aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow<html>

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow<head>

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow<title>dig</title>

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow<link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow<link rel="up" href="Bv9ARM.ch10.html" title="Manual pages">

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow<link rel="prev" href="Bv9ARM.ch10.html" title="Manual pages">

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow<link rel="next" href="man.host.html" title="host">

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow</head>

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow<div class="navheader">

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow<table width="100%" summary="Navigation header">

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow<tr><th colspan="3" align="center">dig</th></tr>

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow<tr>

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow<td width="20%" align="left">

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow<a accesskey="p" href="Bv9ARM.ch10.html">Prev</a>�</td>

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow<th width="60%" align="center">Manual pages</th>

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow<td width="20%" align="right">�<a accesskey="n" href="man.host.html">Next</a>

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow</td>

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow</tr>

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow</table>

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow<hr>

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow</div>

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow<div class="refentry" lang="en">

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow<a name="man.dig"></a><div class="titlepage"></div>

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow<div class="refnamediv">

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow<h2>Name</h2>

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow<p>dig &#8212; DNS lookup utility</p>

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow</div>

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow<div class="refsynopsisdiv">

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow<h2>Synopsis</h2>

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow<div class="cmdsynopsis"><p><code class="command">dig</code> [@server] [<code class="option">-b <em class="replaceable"><code>address</code></em></code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-f <em class="replaceable"><code>filename</code></em></code>] [<code class="option">-k <em class="replaceable"><code>filename</code></em></code>] [<code class="option">-m</code>] [<code class="option">-p <em class="replaceable"><code>port#</code></em></code>] [<code class="option">-q <em class="replaceable"><code>name</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-x <em class="replaceable"><code>addr</code></em></code>] [<code class="option">-y <em class="replaceable"><code>[<span class="optional">hmac:</span>]name:key</code></em></code>] [<code class="option">-4</code>] [<code class="option">-6</code>] [name] [type] [class] [queryopt...]</p></div>

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow<div class="cmdsynopsis"><p><code class="command">dig</code> [<code class="option">-h</code>]</p></div>

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow<div class="cmdsynopsis"><p><code class="command">dig</code> [global-queryopt...] [query...]</p></div>

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow</div>

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow<div class="refsect1" lang="en">

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow<a name="id2611699"></a><h2>DESCRIPTION</h2>

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow<p><span><strong class="command">dig</strong></span>

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow (domain information groper) is a flexible tool

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow for interrogating DNS name servers. It performs DNS lookups and

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow displays the answers that are returned from the name server(s) that

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow were queried. Most DNS administrators use <span><strong class="command">dig</strong></span> to

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow troubleshoot DNS problems because of its flexibility, ease of use and

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow clarity of output. Other lookup tools tend to have less functionality

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow than <span><strong class="command">dig</strong></span>.

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow </p>

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow<p>

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow Although <span><strong class="command">dig</strong></span> is normally used with

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow command-line

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow arguments, it also has a batch mode of operation for reading lookup

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow requests from a file. A brief summary of its command-line arguments

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow and options is printed when the <code class="option">-h</code> option is given.

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow Unlike earlier versions, the BIND 9 implementation of

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow <span><strong class="command">dig</strong></span> allows multiple lookups to be issued

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow from the

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow command line.

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow </p>

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow<p>

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow Unless it is told to query a specific name server,

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow <span><strong class="command">dig</strong></span> will try each of the servers listed

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow in

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow <code class="filename">/etc/resolv.conf</code>.

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow </p>

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow<p>

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow When no command line arguments or options are given,

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow <span><strong class="command">dig</strong></span> will perform an NS query for "." (the root).

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow </p>

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow<p>

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow It is possible to set per-user defaults for <span><strong class="command">dig</strong></span> via

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow <code class="filename">${HOME}/.digrc</code>. This file is read and

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow any options in it

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow are applied before the command line arguments.

