man.dig.html revision 8402f7bfea6ee33172c27e95965460b9c4e1b4da
431a83fb29482c5170b3e4026e59bb14849a6707Tinderbox User - Copyright (C) 2004-2015 Internet Systems Consortium, Inc. ("ISC")
fcb54ce0a4f7377486df5bec83b3aa4711bf4131Mark Andrews - Copyright (C) 2000-2003 Internet Software Consortium.
ec5347e2c775f027573ce5648b910361aa926c01Automatic Updater - Permission to use, copy, modify, and/or distribute this software for any
66bd3b3c6b171271c705b897823dcdcf29464698Michael Graff - purpose with or without fee is hereby granted, provided that the above
66bd3b3c6b171271c705b897823dcdcf29464698Michael Graff - copyright notice and this permission notice appear in all copies.
dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews - PERFORMANCE OF THIS SOFTWARE.
b239c8294a5653d21876d084e0c5b029f6b9fc5dMichael Graff<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
ab023a65562e62b85a824509d829b6fad87e00b1Rob Austein<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
c803787146cadcb2d7e10cbf4491f3be513dfa1aMichael Graff<link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff<link rel="up" href="Bv9ARM.ch13.html" title="Manual pages">
8cdfd17426179ae6f629a9b7475d46a22f535047Bob Halley<link rel="prev" href="Bv9ARM.ch13.html" title="Manual pages">
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff<link rel="next" href="man.host.html" title="host">
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
66bd3b3c6b171271c705b897823dcdcf29464698Michael Graff<table width="100%" summary="Navigation header">
058eeac2105c39e7cb31fb75ee0b473717ec3bbcMark Andrews<tr><th colspan="3" align="center">dig</th></tr>
5fca48054b5e791a2fa0c5015bc3b6fef4fcdce1Andreas Gustafsson<a accesskey="p" href="Bv9ARM.ch13.html">Prev</a>�</td>
f181f94ec8da8b1dbcc6353e8be965ea4a5ea282Michael Graff<th width="60%" align="center">Manual pages</th>
d9059b0c38bd630c367d81424d72b1308cd74b04Tatuya JINMEI 神明達哉<td width="20%" align="right">�<a accesskey="n" href="man.host.html">Next</a>
86944a4c8002e80ae9b6eb5a5e29b797879be45fMichael Graff<a name="man.dig"></a><div class="titlepage"></div>
09f22ac5b09e70bc526015f37168ba33e21ea91fDavid Lawrence<div class="cmdsynopsis"><p><code class="command">dig</code> [@server] [<code class="option">-b <em class="replaceable"><code>address</code></em></code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-f <em class="replaceable"><code>filename</code></em></code>] [<code class="option">-k <em class="replaceable"><code>filename</code></em></code>] [<code class="option">-m</code>] [<code class="option">-p <em class="replaceable"><code>port#</code></em></code>] [<code class="option">-q <em class="replaceable"><code>name</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-v</code>] [<code class="option">-x <em class="replaceable"><code>addr</code></em></code>] [<code class="option">-y <em class="replaceable"><code>[<span class="optional">hmac:</span>]name:key</code></em></code>] [<code class="option">-4</code>] [<code class="option">-6</code>] [name] [type] [class] [queryopt...]</p></div>
8907d8fa04fdaa65baf0bc6b01230b2ebde93106Mark Andrews<div class="cmdsynopsis"><p><code class="command">dig</code> [<code class="option">-h</code>]</p></div>
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff<div class="cmdsynopsis"><p><code class="command">dig</code> [global-queryopt...] [query...]</p></div>
b239c8294a5653d21876d084e0c5b029f6b9fc5dMichael Graff<p><span><strong class="command">dig</strong></span>
b239c8294a5653d21876d084e0c5b029f6b9fc5dMichael Graff (domain information groper) is a flexible tool
31fab17bcdbe302592a6c0dc5374ef56333ee879Michael Graff for interrogating DNS name servers. It performs DNS lookups and
b239c8294a5653d21876d084e0c5b029f6b9fc5dMichael Graff displays the answers that are returned from the name server(s) that
bcf369e513a1cc2209e2a987f5772afa79813540Mark Andrews were queried. Most DNS administrators use <span><strong class="command">dig</strong></span> to
b239c8294a5653d21876d084e0c5b029f6b9fc5dMichael Graff troubleshoot DNS problems because of its flexibility, ease of use and
b239c8294a5653d21876d084e0c5b029f6b9fc5dMichael Graff clarity of output. Other lookup tools tend to have less functionality
b239c8294a5653d21876d084e0c5b029f6b9fc5dMichael Graff than <span><strong class="command">dig</strong></span>.
b239c8294a5653d21876d084e0c5b029f6b9fc5dMichael Graff Although <span><strong class="command">dig</strong></span> is normally used with
ab023a65562e62b85a824509d829b6fad87e00b1Rob Austein arguments, it also has a batch mode of operation for reading lookup
3115cd89bc1e1fd3ecc4705d253e3484a3f5c555Michael Graff requests from a file. A brief summary of its command-line arguments
d947011dc393d9f9988d1349d585b246d19cc3c7Michael Graff and options is printed when the <code class="option">-h</code> option is given.
49a940dc68b30d9e4f9e1bd3c0503d8b90bb1726Mark Andrews Unlike earlier versions, the BIND 9 implementation of
d947011dc393d9f9988d1349d585b246d19cc3c7Michael Graff <span><strong class="command">dig</strong></span> allows multiple lookups to be issued
b239c8294a5653d21876d084e0c5b029f6b9fc5dMichael Graff command line.
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff Unless it is told to query a specific name server,
b239c8294a5653d21876d084e0c5b029f6b9fc5dMichael Graff <span><strong class="command">dig</strong></span> will try each of the servers listed in
b239c8294a5653d21876d084e0c5b029f6b9fc5dMichael Graff <code class="filename">/etc/resolv.conf</code>. If no usable server addresses
b239c8294a5653d21876d084e0c5b029f6b9fc5dMichael Graff are found, <span><strong class="command">dig</strong></span> will send the query to the local
b239c8294a5653d21876d084e0c5b029f6b9fc5dMichael Graff When no command line arguments or options are given,
b239c8294a5653d21876d084e0c5b029f6b9fc5dMichael Graff <span><strong class="command">dig</strong></span> will perform an NS query for "." (the root).
b239c8294a5653d21876d084e0c5b029f6b9fc5dMichael Graff It is possible to set per-user defaults for <span><strong class="command">dig</strong></span> via
213973a334f92d4aef4ef62b4538fc2e4d0e8082Michael Graff <code class="filename">${HOME}/.digrc</code>. This file is read and
b239c8294a5653d21876d084e0c5b029f6b9fc5dMichael Graff any options in it
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff are applied before the command line arguments.
213973a334f92d4aef4ef62b4538fc2e4d0e8082Michael Graff The IN and CH class names overlap with the IN and CH top level
11fcc67616fac1bc6a28b3d4fed24641137888e7Michael Graff domain names. Either use the <code class="option">-t</code> and
ff9bb3fc5453bbf310b67c560fbf04a5c0fb60daMichael Graff <code class="option">-c</code> options to specify the type and class,
bcf369e513a1cc2209e2a987f5772afa79813540Mark Andrews use the <code class="option">-q</code> the specify the domain name, or
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff use "IN." and "CH." when looking up these top level domains.
