302N/A - Copyright (C) 2004-2015 Internet Systems Consortium, Inc. ("ISC") 302N/A - Copyright (C) 2000-2003 Internet Software Consortium. 3961N/A - Permission to use, copy, modify, and/or distribute this software for any 302N/A - purpose with or without fee is hereby granted, provided that the above 302N/A - copyright notice and this permission notice appear in all copies. 302N/A - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH 302N/A - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY 302N/A - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, 302N/A - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM 302N/A - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE 302N/A - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR 302N/A - PERFORMANCE OF THIS SOFTWARE. 302N/A<
meta http-
equiv="Content-Type" content="text/html; charset=ISO-8859-1">
302N/A<
meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
302N/A<
link rel="home" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
302N/A<
body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
302N/A<
table width="100%" summary="Navigation header">
302N/A<
tr><
th colspan="3" align="center">dig</
th></
tr>
302N/A<
td width="20%" align="left">
302N/A<
th width="60%" align="center">Manual pages</
th>
302N/A<
div class="refnamediv">
302N/A<
p>dig — DNS lookup utility</
p>
302N/A<
div class="refsynopsisdiv">
302N/A<
div class="cmdsynopsis"><
p><
code class="command">dig</
code> [@server] [<
code class="option">-b <
em class="replaceable"><
code>address</
code></
em></
code>] [<
code class="option">-c <
em class="replaceable"><
code>class</
code></
em></
code>] [<
code class="option">-f <
em class="replaceable"><
code>filename</
code></
em></
code>] [<
code class="option">-k <
em class="replaceable"><
code>filename</
code></
em></
code>] [<
code class="option">-m</
code>] [<
code class="option">-p <
em class="replaceable"><
code>port#</
code></
em></
code>] [<
code class="option">-q <
em class="replaceable"><
code>name</
code></
em></
code>] [<
code class="option">-t <
em class="replaceable"><
code>type</
code></
em></
code>] [<
code class="option">-v</
code>] [<
code class="option">-x <
em class="replaceable"><
code>addr</
code></
em></
code>] [<
code class="option">-y <
em class="replaceable"><
code>[<
span class="optional">hmac:</
span>]name:key</
code></
em></
code>] [<
code class="option">-4</
code>] [<
code class="option">-6</
code>] [name] [type] [class] [queryopt...]</
p></
div>
302N/A<
div class="cmdsynopsis"><
p><
code class="command">dig</
code> [<
code class="option">-h</
code>]</
p></
div>
302N/A<
div class="cmdsynopsis"><
p><
code class="command">dig</
code> [global-queryopt...] [query...]</
p></
div>
302N/A<
div class="refsection">
1929N/A<
a name="id-1.14.2.7"></
a><
h2>DESCRIPTION</
h2>
302N/A<
p><
span class="command"><
strong>dig</
strong></
span>
1929N/A (domain information groper) is a flexible tool
302N/A for interrogating DNS name servers. It performs DNS lookups and
302N/A displays the answers that are returned from the name server(s) that
302N/A were queried. Most DNS administrators use <
span class="command"><
strong>dig</
strong></
span> to
302N/A troubleshoot DNS problems because of its flexibility, ease of use and
302N/A clarity of output. Other lookup tools tend to have less functionality
302N/A than <
span class="command"><
strong>dig</
strong></
span>.
302N/A Although <
span class="command"><
strong>dig</
strong></
span> is normally used with
302N/A arguments, it also has a batch mode of operation for reading lookup
302N/A requests from a file. A brief summary of its command-line arguments
302N/A and options is printed when the <
code class="option">-h</
code> option is given.
722N/A Unlike earlier versions, the BIND 9 implementation of
1929N/A <
span class="command"><
strong>dig</
strong></
span> allows multiple lookups to be issued
302N/A Unless it is told to query a specific name server,
302N/A <
span class="command"><
strong>dig</
strong></
span> will try each of the servers listed in
302N/A are found, <
span class="command"><
strong>dig</
strong></
span> will send the query to the local
302N/A When no command line arguments or options are given,
302N/A <
span class="command"><
strong>dig</
strong></
span> will perform an NS query for "." (the root).
302N/A It is possible to set per-user defaults for <
span class="command"><
strong>dig</
strong></
span> via
302N/A <
code class="filename">${HOME}/.digrc</
code>. This file is read and
302N/A are applied before the command line arguments.
302N/A The IN and CH class names overlap with the IN and CH top level
302N/A domain names. Either use the <
code class="option">-t</
code> and
302N/A <
code class="option">-c</
code> options to specify the type and class,
302N/A use the <
code class="option">-q</
code> the specify the domain name, or
302N/A use "IN." and "CH." when looking up these top level domains.