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow </p>

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow<p>

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow The IN and CH class names overlap with the IN and CH top level

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow domains names. Either use the <code class="option">-t</code> and

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow <code class="option">-c</code> options to specify the type and class,

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow use the <code class="option">-q</code> the specify the domain name, or

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow use "IN." and "CH." when looking up these top level domains.

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow </p>

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow</div>

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow<div class="refsect1" lang="en">

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow<a name="id2611794"></a><h2>SIMPLE USAGE</h2>

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow<p>

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow A typical invocation of <span><strong class="command">dig</strong></span> looks like:

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow </p>

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow<pre class="programlisting"> dig @server name type </pre>

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow<p>

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow where:

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow </p>

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow<div class="variablelist"><dl>

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow<dt><span class="term"><code class="constant">server</code></span></dt>

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow<dd><p>

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow is the name or IP address of the name server to query. This can

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow be an IPv4

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow address in dotted-decimal notation or an IPv6

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow address in colon-delimited notation. When the supplied

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow <em class="parameter"><code>server</code></em> argument is a

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow hostname,

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow <span><strong class="command">dig</strong></span> resolves that name before

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow querying that name

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow server. If no <em class="parameter"><code>server</code></em>

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow argument is provided,

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow <span><strong class="command">dig</strong></span> consults <code class="filename">/etc/resolv.conf</code>

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow and queries the name servers listed there. The reply from the

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow name

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow server that responds is displayed.

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow </p></dd>

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow<dt><span class="term"><code class="constant">name</code></span></dt>

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow<dd><p>

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow is the name of the resource record that is to be looked up.

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow </p></dd>

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow<dt><span class="term"><code class="constant">type</code></span></dt>

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow<dd><p>

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow indicates what type of query is required &#8212;

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow ANY, A, MX, SIG, etc.

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow <em class="parameter"><code>type</code></em> can be any valid query

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow type. If no

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow <em class="parameter"><code>type</code></em> argument is supplied,

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow <span><strong class="command">dig</strong></span> will perform a lookup for an

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow A record.

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow </p></dd>

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow</dl></div>

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow<p>

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow </p>

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow</div>

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow<div class="refsect1" lang="en">

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow<a name="id2612246"></a><h2>OPTIONS</h2>

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow<p>

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow The <code class="option">-b</code> option sets the source IP address of the query

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow to <em class="parameter"><code>address</code></em>. This must be a valid

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow address on

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow one of the host's network interfaces or "0.0.0.0" or "::". An optional

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow port

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow may be specified by appending "#&lt;port&gt;"

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow </p>

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow<p>

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow The default query class (IN for internet) is overridden by the

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow <code class="option">-c</code> option. <em class="parameter"><code>class</code></em> is

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow any valid

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow class, such as HS for Hesiod records or CH for Chaosnet records.

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow </p>

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow<p>

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow The <code class="option">-f</code> option makes <span><strong class="command">dig </strong></span>

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow operate

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow in batch mode by reading a list of lookup requests to process from the

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow file <em class="parameter"><code>filename</code></em>. The file contains a

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow number of

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow queries, one per line. Each entry in the file should be organized in

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow the same way they would be presented as queries to

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow <span><strong class="command">dig</strong></span> using the command-line interface.

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow </p>

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow<p>

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow The <code class="option">-m</code> option enables memory usage debugging.

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow </p>

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow<p>

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow If a non-standard port number is to be queried, the

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow <code class="option">-p</code> option is used. <em class="parameter"><code>port#</code></em> is

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow the port number that <span><strong class="command">dig</strong></span> will send its

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow queries

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow instead of the standard DNS port number 53. This option would be used

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow to test a name server that has been configured to listen for queries

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow on a non-standard port number.