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater A typical invocation of <span><strong class="command">dig</strong></span> looks like:
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater<pre class="programlisting"> dig @server name type </pre>
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater<dt><span class="term"><code class="constant">server</code></span></dt>
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater is the name or IP address of the name server to query. This
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater can be an IPv4 address in dotted-decimal notation or an IPv6
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater address in colon-delimited notation. When the supplied
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater <em class="parameter"><code>server</code></em> argument is a hostname,
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater <span><strong class="command">dig</strong></span> resolves that name before querying
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater that name server.
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater If no <em class="parameter"><code>server</code></em> argument is
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater provided, <span><strong class="command">dig</strong></span> consults
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater <code class="filename">/etc/resolv.conf</code>; if an
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater address is found there, it queries the name server at
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater that address. If either of the <code class="option">-4</code> or
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater <code class="option">-6</code> options are in use, then
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater only addresses for the corresponding transport
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater will be tried. If no usable addresses are found,
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater <span><strong class="command">dig</strong></span> will send the query to the
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater local host. The reply from the name server that
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater responds is displayed.
82f77687abd21349fa7c7f51e71fdc0c7367d2e2Mark Andrews<dt><span class="term"><code class="constant">name</code></span></dt>
82f77687abd21349fa7c7f51e71fdc0c7367d2e2Mark Andrews is the name of the resource record that is to be looked up.
82f77687abd21349fa7c7f51e71fdc0c7367d2e2Mark Andrews<dt><span class="term"><code class="constant">type</code></span></dt>
82f77687abd21349fa7c7f51e71fdc0c7367d2e2Mark Andrews indicates what type of query is required —
82f77687abd21349fa7c7f51e71fdc0c7367d2e2Mark Andrews ANY, A, MX, SIG, etc.
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater <em class="parameter"><code>type</code></em> can be any valid query
82f77687abd21349fa7c7f51e71fdc0c7367d2e2Mark Andrews <em class="parameter"><code>type</code></em> argument is supplied,
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater <span><strong class="command">dig</strong></span> will perform a lookup for an
82f77687abd21349fa7c7f51e71fdc0c7367d2e2Mark Andrews The <code class="option">-b</code> option sets the source IP address of the query
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater to <em class="parameter"><code>address</code></em>. This must be a valid
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater one of the host's network interfaces or "0.0.0.0" or "::". An optional
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater may be specified by appending "#<port>"
82f77687abd21349fa7c7f51e71fdc0c7367d2e2Mark Andrews The default query class (IN for internet) is overridden by the
82f77687abd21349fa7c7f51e71fdc0c7367d2e2Mark Andrews <code class="option">-c</code> option. <em class="parameter"><code>class</code></em> is
66bd3b3c6b171271c705b897823dcdcf29464698Michael Graff class, such as HS for Hesiod records or CH for Chaosnet records.
8cdfd17426179ae6f629a9b7475d46a22f535047Bob Halley The <code class="option">-f</code> option makes <span><strong class="command">dig </strong></span>
ab023a65562e62b85a824509d829b6fad87e00b1Rob Austein in batch mode by reading a list of lookup requests to process from the
11fcc67616fac1bc6a28b3d4fed24641137888e7Michael Graff file <em class="parameter"><code>filename</code></em>. The file contains a
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater queries, one per line. Each entry in the file should be organized in
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater the same way they would be presented as queries to
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater <span><strong class="command">dig</strong></span> using the command-line interface.
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater The <code class="option">-m</code> option enables memory usage debugging.
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater If a non-standard port number is to be queried, the
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater <code class="option">-p</code> option is used. <em class="parameter"><code>port#</code></em> is
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater the port number that <span><strong class="command">dig</strong></span> will send its
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater instead of the standard DNS port number 53. This option would be used
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater to test a name server that has been configured to listen for queries
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater on a non-standard port number.
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater The <code class="option">-4</code> option forces <span><strong class="command">dig</strong></span>
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater use IPv4 query transport. The <code class="option">-6</code> option forces
11fcc67616fac1bc6a28b3d4fed24641137888e7Michael Graff <span><strong class="command">dig</strong></span> to only use IPv6 query transport.
bb143613cf26e0f27dfd9caf1a7336065d064b26Michael Graff The <code class="option">-t</code> option sets the query type to
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater <em class="parameter"><code>type</code></em>. It can be any valid query type
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater supported in BIND 9. The default query type is "A", unless the
bb143613cf26e0f27dfd9caf1a7336065d064b26Michael Graff <code class="option">-x</code> option is supplied to indicate a reverse lookup.
bb143613cf26e0f27dfd9caf1a7336065d064b26Michael Graff A zone transfer can be requested by specifying a type of AXFR. When
ab023a65562e62b85a824509d829b6fad87e00b1Rob Austein an incremental zone transfer (IXFR) is required,
11fcc67616fac1bc6a28b3d4fed24641137888e7Michael Graff <em class="parameter"><code>type</code></em> is set to <code class="literal">ixfr=N</code>.
11fcc67616fac1bc6a28b3d4fed24641137888e7Michael Graff The incremental zone transfer will contain the changes made to the zone
11fcc67616fac1bc6a28b3d4fed24641137888e7Michael Graff since the serial number in the zone's SOA record was
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater The <code class="option">-q</code> option sets the query name to
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater <em class="parameter"><code>name</code></em>. This is useful to distinguish the
66bd3b3c6b171271c705b897823dcdcf29464698Michael Graff <em class="parameter"><code>name</code></em> from other arguments.
bcf369e513a1cc2209e2a987f5772afa79813540Mark Andrews The <code class="option">-v</code> causes <span><strong class="command">dig</strong></span> to
11fcc67616fac1bc6a28b3d4fed24641137888e7Michael Graff print the version number and exit.
bcf369e513a1cc2209e2a987f5772afa79813540Mark Andrews Reverse lookups — mapping addresses to names — are simplified by the
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater <code class="option">-x</code> option. <em class="parameter"><code>addr</code></em> is
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater address in dotted-decimal notation, or a colon-delimited IPv6 address.
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater When this option is used, there is no need to provide the
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater <em class="parameter"><code>name</code></em>, <em class="parameter"><code>class</code></em> and
11fcc67616fac1bc6a28b3d4fed24641137888e7Michael Graff <em class="parameter"><code>type</code></em> arguments. <span><strong class="command">dig</strong></span>
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater automatically performs a lookup for a name like
11fcc67616fac1bc6a28b3d4fed24641137888e7Michael Graff <code class="literal">11.12.13.10.in-addr.arpa</code> and sets the
11fcc67616fac1bc6a28b3d4fed24641137888e7Michael Graff query type and
ab023a65562e62b85a824509d829b6fad87e00b1Rob Austein class to PTR and IN respectively. By default, IPv6 addresses are
11fcc67616fac1bc6a28b3d4fed24641137888e7Michael Graff looked up using nibble format under the IP6.ARPA domain.
