8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce<html>

8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce<head>

8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">

8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce<title>dig</title>

8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">

8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce<link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">

8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce<link rel="up" href="Bv9ARM.ch10.html" title="Manual pages">

8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce<link rel="prev" href="Bv9ARM.ch10.html" title="Manual pages">

8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce<link rel="next" href="man.host.html" title="host">

8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce</head>

8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">

8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce<div class="navheader">

8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce<table width="100%" summary="Navigation header">

8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce<tr><th colspan="3" align="center">dig</th></tr>

8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce<tr>

8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce<td width="20%" align="left">

8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce<a accesskey="p" href="Bv9ARM.ch10.html">Prev</a>�</td>

8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce<th width="60%" align="center">Manual pages</th>

8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce<td width="20%" align="right">�<a accesskey="n" href="man.host.html">Next</a>

8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce</td>

8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce</tr>

8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce</table>

8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce<hr>

8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce</div>

8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce<div class="refentry" lang="en">

8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce<a name="man.dig"></a><div class="titlepage"></div>

8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce<div class="refnamediv">

8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce<h2>Name</h2>

8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce<p>dig &#8212; DNS lookup utility</p>

8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce</div>

8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce<div class="refsynopsisdiv">

8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce<h2>Synopsis</h2>

8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce<div class="cmdsynopsis"><p><code class="command">dig</code> [@server] [<code class="option">-b <em class="replaceable"><code>address</code></em></code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-f <em class="replaceable"><code>filename</code></em></code>] [<code class="option">-k <em class="replaceable"><code>filename</code></em></code>] [<code class="option">-m</code>] [<code class="option">-p <em class="replaceable"><code>port#</code></em></code>] [<code class="option">-q <em class="replaceable"><code>name</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-x <em class="replaceable"><code>addr</code></em></code>] [<code class="option">-y <em class="replaceable"><code>[<span class="optional">hmac:</span>]name:key</code></em></code>] [<code class="option">-4</code>] [<code class="option">-6</code>] [name] [type] [class] [queryopt...]</p></div>

8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce<div class="cmdsynopsis"><p><code class="command">dig</code> [<code class="option">-h</code>]</p></div>

edaadf8de0c86a2cfff2d29215775d42919476f3Pavel Březina<div class="cmdsynopsis"><p><code class="command">dig</code> [global-queryopt...] [query...]</p></div>

edaadf8de0c86a2cfff2d29215775d42919476f3Pavel Březina</div>

4ebab24f65b54720a6672898b76185462015ababPavel Březina<div class="refsect1" lang="en">

75d66aea7accc842e68c88f085f9053112b20eccPavel Březina<a name="id2563928"></a><h2>DESCRIPTION</h2>

c1058e96679c7ed1372825bf5226ce7d28a8e6ffPavel Březina<p><span><strong class="command">dig</strong></span>

dee7a89098b698e756f63e4041734d7322ad8b1ePavel Březina (domain information groper) is a flexible tool

ab967283b710dfa05d11ee5b30c7ac916486ceecSimo Sorce for interrogating DNS name servers. It performs DNS lookups and

c6872e79e8496fd075e20aec0343ade99cca725cSimo Sorce displays the answers that are returned from the name server(s) that

c6872e79e8496fd075e20aec0343ade99cca725cSimo Sorce were queried. Most DNS administrators use <span><strong class="command">dig</strong></span> to

c6872e79e8496fd075e20aec0343ade99cca725cSimo Sorce troubleshoot DNS problems because of its flexibility, ease of use and

7c69221077c780e62f6c536e78675f2dc1c131bcMichal Zidek clarity of output. Other lookup tools tend to have less functionality

22a21e910fd216ec1468fe769dcc29f1621a52a4Ondrej Kos than <span><strong class="command">dig</strong></span>.

ab967283b710dfa05d11ee5b30c7ac916486ceecSimo Sorce </p>

ab967283b710dfa05d11ee5b30c7ac916486ceecSimo Sorce<p>

ab967283b710dfa05d11ee5b30c7ac916486ceecSimo Sorce Although <span><strong class="command">dig</strong></span> is normally used with

ab967283b710dfa05d11ee5b30c7ac916486ceecSimo Sorce command-line

233a3c6c48972b177e60d6ef4cecfacd3cf31659Simo Sorce arguments, it also has a batch mode of operation for reading lookup

c6872e79e8496fd075e20aec0343ade99cca725cSimo Sorce requests from a file. A brief summary of its command-line arguments

c6872e79e8496fd075e20aec0343ade99cca725cSimo Sorce and options is printed when the <code class="option">-h</code> option is given.