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow </p>

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow<p>

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow The <code class="option">-4</code> option forces <span><strong class="command">dig</strong></span>

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow to only

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow use IPv4 query transport. The <code class="option">-6</code> option forces

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow <span><strong class="command">dig</strong></span> to only use IPv6 query transport.

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow </p>

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow<p>

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow The <code class="option">-t</code> option sets the query type to

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow <em class="parameter"><code>type</code></em>. It can be any valid query type

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow which is

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow supported in BIND 9. The default query type is "A", unless the

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow <code class="option">-x</code> option is supplied to indicate a reverse lookup.

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow A zone transfer can be requested by specifying a type of AXFR. When

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow an incremental zone transfer (IXFR) is required,

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow <em class="parameter"><code>type</code></em> is set to <code class="literal">ixfr=N</code>.

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow The incremental zone transfer will contain the changes made to the zone

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow since the serial number in the zone's SOA record was

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow <em class="parameter"><code>N</code></em>.

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow </p>

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow<p>

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow The <code class="option">-q</code> option sets the query name to

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow <em class="parameter"><code>name</code></em>. This useful do distinguish the

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow <em class="parameter"><code>name</code></em> from other arguments.

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow </p>

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow<p>

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow Reverse lookups &#8212; mapping addresses to names &#8212; are simplified by the

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow <code class="option">-x</code> option. <em class="parameter"><code>addr</code></em> is

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow an IPv4

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow address in dotted-decimal notation, or a colon-delimited IPv6 address.

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow When this option is used, there is no need to provide the

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow <em class="parameter"><code>name</code></em>, <em class="parameter"><code>class</code></em> and

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow <em class="parameter"><code>type</code></em> arguments. <span><strong class="command">dig</strong></span>

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow automatically performs a lookup for a name like

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow <code class="literal">11.12.13.10.in-addr.arpa</code> and sets the

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow query type and

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow class to PTR and IN respectively. By default, IPv6 addresses are

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow looked up using nibble format under the IP6.ARPA domain.

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow To use the older RFC1886 method using the IP6.INT domain

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow specify the <code class="option">-i</code> option. Bit string labels (RFC2874)

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow are now experimental and are not attempted.

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow </p>

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow<p>

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow To sign the DNS queries sent by <span><strong class="command">dig</strong></span> and

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow their

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow responses using transaction signatures (TSIG), specify a TSIG key file

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow using the <code class="option">-k</code> option. You can also specify the TSIG

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow key itself on the command line using the <code class="option">-y</code> option;

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow <em class="parameter"><code>hmac</code></em> is the type of the TSIG, default HMAC-MD5,

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow <em class="parameter"><code>name</code></em> is the name of the TSIG key and

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow <em class="parameter"><code>key</code></em> is the actual key. The key is a

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow base-64

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow encoded string, typically generated by

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow <span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>.

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow Caution should be taken when using the <code class="option">-y</code> option on

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow multi-user systems as the key can be visible in the output from

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow <span class="citerefentry"><span class="refentrytitle">ps</span>(1)</span>

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow or in the shell's history file. When

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow using TSIG authentication with <span><strong class="command">dig</strong></span>, the name

aed5247ff899ec457005d93dfbdb4ffd74574695Joshua M. Clulow server that is queried needs to know the key and algorithm that is

being used. In BIND, this is done by providing appropriate

<span><strong class="command">key</strong></span> and <span><strong class="command">server</strong></span> statements in

<code class="filename">named.conf</code>.

</p>

</div>

<div class="refsect1" lang="en">

<a name="id2664266"></a><h2>QUERY OPTIONS</h2>

<p><span><strong class="command">dig</strong></span>

provides a number of query options which affect

the way in which lookups are made and the results displayed. Some of

these set or reset flag bits in the query header, some determine which

sections of the answer get printed, and others determine the timeout

and retry strategies.