302N/A<
div class="refsection">
302N/A<
a name="id-1.14.2.8"></
a><
h2>SIMPLE USAGE</
h2>
302N/A A typical invocation of <
span class="command"><
strong>dig</
strong></
span> looks like:
302N/A<
pre class="programlisting"> dig @server name type </
pre>
302N/A<
div class="variablelist"><
dl class="variablelist">
302N/A<
dt><
span class="term"><
code class="constant">server</
code></
span></
dt>
302N/A is the name or IP address of the name server to query. This
302N/A can be an IPv4 address in dotted-decimal notation or an IPv6
302N/A address in colon-delimited notation. When the supplied
302N/A <
em class="parameter"><
code>server</
code></
em> argument is a hostname,
302N/A <
span class="command"><
strong>dig</
strong></
span> resolves that name before querying
302N/A If no <
em class="parameter"><
code>server</
code></
em> argument is
302N/A provided, <
span class="command"><
strong>dig</
strong></
span> consults
302N/A address is found there, it queries the name server at
302N/A that address. If either of the <
code class="option">-4</
code> or
302N/A <
code class="option">-6</
code> options are in use, then
302N/A only addresses for the corresponding transport
302N/A will be tried. If no usable addresses are found,
302N/A <
span class="command"><
strong>dig</
strong></
span> will send the query to the
302N/A local host. The reply from the name server that
302N/A<
dt><
span class="term"><
code class="constant">name</
code></
span></
dt>
302N/A is the name of the resource record that is to be looked up.
302N/A<
dt><
span class="term"><
code class="constant">type</
code></
span></
dt>
302N/A indicates what type of query is required —
302N/A <
em class="parameter"><
code>type</
code></
em> can be any valid query
302N/A <
em class="parameter"><
code>type</
code></
em> argument is supplied,
302N/A <
span class="command"><
strong>dig</
strong></
span> will perform a lookup for an
302N/A<
div class="refsection">
302N/A<
a name="id-1.14.2.9"></
a><
h2>OPTIONS</
h2>
302N/A<
div class="variablelist"><
dl class="variablelist">
302N/A<
dt><
span class="term">-4</
span></
dt>
302N/A<
dt><
span class="term">-6</
span></
dt>
302N/A<
dt><
span class="term">-b <
em class="replaceable"><
code>address[<
span class="optional">#port</
span>]</
code></
em></
span></
dt>
302N/A Set the source IP address of the query.
302N/A The <
em class="parameter"><
code>address</
code></
em> must be a valid address on
302N/A one of the host's network interfaces, or "0.0.0.0" or "::". An
302N/A optional port may be specified by appending "#<port>"
302N/A<
dt><
span class="term">-c <
em class="replaceable"><
code>class</
code></
em></
span></
dt>
302N/A Set the query class. The
302N/A default <
em class="parameter"><
code>class</
code></
em> is IN; other classes
302N/A are HS for Hesiod records or CH for Chaosnet records.
302N/A<
dt><
span class="term">-f <
em class="replaceable"><
code>file</
code></
em></
span></
dt>
302N/A Batch mode: <
span class="command"><
strong>dig</
strong></
span> reads a list of lookup
302N/A requests to process from the
302N/A given <
em class="parameter"><
code>file</
code></
em>. Each line in the file
302N/A should be organized in the same way they would be
302N/A presented as queries to
302N/A <
span class="command"><
strong>dig</
strong></
span> using the command-line interface.
302N/A<
dt><
span class="term">-i</
span></
dt>
302N/A Do reverse IPv6 lookups using the obsolete RFC1886
IP6.INT 302N/A domain, which is no longer in use. Obsolete bit string
302N/A label queries (RFC2874) are not attempted.
302N/A<
dt><
span class="term">-k <
em class="replaceable"><
code>keyfile</
code></
em></
span></
dt>
302N/A Sign queries using TSIG using a key read from the given file.
3961N/A Key files can be generated using
302N/A <
span class="citerefentry"><
span class="refentrytitle">tsig-keygen</
span>(8)</
span>.
302N/A When using TSIG authentication with <
span class="command"><
strong>dig</
strong></
span>,
302N/A the name server that is queried needs to know the key and
302N/A algorithm that is being used. In BIND, this is done by
302N/A providing appropriate <
span class="command"><
strong>key</
strong></
span>
302N/A and <
span class="command"><
strong>server</
strong></
span> statements in
302N/A<
dt><
span class="term">-m</
span></
dt>
302N/A Enable memory usage debugging.