233a3c6c48972b177e60d6ef4cecfacd3cf31659Simo Sorce Unlike earlier versions, the BIND 9 implementation of

233a3c6c48972b177e60d6ef4cecfacd3cf31659Simo Sorce <span><strong class="command">dig</strong></span> allows multiple lookups to be issued

c9b0071bfcb8eb8c71e40248de46d23aceecc0f3Pavel Reichl from the

c9b0071bfcb8eb8c71e40248de46d23aceecc0f3Pavel Reichl command line.

c9b0071bfcb8eb8c71e40248de46d23aceecc0f3Pavel Reichl </p>

dfd71fc92db940b2892cc996911cec03d7b6c52bSimo Sorce<p>

f9961e5f82e0ef474d6492371bfdf9e74e208a99Pavel Březina Unless it is told to query a specific name server,

f9961e5f82e0ef474d6492371bfdf9e74e208a99Pavel Březina <span><strong class="command">dig</strong></span> will try each of the servers listed

e5f455afbc2d149527bfd08f4e89903a3a8da17aPavel Březina in

9cb46bc62f22e0104f1b41a423b014c281ef5fc2Jakub Hrozek <code class="filename">/etc/resolv.conf</code>.

9cb46bc62f22e0104f1b41a423b014c281ef5fc2Jakub Hrozek </p>

9cb46bc62f22e0104f1b41a423b014c281ef5fc2Jakub Hrozek<p>

7caf7ed4f2eae1ec1c0717b4ee6ce78bdacd5926Jakub Hrozek When no command line arguments or options are given,

dcc6877aa2e2dd63a9dc9c411a9c58feaeb36b9aStephen Gallagher <span><strong class="command">dig</strong></span> will perform an NS query for "." (the root).

bc30ce9b7d588a17e58012e699986f0d6898b791Pavel Březina </p>

b5ee224324b0158641d9b110f81d2bc6eddddc13Pavel Reichl<p>

2a96981a0ac781d01e5bba473409ed2bdf4cd4e0Jakub Hrozek It is possible to set per-user defaults for <span><strong class="command">dig</strong></span> via

e81deec535d11912b87954c81a1edd768c1386c9Jakub Hrozek <code class="filename">${HOME}/.digrc</code>. This file is read and

4dd38025efda88f123eac672f87d3cda12f050c8Jakub Hrozek any options in it

4dd38025efda88f123eac672f87d3cda12f050c8Jakub Hrozek are applied before the command line arguments.

0161a3c5637a0c0092bf54c436bb3d6508d7df26Jakub Hrozek </p>

0161a3c5637a0c0092bf54c436bb3d6508d7df26Jakub Hrozek<p>

10a28f461c25d788ff4dcffefa881e7aa724a25dPavel Březina The IN and CH class names overlap with the IN and CH top level

60cab26b12df9a2153823972cde0c38ca86e01b9Yassir Elley domains names. Either use the <code class="option">-t</code> and

1319e71fd1680ca4864afe0b1aca2b8c8e4a1ee4Stef Walter <code class="option">-c</code> options to specify the type and class,

0c1d65998907930678da2d091789446f2c344d5dJakub Hrozek use the <code class="option">-q</code> the specify the domain name, or

a2ea3f5d9ef9f17efbb61e942c2bc6cff7d1ebf2Jakub Hrozek use "IN." and "CH." when looking up these top level domains.