</p>

<p>

Each query option is identified by a keyword preceded by a plus sign

(<code class="literal">+</code>). Some keywords set or reset an

option. These may be preceded

by the string <code class="literal">no</code> to negate the meaning of

that keyword. Other

keywords assign values to options like the timeout interval. They

have the form <code class="option">+keyword=value</code>.

The query options are:

</p>

<div class="variablelist"><dl>

<dt><span class="term"><code class="option">+[no]tcp</code></span></dt>

<dd><p>

Use [do not use] TCP when querying name servers. The default

behavior is to use UDP unless an AXFR or IXFR query is

requested, in

which case a TCP connection is used.

</p></dd>

<dt><span class="term"><code class="option">+[no]vc</code></span></dt>

<dd><p>

Use [do not use] TCP when querying name servers. This alternate

syntax to <em class="parameter"><code>+[no]tcp</code></em> is

provided for backwards

compatibility. The "vc" stands for "virtual circuit".

</p></dd>

<dt><span class="term"><code class="option">+[no]ignore</code></span></dt>

<dd><p>

Ignore truncation in UDP responses instead of retrying with TCP.

By

default, TCP retries are performed.

</p></dd>

<dt><span class="term"><code class="option">+domain=somename</code></span></dt>

<dd><p>

Set the search list to contain the single domain

<em class="parameter"><code>somename</code></em>, as if specified in

a

<span><strong class="command">domain</strong></span> directive in

<code class="filename">/etc/resolv.conf</code>, and enable

search list

processing as if the <em class="parameter"><code>+search</code></em>

option were given.

</p></dd>

<dt><span class="term"><code class="option">+[no]search</code></span></dt>

<dd><p>

Use [do not use] the search list defined by the searchlist or

domain

directive in <code class="filename">resolv.conf</code> (if

any).

The search list is not used by default.

</p></dd>

<dt><span class="term"><code class="option">+[no]showsearch</code></span></dt>

<dd><p>

Perform [do not perform] a search showing intermediate

results.

</p></dd>

<dt><span class="term"><code class="option">+[no]defname</code></span></dt>

<dd><p>

Deprecated, treated as a synonym for <em class="parameter"><code>+[no]search</code></em>

</p></dd>

<dt><span class="term"><code class="option">+[no]aaonly</code></span></dt>

<dd><p>

Sets the "aa" flag in the query.

</p></dd>

<dt><span class="term"><code class="option">+[no]aaflag</code></span></dt>

<dd><p>

A synonym for <em class="parameter"><code>+[no]aaonly</code></em>.

</p></dd>

<dt><span class="term"><code class="option">+[no]adflag</code></span></dt>

<dd><p>

Set [do not set] the AD (authentic data) bit in the

query. This requests the server to return whether

all of the answer and authority sections have all

been validated as secure according to the security

policy of the server. AD=1 indicates that all records

have been validated as secure and the answer is not

from a OPT-OUT range. AD=0 indicate that some part

of the answer was insecure or not validated. This

bit is set by default.

</p></dd>

<dt><span class="term"><code class="option">+[no]cdflag</code></span></dt>

<dd><p>

Set [do not set] the CD (checking disabled) bit in the query.

This

requests the server to not perform DNSSEC validation of

responses.

</p></dd>

<dt><span class="term"><code class="option">+[no]cl</code></span></dt>

<dd><p>

Display [do not display] the CLASS when printing the record.

</p></dd>

<dt><span class="term"><code class="option">+[no]ttlid</code></span></dt>

<dd><p>

Display [do not display] the TTL when printing the record.

</p></dd>

<dt><span class="term"><code class="option">+[no]recurse</code></span></dt>

<dd><p>

Toggle the setting of the RD (recursion desired) bit

in the query. This bit is set by default, which means

<span><strong class="command">dig</strong></span> normally sends recursive

queries. Recursion is automatically disabled when

the <em class="parameter"><code>+nssearch</code></em> or

<em class="parameter"><code>+trace</code></em> query options are used.

</p></dd>

<dt><span class="term"><code class="option">+[no]nssearch</code></span></dt>

<dd><p>

When this option is set, <span><strong class="command">dig</strong></span>

attempts to find the

authoritative name servers for the zone containing the name

being

looked up and display the SOA record that each name server has

for the

zone.