302N/A<
dt><
span class="term">-p <
em class="replaceable"><
code>port</
code></
em></
span></
dt>
302N/A Send the query to a non-standard port on the server,
302N/A instead of the default port 53. This option would be used
302N/A to test a name server that has been configured to listen
302N/A for queries on a non-standard port number.
302N/A<
dt><
span class="term">-q <
em class="replaceable"><
code>name</
code></
em></
span></
dt>
302N/A The domain name to query. This is useful to distinguish
302N/A the <
em class="parameter"><
code>name</
code></
em> from other arguments.
302N/A<
dt><
span class="term">-t <
em class="replaceable"><
code>type</
code></
em></
span></
dt>
302N/A The resource record type to query. It can be any valid query type
302N/A supported in BIND 9. The default query type is "A", unless the
302N/A <
code class="option">-x</
code> option is supplied to indicate a reverse lookup.
302N/A A zone transfer can be requested by specifying a type of AXFR. When
302N/A an incremental zone transfer (IXFR) is required, set the
302N/A <
em class="parameter"><
code>type</
code></
em> to <
code class="literal">ixfr=N</
code>.
302N/A The incremental zone transfer will contain the changes
302N/A made to the zone since the serial number in the zone's SOA
302N/A <
em class="parameter"><
code>N</
code></
em>.
302N/A<
dt><
span class="term">-v</
span></
dt>
302N/A Print the version number and exit.
302N/A<
dt><
span class="term">-x <
em class="replaceable"><
code>addr</
code></
em></
span></
dt>
302N/A Simplified reverse lookups, for mapping addresses to
302N/A names. The <
em class="parameter"><
code>addr</
code></
em> is an IPv4 address
302N/A in dotted-decimal notation, or a colon-delimited IPv6
302N/A address. When the <
code class="option">-x</
code> is used, there is no
302N/A the <
em class="parameter"><
code>name</
code></
em>, <
em class="parameter"><
code>class</
code></
em>
302N/A and <
em class="parameter"><
code>type</
code></
em>
302N/A arguments. <
span class="command"><
strong>dig</
strong></
span> automatically performs a
302N/A query type and class to PTR and IN respectively. IPv6
302N/A addresses are looked up using nibble format under the
302N/A IP6.ARPA domain (but see also the <
code class="option">-i</
code>
302N/A<
dt><
span class="term">-y <
em class="replaceable"><
code>[<
span class="optional">hmac:</
span>]keyname:secret</
code></
em></
span></
dt>
1929N/A Sign queries using TSIG with the given authentication key.
3961N/A <
em class="parameter"><
code>keyname</
code></
em> is the name of the key, and
1929N/A <
em class="parameter"><
code>secret</
code></
em> is the base64 encoded shared secret.
302N/A <
em class="parameter"><
code>hmac</
code></
em> is the name of the key algorithm;
302N/A valid choices are <
code class="literal">hmac-md5</
code>,
302N/A <
code class="literal">hmac-sha1</
code>, <
code class="literal">hmac-sha224</
code>,
302N/A <
code class="literal">hmac-sha256</
code>, <
code class="literal">hmac-sha384</
code>, or
302N/A <
code class="literal">hmac-sha512</
code>. If <
em class="parameter"><
code>hmac</
code></
em>
302N/A is not specified, the default is <
code class="literal">hmac-md5</
code>.
302N/A NOTE: You should use the <
code class="option">-k</
code> option and
302N/A avoid the <
code class="option">-y</
code> option, because
302N/A with <
code class="option">-y</
code> the shared secret is supplied as
302N/A a command line argument in clear text. This may be visible
302N/A <
span class="citerefentry"><
span class="refentrytitle">ps</
span>(1)</
span>
302N/A or in a history file maintained by the user's shell.
302N/A<
div class="refsection">
302N/A<
a name="id-1.14.2.10"></
a><
h2>QUERY OPTIONS</
h2>
302N/A<
p><
span class="command"><
strong>dig</
strong></
span>
302N/A provides a number of query options which affect
302N/A the way in which lookups are made and the results displayed. Some of
302N/A these set or reset flag bits in the query header, some determine which
302N/A sections of the answer get printed, and others determine the timeout
302N/A Each query option is identified by a keyword preceded by a plus sign
302N/A (<
code class="literal">+</
code>). Some keywords set or reset an
302N/A option. These may be preceded
302N/A by the string <
code class="literal">no</
code> to negate the meaning of
302N/A keywords assign values to options like the timeout interval. They
302N/A have the form <
code class="option">+keyword=value</
code>.