57ecc983c0b37ce7dbccf28f44c6bffdfd6491f7Andreas Gustafsson To use the older RFC1886 method using the IP6.INT domain
57ecc983c0b37ce7dbccf28f44c6bffdfd6491f7Andreas Gustafsson specify the <code class="option">-i</code> option. Bit string labels (RFC2874)
11fcc67616fac1bc6a28b3d4fed24641137888e7Michael Graff are now experimental and are not attempted.
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater To sign the DNS queries sent by <span><strong class="command">dig</strong></span> and
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater responses using transaction signatures (TSIG), specify a TSIG key file
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater using the <code class="option">-k</code> option. You can also specify the TSIG
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater key itself on the command line using the <code class="option">-y</code> option;
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater <em class="parameter"><code>hmac</code></em> is the type of the TSIG, default HMAC-MD5,
8e15d5eb3a000f1341e6bea0ddbc28d6dd2a0591Mark Andrews <em class="parameter"><code>name</code></em> is the name of the TSIG key and
8e15d5eb3a000f1341e6bea0ddbc28d6dd2a0591Mark Andrews <em class="parameter"><code>key</code></em> is the actual key. The key is a
8e15d5eb3a000f1341e6bea0ddbc28d6dd2a0591Mark Andrews encoded string, typically generated by
8e15d5eb3a000f1341e6bea0ddbc28d6dd2a0591Mark Andrews <span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>.
8e15d5eb3a000f1341e6bea0ddbc28d6dd2a0591Mark Andrews Caution should be taken when using the <code class="option">-y</code> option on
8e15d5eb3a000f1341e6bea0ddbc28d6dd2a0591Mark Andrews multi-user systems as the key can be visible in the output from
8e15d5eb3a000f1341e6bea0ddbc28d6dd2a0591Mark Andrews <span class="citerefentry"><span class="refentrytitle">ps</span>(1)</span>
8e15d5eb3a000f1341e6bea0ddbc28d6dd2a0591Mark Andrews or in the shell's history file. When
8e15d5eb3a000f1341e6bea0ddbc28d6dd2a0591Mark Andrews using TSIG authentication with <span><strong class="command">dig</strong></span>, the name
8e15d5eb3a000f1341e6bea0ddbc28d6dd2a0591Mark Andrews server that is queried needs to know the key and algorithm that is
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater being used. In BIND, this is done by providing appropriate
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater <span><strong class="command">key</strong></span> and <span><strong class="command">server</strong></span> statements in
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater<a name="id2667292"></a><h2>QUERY OPTIONS</h2>
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater<p><span><strong class="command">dig</strong></span>
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater provides a number of query options which affect
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater the way in which lookups are made and the results displayed. Some of
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater these set or reset flag bits in the query header, some determine which
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater sections of the answer get printed, and others determine the timeout
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater and retry strategies.
11fcc67616fac1bc6a28b3d4fed24641137888e7Michael Graff Each query option is identified by a keyword preceded by a plus sign
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff (<code class="literal">+</code>). Some keywords set or reset an
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff option. These may be preceded
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff by the string <code class="literal">no</code> to negate the meaning of
439c0011e642fb1d26011116144af698125262dbMichael Graff that keyword. Other
439c0011e642fb1d26011116144af698125262dbMichael Graff keywords assign values to options like the timeout interval. They
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater have the form <code class="option">+keyword=value</code>.
439c0011e642fb1d26011116144af698125262dbMichael Graff The query options are:
439c0011e642fb1d26011116144af698125262dbMichael Graff<dt><span class="term"><code class="option">+[no]aaflag</code></span></dt>
c803787146cadcb2d7e10cbf4491f3be513dfa1aMichael Graff A synonym for <em class="parameter"><code>+[no]aaonly</code></em>.
d98c74e2ec5b96bd22aa4ed6d893e8993787493bMichael Graff<dt><span class="term"><code class="option">+[no]aaonly</code></span></dt>
ff9bb3fc5453bbf310b67c560fbf04a5c0fb60daMichael Graff Sets the "aa" flag in the query.
439c0011e642fb1d26011116144af698125262dbMichael Graff<dt><span class="term"><code class="option">+[no]additional</code></span></dt>
439c0011e642fb1d26011116144af698125262dbMichael Graff Display [do not display] the additional section of a
c82bb6a709abe89c051485b49403ef5bad1b756cTatuya JINMEI 神明達哉 reply. The default is to display it.
dd95acdbce0e2a2775391709cdfca0a9eda7e8f7Mark Andrews<dt><span class="term"><code class="option">+[no]adflag</code></span></dt>
5fca48054b5e791a2fa0c5015bc3b6fef4fcdce1Andreas Gustafsson Set [do not set] the AD (authentic data) bit in the
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater query. This requests the server to return whether
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater all of the answer and authority sections have all
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater been validated as secure according to the security
c803787146cadcb2d7e10cbf4491f3be513dfa1aMichael Graff policy of the server. AD=1 indicates that all records
1c3bc66ada38236cc81c41b7174a9f0a872c9ab6Michael Graff have been validated as secure and the answer is not
e34efaccfaab4dbbe45edd0a58e2b6e930e5784bMichael Graff from a OPT-OUT range. AD=0 indicate that some part
e34efaccfaab4dbbe45edd0a58e2b6e930e5784bMichael Graff of the answer was insecure or not validated. This
78bf1ca89505820ed7b03be4bf0c0b53b557f3cdAndreas Gustafsson bit is set by default.
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater<dt><span class="term"><code class="option">+[no]all</code></span></dt>
27fe1966c948ba0c1c9d0d831ea3d8bf32d052acTatuya JINMEI 神明達哉 Set or clear all display flags.
c82bb6a709abe89c051485b49403ef5bad1b756cTatuya JINMEI 神明達哉<dt><span class="term"><code class="option">+[no]answer</code></span></dt>
4281fe4a80af7402613f0d5c3eeff8829a4ede1fMichael Graff Display [do not display] the answer section of a
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater reply. The default is to display it.
c82bb6a709abe89c051485b49403ef5bad1b756cTatuya JINMEI 神明達哉<dt><span class="term"><code class="option">+[no]authority</code></span></dt>
4abed3e3563c7ad346178433130e6d150d3ffeafBob Halley Display [do not display] the authority section of a
14b98cb34eda66c87ce41a207704a2c232280eafMichael Graff reply. The default is to display it.
49a940dc68b30d9e4f9e1bd3c0503d8b90bb1726Mark Andrews<dt><span class="term"><code class="option">+[no]besteffort</code></span></dt>
a253e35c2451818fb39f9b808c7641adb5275fb3Michael Graff Attempt to display the contents of messages which are
651228967966ba4fb2e52f92d1207c790af4b130Michael Graff malformed. The default is to not display malformed
a253e35c2451818fb39f9b808c7641adb5275fb3Michael Graff<dt><span class="term"><code class="option">+bufsize=B</code></span></dt>
a44c12b332b867f29631e235eb11d1263c73d6c0Bob Halley Set the UDP message buffer size advertised using EDNS0
e34efaccfaab4dbbe45edd0a58e2b6e930e5784bMichael Graff to <em class="parameter"><code>B</code></em> bytes. The maximum and
c82bb6a709abe89c051485b49403ef5bad1b756cTatuya JINMEI 神明達哉 minimum sizes of this buffer are 65535 and 0 respectively.
dd95acdbce0e2a2775391709cdfca0a9eda7e8f7Mark Andrews Values outside this range are rounded up or down
dd95acdbce0e2a2775391709cdfca0a9eda7e8f7Mark Andrews appropriately. Values other than zero will cause a
ff9bb3fc5453bbf310b67c560fbf04a5c0fb60daMichael Graff EDNS query to be sent.