f3a25949de81f80c136bb073e4a8f504b080c20cJakub Hrozek </p>

8394eddba54b5d3e3fda868145e3751247bdbdb2Michal Zidek</div>

5a5c5cdeb92f4012fc75fd717bfea06598f68f12Pavel Reichl<div class="refsect1" lang="en">

804df4040eb142f82a44c019c7a55b5ce524583cMichal Zidek<a name="id2572147"></a><h2>SIMPLE USAGE</h2>

1243e093fd31c5660adf1bb3dd477d6935a755beJakub Hrozek<p>

1243e093fd31c5660adf1bb3dd477d6935a755beJakub Hrozek A typical invocation of <span><strong class="command">dig</strong></span> looks like:

82a958e6592c4a4078e45b7197bbe4751b70f511Pavel Reichl </p>

979e8d8d6ed444007eeff6be5269e8dc5d2bdf68Pavel Reichl<pre class="programlisting"> dig @server name type </pre>

05d935cc9d04f03522d0bb44598d22d99b085926Jakub Hrozek<p>

64ea4127f463798410a2c20e0261c6b15f60257fJakub Hrozek where:

64ea4127f463798410a2c20e0261c6b15f60257fJakub Hrozek

a8d887323f83984679a7d9b827a70146656bb7b2Sumit Bose </p>

b42bf6c0c01db08208fb81d8295a2909d307284aPavel Reichl<div class="variablelist"><dl>

9118a539a5d59f669f551114f880fe91d6bb8741Jakub Hrozek<dt><span class="term"><code class="constant">server</code></span></dt>

b5825c74b6bf7a99ae2172392dbecb51179013a6Jakub Hrozek<dd><p>

19e44537c28f6d5f011cd7ac885c74c1e892605fSimo Sorce is the name or IP address of the name server to query. This can

5f7cd30c865046a7ea69944f7e07c85b4c43465aSumit Bose be an IPv4

c30b7a1931211fdcae0564551a7625cc4f6dee9fJakub Hrozek address in dotted-decimal notation or an IPv6

e732d23f3ec986a463d757781a334040e03d1f59Jakub Hrozek address in colon-delimited notation. When the supplied

e732d23f3ec986a463d757781a334040e03d1f59Jakub Hrozek <em class="parameter"><code>server</code></em> argument is a

dd285415d7a8d8376207960cfa3e977524c3b98cJakub Hrozek hostname,

dd285415d7a8d8376207960cfa3e977524c3b98cJakub Hrozek <span><strong class="command">dig</strong></span> resolves that name before

beec1ee5799570f34a51ea57674c7291c15f7022Jakub Hrozek querying that name

fcbcfa69f9291936f01f24b5fcb5a7672dca46f3Jakub Hrozek server. If no <em class="parameter"><code>server</code></em>

4714118890e51b365fbce543d0a042b4b59b2b25Michal Zidek argument is provided,

efc65e78fa4e01e6cecc8690a9899af61213be62Fabiano Fidêncio <span><strong class="command">dig</strong></span> consults <code class="filename">/etc/resolv.conf</code>

41cd6072648bb7a9e14e56ed38004a2947f67657Jakub Hrozek and queries the name servers listed there. The reply from the

65a38b8c9cabde6c46cc0e9868f54cb9bb10afbfFabiano Fidêncio name

7171a7584dda534dde5409f3e7f4657e845ece15Fabiano Fidêncio server that responds is displayed.

d4757440418c7b73bbecec7e40baf6dfe8cc9460Sumit Bose </p></dd>

d4757440418c7b73bbecec7e40baf6dfe8cc9460Sumit Bose<dt><span class="term"><code class="constant">name</code></span></dt>

8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce<dd><p>

8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce is the name of the resource record that is to be looked up.

8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce </p></dd>

0c16d2eefbc6ac8331078a4cdcecfee817a71bc6Simo Sorce<dt><span class="term"><code class="constant">type</code></span></dt>

8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce<dd><p>

8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce indicates what type of query is required &#8212;

7650ded4ffa87fcf7ce5adf00920fecf89cffcf5Michal Zidek ANY, A, MX, SIG, etc.

