e91a69c227ace686654ea7f484Lennart Poettering <code class="filename">/etc/resolv.conf</code>. If no usable server addresses
1700761b0678a5f5b43dc5224a97cc1922f74fadSimon Peeters are found, <span><strong class="command">dig</strong></span> will send the query to the local
fa3868c6d317b88715c55422b898f9070afe6575Zbigniew Jędrzejewski-Szmek When no command line arguments or options are given,
a65615ca5d78be0dcd7d9c9b4a663fa75f758606Lennart Poettering <span><strong class="command">dig</strong></span> will perform an NS query for "." (the root).
9ea9d4cf1656075559fcd6aeceb9530714c87d5bLennart Poettering It is possible to set per-user defaults for <span><strong class="command">dig</strong></span> via
9ea9d4cf1656075559fcd6aeceb9530714c87d5bLennart Poettering <code class="filename">${HOME}/.digrc</code>. This file is read and
9ea9d4cf1656075559fcd6aeceb9530714c87d5bLennart Poettering any options in it
9ea9d4cf1656075559fcd6aeceb9530714c87d5bLennart Poettering are applied before the command line arguments.
a65615ca5d78be0dcd7d9c9b4a663fa75f758606Lennart Poettering The IN and CH class names overlap with the IN and CH top level
a65615ca5d78be0dcd7d9c9b4a663fa75f758606Lennart Poettering domains names. Either use the <code class="option">-t</code> and
a65615ca5d78be0dcd7d9c9b4a663fa75f758606Lennart Poettering <code class="option">-c</code> options to specify the type and class,
a65615ca5d78be0dcd7d9c9b4a663fa75f758606Lennart Poettering use the <code class="option">-q</code> the specify the domain name, or
142c4ecaa9840714d49b40b1de407748b52f21d7Zbigniew Jędrzejewski-Szmek use "IN." and "CH." when looking up these top level domains.
142c4ecaa9840714d49b40b1de407748b52f21d7Zbigniew Jędrzejewski-Szmek<a name="id2613313"></a><h2>SIMPLE USAGE</h2>
359deb60c25147e91a69c227ace686654ea7f484Lennart Poettering A typical invocation of <span><strong class="command">dig</strong></span> looks like:
359deb60c25147e91a69c227ace686654ea7f484Lennart Poettering<pre class="programlisting"> dig @server name type </pre>
142c4ecaa9840714d49b40b1de407748b52f21d7Zbigniew Jędrzejewski-Szmek<dt><span class="term"><code class="constant">server</code></span></dt>
359deb60c25147e91a69c227ace686654ea7f484Lennart Poettering is the name or IP address of the name server to query. This
359deb60c25147e91a69c227ace686654ea7f484Lennart Poettering can be an IPv4 address in dotted-decimal notation or an IPv6
359deb60c25147e91a69c227ace686654ea7f484Lennart Poettering address in colon-delimited notation. When the supplied
359deb60c25147e91a69c227ace686654ea7f484Lennart Poettering <em class="parameter"><code>server</code></em> argument is a hostname,
e9dd9f9547350c7dc0473583b5c2228dc8f0ab76Jason St. John <span><strong class="command">dig</strong></span> resolves that name before querying
359deb60c25147e91a69c227ace686654ea7f484Lennart Poettering that name server.
359deb60c25147e91a69c227ace686654ea7f484Lennart Poettering If no <em class="parameter"><code>server</code></em> argument is
359deb60c25147e91a69c227ace686654ea7f484Lennart Poettering provided, <span><strong class="command">dig</strong></span> consults
359deb60c25147e91a69c227ace686654ea7f484Lennart Poettering <code class="filename">/etc/resolv.conf</code>; if an
359deb60c25147e91a69c227ace686654ea7f484Lennart Poettering address is found there, it queries the name server at
359deb60c25147e91a69c227ace686654ea7f484Lennart Poettering that address. If either of the <code class="option">-4</code> or
359deb60c25147e91a69c227ace686654ea7f484Lennart Poettering <code class="option">-6</code> options are in use, then
359deb60c25147e91a69c227ace686654ea7f484Lennart Poettering only addresses for the corresponding transport
359deb60c25147e91a69c227ace686654ea7f484Lennart Poettering will be tried. If no usable addresses are found,
359deb60c25147e91a69c227ace686654ea7f484Lennart Poettering <span><strong class="command">dig</strong></span> will send the query to the
359deb60c25147e91a69c227ace686654ea7f484Lennart Poettering local host. The reply from the name server that
359deb60c25147e91a69c227ace686654ea7f484Lennart Poettering responds is displayed.