4281fe4a80af7402613f0d5c3eeff8829a4ede1fMichael Graff<dt><span class="term"><code class="option">+[no]cdflag</code></span></dt>
b239c8294a5653d21876d084e0c5b029f6b9fc5dMichael Graff Set [do not set] the CD (checking disabled) bit in
b239c8294a5653d21876d084e0c5b029f6b9fc5dMichael Graff the query. This requests the server to not perform
b239c8294a5653d21876d084e0c5b029f6b9fc5dMichael Graff DNSSEC validation of responses.
b239c8294a5653d21876d084e0c5b029f6b9fc5dMichael Graff<dt><span class="term"><code class="option">+[no]cl</code></span></dt>
b239c8294a5653d21876d084e0c5b029f6b9fc5dMichael Graff Display [do not display] the CLASS when printing the
b239c8294a5653d21876d084e0c5b029f6b9fc5dMichael Graff<dt><span class="term"><code class="option">+[no]cmd</code></span></dt>
b239c8294a5653d21876d084e0c5b029f6b9fc5dMichael Graff Toggles the printing of the initial comment in the
b239c8294a5653d21876d084e0c5b029f6b9fc5dMichael Graff output identifying the version of <span><strong class="command">dig</strong></span>
b239c8294a5653d21876d084e0c5b029f6b9fc5dMichael Graff and the query options that have been applied. This
14b98cb34eda66c87ce41a207704a2c232280eafMichael Graff comment is printed by default.
c82bb6a709abe89c051485b49403ef5bad1b756cTatuya JINMEI 神明達哉<dt><span class="term"><code class="option">+[no]comments</code></span></dt>
c82bb6a709abe89c051485b49403ef5bad1b756cTatuya JINMEI 神明達哉 Toggle the display of comment lines in the output.
c82bb6a709abe89c051485b49403ef5bad1b756cTatuya JINMEI 神明達哉 The default is to print comments.
65f6d2e1c1fce0989c13c2efb44b8dd26cd977f3Michael Graff<dt><span class="term"><code class="option">+[no]crypto</code></span></dt>
49a940dc68b30d9e4f9e1bd3c0503d8b90bb1726Mark Andrews Toggle the display of cryptographic fields in DNSSEC
65f6d2e1c1fce0989c13c2efb44b8dd26cd977f3Michael Graff records. The contents of these field are unnecessary
b239c8294a5653d21876d084e0c5b029f6b9fc5dMichael Graff to debug most DNSSEC validation failures and removing
b239c8294a5653d21876d084e0c5b029f6b9fc5dMichael Graff them makes it easier to see the common failures. The
b239c8294a5653d21876d084e0c5b029f6b9fc5dMichael Graff default is to display the fields. When omitted they
a253e35c2451818fb39f9b808c7641adb5275fb3Michael Graff are replaced by the string "[omitted]" or in the
65f6d2e1c1fce0989c13c2efb44b8dd26cd977f3Michael Graff DNSKEY case the key id is displayed as the replacement,
49a940dc68b30d9e4f9e1bd3c0503d8b90bb1726Mark Andrews e.g. "[ key id = value ]".
65f6d2e1c1fce0989c13c2efb44b8dd26cd977f3Michael Graff<dt><span class="term"><code class="option">+[no]defname</code></span></dt>
49a940dc68b30d9e4f9e1bd3c0503d8b90bb1726Mark Andrews Deprecated, treated as a synonym for
65f6d2e1c1fce0989c13c2efb44b8dd26cd977f3Michael Graff <em class="parameter"><code>+[no]search</code></em>
b239c8294a5653d21876d084e0c5b029f6b9fc5dMichael Graff<dt><span class="term"><code class="option">+[no]dnssec</code></span></dt>
b239c8294a5653d21876d084e0c5b029f6b9fc5dMichael Graff Requests DNSSEC records be sent by setting the DNSSEC
b239c8294a5653d21876d084e0c5b029f6b9fc5dMichael Graff OK bit (DO) in the OPT record in the additional section
59e22acc4f79ff481f7bfa46ef0558957ae53cfcMichael Graff of the query.
65f6d2e1c1fce0989c13c2efb44b8dd26cd977f3Michael Graff<dt><span class="term"><code class="option">+domain=somename</code></span></dt>
b239c8294a5653d21876d084e0c5b029f6b9fc5dMichael Graff Set the search list to contain the single domain
b239c8294a5653d21876d084e0c5b029f6b9fc5dMichael Graff <em class="parameter"><code>somename</code></em>, as if specified in
b239c8294a5653d21876d084e0c5b029f6b9fc5dMichael Graff a <span><strong class="command">domain</strong></span> directive in
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater <code class="filename">/etc/resolv.conf</code>, and enable
b239c8294a5653d21876d084e0c5b029f6b9fc5dMichael Graff search list processing as if the
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater <em class="parameter"><code>+search</code></em> option were given.
b239c8294a5653d21876d084e0c5b029f6b9fc5dMichael Graff<dt><span class="term"><code class="option">+dscp=value</code></span></dt>
b239c8294a5653d21876d084e0c5b029f6b9fc5dMichael Graff Set the DSCP code point to be used when sending the
4a3ad0da975d7115d401700f955814a0dff1adb0Bob Halley query. Valid DSCP code points are in the range
65f6d2e1c1fce0989c13c2efb44b8dd26cd977f3Michael Graff [0..63]. By default no code point is explicitly set.
65f6d2e1c1fce0989c13c2efb44b8dd26cd977f3Michael Graff<dt><span class="term"><code class="option">+[no]edns[=#]</code></span></dt>
b239c8294a5653d21876d084e0c5b029f6b9fc5dMichael Graff Specify the EDNS version to query with. Valid values
b239c8294a5653d21876d084e0c5b029f6b9fc5dMichael Graff are 0 to 255. Setting the EDNS version will cause
65f6d2e1c1fce0989c13c2efb44b8dd26cd977f3Michael Graff a EDNS query to be sent. <code class="option">+noedns</code>
b239c8294a5653d21876d084e0c5b029f6b9fc5dMichael Graff clears the remembered EDNS version. EDNS is set to
3d12fa7e76c02d06e1adeaa7846b60378a3cd204Michael Graff 0 by default.
1a0e33bc2044e1902493111db14cbf793083ac47Michael Graff<dt><span class="term"><code class="option">+[no]ednsflags[=#]</code></span></dt>
1a0e33bc2044e1902493111db14cbf793083ac47Michael Graff Set the must-be-zero EDNS flags bits (Z bits) to the
1a0e33bc2044e1902493111db14cbf793083ac47Michael Graff specified value. Decimal, hex and octal encodings are
1a0e33bc2044e1902493111db14cbf793083ac47Michael Graff accepted. Setting a named flag (e.g. DO) will silently be
1a0e33bc2044e1902493111db14cbf793083ac47Michael Graff ignored. By default, no Z bits are set.