8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce <em class="parameter"><code>type</code></em> can be any valid query

8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce type. If no

8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce <em class="parameter"><code>type</code></em> argument is supplied,

8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce <span><strong class="command">dig</strong></span> will perform a lookup for an

8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce A record.

8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce </p></dd>

8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce</dl></div>

8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce<p>

8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce </p>

8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce</div>

8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce<div class="refsect1" lang="en">

8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce<a name="id2572326"></a><h2>OPTIONS</h2>

8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce<p>

8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce The <code class="option">-b</code> option sets the source IP address of the query

8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce to <em class="parameter"><code>address</code></em>. This must be a valid

8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce address on

8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce one of the host's network interfaces or "0.0.0.0" or "::". An optional

port

may be specified by appending "#&lt;port&gt;"

</p>

<p>

The default query class (IN for internet) is overridden by the

<code class="option">-c</code> option. <em class="parameter"><code>class</code></em> is

any valid

class, such as HS for Hesiod records or CH for Chaosnet records.

</p>

<p>

The <code class="option">-f</code> option makes <span><strong class="command">dig </strong></span>

operate

in batch mode by reading a list of lookup requests to process from the

file <em class="parameter"><code>filename</code></em>. The file contains a

number of

queries, one per line. Each entry in the file should be organized in

the same way they would be presented as queries to

<span><strong class="command">dig</strong></span> using the command-line interface.

</p>

<p>

The <code class="option">-m</code> option enables memory usage debugging.

</p>

<p>

If a non-standard port number is to be queried, the

<code class="option">-p</code> option is used. <em class="parameter"><code>port#</code></em> is

the port number that <span><strong class="command">dig</strong></span> will send its

queries

instead of the standard DNS port number 53. This option would be used

to test a name server that has been configured to listen for queries

on a non-standard port number.

</p>

<p>

The <code class="option">-4</code> option forces <span><strong class="command">dig</strong></span>

to only

use IPv4 query transport. The <code class="option">-6</code> option forces

<span><strong class="command">dig</strong></span> to only use IPv6 query transport.

</p>

<p>

The <code class="option">-t</code> option sets the query type to

<em class="parameter"><code>type</code></em>. It can be any valid query type

which is

supported in BIND 9. The default query type is "A", unless the

<code class="option">-x</code> option is supplied to indicate a reverse lookup.

A zone transfer can be requested by specifying a type of AXFR. When

an incremental zone transfer (IXFR) is required,

<em class="parameter"><code>type</code></em> is set to <code class="literal">ixfr=N</code>.

The incremental zone transfer will contain the changes made to the zone

since the serial number in the zone's SOA record was

<em class="parameter"><code>N</code></em>.

</p>

<p>

The <code class="option">-q</code> option sets the query name to

<em class="parameter"><code>name</code></em>. This useful do distinguish the

<em class="parameter"><code>name</code></em> from other arguments.

</p>

<p>

Reverse lookups &#8212; mapping addresses to names &#8212; are simplified by the

<code class="option">-x</code> option. <em class="parameter"><code>addr</code></em> is

an IPv4

address in dotted-decimal notation, or a colon-delimited IPv6 address.

When this option is used, there is no need to provide the

<em class="parameter"><code>name</code></em>, <em class="parameter"><code>class</code></em> and

<em class="parameter"><code>type</code></em> arguments. <span><strong class="command">dig</strong></span>

automatically performs a lookup for a name like

<code class="literal">11.12.13.10.in-addr.arpa</code> and sets the

query type and

class to PTR and IN respectively. By default, IPv6 addresses are

looked up using nibble format under the IP6.ARPA domain.

To use the older RFC1886 method using the IP6.INT domain

specify the <code class="option">-i</code> option. Bit string labels (RFC2874)

are now experimental and are not attempted.