fa3868c6d317b88715c55422b898f9070afe6575Zbigniew Jędrzejewski-Szmek<dt><span class="term"><code class="constant">name</code></span></dt>
bb150966c0687d2fa94da0a36dabba90c1a84b8bHarald Hoyer is the name of the resource record that is to be looked up.
bb150966c0687d2fa94da0a36dabba90c1a84b8bHarald Hoyer<dt><span class="term"><code class="constant">type</code></span></dt>
bb150966c0687d2fa94da0a36dabba90c1a84b8bHarald Hoyer indicates what type of query is required —
bb150966c0687d2fa94da0a36dabba90c1a84b8bHarald Hoyer ANY, A, MX, SIG, etc.
bb150966c0687d2fa94da0a36dabba90c1a84b8bHarald Hoyer <em class="parameter"><code>type</code></em> can be any valid query
359deb60c25147e91a69c227ace686654ea7f484Lennart Poettering <em class="parameter"><code>type</code></em> argument is supplied,
359deb60c25147e91a69c227ace686654ea7f484Lennart Poettering <span><strong class="command">dig</strong></span> will perform a lookup for an
816f25e86ab690da6e408bc8d5b03dae9cc1b219Lennart Poettering The <code class="option">-b</code> option sets the source IP address of the query
1700761b0678a5f5b43dc5224a97cc1922f74fadSimon Peeters to <em class="parameter"><code>address</code></em>. This must be a valid
816f25e86ab690da6e408bc8d5b03dae9cc1b219Lennart Poettering one of the host's network interfaces or "0.0.0.0" or "::". An optional
816f25e86ab690da6e408bc8d5b03dae9cc1b219Lennart Poettering may be specified by appending "#<port>"
816f25e86ab690da6e408bc8d5b03dae9cc1b219Lennart Poettering The default query class (IN for internet) is overridden by the
e55933db18d1037876e7a0962bcf6ef6c0bbbd68Łukasz Stelmach <code class="option">-c</code> option. <em class="parameter"><code>class</code></em> is
9ea9d4cf1656075559fcd6aeceb9530714c87d5bLennart Poettering class, such as HS for Hesiod records or CH for Chaosnet records.
9ea9d4cf1656075559fcd6aeceb9530714c87d5bLennart Poettering The <code class="option">-f</code> option makes <span><strong class="command">dig </strong></span>
a65615ca5d78be0dcd7d9c9b4a663fa75f758606Lennart Poettering in batch mode by reading a list of lookup requests to process from the
a65615ca5d78be0dcd7d9c9b4a663fa75f758606Lennart Poettering file <em class="parameter"><code>filename</code></em>. The file contains a
a65615ca5d78be0dcd7d9c9b4a663fa75f758606Lennart Poettering queries, one per line. Each entry in the file should be organized in
a65615ca5d78be0dcd7d9c9b4a663fa75f758606Lennart Poettering the same way they would be presented as queries to
a65615ca5d78be0dcd7d9c9b4a663fa75f758606Lennart Poettering <span><strong class="command">dig</strong></span> using the command-line interface.
142c4ecaa9840714d49b40b1de407748b52f21d7Zbigniew Jędrzejewski-Szmek The <code class="option">-m</code> option enables memory usage debugging.