53cf67186506f9557aaf2149898dd76715803db2Mark Andrews<dt><span class="term"><code class="option">+[no]ednsnegotiation</code></span></dt>
b239c8294a5653d21876d084e0c5b029f6b9fc5dMichael Graff Enable / disable EDNS version negotiation. By default
b239c8294a5653d21876d084e0c5b029f6b9fc5dMichael Graff EDNS version negotiation is enabled.
b239c8294a5653d21876d084e0c5b029f6b9fc5dMichael Graff<dt><span class="term"><code class="option">+[no]ednsopt[=code[:value]]</code></span></dt>
b239c8294a5653d21876d084e0c5b029f6b9fc5dMichael Graff Specify EDNS option with code point <code class="option">code</code>
b239c8294a5653d21876d084e0c5b029f6b9fc5dMichael Graff and optionally payload of <code class="option">value</code> as a
b239c8294a5653d21876d084e0c5b029f6b9fc5dMichael Graff hexadecimal string. <code class="option">+noednsopt</code>
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater clears the EDNS options to be sent.
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater<dt><span class="term"><code class="option">+[no]expire</code></span></dt>
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater Send an EDNS Expire option.
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater<dt><span class="term"><code class="option">+[no]fail</code></span></dt>
294802790e8030f1c19b6c2c5d5204b6f464c729Michael Graff Do not try the next server if you receive a SERVFAIL.
306a93530536f05edfb477cac1c2667d90129a8fMichael Graff The default is to not try the next server which is
306a93530536f05edfb477cac1c2667d90129a8fMichael Graff the reverse of normal stub resolver behavior.
306a93530536f05edfb477cac1c2667d90129a8fMichael Graff<dt><span class="term"><code class="option">+[no]header-only</code></span></dt>
b239c8294a5653d21876d084e0c5b029f6b9fc5dMichael Graff Send a query with a DNS header without a question section.
b239c8294a5653d21876d084e0c5b029f6b9fc5dMichael Graff The default is to add a question section. The query type
b239c8294a5653d21876d084e0c5b029f6b9fc5dMichael Graff and query name are ignored when this is set.
b239c8294a5653d21876d084e0c5b029f6b9fc5dMichael Graff<dt><span class="term"><code class="option">+[no]identify</code></span></dt>
b239c8294a5653d21876d084e0c5b029f6b9fc5dMichael Graff Show [or do not show] the IP address and port number
306a93530536f05edfb477cac1c2667d90129a8fMichael Graff that supplied the answer when the
9e992ecf375cd1eaa5351d06eca8cf7f543d5938Andreas Gustafsson <em class="parameter"><code>+short</code></em> option is enabled. If
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater short form answers are requested, the default is not
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater to show the source address and port number of the
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater server that provided the answer.
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater<dt><span class="term"><code class="option">+[no]ignore</code></span></dt>
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater Ignore truncation in UDP responses instead of retrying
9e992ecf375cd1eaa5351d06eca8cf7f543d5938Andreas Gustafsson with TCP. By default, TCP retries are performed.
b239c8294a5653d21876d084e0c5b029f6b9fc5dMichael Graff<dt><span class="term"><code class="option">+[no]keepopen</code></span></dt>
306a93530536f05edfb477cac1c2667d90129a8fMichael Graff Keep the TCP socket open between queries and reuse
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater it rather than creating a new TCP socket for each
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater lookup. The default is <code class="option">+nokeepopen</code>.
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater<dt><span class="term"><code class="option">+[no]multiline</code></span></dt>
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater Print records like the SOA records in a verbose
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater multi-line format with human-readable comments. The
306a93530536f05edfb477cac1c2667d90129a8fMichael Graff default is to print each record on a single line, to
294802790e8030f1c19b6c2c5d5204b6f464c729Michael Graff facilitate machine parsing of the <span><strong class="command">dig</strong></span>
76c8294c81fb48b1da6e1fc5b83322a4cedb8e58Andreas Gustafsson<dt><span class="term"><code class="option">+ndots=D</code></span></dt>
6d12fdf96621801e80f3f4c2a8a569fe48766a20David Lawrence Set the number of dots that have to appear in
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater <em class="parameter"><code>name</code></em> to <em class="parameter"><code>D</code></em>
21e7034ec046105c00a0dab86c83732e2e77ad99Michael Graff for it to be considered absolute. The default value
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater is that defined using the ndots statement in
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater <code class="filename">/etc/resolv.conf</code>, or 1 if no
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater ndots statement is present. Names with fewer dots
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater are interpreted as relative names and will be searched
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater for in the domains listed in the <code class="option">search</code>
21e7034ec046105c00a0dab86c83732e2e77ad99Michael Graff or <code class="option">domain</code> directive in
21e7034ec046105c00a0dab86c83732e2e77ad99Michael Graff <code class="filename">/etc/resolv.conf</code> if
8907d8fa04fdaa65baf0bc6b01230b2ebde93106Mark Andrews<dt><span class="term"><code class="option">+[no]nsid</code></span></dt>
d9059b0c38bd630c367d81424d72b1308cd74b04Tatuya JINMEI 神明達哉 Include an EDNS name server ID request when sending
8907d8fa04fdaa65baf0bc6b01230b2ebde93106Mark Andrews<dt><span class="term"><code class="option">+[no]nssearch</code></span></dt>
dd2a0a6d2dec1c23787351e51b434a838dec5603Evan Hunt When this option is set, <span><strong class="command">dig</strong></span>
dd2a0a6d2dec1c23787351e51b434a838dec5603Evan Hunt attempts to find the authoritative name servers for
dd2a0a6d2dec1c23787351e51b434a838dec5603Evan Hunt the zone containing the name being looked up and
dd2a0a6d2dec1c23787351e51b434a838dec5603Evan Hunt display the SOA record that each name server has for
dd2a0a6d2dec1c23787351e51b434a838dec5603Evan Hunt<dt><span class="term"><code class="option">+[no]onesoa</code></span></dt>
dd2a0a6d2dec1c23787351e51b434a838dec5603Evan Hunt Print only one (starting) SOA record when performing
dd2a0a6d2dec1c23787351e51b434a838dec5603Evan Hunt an AXFR. The default is to print both the starting
dd2a0a6d2dec1c23787351e51b434a838dec5603Evan Hunt and ending SOA records.
dd2a0a6d2dec1c23787351e51b434a838dec5603Evan Hunt<dt><span class="term"><code class="option">+[no]qr</code></span></dt>
dd2a0a6d2dec1c23787351e51b434a838dec5603Evan Hunt Print [do not print] the query as it is sent. By
dd2a0a6d2dec1c23787351e51b434a838dec5603Evan Hunt default, the query is not printed.
dd2a0a6d2dec1c23787351e51b434a838dec5603Evan Hunt<dt><span class="term"><code class="option">+[no]question</code></span></dt>
dd2a0a6d2dec1c23787351e51b434a838dec5603Evan Hunt Print [do not print] the question section of a query
dd2a0a6d2dec1c23787351e51b434a838dec5603Evan Hunt when an answer is returned. The default is to print
a14eb88840e06b8d458c1556e5452b6d2a50012eMichael Graff the question section as a comment.