</p>

<p>

To sign the DNS queries sent by <span><strong class="command">dig</strong></span> and

their

responses using transaction signatures (TSIG), specify a TSIG key file

using the <code class="option">-k</code> option. You can also specify the TSIG

key itself on the command line using the <code class="option">-y</code> option;

<em class="parameter"><code>hmac</code></em> is the type of the TSIG, default HMAC-MD5,

<em class="parameter"><code>name</code></em> is the name of the TSIG key and

<em class="parameter"><code>key</code></em> is the actual key. The key is a

base-64

encoded string, typically generated by

<span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>.

Caution should be taken when using the <code class="option">-y</code> option on

multi-user systems as the key can be visible in the output from

<span class="citerefentry"><span class="refentrytitle">ps</span>(1)</span>

or in the shell's history file. When

using TSIG authentication with <span><strong class="command">dig</strong></span>, the name

server that is queried needs to know the key and algorithm that is

being used. In BIND, this is done by providing appropriate

<span><strong class="command">key</strong></span> and <span><strong class="command">server</strong></span> statements in

<code class="filename">named.conf</code>.

</p>

</div>

<div class="refsect1" lang="en">

<a name="id2631446"></a><h2>QUERY OPTIONS</h2>

<p><span><strong class="command">dig</strong></span>

provides a number of query options which affect

the way in which lookups are made and the results displayed. Some of

these set or reset flag bits in the query header, some determine which

sections of the answer get printed, and others determine the timeout

and retry strategies.

</p>

<p>

Each query option is identified by a keyword preceded by a plus sign

(<code class="literal">+</code>). Some keywords set or reset an

option. These may be preceded

by the string <code class="literal">no</code> to negate the meaning of

that keyword. Other

keywords assign values to options like the timeout interval. They

have the form <code class="option">+keyword=value</code>.

The query options are:

</p>

<div class="variablelist"><dl>

<dt><span class="term"><code class="option">+[no]tcp</code></span></dt>

<dd><p>

Use [do not use] TCP when querying name servers. The default

behavior is to use UDP unless an AXFR or IXFR query is

requested, in

which case a TCP connection is used.

</p></dd>

<dt><span class="term"><code class="option">+[no]vc</code></span></dt>

<dd><p>

Use [do not use] TCP when querying name servers. This alternate

syntax to <em class="parameter"><code>+[no]tcp</code></em> is

provided for backwards

compatibility. The "vc" stands for "virtual circuit".

</p></dd>

<dt><span class="term"><code class="option">+[no]ignore</code></span></dt>

<dd><p>

Ignore truncation in UDP responses instead of retrying with TCP.

By

default, TCP retries are performed.

</p></dd>

<dt><span class="term"><code class="option">+domain=somename</code></span></dt>

<dd><p>

Set the search list to contain the single domain

<em class="parameter"><code>somename</code></em>, as if specified in

a

<span><strong class="command">domain</strong></span> directive in

<code class="filename">/etc/resolv.conf</code>, and enable

search list

processing as if the <em class="parameter"><code>+search</code></em>

option were given.

</p></dd>

<dt><span class="term"><code class="option">+[no]search</code></span></dt>

<dd><p>

Use [do not use] the search list defined by the searchlist or

domain

directive in <code class="filename">resolv.conf</code> (if

any).

The search list is not used by default.

</p></dd>

<dt><span class="term"><code class="option">+[no]showsearch</code></span></dt>

<dd><p>

Perform [do not perform] a search showing intermediate

results.

</p></dd>

<dt><span class="term"><code class="option">+[no]defname</code></span></dt>

<dd><p>

Deprecated, treated as a synonym for <em class="parameter"><code>+[no]search</code></em>

</p></dd>

<dt><span class="term"><code class="option">+[no]aaonly</code></span></dt>

<dd><p>

Sets the "aa" flag in the query.

</p></dd>

<dt><span class="term"><code class="option">+[no]aaflag</code></span></dt>

<dd><p>

A synonym for <em class="parameter"><code>+[no]aaonly</code></em>.

</p></dd>

<dt><span class="term"><code class="option">+[no]adflag</code></span></dt>

<dd><p>

Set [do not set] the AD (authentic data) bit in the

query. This requests the server to return whether

all of the answer and authority sections have all

been validated as secure according to the security

policy of the server. AD=1 indicates that all records

have been validated as secure and the answer is not

from a OPT-OUT range. AD=0 indicate that some part

of the answer was insecure or not validated.