142c4ecaa9840714d49b40b1de407748b52f21d7Zbigniew Jędrzejewski-Szmek If a non-standard port number is to be queried, the
142c4ecaa9840714d49b40b1de407748b52f21d7Zbigniew Jędrzejewski-Szmek <code class="option">-p</code> option is used. <em class="parameter"><code>port#</code></em> is
142c4ecaa9840714d49b40b1de407748b52f21d7Zbigniew Jędrzejewski-Szmek the port number that <span><strong class="command">dig</strong></span> will send its
142c4ecaa9840714d49b40b1de407748b52f21d7Zbigniew Jędrzejewski-Szmek instead of the standard DNS port number 53. This option would be used
142c4ecaa9840714d49b40b1de407748b52f21d7Zbigniew Jędrzejewski-Szmek to test a name server that has been configured to listen for queries
142c4ecaa9840714d49b40b1de407748b52f21d7Zbigniew Jędrzejewski-Szmek on a non-standard port number.
359deb60c25147e91a69c227ace686654ea7f484Lennart Poettering The <code class="option">-4</code> option forces <span><strong class="command">dig</strong></span>
359deb60c25147e91a69c227ace686654ea7f484Lennart Poettering use IPv4 query transport. The <code class="option">-6</code> option forces
359deb60c25147e91a69c227ace686654ea7f484Lennart Poettering <span><strong class="command">dig</strong></span> to only use IPv6 query transport.
359deb60c25147e91a69c227ace686654ea7f484Lennart Poettering The <code class="option">-t</code> option sets the query type to
359deb60c25147e91a69c227ace686654ea7f484Lennart Poettering <em class="parameter"><code>type</code></em>. It can be any valid query type
359deb60c25147e91a69c227ace686654ea7f484Lennart Poettering supported in BIND 9. The default query type is "A", unless the
359deb60c25147e91a69c227ace686654ea7f484Lennart Poettering <code class="option">-x</code> option is supplied to indicate a reverse lookup.
359deb60c25147e91a69c227ace686654ea7f484Lennart Poettering A zone transfer can be requested by specifying a type of AXFR. When
142c4ecaa9840714d49b40b1de407748b52f21d7Zbigniew Jędrzejewski-Szmek an incremental zone transfer (IXFR) is required,
142c4ecaa9840714d49b40b1de407748b52f21d7Zbigniew Jędrzejewski-Szmek <em class="parameter"><code>type</code></em> is set to <code class="literal">ixfr=N</code>.
359deb60c25147e91a69c227ace686654ea7f484Lennart Poettering The incremental zone transfer will contain the changes made to the zone
1700761b0678a5f5b43dc5224a97cc1922f74fadSimon Peeters since the serial number in the zone's SOA record was
3cd26e7cb24bf1408902c352ab9d2b9a27d4c74fLennart Poettering <em class="parameter"><code>N</code></em>.
142c4ecaa9840714d49b40b1de407748b52f21d7Zbigniew Jędrzejewski-Szmek The <code class="option">-q</code> option sets the query name to
142c4ecaa9840714d49b40b1de407748b52f21d7Zbigniew Jędrzejewski-Szmek <em class="parameter"><code>name</code></em>. This useful do distinguish the
142c4ecaa9840714d49b40b1de407748b52f21d7Zbigniew Jędrzejewski-Szmek <em class="parameter"><code>name</code></em> from other arguments.
1700761b0678a5f5b43dc5224a97cc1922f74fadSimon Peeters Reverse lookups — mapping addresses to names — are simplified by the
1700761b0678a5f5b43dc5224a97cc1922f74fadSimon Peeters <code class="option">-x</code> option. <em class="parameter"><code>addr</code></em> is
1700761b0678a5f5b43dc5224a97cc1922f74fadSimon Peeters address in dotted-decimal notation, or a colon-delimited IPv6 address.
1700761b0678a5f5b43dc5224a97cc1922f74fadSimon Peeters When this option is used, there is no need to provide the
1700761b0678a5f5b43dc5224a97cc1922f74fadSimon Peeters <em class="parameter"><code>name</code></em>, <em class="parameter"><code>class</code></em> and
1700761b0678a5f5b43dc5224a97cc1922f74fadSimon Peeters <em class="parameter"><code>type</code></em> arguments. <span><strong class="command">dig</strong></span>
1700761b0678a5f5b43dc5224a97cc1922f74fadSimon Peeters automatically performs a lookup for a name like
1700761b0678a5f5b43dc5224a97cc1922f74fadSimon Peeters <code class="literal">11.12.13.10.in-addr.arpa</code> and sets the
79640424059328268b9fb6c5fa8eb777b27a177eJan Engelhardt query type and
1700761b0678a5f5b43dc5224a97cc1922f74fadSimon Peeters class to PTR and IN respectively. By default, IPv6 addresses are
1700761b0678a5f5b43dc5224a97cc1922f74fadSimon Peeters looked up using nibble format under the IP6.ARPA domain.