302N/A Keywords may be abbreviated, provided the abbreviation is
385N/A unambiguous; for example, <
code class="literal">+cd</
code> is equivalent
302N/A to <
code class="literal">+cdflag</
code>.
302N/A<
div class="variablelist"><
dl class="variablelist">
302N/A<
dt><
span class="term"><
code class="option">+[no]aaflag</
code></
span></
dt>
302N/A A synonym for <
em class="parameter"><
code>+[no]aaonly</
code></
em>.
302N/A<
dt><
span class="term"><
code class="option">+[no]aaonly</
code></
span></
dt>
302N/A Sets the "aa" flag in the query.
984N/A<
dt><
span class="term"><
code class="option">+[no]additional</
code></
span></
dt>
1929N/A Display [do not display] the additional section of a
1929N/A reply. The default is to display it.
1929N/A<
dt><
span class="term"><
code class="option">+[no]adflag</
code></
span></
dt>
1929N/A Set [do not set] the AD (authentic data) bit in the
1929N/A query. This requests the server to return whether
1929N/A all of the answer and authority sections have all
1929N/A been validated as secure according to the security
1929N/A policy of the server. AD=1 indicates that all records
1929N/A have been validated as secure and the answer is not
1929N/A from a OPT-OUT range. AD=0 indicate that some part
1929N/A of the answer was insecure or not validated. This
3961N/A<
dt><
span class="term"><
code class="option">+[no]all</
code></
span></
dt>
302N/A Set or clear all display flags.
385N/A<
dt><
span class="term"><
code class="option">+[no]answer</
code></
span></
dt>
385N/A Display [do not display] the answer section of a
385N/A reply. The default is to display it.
385N/A<
dt><
span class="term"><
code class="option">+[no]authority</
code></
span></
dt>
3961N/A Display [do not display] the authority section of a
984N/A reply. The default is to display it.
302N/A<
dt><
span class="term"><
code class="option">+[no]badcookie</
code></
span></
dt>
1929N/A Retry lookup with the new server cookie if a
1929N/A BADCOOKIE response is received.
1929N/A<
dt><
span class="term"><
code class="option">+[no]besteffort</
code></
span></
dt>
1929N/A Attempt to display the contents of messages which are
3961N/A malformed. The default is to not display malformed
3961N/A<
dt><
span class="term"><
code class="option">+bufsize=B</
code></
span></
dt>
302N/A Set the UDP message buffer size advertised using EDNS0
1929N/A to <
em class="parameter"><
code>B</
code></
em> bytes. The maximum and
1929N/A minimum sizes of this buffer are 65535 and 0 respectively.
1929N/A Values outside this range are rounded up or down
1929N/A appropriately. Values other than zero will cause a
302N/A<
dt><
span class="term"><
code class="option">+[no]cdflag</
code></
span></
dt>
302N/A Set [do not set] the CD (checking disabled) bit in
302N/A the query. This requests the server to not perform
302N/A DNSSEC validation of responses.
302N/A<
dt><
span class="term"><
code class="option">+[no]class</
code></
span></
dt>
302N/A Display [do not display] the CLASS when printing the
302N/A<
dt><
span class="term"><
code class="option">+[no]cmd</
code></
span></
dt>
302N/A Toggles the printing of the initial comment in the
302N/A output identifying the version of <
span class="command"><
strong>dig</
strong></
span>
302N/A and the query options that have been applied. This
302N/A comment is printed by default.
302N/A<
dt><
span class="term"><
code class="option">+[no]comments</
code></
span></
dt>
302N/A Toggle the display of comment lines in the output.
302N/A The default is to print comments.
302N/A<
dt><
span class="term"><
code class="option">+[no]cookie[<
span class="optional">=####</
span>]</
code></
span></
dt>
302N/A Send a COOKIE EDNS option, with optional
302N/A value. Replaying a COOKIE from a previous response will
302N/A allow the server to identify a previous client. The
722N/A default is <
code class="option">+cookie</
code>.