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater<dt><span class="term"><code class="option">+[no]recurse</code></span></dt>
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater Toggle the setting of the RD (recursion desired) bit
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater in the query. This bit is set by default, which means
a14eb88840e06b8d458c1556e5452b6d2a50012eMichael Graff <span><strong class="command">dig</strong></span> normally sends recursive
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater queries. Recursion is automatically disabled when
a14eb88840e06b8d458c1556e5452b6d2a50012eMichael Graff the <em class="parameter"><code>+nssearch</code></em> or
a14eb88840e06b8d458c1556e5452b6d2a50012eMichael Graff <em class="parameter"><code>+trace</code></em> query options are used.
82f77687abd21349fa7c7f51e71fdc0c7367d2e2Mark Andrews<dt><span class="term"><code class="option">+retry=T</code></span></dt>
82f77687abd21349fa7c7f51e71fdc0c7367d2e2Mark Andrews Sets the number of times to retry UDP queries to
82f77687abd21349fa7c7f51e71fdc0c7367d2e2Mark Andrews server to <em class="parameter"><code>T</code></em> instead of the
82f77687abd21349fa7c7f51e71fdc0c7367d2e2Mark Andrews default, 2. Unlike <em class="parameter"><code>+tries</code></em>,
82f77687abd21349fa7c7f51e71fdc0c7367d2e2Mark Andrews this does not include the initial query.
82f77687abd21349fa7c7f51e71fdc0c7367d2e2Mark Andrews<dt><span class="term"><code class="option">+[no]rrcomments</code></span></dt>
82f77687abd21349fa7c7f51e71fdc0c7367d2e2Mark Andrews Toggle the display of per-record comments in the
82f77687abd21349fa7c7f51e71fdc0c7367d2e2Mark Andrews output (for example, human-readable key information
8868ef9c6411a51697749be54328ed78d2d8be96Automatic Updater about DNSKEY records). The default is not to print
82f77687abd21349fa7c7f51e71fdc0c7367d2e2Mark Andrews record comments unless multiline mode is active.
82f77687abd21349fa7c7f51e71fdc0c7367d2e2Mark Andrews<dt><span class="term"><code class="option">+[no]search</code></span></dt>
82f77687abd21349fa7c7f51e71fdc0c7367d2e2Mark Andrews Use [do not use] the search list defined by the
82f77687abd21349fa7c7f51e71fdc0c7367d2e2Mark Andrews searchlist or domain directive in
82f77687abd21349fa7c7f51e71fdc0c7367d2e2Mark Andrews <code class="filename">resolv.conf</code> (if any). The search
82f77687abd21349fa7c7f51e71fdc0c7367d2e2Mark Andrews list is not used by default.
82f77687abd21349fa7c7f51e71fdc0c7367d2e2Mark Andrews 'ndots' from <code class="filename">resolv.conf</code> (default 1)
82f77687abd21349fa7c7f51e71fdc0c7367d2e2Mark Andrews which may be overridden by <em class="parameter"><code>+ndots</code></em>
82f77687abd21349fa7c7f51e71fdc0c7367d2e2Mark Andrews determines if the name will be treated as relative
8868ef9c6411a51697749be54328ed78d2d8be96Automatic Updater or not and hence whether a search is eventually
82f77687abd21349fa7c7f51e71fdc0c7367d2e2Mark Andrews performed or not.
82f77687abd21349fa7c7f51e71fdc0c7367d2e2Mark Andrews<dt><span class="term"><code class="option">+[no]short</code></span></dt>
3426bd337df23a83c1e9b45184600edfd056c667Mark Andrews Provide a terse answer. The default is to print the
3426bd337df23a83c1e9b45184600edfd056c667Mark Andrews answer in a verbose form.
82f77687abd21349fa7c7f51e71fdc0c7367d2e2Mark Andrews<dt><span class="term"><code class="option">+[no]showsearch</code></span></dt>
82f77687abd21349fa7c7f51e71fdc0c7367d2e2Mark Andrews Perform [do not perform] a search showing intermediate
82f77687abd21349fa7c7f51e71fdc0c7367d2e2Mark Andrews<dt><span class="term"><code class="option">+[no]sigchase</code></span></dt>
82f77687abd21349fa7c7f51e71fdc0c7367d2e2Mark Andrews Chase DNSSEC signature chains. Requires dig be
82f77687abd21349fa7c7f51e71fdc0c7367d2e2Mark Andrews compiled with -DDIG_SIGCHASE.
82f77687abd21349fa7c7f51e71fdc0c7367d2e2Mark Andrews<dt><span class="term"><code class="option">+[no]sit[<span class="optional">=####</span>]</code></span></dt>
82f77687abd21349fa7c7f51e71fdc0c7367d2e2Mark Andrews Send a Source Identity Token EDNS option, with optional
82f77687abd21349fa7c7f51e71fdc0c7367d2e2Mark Andrews value. Replaying a SIT from a previous response will
82f77687abd21349fa7c7f51e71fdc0c7367d2e2Mark Andrews allow the server to identify a previous client. The
82f77687abd21349fa7c7f51e71fdc0c7367d2e2Mark Andrews default is <code class="option">+nosit</code>. Currently using
82f77687abd21349fa7c7f51e71fdc0c7367d2e2Mark Andrews experimental value 65001 for the option code.
82f77687abd21349fa7c7f51e71fdc0c7367d2e2Mark Andrews<dt><span class="term"><code class="option">+split=W</code></span></dt>
82f77687abd21349fa7c7f51e71fdc0c7367d2e2Mark Andrews Split long hex- or base64-formatted fields in resource
82f77687abd21349fa7c7f51e71fdc0c7367d2e2Mark Andrews records into chunks of <em class="parameter"><code>W</code></em>
82f77687abd21349fa7c7f51e71fdc0c7367d2e2Mark Andrews characters (where <em class="parameter"><code>W</code></em> is rounded
82f77687abd21349fa7c7f51e71fdc0c7367d2e2Mark Andrews up to the nearest multiple of 4).
82f77687abd21349fa7c7f51e71fdc0c7367d2e2Mark Andrews <em class="parameter"><code>+nosplit</code></em> or
82f77687abd21349fa7c7f51e71fdc0c7367d2e2Mark Andrews <em class="parameter"><code>+split=0</code></em> causes fields not to
82f77687abd21349fa7c7f51e71fdc0c7367d2e2Mark Andrews be split at all. The default is 56 characters, or
82f77687abd21349fa7c7f51e71fdc0c7367d2e2Mark Andrews 44 characters when multiline mode is active.
82f77687abd21349fa7c7f51e71fdc0c7367d2e2Mark Andrews<dt><span class="term"><code class="option">+[no]stats</code></span></dt>
82f77687abd21349fa7c7f51e71fdc0c7367d2e2Mark Andrews This query option toggles the printing of statistics:
82f77687abd21349fa7c7f51e71fdc0c7367d2e2Mark Andrews when the query was made, the size of the reply and
82f77687abd21349fa7c7f51e71fdc0c7367d2e2Mark Andrews so on. The default behavior is to print the query
82f77687abd21349fa7c7f51e71fdc0c7367d2e2Mark Andrews<dt><span class="term"><code class="option">+[no]subnet=addr/prefix</code></span></dt>
82f77687abd21349fa7c7f51e71fdc0c7367d2e2Mark Andrews Send an EDNS Client Subnet option with the specified
82f77687abd21349fa7c7f51e71fdc0c7367d2e2Mark Andrews IP address or network prefix.