1700761b0678a5f5b43dc5224a97cc1922f74fadSimon Peeters To use the older RFC1886 method using the IP6.INT domain
1700761b0678a5f5b43dc5224a97cc1922f74fadSimon Peeters specify the <code class="option">-i</code> option. Bit string labels (RFC2874)
79640424059328268b9fb6c5fa8eb777b27a177eJan Engelhardt are now experimental and are not attempted.
1700761b0678a5f5b43dc5224a97cc1922f74fadSimon Peeters To sign the DNS queries sent by <span><strong class="command">dig</strong></span> and
1700761b0678a5f5b43dc5224a97cc1922f74fadSimon Peeters responses using transaction signatures (TSIG), specify a TSIG key file
1700761b0678a5f5b43dc5224a97cc1922f74fadSimon Peeters using the <code class="option">-k</code> option. You can also specify the TSIG
e9dd9f9547350c7dc0473583b5c2228dc8f0ab76Jason St. John key itself on the command line using the <code class="option">-y</code> option;
1700761b0678a5f5b43dc5224a97cc1922f74fadSimon Peeters <em class="parameter"><code>hmac</code></em> is the type of the TSIG, default HMAC-MD5,
1700761b0678a5f5b43dc5224a97cc1922f74fadSimon Peeters <em class="parameter"><code>name</code></em> is the name of the TSIG key and
1700761b0678a5f5b43dc5224a97cc1922f74fadSimon Peeters <em class="parameter"><code>key</code></em> is the actual key. The key is a
e55933db18d1037876e7a0962bcf6ef6c0bbbd68Łukasz Stelmach encoded string, typically generated by
e55933db18d1037876e7a0962bcf6ef6c0bbbd68Łukasz Stelmach <span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>.
e55933db18d1037876e7a0962bcf6ef6c0bbbd68Łukasz Stelmach Caution should be taken when using the <code class="option">-y</code> option on
e55933db18d1037876e7a0962bcf6ef6c0bbbd68Łukasz Stelmach multi-user systems as the key can be visible in the output from
e55933db18d1037876e7a0962bcf6ef6c0bbbd68Łukasz Stelmach <span class="citerefentry"><span class="refentrytitle">ps</span>(1)</span>
e55933db18d1037876e7a0962bcf6ef6c0bbbd68Łukasz Stelmach or in the shell's history file. When
e9dd9f9547350c7dc0473583b5c2228dc8f0ab76Jason St. John using TSIG authentication with <span><strong class="command">dig</strong></span>, the name
e55933db18d1037876e7a0962bcf6ef6c0bbbd68Łukasz Stelmach server that is queried needs to know the key and algorithm that is
e55933db18d1037876e7a0962bcf6ef6c0bbbd68Łukasz Stelmach being used. In BIND, this is done by providing appropriate
e55933db18d1037876e7a0962bcf6ef6c0bbbd68Łukasz Stelmach <span><strong class="command">key</strong></span> and <span><strong class="command">server</strong></span> statements in
e9dd9f9547350c7dc0473583b5c2228dc8f0ab76Jason St. John<a name="id2665117"></a><h2>QUERY OPTIONS</h2>
e9dd9f9547350c7dc0473583b5c2228dc8f0ab76Jason St. John<p><span><strong class="command">dig</strong></span>
e55933db18d1037876e7a0962bcf6ef6c0bbbd68Łukasz Stelmach provides a number of query options which affect
e55933db18d1037876e7a0962bcf6ef6c0bbbd68Łukasz Stelmach the way in which lookups are made and the results displayed. Some of
bb150966c0687d2fa94da0a36dabba90c1a84b8bHarald Hoyer these set or reset flag bits in the query header, some determine which
bb150966c0687d2fa94da0a36dabba90c1a84b8bHarald Hoyer sections of the answer get printed, and others determine the timeout
bb150966c0687d2fa94da0a36dabba90c1a84b8bHarald Hoyer and retry strategies.