</p></dd>

<dt><span class="term"><code class="option">+[no]trace</code></span></dt>

<dd>

<p>

Toggle tracing of the delegation path from the root

name servers for the name being looked up. Tracing

is disabled by default. When tracing is enabled,

<span><strong class="command">dig</strong></span> makes iterative queries to

resolve the name being looked up. It will follow

referrals from the root servers, showing the answer

from each server that was used to resolve the lookup.

</p>

<p>

<span><strong class="command">+dnssec</strong></span> is also set when +trace is

set to better emulate the default queries from a nameserver.

</p>

</dd>

<dt><span class="term"><code class="option">+[no]cmd</code></span></dt>

<dd><p>

Toggles the printing of the initial comment in the output

identifying

the version of <span><strong class="command">dig</strong></span> and the query

options that have

been applied. This comment is printed by default.

</p></dd>

<dt><span class="term"><code class="option">+[no]short</code></span></dt>

<dd><p>

Provide a terse answer. The default is to print the answer in a

verbose form.

</p></dd>

<dt><span class="term"><code class="option">+[no]identify</code></span></dt>

<dd><p>

Show [or do not show] the IP address and port number that

supplied the

answer when the <em class="parameter"><code>+short</code></em> option

is enabled. If

short form answers are requested, the default is not to show the

source address and port number of the server that provided the

answer.

</p></dd>

<dt><span class="term"><code class="option">+[no]comments</code></span></dt>

<dd><p>

Toggle the display of comment lines in the output. The default

is to print comments.

</p></dd>

<dt><span class="term"><code class="option">+[no]rrcomments</code></span></dt>

<dd><p>

Toggle the display of per-record comments in the output (for

example, human-readable key information about DNSKEY records).

The default is not to print record comments unless multiline

mode is active.

</p></dd>

<dt><span class="term"><code class="option">+split=W</code></span></dt>

<dd><p>

Split long hex- or base64-formatted fields in resource

records into chunks of <em class="parameter"><code>W</code></em> characters

(where <em class="parameter"><code>W</code></em> is rounded up to the nearest

multiple of 4).

<em class="parameter"><code>+nosplit</code></em> or

<em class="parameter"><code>+split=0</code></em> causes fields not to be

split at all. The default is 56 characters, or 44 characters

when multiline mode is active.

</p></dd>

<dt><span class="term"><code class="option">+[no]stats</code></span></dt>

<dd><p>

This query option toggles the printing of statistics: when the

query

was made, the size of the reply and so on. The default

behavior is

to print the query statistics.

</p></dd>

<dt><span class="term"><code class="option">+[no]qr</code></span></dt>

<dd><p>

Print [do not print] the query as it is sent.

By default, the query is not printed.

</p></dd>

<dt><span class="term"><code class="option">+[no]question</code></span></dt>

<dd><p>

Print [do not print] the question section of a query when an

answer is

returned. The default is to print the question section as a

comment.

</p></dd>

<dt><span class="term"><code class="option">+[no]answer</code></span></dt>

<dd><p>

Display [do not display] the answer section of a reply. The

default

is to display it.

</p></dd>

<dt><span class="term"><code class="option">+[no]authority</code></span></dt>

<dd><p>

Display [do not display] the authority section of a reply. The

default is to display it.

</p></dd>

<dt><span class="term"><code class="option">+[no]additional</code></span></dt>

<dd><p>

Display [do not display] the additional section of a reply.

The default is to display it.

</p></dd>

<dt><span class="term"><code class="option">+[no]all</code></span></dt>

<dd><p>

Set or clear all display flags.

</p></dd>

<dt><span class="term"><code class="option">+time=T</code></span></dt>

<dd><p>

Sets the timeout for a query to

<em class="parameter"><code>T</code></em> seconds. The default

timeout is 5 seconds.

An attempt to set <em class="parameter"><code>T</code></em> to less

than 1 will result

in a query timeout of 1 second being applied.