302N/A <
span class="command"><
strong>+cookie</
strong></
span> is also set when +trace
302N/A is set to better emulate the default queries from a
302N/A<
dt><
span class="term"><
code class="option">+[no]crypto</
code></
span></
dt>
302N/A Toggle the display of cryptographic fields in DNSSEC
302N/A records. The contents of these field are unnecessary
302N/A to debug most DNSSEC validation failures and removing
302N/A them makes it easier to see the common failures. The
302N/A default is to display the fields. When omitted they
722N/A are replaced by the string "[omitted]" or in the
722N/A DNSKEY case the key id is displayed as the replacement,
1929N/A<
dt><
span class="term"><
code class="option">+[no]defname</
code></
span></
dt>
302N/A Deprecated, treated as a synonym for
302N/A <
em class="parameter"><
code>+[no]search</
code></
em>
302N/A<
dt><
span class="term"><
code class="option">+[no]dnssec</
code></
span></
dt>
302N/A Requests DNSSEC records be sent by setting the DNSSEC
302N/A OK bit (DO) in the OPT record in the additional section
302N/A<
dt><
span class="term"><
code class="option">+domain=somename</
code></
span></
dt>
722N/A Set the search list to contain the single domain
3961N/A <
em class="parameter"><
code>somename</
code></
em>, as if specified in
3961N/A a <
span class="command"><
strong>domain</
strong></
span> directive in
302N/A search list processing as if the
3961N/A <
em class="parameter"><
code>+search</
code></
em> option were given.
302N/A<
dt><
span class="term"><
code class="option">+dscp=value</
code></
span></
dt>
302N/A Set the DSCP code point to be used when sending the
302N/A query. Valid DSCP code points are in the range
302N/A [0..63]. By default no code point is explicitly set.
302N/A<
dt><
span class="term"><
code class="option">+[no]edns[=#]</
code></
span></
dt>
722N/A Specify the EDNS version to query with. Valid values
722N/A are 0 to 255. Setting the EDNS version will cause
302N/A a EDNS query to be sent. <
code class="option">+noedns</
code>
302N/A clears the remembered EDNS version. EDNS is set to
722N/A<
dt><
span class="term"><
code class="option">+[no]ednsflags[=#]</
code></
span></
dt>
302N/A Set the must-be-zero EDNS flags bits (Z bits) to the
302N/A specified value. Decimal, hex and octal encodings are
302N/A accepted. Setting a named flag (
e.g. DO) will silently be
302N/A ignored. By default, no Z bits are set.
302N/A<
dt><
span class="term"><
code class="option">+[no]ednsnegotiation</
code></
span></
dt>
302N/A Enable / disable EDNS version negotiation. By default
302N/A EDNS version negotiation is enabled.
302N/A<
dt><
span class="term"><
code class="option">+[no]ednsopt[=code[:value]]</
code></
span></
dt>
302N/A Specify EDNS option with code point <
code class="option">code</
code>
302N/A and optionally payload of <
code class="option">value</
code> as a
302N/A hexadecimal string. <
code class="option">+noednsopt</
code>
302N/A clears the EDNS options to be sent.
722N/A<
dt><
span class="term"><
code class="option">+[no]expire</
code></
span></
dt>
302N/A Send an EDNS Expire option.
302N/A<
dt><
span class="term"><
code class="option">+[no]fail</
code></
span></
dt>
302N/A Do not try the next server if you receive a SERVFAIL.
385N/A The default is to not try the next server which is
302N/A the reverse of normal stub resolver behavior.
302N/A<
dt><
span class="term"><
code class="option">+[no]header-only</
code></
span></
dt>
302N/A Send a query with a DNS header without a question section.
302N/A The default is to add a question section. The query type
302N/A and query name are ignored when this is set.
984N/A<
dt><
span class="term"><
code class="option">+[no]identify</
code></
span></
dt>
302N/A Show [or do not show] the IP address and port number
302N/A that supplied the answer when the
302N/A <
em class="parameter"><
code>+short</
code></
em> option is enabled. If
302N/A short form answers are requested, the default is not
302N/A to show the source address and port number of the
302N/A server that provided the answer.
302N/A<
dt><
span class="term"><
code class="option">+[no]ignore</
code></
span></
dt>
3961N/A Ignore truncation in UDP responses instead of retrying
302N/A with TCP. By default, TCP retries are performed.
302N/A<
dt><
span class="term"><
code class="option">+[no]keepopen</
code></
span></
dt>
302N/A Keep the TCP socket open between queries and reuse
302N/A it rather than creating a new TCP socket for each
302N/A lookup. The default is <
code class="option">+nokeepopen</
code>.
302N/A<
dt><
span class="term"><
code class="option">+[no]mapped</
code></
span></
dt>
302N/A Allow mapped IPv4 over IPv6 addresses to be used. The
302N/A default is <
code class="option">+mapped</
code>.