bb150966c0687d2fa94da0a36dabba90c1a84b8bHarald Hoyer Each query option is identified by a keyword preceded by a plus sign
bb150966c0687d2fa94da0a36dabba90c1a84b8bHarald Hoyer (<code class="literal">+</code>). Some keywords set or reset an
bb150966c0687d2fa94da0a36dabba90c1a84b8bHarald Hoyer option. These may be preceded
bb150966c0687d2fa94da0a36dabba90c1a84b8bHarald Hoyer by the string <code class="literal">no</code> to negate the meaning of
bb150966c0687d2fa94da0a36dabba90c1a84b8bHarald Hoyer that keyword. Other
bb150966c0687d2fa94da0a36dabba90c1a84b8bHarald Hoyer keywords assign values to options like the timeout interval. They
e9dd9f9547350c7dc0473583b5c2228dc8f0ab76Jason St. John have the form <code class="option">+keyword=value</code>.
bb150966c0687d2fa94da0a36dabba90c1a84b8bHarald Hoyer The query options are:
142c4ecaa9840714d49b40b1de407748b52f21d7Zbigniew Jędrzejewski-Szmek<dt><span class="term"><code class="option">+[no]tcp</code></span></dt>
142c4ecaa9840714d49b40b1de407748b52f21d7Zbigniew Jędrzejewski-Szmek Use [do not use] TCP when querying name servers. The default
142c4ecaa9840714d49b40b1de407748b52f21d7Zbigniew Jędrzejewski-Szmek behavior is to use UDP unless an AXFR or IXFR query is
142c4ecaa9840714d49b40b1de407748b52f21d7Zbigniew Jędrzejewski-Szmek which case a TCP connection is used.
4f50d2efbac87aba0505b9f998bf3e4bde64c214Zbigniew Jędrzejewski-Szmek<dt><span class="term"><code class="option">+[no]vc</code></span></dt>
dfdebb1b925332352966804303b2516a6506a429Zbigniew Jędrzejewski-Szmek Use [do not use] TCP when querying name servers. This alternate
dfdebb1b925332352966804303b2516a6506a429Zbigniew Jędrzejewski-Szmek syntax to <em class="parameter"><code>+[no]tcp</code></em> is
dfdebb1b925332352966804303b2516a6506a429Zbigniew Jędrzejewski-Szmek provided for backwards
359deb60c25147e91a69c227ace686654ea7f484Lennart Poettering compatibility. The "vc" stands for "virtual circuit".
359deb60c25147e91a69c227ace686654ea7f484Lennart Poettering<dt><span class="term"><code class="option">+[no]ignore</code></span></dt>
359deb60c25147e91a69c227ace686654ea7f484Lennart Poettering Ignore truncation in UDP responses instead of retrying with TCP.
359deb60c25147e91a69c227ace686654ea7f484Lennart Poettering default, TCP retries are performed.
359deb60c25147e91a69c227ace686654ea7f484Lennart Poettering<dt><span class="term"><code class="option">+domain=somename</code></span></dt>
359deb60c25147e91a69c227ace686654ea7f484Lennart Poettering Set the search list to contain the single domain
816f25e86ab690da6e408bc8d5b03dae9cc1b219Lennart Poettering <em class="parameter"><code>somename</code></em>, as if specified in
816f25e86ab690da6e408bc8d5b03dae9cc1b219Lennart Poettering <span><strong class="command">domain</strong></span> directive in
142c4ecaa9840714d49b40b1de407748b52f21d7Zbigniew Jędrzejewski-Szmek <code class="filename">/etc/resolv.conf</code>, and enable
142c4ecaa9840714d49b40b1de407748b52f21d7Zbigniew Jędrzejewski-Szmek processing as if the <em class="parameter"><code>+search</code></em>
816f25e86ab690da6e408bc8d5b03dae9cc1b219Lennart Poettering option were given.