</p></dd>

<dt><span class="term"><code class="option">+[no]cdflag</code></span></dt>

<dd><p>

Set [do not set] the CD (checking disabled) bit in the query.

This

requests the server to not perform DNSSEC validation of

responses.

</p></dd>

<dt><span class="term"><code class="option">+[no]cl</code></span></dt>

<dd><p>

Display [do not display] the CLASS when printing the record.

</p></dd>

<dt><span class="term"><code class="option">+[no]ttlid</code></span></dt>

<dd><p>

Display [do not display] the TTL when printing the record.

</p></dd>

<dt><span class="term"><code class="option">+[no]recurse</code></span></dt>

<dd><p>

Toggle the setting of the RD (recursion desired) bit in the

query.

This bit is set by default, which means <span><strong class="command">dig</strong></span>

normally sends recursive queries. Recursion is automatically

disabled

when the <em class="parameter"><code>+nssearch</code></em> or

<em class="parameter"><code>+trace</code></em> query options are

used.

</p></dd>

<dt><span class="term"><code class="option">+[no]nssearch</code></span></dt>

<dd><p>

When this option is set, <span><strong class="command">dig</strong></span>

attempts to find the

authoritative name servers for the zone containing the name

being

looked up and display the SOA record that each name server has

for the

zone.

</p></dd>

<dt><span class="term"><code class="option">+[no]trace</code></span></dt>

<dd><p>

Toggle tracing of the delegation path from the root name servers

for

the name being looked up. Tracing is disabled by default. When

tracing is enabled, <span><strong class="command">dig</strong></span> makes

iterative queries to

resolve the name being looked up. It will follow referrals from

the

root servers, showing the answer from each server that was used

to

resolve the lookup.

</p></dd>

<dt><span class="term"><code class="option">+[no]cmd</code></span></dt>

<dd><p>

Toggles the printing of the initial comment in the output

identifying

the version of <span><strong class="command">dig</strong></span> and the query

options that have

been applied. This comment is printed by default.

</p></dd>

<dt><span class="term"><code class="option">+[no]short</code></span></dt>

<dd><p>

Provide a terse answer. The default is to print the answer in a

verbose form.

</p></dd>

<dt><span class="term"><code class="option">+[no]identify</code></span></dt>

<dd><p>

Show [or do not show] the IP address and port number that

supplied the

answer when the <em class="parameter"><code>+short</code></em> option

is enabled. If

short form answers are requested, the default is not to show the

source address and port number of the server that provided the

answer.

</p></dd>

<dt><span class="term"><code class="option">+[no]comments</code></span></dt>

<dd><p>

Toggle the display of comment lines in the output. The default

is to

print comments.

</p></dd>

<dt><span class="term"><code class="option">+[no]stats</code></span></dt>

<dd><p>

This query option toggles the printing of statistics: when the

query

was made, the size of the reply and so on. The default

behavior is

to print the query statistics.

</p></dd>

<dt><span class="term"><code class="option">+[no]qr</code></span></dt>

<dd><p>

Print [do not print] the query as it is sent.

By default, the query is not printed.

</p></dd>

<dt><span class="term"><code class="option">+[no]question</code></span></dt>

<dd><p>

Print [do not print] the question section of a query when an

answer is

returned. The default is to print the question section as a

comment.

</p></dd>

<dt><span class="term"><code class="option">+[no]answer</code></span></dt>

<dd><p>

Display [do not display] the answer section of a reply. The

default

is to display it.

</p></dd>

<dt><span class="term"><code class="option">+[no]authority</code></span></dt>

<dd><p>

Display [do not display] the authority section of a reply. The

default is to display it.

</p></dd>

<dt><span class="term"><code class="option">+[no]additional</code></span></dt>

<dd><p>

Display [do not display] the additional section of a reply.

The default is to display it.

</p></dd>

<dt><span class="term"><code class="option">+[no]all</code></span></dt>

<dd><p>

Set or clear all display flags.