302N/A<
dt><
span class="term"><
code class="option">+[no]multiline</
code></
span></
dt>
302N/A Print records like the SOA records in a verbose
302N/A multi-line format with human-readable comments. The
302N/A default is to print each record on a single line, to
302N/A facilitate machine parsing of the <
span class="command"><
strong>dig</
strong></
span>
302N/A<
dt><
span class="term"><
code class="option">+ndots=D</
code></
span></
dt>
302N/A Set the number of dots that have to appear in
302N/A <
em class="parameter"><
code>name</
code></
em> to <
em class="parameter"><
code>D</
code></
em>
302N/A for it to be considered absolute. The default value
722N/A is that defined using the ndots statement in
302N/A ndots statement is present. Names with fewer dots
302N/A are interpreted as relative names and will be searched
302N/A for in the domains listed in the <
code class="option">search</
code>
302N/A or <
code class="option">domain</
code> directive in
302N/A <
code class="option">+search</
code> is set.
302N/A<
dt><
span class="term"><
code class="option">+[no]nsid</
code></
span></
dt>
302N/A Include an EDNS name server ID request when sending
302N/A<
dt><
span class="term"><
code class="option">+[no]nssearch</
code></
span></
dt>
302N/A When this option is set, <
span class="command"><
strong>dig</
strong></
span>
302N/A attempts to find the authoritative name servers for
302N/A the zone containing the name being looked up and
722N/A display the SOA record that each name server has for
302N/A<
dt><
span class="term"><
code class="option">+[no]onesoa</
code></
span></
dt>
302N/A Print only one (starting) SOA record when performing
302N/A an AXFR. The default is to print both the starting
302N/A and ending SOA records.
302N/A<
dt><
span class="term"><
code class="option">+[no]opcode=value</
code></
span></
dt>
302N/A Set [restore] the DNS message opcode to the specified
302N/A value. The default value is QUERY (0).
302N/A<
dt><
span class="term"><
code class="option">+[no]qr</
code></
span></
dt>
302N/A Print [do not print] the query as it is sent. By
302N/A default, the query is not printed.
302N/A<
dt><
span class="term"><
code class="option">+[no]question</
code></
span></
dt>
302N/A Print [do not print] the question section of a query
302N/A when an answer is returned. The default is to print
302N/A the question section as a comment.
302N/A<
dt><
span class="term"><
code class="option">+[no]rdflag</
code></
span></
dt>
302N/A A synonym for <
em class="parameter"><
code>+[no]recurse</
code></
em>.
302N/A<
dt><
span class="term"><
code class="option">+[no]recurse</
code></
span></
dt>
302N/A Toggle the setting of the RD (recursion desired) bit
302N/A in the query. This bit is set by default, which means
302N/A <
span class="command"><
strong>dig</
strong></
span> normally sends recursive
302N/A queries. Recursion is automatically disabled when
302N/A the <
em class="parameter"><
code>+nssearch</
code></
em> or
302N/A <
em class="parameter"><
code>+trace</
code></
em> query options are used.
3961N/A<
dt><
span class="term"><
code class="option">+retry=T</
code></
span></
dt>
302N/A Sets the number of times to retry UDP queries to
302N/A server to <
em class="parameter"><
code>T</
code></
em> instead of the
302N/A default, 2. Unlike <
em class="parameter"><
code>+tries</
code></
em>,
302N/A this does not include the initial query.
302N/A<
dt><
span class="term"><
code class="option">+[no]rrcomments</
code></
span></
dt>
302N/A Toggle the display of per-record comments in the
302N/A output (for example, human-readable key information
302N/A about DNSKEY records). The default is not to print
1929N/A record comments unless multiline mode is active.
1929N/A<
dt><
span class="term"><
code class="option">+[no]search</
code></
span></
dt>
1929N/A Use [do not use] the search list defined by the
3961N/A searchlist or domain directive in
3961N/A list is not used by default.
3961N/A which may be overridden by <
em class="parameter"><
code>+ndots</
code></
em>
3961N/A determines if the name will be treated as relative
1929N/A or not and hence whether a search is eventually
1929N/A<
dt><
span class="term"><
code class="option">+[no]short</
code></
span></
dt>
3961N/A Provide a terse answer. The default is to print the
3961N/A<
dt><
span class="term"><
code class="option">+[no]showsearch</
code></
span></
dt>
3961N/A Perform [do not perform] a search showing intermediate
1929N/A<
dt><
span class="term"><
code class="option">+[no]sigchase</
code></
span></
dt>
302N/A Chase DNSSEC signature chains. Requires dig be
1929N/A compiled with -DDIG_SIGCHASE.