</p></dd>

<dt><span class="term"><code class="option">+tries=T</code></span></dt>

<dd><p>

Sets the number of times to try UDP queries to server to

<em class="parameter"><code>T</code></em> instead of the default, 3.

If

<em class="parameter"><code>T</code></em> is less than or equal to

zero, the number of

tries is silently rounded up to 1.

</p></dd>

<dt><span class="term"><code class="option">+retry=T</code></span></dt>

<dd><p>

Sets the number of times to retry UDP queries to server to

<em class="parameter"><code>T</code></em> instead of the default, 2.

Unlike

<em class="parameter"><code>+tries</code></em>, this does not include

the initial

query.

</p></dd>

<dt><span class="term"><code class="option">+ndots=D</code></span></dt>

<dd><p>

Set the number of dots that have to appear in

<em class="parameter"><code>name</code></em> to <em class="parameter"><code>D</code></em> for it to be

considered absolute. The default value is that defined using

the

ndots statement in <code class="filename">/etc/resolv.conf</code>, or 1 if no

ndots statement is present. Names with fewer dots are

interpreted as

relative names and will be searched for in the domains listed in

the

<code class="option">search</code> or <code class="option">domain</code> directive in

<code class="filename">/etc/resolv.conf</code>.

</p></dd>

<dt><span class="term"><code class="option">+bufsize=B</code></span></dt>

<dd><p>

Set the UDP message buffer size advertised using EDNS0 to

<em class="parameter"><code>B</code></em> bytes. The maximum and minimum sizes

of this buffer are 65535 and 0 respectively. Values outside

this range are rounded up or down appropriately.

Values other than zero will cause a EDNS query to be sent.

</p></dd>

<dt><span class="term"><code class="option">+edns=#</code></span></dt>

<dd><p>

Specify the EDNS version to query with. Valid values

are 0 to 255. Setting the EDNS version will cause

a EDNS query to be sent. <code class="option">+noedns</code>

clears the remembered EDNS version. EDNS is set to

0 by default.

</p></dd>

<dt><span class="term"><code class="option">+[no]multiline</code></span></dt>

<dd><p>

Print records like the SOA records in a verbose multi-line

format with human-readable comments. The default is to print

each record on a single line, to facilitate machine parsing

of the <span><strong class="command">dig</strong></span> output.

</p></dd>

<dt><span class="term"><code class="option">+[no]onesoa</code></span></dt>

<dd><p>

Print only one (starting) SOA record when performing

an AXFR. The default is to print both the starting and

ending SOA records.

</p></dd>

<dt><span class="term"><code class="option">+[no]fail</code></span></dt>

<dd><p>

Do not try the next server if you receive a SERVFAIL. The

default is

to not try the next server which is the reverse of normal stub

resolver

behavior.

</p></dd>

<dt><span class="term"><code class="option">+[no]besteffort</code></span></dt>

<dd><p>

Attempt to display the contents of messages which are malformed.

The default is to not display malformed answers.

</p></dd>

<dt><span class="term"><code class="option">+[no]dnssec</code></span></dt>

<dd><p>

Requests DNSSEC records be sent by setting the DNSSEC OK bit

(DO)

in the OPT record in the additional section of the query.

</p></dd>

<dt><span class="term"><code class="option">+[no]sigchase</code></span></dt>

<dd><p>

Chase DNSSEC signature chains. Requires dig be compiled with

-DDIG_SIGCHASE.

</p></dd>

<dt><span class="term"><code class="option">+trusted-key=####</code></span></dt>

<dd>

<p>

Specifies a file containing trusted keys to be used with

<code class="option">+sigchase</code>. Each DNSKEY record must be

on its own line.

</p>

<p>

If not specified, <span><strong class="command">dig</strong></span> will look for

<code class="filename">/etc/trusted-key.key</code> then

<code class="filename">trusted-key.key</code> in the current directory.

</p>

<p>

Requires dig be compiled with -DDIG_SIGCHASE.

</p>

</dd>

<dt><span class="term"><code class="option">+[no]topdown</code></span></dt>

<dd><p>

When chasing DNSSEC signature chains perform a top-down

validation.