82f77687abd21349fa7c7f51e71fdc0c7367d2e2Mark Andrews<dt><span class="term"><code class="option">+[no]tcp</code></span></dt>
82f77687abd21349fa7c7f51e71fdc0c7367d2e2Mark Andrews Use [do not use] TCP when querying name servers. The
82f77687abd21349fa7c7f51e71fdc0c7367d2e2Mark Andrews default behavior is to use UDP unless an
82f77687abd21349fa7c7f51e71fdc0c7367d2e2Mark Andrews <code class="literal">ixfr=N</code> query is requested, in which
82f77687abd21349fa7c7f51e71fdc0c7367d2e2Mark Andrews case the default is TCP. AXFR queries always use
82f77687abd21349fa7c7f51e71fdc0c7367d2e2Mark Andrews<dt><span class="term"><code class="option">+time=T</code></span></dt>
82f77687abd21349fa7c7f51e71fdc0c7367d2e2Mark Andrews Sets the timeout for a query to
82f77687abd21349fa7c7f51e71fdc0c7367d2e2Mark Andrews <em class="parameter"><code>T</code></em> seconds. The default
82f77687abd21349fa7c7f51e71fdc0c7367d2e2Mark Andrews timeout is 5 seconds.
82f77687abd21349fa7c7f51e71fdc0c7367d2e2Mark Andrews An attempt to set <em class="parameter"><code>T</code></em> to less
82f77687abd21349fa7c7f51e71fdc0c7367d2e2Mark Andrews than 1 will result
82f77687abd21349fa7c7f51e71fdc0c7367d2e2Mark Andrews in a query timeout of 1 second being applied.
82f77687abd21349fa7c7f51e71fdc0c7367d2e2Mark Andrews<dt><span class="term"><code class="option">+[no]topdown</code></span></dt>
82f77687abd21349fa7c7f51e71fdc0c7367d2e2Mark Andrews When chasing DNSSEC signature chains perform a top-down
82f77687abd21349fa7c7f51e71fdc0c7367d2e2Mark Andrews validation. Requires dig be compiled with -DDIG_SIGCHASE.
82f77687abd21349fa7c7f51e71fdc0c7367d2e2Mark Andrews<dt><span class="term"><code class="option">+[no]trace</code></span></dt>
82f77687abd21349fa7c7f51e71fdc0c7367d2e2Mark Andrews Toggle tracing of the delegation path from the root
82f77687abd21349fa7c7f51e71fdc0c7367d2e2Mark Andrews name servers for the name being looked up. Tracing
82f77687abd21349fa7c7f51e71fdc0c7367d2e2Mark Andrews is disabled by default. When tracing is enabled,
82f77687abd21349fa7c7f51e71fdc0c7367d2e2Mark Andrews <span><strong class="command">dig</strong></span> makes iterative queries to
82f77687abd21349fa7c7f51e71fdc0c7367d2e2Mark Andrews resolve the name being looked up. It will follow
82f77687abd21349fa7c7f51e71fdc0c7367d2e2Mark Andrews referrals from the root servers, showing the answer
82f77687abd21349fa7c7f51e71fdc0c7367d2e2Mark Andrews from each server that was used to resolve the lookup.
82f77687abd21349fa7c7f51e71fdc0c7367d2e2Mark Andrews <span><strong class="command">+dnssec</strong></span> is also set when +trace
82f77687abd21349fa7c7f51e71fdc0c7367d2e2Mark Andrews is set to better emulate the default queries from a
82f77687abd21349fa7c7f51e71fdc0c7367d2e2Mark Andrews<dt><span class="term"><code class="option">+tries=T</code></span></dt>
82f77687abd21349fa7c7f51e71fdc0c7367d2e2Mark Andrews Sets the number of times to try UDP queries to server
82f77687abd21349fa7c7f51e71fdc0c7367d2e2Mark Andrews to <em class="parameter"><code>T</code></em> instead of the default,
82f77687abd21349fa7c7f51e71fdc0c7367d2e2Mark Andrews 3. If <em class="parameter"><code>T</code></em> is less than or equal
82f77687abd21349fa7c7f51e71fdc0c7367d2e2Mark Andrews to zero, the number of tries is silently rounded up
82f77687abd21349fa7c7f51e71fdc0c7367d2e2Mark Andrews<dt><span class="term"><code class="option">+trusted-key=####</code></span></dt>
82f77687abd21349fa7c7f51e71fdc0c7367d2e2Mark Andrews Specifies a file containing trusted keys to be used
82f77687abd21349fa7c7f51e71fdc0c7367d2e2Mark Andrews with <code class="option">+sigchase</code>. Each DNSKEY record
82f77687abd21349fa7c7f51e71fdc0c7367d2e2Mark Andrews must be on its own line.
82f77687abd21349fa7c7f51e71fdc0c7367d2e2Mark Andrews If not specified, <span><strong class="command">dig</strong></span> will look
82f77687abd21349fa7c7f51e71fdc0c7367d2e2Mark Andrews for <code class="filename">/etc/trusted-key.key</code> then
82f77687abd21349fa7c7f51e71fdc0c7367d2e2Mark Andrews <code class="filename">trusted-key.key</code> in the current
82f77687abd21349fa7c7f51e71fdc0c7367d2e2Mark Andrews Requires dig be compiled with -DDIG_SIGCHASE.
82f77687abd21349fa7c7f51e71fdc0c7367d2e2Mark Andrews<dt><span class="term"><code class="option">+[no]ttlid</code></span></dt>
82f77687abd21349fa7c7f51e71fdc0c7367d2e2Mark Andrews Display [do not display] the TTL when printing the
82f77687abd21349fa7c7f51e71fdc0c7367d2e2Mark Andrews<dt><span class="term"><code class="option">+[no]ttlunits</code></span></dt>
82f77687abd21349fa7c7f51e71fdc0c7367d2e2Mark Andrews Display [do not display] the TTL in friendly human-readable
82f77687abd21349fa7c7f51e71fdc0c7367d2e2Mark Andrews time units of "s", "m", "h", "d", and "w", representing
82f77687abd21349fa7c7f51e71fdc0c7367d2e2Mark Andrews seconds, minutes, hours, days and weeks. Implies +ttlid.
82f77687abd21349fa7c7f51e71fdc0c7367d2e2Mark Andrews<dt><span class="term"><code class="option">+[no]vc</code></span></dt>
82f77687abd21349fa7c7f51e71fdc0c7367d2e2Mark Andrews Use [do not use] TCP when querying name servers. This
82f77687abd21349fa7c7f51e71fdc0c7367d2e2Mark Andrews alternate syntax to <em class="parameter"><code>+[no]tcp</code></em>
82f77687abd21349fa7c7f51e71fdc0c7367d2e2Mark Andrews is provided for backwards compatibility. The "vc"
82f77687abd21349fa7c7f51e71fdc0c7367d2e2Mark Andrews stands for "virtual circuit".