1929N/A<
dt><
span class="term"><
code class="option">+split=W</
code></
span></
dt>
1929N/A Split long hex- or base64-formatted fields in resource
1929N/A records into chunks of <
em class="parameter"><
code>W</
code></
em>
1929N/A characters (where <
em class="parameter"><
code>W</
code></
em> is rounded
302N/A up to the nearest multiple of 4).
1929N/A <
em class="parameter"><
code>+nosplit</
code></
em> or
1929N/A <
em class="parameter"><
code>+split=0</
code></
em> causes fields not to
1929N/A be split at all. The default is 56 characters, or
1929N/A 44 characters when multiline mode is active.
1929N/A<
dt><
span class="term"><
code class="option">+[no]stats</
code></
span></
dt>
302N/A This query option toggles the printing of statistics:
302N/A when the query was made, the size of the reply and
302N/A so on. The default behavior is to print the query
1929N/A<
dt><
span class="term"><
code class="option">+[no]subnet=addr[/prefix-length]</
code></
span></
dt>
302N/A Send (don't send) an EDNS Client Subnet option with the
302N/A specified IP address or network prefix.
1929N/A <
span class="command"><
strong>dig +subnet=0.0.0.0/0</
strong></
span>, or simply
302N/A <
span class="command"><
strong>dig +subnet=0</
strong></
span> for short, sends an EDNS
302N/A client-subnet option with an empty address and a source
302N/A prefix-length of zero, which signals a resolver that
302N/A the client's address information must
1929N/A <
span class="emphasis"><
em>not</
em></
span> be used when resolving
302N/A<
dt><
span class="term"><
code class="option">+[no]tcp</
code></
span></
dt>
1929N/A Use [do not use] TCP when querying name servers. The
1929N/A default behavior is to use UDP unless an
1929N/A <
code class="literal">ixfr=N</
code> query is requested, in which
3961N/A case the default is TCP. AXFR queries always use
1929N/A<
dt><
span class="term"><
code class="option">+timeout=T</
code></
span></
dt>
302N/A Sets the timeout for a query to
302N/A <
em class="parameter"><
code>T</
code></
em> seconds. The default
1929N/A An attempt to set <
em class="parameter"><
code>T</
code></
em> to less
302N/A in a query timeout of 1 second being applied.
1929N/A<
dt><
span class="term"><
code class="option">+[no]topdown</
code></
span></
dt>
1929N/A When chasing DNSSEC signature chains perform a top-down
302N/A validation. Requires dig be compiled with -DDIG_SIGCHASE.
302N/A<
dt><
span class="term"><
code class="option">+[no]trace</
code></
span></
dt>
302N/A Toggle tracing of the delegation path from the root
1929N/A name servers for the name being looked up. Tracing
302N/A is disabled by default. When tracing is enabled,
1929N/A <
span class="command"><
strong>dig</
strong></
span> makes iterative queries to
302N/A resolve the name being looked up. It will follow
1929N/A referrals from the root servers, showing the answer
1929N/A from each server that was used to resolve the lookup.
302N/A If @server is also specified, it affects only the
1929N/A initial query for the root zone name servers.
302N/A <
span class="command"><
strong>+dnssec</
strong></
span> is also set when +trace
302N/A is set to better emulate the default queries from a
302N/A<
dt><
span class="term"><
code class="option">+tries=T</
code></
span></
dt>
302N/A Sets the number of times to try UDP queries to server
1929N/A to <
em class="parameter"><
code>T</
code></
em> instead of the default,
302N/A 3. If <
em class="parameter"><
code>T</
code></
em> is less than or equal
302N/A to zero, the number of tries is silently rounded up
302N/A<
dt><
span class="term"><
code class="option">+trusted-key=####</
code></
span></
dt>
385N/A Specifies a file containing trusted keys to be used
302N/A with <
code class="option">+sigchase</
code>. Each DNSKEY record
302N/A must be on its own line.
1929N/A If not specified, <
span class="command"><
strong>dig</
strong></
span> will look
302N/A Requires dig be compiled with -DDIG_SIGCHASE.
1929N/A<
dt><
span class="term"><
code class="option">+[no]ttlid</
code></
span></
dt>
385N/A Display [do not display] the TTL when printing the
1929N/A<
dt><
span class="term"><
code class="option">+[no]ttlunits</
code></
span></
dt>
302N/A Display [do not display] the TTL in friendly human-readable
302N/A time units of "s", "m", "h", "d", and "w", representing
1929N/A seconds, minutes, hours, days and weeks. Implies +ttlid.