142c4ecaa9840714d49b40b1de407748b52f21d7Zbigniew Jędrzejewski-Szmek<dt><span class="term"><code class="option">+[no]search</code></span></dt>
816f25e86ab690da6e408bc8d5b03dae9cc1b219Lennart Poettering Use [do not use] the search list defined by the searchlist or
142c4ecaa9840714d49b40b1de407748b52f21d7Zbigniew Jędrzejewski-Szmek directive in <code class="filename">resolv.conf</code> (if
142c4ecaa9840714d49b40b1de407748b52f21d7Zbigniew Jędrzejewski-Szmek The search list is not used by default.
142c4ecaa9840714d49b40b1de407748b52f21d7Zbigniew Jędrzejewski-Szmek<dt><span class="term"><code class="option">+[no]showsearch</code></span></dt>
816f25e86ab690da6e408bc8d5b03dae9cc1b219Lennart Poettering Perform [do not perform] a search showing intermediate
142c4ecaa9840714d49b40b1de407748b52f21d7Zbigniew Jędrzejewski-Szmek<dt><span class="term"><code class="option">+[no]defname</code></span></dt>
142c4ecaa9840714d49b40b1de407748b52f21d7Zbigniew Jędrzejewski-Szmek Deprecated, treated as a synonym for <em class="parameter"><code>+[no]search</code></em>
142c4ecaa9840714d49b40b1de407748b52f21d7Zbigniew Jędrzejewski-Szmek<dt><span class="term"><code class="option">+[no]aaonly</code></span></dt>
142c4ecaa9840714d49b40b1de407748b52f21d7Zbigniew Jędrzejewski-Szmek Sets the "aa" flag in the query.
142c4ecaa9840714d49b40b1de407748b52f21d7Zbigniew Jędrzejewski-Szmek<dt><span class="term"><code class="option">+[no]aaflag</code></span></dt>
142c4ecaa9840714d49b40b1de407748b52f21d7Zbigniew Jędrzejewski-Szmek A synonym for <em class="parameter"><code>+[no]aaonly</code></em>.
142c4ecaa9840714d49b40b1de407748b52f21d7Zbigniew Jędrzejewski-Szmek<dt><span class="term"><code class="option">+[no]adflag</code></span></dt>
142c4ecaa9840714d49b40b1de407748b52f21d7Zbigniew Jędrzejewski-Szmek Set [do not set] the AD (authentic data) bit in the
142c4ecaa9840714d49b40b1de407748b52f21d7Zbigniew Jędrzejewski-Szmek query. This requests the server to return whether
142c4ecaa9840714d49b40b1de407748b52f21d7Zbigniew Jędrzejewski-Szmek all of the answer and authority sections have all
142c4ecaa9840714d49b40b1de407748b52f21d7Zbigniew Jędrzejewski-Szmek been validated as secure according to the security
142c4ecaa9840714d49b40b1de407748b52f21d7Zbigniew Jędrzejewski-Szmek policy of the server. AD=1 indicates that all records
142c4ecaa9840714d49b40b1de407748b52f21d7Zbigniew Jędrzejewski-Szmek have been validated as secure and the answer is not
142c4ecaa9840714d49b40b1de407748b52f21d7Zbigniew Jędrzejewski-Szmek from a OPT-OUT range. AD=0 indicate that some part
142c4ecaa9840714d49b40b1de407748b52f21d7Zbigniew Jędrzejewski-Szmek of the answer was insecure or not validated. This
142c4ecaa9840714d49b40b1de407748b52f21d7Zbigniew Jędrzejewski-Szmek bit is set by default.
142c4ecaa9840714d49b40b1de407748b52f21d7Zbigniew Jędrzejewski-Szmek<dt><span class="term"><code class="option">+[no]cdflag</code></span></dt>
142c4ecaa9840714d49b40b1de407748b52f21d7Zbigniew Jędrzejewski-Szmek Set [do not set] the CD (checking disabled) bit in the query.