82f77687abd21349fa7c7f51e71fdc0c7367d2e2Mark Andrews<dt><span class="term"><code class="option">+[no]zflag</code></span></dt>
82f77687abd21349fa7c7f51e71fdc0c7367d2e2Mark Andrews Set [do not set] the last unassigned DNS header flag in a
82f77687abd21349fa7c7f51e71fdc0c7367d2e2Mark Andrews DNS query. This flag is off by default.
82f77687abd21349fa7c7f51e71fdc0c7367d2e2Mark Andrews<a name="id2668785"></a><h2>MULTIPLE QUERIES</h2>
82f77687abd21349fa7c7f51e71fdc0c7367d2e2Mark Andrews The BIND 9 implementation of <span><strong class="command">dig </strong></span>
82f77687abd21349fa7c7f51e71fdc0c7367d2e2Mark Andrews specifying multiple queries on the command line (in addition to
82f77687abd21349fa7c7f51e71fdc0c7367d2e2Mark Andrews supporting the <code class="option">-f</code> batch file option). Each of those
82f77687abd21349fa7c7f51e71fdc0c7367d2e2Mark Andrews queries can be supplied with its own set of flags, options and query
82f77687abd21349fa7c7f51e71fdc0c7367d2e2Mark Andrews In this case, each <em class="parameter"><code>query</code></em> argument
82f77687abd21349fa7c7f51e71fdc0c7367d2e2Mark Andrews represent an
82f77687abd21349fa7c7f51e71fdc0c7367d2e2Mark Andrews individual query in the command-line syntax described above. Each
8868ef9c6411a51697749be54328ed78d2d8be96Automatic Updater consists of any of the standard options and flags, the name to be
82f77687abd21349fa7c7f51e71fdc0c7367d2e2Mark Andrews looked up, an optional query type and class and any query options that
82f77687abd21349fa7c7f51e71fdc0c7367d2e2Mark Andrews should be applied to that query.
82f77687abd21349fa7c7f51e71fdc0c7367d2e2Mark Andrews A global set of query options, which should be applied to all queries,
3426bd337df23a83c1e9b45184600edfd056c667Mark Andrews can also be supplied. These global query options must precede the
3426bd337df23a83c1e9b45184600edfd056c667Mark Andrews first tuple of name, class, type, options, flags, and query options
3426bd337df23a83c1e9b45184600edfd056c667Mark Andrews supplied on the command line. Any global query options (except
82f77687abd21349fa7c7f51e71fdc0c7367d2e2Mark Andrews the <code class="option">+[no]cmd</code> option) can be
82f77687abd21349fa7c7f51e71fdc0c7367d2e2Mark Andrews overridden by a query-specific set of query options. For example:
82f77687abd21349fa7c7f51e71fdc0c7367d2e2Mark Andrewsdig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
82f77687abd21349fa7c7f51e71fdc0c7367d2e2Mark Andrews shows how <span><strong class="command">dig</strong></span> could be used from the
82f77687abd21349fa7c7f51e71fdc0c7367d2e2Mark Andrews command line
82f77687abd21349fa7c7f51e71fdc0c7367d2e2Mark Andrews to make three lookups: an ANY query for <code class="literal">www.isc.org</code>, a
82f77687abd21349fa7c7f51e71fdc0c7367d2e2Mark Andrews reverse lookup of 127.0.0.1 and a query for the NS records of
82f77687abd21349fa7c7f51e71fdc0c7367d2e2Mark Andrews A global query option of <em class="parameter"><code>+qr</code></em> is
82f77687abd21349fa7c7f51e71fdc0c7367d2e2Mark Andrews that <span><strong class="command">dig</strong></span> shows the initial query it made
82f77687abd21349fa7c7f51e71fdc0c7367d2e2Mark Andrews lookup. The final query has a local query option of
82f77687abd21349fa7c7f51e71fdc0c7367d2e2Mark Andrews <em class="parameter"><code>+noqr</code></em> which means that <span><strong class="command">dig</strong></span>
82f77687abd21349fa7c7f51e71fdc0c7367d2e2Mark Andrews will not print the initial query when it looks up the NS records for
82f77687abd21349fa7c7f51e71fdc0c7367d2e2Mark Andrews If <span><strong class="command">dig</strong></span> has been built with IDN (internationalized
82f77687abd21349fa7c7f51e71fdc0c7367d2e2Mark Andrews domain name) support, it can accept and display non-ASCII domain names.
82f77687abd21349fa7c7f51e71fdc0c7367d2e2Mark Andrews <span><strong class="command">dig</strong></span> appropriately converts character encoding of
82f77687abd21349fa7c7f51e71fdc0c7367d2e2Mark Andrews domain name before sending a request to DNS server or displaying a
82f77687abd21349fa7c7f51e71fdc0c7367d2e2Mark Andrews reply from the server.
82f77687abd21349fa7c7f51e71fdc0c7367d2e2Mark Andrews If you'd like to turn off the IDN support for some reason, defines
82f77687abd21349fa7c7f51e71fdc0c7367d2e2Mark Andrews the <code class="envar">IDN_DISABLE</code> environment variable.
82f77687abd21349fa7c7f51e71fdc0c7367d2e2Mark Andrews The IDN support is disabled if the variable is set when
82f77687abd21349fa7c7f51e71fdc0c7367d2e2Mark Andrews <span><strong class="command">dig</strong></span> runs.
82f77687abd21349fa7c7f51e71fdc0c7367d2e2Mark Andrews<p><code class="filename">/etc/resolv.conf</code>
82f77687abd21349fa7c7f51e71fdc0c7367d2e2Mark Andrews<p><span class="citerefentry"><span class="refentrytitle">host</span>(1)</span>,
82f77687abd21349fa7c7f51e71fdc0c7367d2e2Mark Andrews <span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
82f77687abd21349fa7c7f51e71fdc0c7367d2e2Mark Andrews <span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
82f77687abd21349fa7c7f51e71fdc0c7367d2e2Mark Andrews There are probably too many query options.
82f77687abd21349fa7c7f51e71fdc0c7367d2e2Mark Andrews<table width="100%" summary="Navigation footer">
82f77687abd21349fa7c7f51e71fdc0c7367d2e2Mark Andrews<a accesskey="p" href="Bv9ARM.ch13.html">Prev</a>�</td>
82f77687abd21349fa7c7f51e71fdc0c7367d2e2Mark Andrews<td width="20%" align="center"><a accesskey="u" href="Bv9ARM.ch13.html">Up</a></td>
82f77687abd21349fa7c7f51e71fdc0c7367d2e2Mark Andrews<td width="40%" align="right">�<a accesskey="n" href="man.host.html">Next</a>
82f77687abd21349fa7c7f51e71fdc0c7367d2e2Mark Andrews<td width="40%" align="left" valign="top">Manual pages�</td>
82f77687abd21349fa7c7f51e71fdc0c7367d2e2Mark Andrews<td width="20%" align="center"><a accesskey="h" href="Bv9ARM.html">Home</a></td>
82f77687abd21349fa7c7f51e71fdc0c7367d2e2Mark Andrews<td width="40%" align="right" valign="top">�host</td>
82f77687abd21349fa7c7f51e71fdc0c7367d2e2Mark Andrews<p style="text-align: center;">BIND 9.11.0pre-alpha</p>