385N/A<
dt><
span class="term"><
code class="option">+[no]unknownformat</
code></
span></
dt>
302N/A Print all RDATA in unknown RR type presentation format
1929N/A (RFC 3597). The default is to print RDATA for known types
302N/A in the type's presentation format.
302N/A<
dt><
span class="term"><
code class="option">+[no]vc</
code></
span></
dt>
302N/A Use [do not use] TCP when querying name servers. This
1929N/A alternate syntax to <
em class="parameter"><
code>+[no]tcp</
code></
em>
302N/A is provided for backwards compatibility. The "vc"
385N/A stands for "virtual circuit".
302N/A<
dt><
span class="term"><
code class="option">+[no]zflag</
code></
span></
dt>
302N/A Set [do not set] the last unassigned DNS header flag in a
302N/A DNS query. This flag is off by default.
302N/A<
div class="refsection">
302N/A<
a name="id-1.14.2.11"></
a><
h2>MULTIPLE QUERIES</
h2>
302N/A The BIND 9 implementation of <
span class="command"><
strong>dig </
strong></
span>
302N/A specifying multiple queries on the command line (in addition to
302N/A supporting the <
code class="option">-f</
code> batch file option). Each of those
302N/A queries can be supplied with its own set of flags, options and query
302N/A In this case, each <
em class="parameter"><
code>query</
code></
em> argument
1929N/A individual query in the command-line syntax described above. Each
302N/A consists of any of the standard options and flags, the name to be
302N/A looked up, an optional query type and class and any query options that
1929N/A should be applied to that query.
302N/A A global set of query options, which should be applied to all queries,
302N/A can also be supplied. These global query options must precede the
302N/A first tuple of name, class, type, options, flags, and query options
722N/A supplied on the command line. Any global query options (except
302N/A the <
code class="option">+[no]cmd</
code> option) can be
302N/A overridden by a query-specific set of query options. For example:
302N/A<
pre class="programlisting">
302N/A shows how <
span class="command"><
strong>dig</
strong></
span> could be used from the
302N/A to make three lookups: an ANY query for <
code class="literal">
www.isc.org</
code>, a
302N/A reverse lookup of 127.0.0.1 and a query for the NS records of
984N/A A global query option of <
em class="parameter"><
code>+qr</
code></
em> is
302N/A that <
span class="command"><
strong>dig</
strong></
span> shows the initial query it made
302N/A lookup. The final query has a local query option of
302N/A <
em class="parameter"><
code>+noqr</
code></
em> which means that <
span class="command"><
strong>dig</
strong></
span>
302N/A will not print the initial query when it looks up the NS records for
302N/A<
div class="refsection">
302N/A<
a name="id-1.14.2.12"></
a><
h2>IDN SUPPORT</
h2>
302N/A If <
span class="command"><
strong>dig</
strong></
span> has been built with IDN (internationalized
302N/A domain name) support, it can accept and display non-ASCII domain names.
302N/A <
span class="command"><
strong>dig</
strong></
span> appropriately converts character encoding of
302N/A domain name before sending a request to DNS server or displaying a
302N/A If you'd like to turn off the IDN support for some reason, defines
302N/A the <
code class="envar">IDN_DISABLE</
code> environment variable.
302N/A The IDN support is disabled if the variable is set when
302N/A <
span class="command"><
strong>dig</
strong></
span> runs.
302N/A<
div class="refsection">
302N/A<
a name="id-1.14.2.13"></
a><
h2>FILES</
h2>
302N/A<
p><
code class="filename">${HOME}/.digrc</
code>
302N/A<
div class="refsection">
302N/A<
a name="id-1.14.2.14"></
a><
h2>SEE ALSO</
h2>
302N/A<
p><
span class="citerefentry"><
span class="refentrytitle">host</
span>(1)</
span>,
302N/A <
span class="citerefentry"><
span class="refentrytitle">named</
span>(8)</
span>,
302N/A <
span class="citerefentry"><
span class="refentrytitle">dnssec-keygen</
span>(8)</
span>,
302N/A <
em class="citetitle">RFC1035</
em>.
302N/A<
div class="refsection">
302N/A<
a name="id-1.14.2.15"></
a><
h2>BUGS</
h2>
302N/A There are probably too many query options.
302N/A<
table width="100%" summary="Navigation footer">
302N/A<
td width="40%" align="left">
302N/A<
td width="40%" align="left" valign="top">Manual pages�</
td>
302N/A<
td width="20%" align="center"><
a accesskey="h" href="Bv9ARM.html">Home</
a></
td>
302N/A<
td width="40%" align="right" valign="top">�host</
td>