142c4ecaa9840714d49b40b1de407748b52f21d7Zbigniew Jędrzejewski-Szmek requests the server to not perform DNSSEC validation of
142c4ecaa9840714d49b40b1de407748b52f21d7Zbigniew Jędrzejewski-Szmek<dt><span class="term"><code class="option">+[no]cl</code></span></dt>
142c4ecaa9840714d49b40b1de407748b52f21d7Zbigniew Jędrzejewski-Szmek Display [do not display] the CLASS when printing the record.
142c4ecaa9840714d49b40b1de407748b52f21d7Zbigniew Jędrzejewski-Szmek<dt><span class="term"><code class="option">+[no]ttlid</code></span></dt>
142c4ecaa9840714d49b40b1de407748b52f21d7Zbigniew Jędrzejewski-Szmek Display [do not display] the TTL when printing the record.
142c4ecaa9840714d49b40b1de407748b52f21d7Zbigniew Jędrzejewski-Szmek<dt><span class="term"><code class="option">+[no]recurse</code></span></dt>
142c4ecaa9840714d49b40b1de407748b52f21d7Zbigniew Jędrzejewski-Szmek Toggle the setting of the RD (recursion desired) bit
142c4ecaa9840714d49b40b1de407748b52f21d7Zbigniew Jędrzejewski-Szmek in the query. This bit is set by default, which means
142c4ecaa9840714d49b40b1de407748b52f21d7Zbigniew Jędrzejewski-Szmek <span><strong class="command">dig</strong></span> normally sends recursive
142c4ecaa9840714d49b40b1de407748b52f21d7Zbigniew Jędrzejewski-Szmek queries. Recursion is automatically disabled when
142c4ecaa9840714d49b40b1de407748b52f21d7Zbigniew Jędrzejewski-Szmek the <em class="parameter"><code>+nssearch</code></em> or
142c4ecaa9840714d49b40b1de407748b52f21d7Zbigniew Jędrzejewski-Szmek <em class="parameter"><code>+trace</code></em> query options are used.
142c4ecaa9840714d49b40b1de407748b52f21d7Zbigniew Jędrzejewski-Szmek<dt><span class="term"><code class="option">+[no]nssearch</code></span></dt>
142c4ecaa9840714d49b40b1de407748b52f21d7Zbigniew Jędrzejewski-Szmek When this option is set, <span><strong class="command">dig</strong></span>
142c4ecaa9840714d49b40b1de407748b52f21d7Zbigniew Jędrzejewski-Szmek attempts to find the
142c4ecaa9840714d49b40b1de407748b52f21d7Zbigniew Jędrzejewski-Szmek authoritative name servers for the zone containing the name
142c4ecaa9840714d49b40b1de407748b52f21d7Zbigniew Jędrzejewski-Szmek looked up and display the SOA record that each name server has
142c4ecaa9840714d49b40b1de407748b52f21d7Zbigniew Jędrzejewski-Szmek<dt><span class="term"><code class="option">+[no]trace</code></span></dt>
816f25e86ab690da6e408bc8d5b03dae9cc1b219Lennart Poettering Toggle tracing of the delegation path from the root
816f25e86ab690da6e408bc8d5b03dae9cc1b219Lennart Poettering name servers for the name being looked up. Tracing
21ac6ff143cc8bebfbd1818af28e8c6f82cd5265Zbigniew Jędrzejewski-Szmek is disabled by default. When tracing is enabled,
9ea9d4cf1656075559fcd6aeceb9530714c87d5bLennart Poettering <span><strong class="command">dig</strong></span> makes iterative queries to
359deb60c25147e91a69c227ace686654ea7f484Lennart Poettering resolve the name being looked up. It will follow
359deb60c25147e91a69c227ace686654ea7f484Lennart Poettering referrals from the root servers, showing the answer
359deb60c25147e91a69c227ace686654ea7f484Lennart Poettering from each server that was used to resolve the lookup.
359deb60c25147e91a69c227ace686654ea7f484Lennart Poettering <span><strong class="command">+dnssec</strong></span> is also set when +trace is
359deb60c25147e91a69c227ace686654ea7f484Lennart Poettering set to better emulate the default queries from a nameserver.
e.g. "[ key id = value ]".
<em class="parameter"><code>name</code></em> to <em class="parameter"><code>D</code></em> for it to be