Requires dig be compiled with -DDIG_SIGCHASE.

</p></dd>

<dt><span class="term"><code class="option">+[no]nsid</code></span></dt>

<dd><p>

Include an EDNS name server ID request when sending a query.

</p></dd>

</dl></div>

<p>

</p>

</div>

<div class="refsect1" lang="en">

<a name="id2665337"></a><h2>MULTIPLE QUERIES</h2>

<p>

The BIND 9 implementation of <span><strong class="command">dig </strong></span>

supports

specifying multiple queries on the command line (in addition to

supporting the <code class="option">-f</code> batch file option). Each of those

queries can be supplied with its own set of flags, options and query

options.

</p>

<p>

In this case, each <em class="parameter"><code>query</code></em> argument

represent an

individual query in the command-line syntax described above. Each

consists of any of the standard options and flags, the name to be

looked up, an optional query type and class and any query options that

should be applied to that query.

</p>

<p>

A global set of query options, which should be applied to all queries,

can also be supplied. These global query options must precede the

first tuple of name, class, type, options, flags, and query options

supplied on the command line. Any global query options (except

the <code class="option">+[no]cmd</code> option) can be

overridden by a query-specific set of query options. For example:

</p>

<pre class="programlisting">

dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr

</pre>

<p>

shows how <span><strong class="command">dig</strong></span> could be used from the

command line

to make three lookups: an ANY query for <code class="literal">www.isc.org</code>, a

reverse lookup of 127.0.0.1 and a query for the NS records of

<code class="literal">isc.org</code>.

A global query option of <em class="parameter"><code>+qr</code></em> is

applied, so

that <span><strong class="command">dig</strong></span> shows the initial query it made

for each

lookup. The final query has a local query option of

<em class="parameter"><code>+noqr</code></em> which means that <span><strong class="command">dig</strong></span>

will not print the initial query when it looks up the NS records for

<code class="literal">isc.org</code>.

</p>

</div>

<div class="refsect1" lang="en">

<a name="id2665627"></a><h2>IDN SUPPORT</h2>

<p>

If <span><strong class="command">dig</strong></span> has been built with IDN (internationalized

domain name) support, it can accept and display non-ASCII domain names.

<span><strong class="command">dig</strong></span> appropriately converts character encoding of

domain name before sending a request to DNS server or displaying a

reply from the server.

If you'd like to turn off the IDN support for some reason, defines

the <code class="envar">IDN_DISABLE</code> environment variable.

The IDN support is disabled if the variable is set when

<span><strong class="command">dig</strong></span> runs.

</p>

</div>

<div class="refsect1" lang="en">

<a name="id2665656"></a><h2>FILES</h2>

<p><code class="filename">/etc/resolv.conf</code>

</p>

<p><code class="filename">${HOME}/.digrc</code>

</p>

</div>

<div class="refsect1" lang="en">

<a name="id2665677"></a><h2>SEE ALSO</h2>

<p><span class="citerefentry"><span class="refentrytitle">host</span>(1)</span>,

<span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,

<span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,

<em class="citetitle">RFC1035</em>.

</p>

</div>

<div class="refsect1" lang="en">

<a name="id2665715"></a><h2>BUGS</h2>

<p>

There are probably too many query options.

</p>

</div>

</div>

<div class="navfooter">

<hr>

<table width="100%" summary="Navigation footer">

<tr>

<td width="40%" align="left">

<a accesskey="p" href="Bv9ARM.ch10.html">Prev</a>�</td>

<td width="20%" align="center"><a accesskey="u" href="Bv9ARM.ch10.html">Up</a></td>

<td width="40%" align="right">�<a accesskey="n" href="man.host.html">Next</a>

</td>

</tr>

<tr>

<td width="40%" align="left" valign="top">Manual pages�</td>

<td width="20%" align="center"><a accesskey="h" href="Bv9ARM.html">Home</a></td>

<td width="40%" align="right" valign="top">�host</td>

</tr>

</table>

</div>

</body>

</html>