</p></dd>

<dt><span class="term"><code class="option">+time=T</code></span></dt>

<dd><p>

Sets the timeout for a query to

<em class="parameter"><code>T</code></em> seconds. The default

timeout is 5 seconds.

An attempt to set <em class="parameter"><code>T</code></em> to less

than 1 will result

in a query timeout of 1 second being applied.

</p></dd>

<dt><span class="term"><code class="option">+tries=T</code></span></dt>

<dd><p>

Sets the number of times to try UDP queries to server to

<em class="parameter"><code>T</code></em> instead of the default, 3.

If

<em class="parameter"><code>T</code></em> is less than or equal to

zero, the number of

tries is silently rounded up to 1.

</p></dd>

<dt><span class="term"><code class="option">+retry=T</code></span></dt>

<dd><p>

Sets the number of times to retry UDP queries to server to

<em class="parameter"><code>T</code></em> instead of the default, 2.

Unlike

<em class="parameter"><code>+tries</code></em>, this does not include

the initial

query.

</p></dd>

<dt><span class="term"><code class="option">+ndots=D</code></span></dt>

<dd><p>

Set the number of dots that have to appear in

<em class="parameter"><code>name</code></em> to <em class="parameter"><code>D</code></em> for it to be

considered absolute. The default value is that defined using

the

ndots statement in <code class="filename">/etc/resolv.conf</code>, or 1 if no

ndots statement is present. Names with fewer dots are

interpreted as

relative names and will be searched for in the domains listed in

the

<code class="option">search</code> or <code class="option">domain</code> directive in

<code class="filename">/etc/resolv.conf</code>.

</p></dd>

<dt><span class="term"><code class="option">+bufsize=B</code></span></dt>

<dd><p>

Set the UDP message buffer size advertised using EDNS0 to

<em class="parameter"><code>B</code></em> bytes. The maximum and minimum sizes

of this buffer are 65535 and 0 respectively. Values outside

this range are rounded up or down appropriately.

Values other than zero will cause a EDNS query to be sent.

</p></dd>

<dt><span class="term"><code class="option">+edns=#</code></span></dt>

<dd><p>

Specify the EDNS version to query with. Valid values

are 0 to 255. Setting the EDNS version will cause a

EDNS query to be sent. <code class="option">+noedns</code> clears the

remembered EDNS version.

</p></dd>

<dt><span class="term"><code class="option">+[no]multiline</code></span></dt>

<dd><p>

Print records like the SOA records in a verbose multi-line

format with human-readable comments. The default is to print

each record on a single line, to facilitate machine parsing

of the <span><strong class="command">dig</strong></span> output.

</p></dd>

<dt><span class="term"><code class="option">+[no]fail</code></span></dt>

<dd><p>

Do not try the next server if you receive a SERVFAIL. The

default is

to not try the next server which is the reverse of normal stub

resolver

behavior.

</p></dd>

<dt><span class="term"><code class="option">+[no]besteffort</code></span></dt>

<dd><p>

Attempt to display the contents of messages which are malformed.

The default is to not display malformed answers.

</p></dd>

<dt><span class="term"><code class="option">+[no]dnssec</code></span></dt>

<dd><p>

Requests DNSSEC records be sent by setting the DNSSEC OK bit

(DO)

in the OPT record in the additional section of the query.

</p></dd>

<dt><span class="term"><code class="option">+[no]sigchase</code></span></dt>

<dd><p>

Chase DNSSEC signature chains. Requires dig be compiled with

-DDIG_SIGCHASE.

</p></dd>

<dt><span class="term"><code class="option">+trusted-key=####</code></span></dt>

<dd>

<p>

Specifies a file containing trusted keys to be used with

<code class="option">+sigchase</code>. Each DNSKEY record must be

on its own line.

</p>

<p>

If not specified, <span><strong class="command">dig</strong></span> will look for

<code class="filename">/etc/trusted-key.key</code> then

<code class="filename">trusted-key.key</code> in the current directory.

</p>

<p>

Requires dig be compiled with -DDIG_SIGCHASE.

</p>

</dd>

<dt><span class="term"><code class="option">+[no]topdown</code></span></dt>

<dd><p>

When chasing DNSSEC signature chains perform a top-down

validation.

Requires dig be compiled with -DDIG_SIGCHASE.

</p></dd>

<dt><span class="term"><code class="option">+[no]nsid</code></span></dt>

<dd><p>

Include an EDNS name server ID request when sending a query.

</p></dd>

</dl></div>

<p>

</p>

</div>

<div class="refsect1" lang="en">

<a name="id2632378"></a><h2>MULTIPLE QUERIES</h2>

<p>

The BIND 9 implementation of <span><strong class="command">dig </strong></span>

supports

specifying multiple queries on the command line (in addition to

supporting the <code class="option">-f</code> batch file option). Each of those

queries can be supplied with its own set of flags, options and query

options.

</p>

<p>

In this case, each <em class="parameter"><code>query</code></em> argument

represent an

individual query in the command-line syntax described above. Each

consists of any of the standard options and flags, the name to be

looked up, an optional query type and class and any query options that

should be applied to that query.

</p>

<p>

A global set of query options, which should be applied to all queries,

can also be supplied. These global query options must precede the

first tuple of name, class, type, options, flags, and query options

supplied on the command line. Any global query options (except

the <code class="option">+[no]cmd</code> option) can be

overridden by a query-specific set of query options. For example:

</p>

<pre class="programlisting">

dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr

</pre>

<p>

shows how <span><strong class="command">dig</strong></span> could be used from the

command line

to make three lookups: an ANY query for <code class="literal">www.isc.org</code>, a

reverse lookup of 127.0.0.1 and a query for the NS records of

<code class="literal">isc.org</code>.

A global query option of <em class="parameter"><code>+qr</code></em> is

applied, so

that <span><strong class="command">dig</strong></span> shows the initial query it made

for each

lookup. The final query has a local query option of

<em class="parameter"><code>+noqr</code></em> which means that <span><strong class="command">dig</strong></span>

will not print the initial query when it looks up the NS records for

<code class="literal">isc.org</code>.

</p>

</div>

<div class="refsect1" lang="en">

<a name="id2632532"></a><h2>IDN SUPPORT</h2>

<p>

If <span><strong class="command">dig</strong></span> has been built with IDN (internationalized

domain name) support, it can accept and display non-ASCII domain names.

<span><strong class="command">dig</strong></span> appropriately converts character encoding of

domain name before sending a request to DNS server or displaying a

reply from the server.

If you'd like to turn off the IDN support for some reason, defines

the <code class="envar">IDN_DISABLE</code> environment variable.

The IDN support is disabled if the variable is set when

<span><strong class="command">dig</strong></span> runs.

</p>

</div>

<div class="refsect1" lang="en">

<a name="id2632561"></a><h2>FILES</h2>

<p><code class="filename">/etc/resolv.conf</code>

</p>

<p><code class="filename">${HOME}/.digrc</code>

</p>

</div>

<div class="refsect1" lang="en">

<a name="id2632650"></a><h2>SEE ALSO</h2>

<p><span class="citerefentry"><span class="refentrytitle">host</span>(1)</span>,

<span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,

<span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,

<em class="citetitle">RFC1035</em>.

</p>

</div>

<div class="refsect1" lang="en">

<a name="id2632688"></a><h2>BUGS</h2>

<p>

There are probably too many query options.

</p>

</div>

</div>

<div class="navfooter">

<hr>

<table width="100%" summary="Navigation footer">

<tr>

<td width="40%" align="left">

<a accesskey="p" href="Bv9ARM.ch10.html">Prev</a>�</td>

<td width="20%" align="center"><a accesskey="u" href="Bv9ARM.ch10.html">Up</a></td>

<td width="40%" align="right">�<a accesskey="n" href="man.host.html">Next</a>

</td>

</tr>

<tr>

<td width="40%" align="left" valign="top">Manual pages�</td>

<td width="20%" align="center"><a accesskey="h" href="Bv9ARM.html">Home</a></td>

<td width="40%" align="right" valign="top">�host</td>

</tr>

</table>

</div>

</body>

</html>