1 |
<!-- |
2 |
- Copyright (C) 2004-2011, 2013-2015 Internet Systems Consortium, Inc. ("ISC") |
3 |
- Copyright (C) 2000-2003 Internet Software Consortium. |
4 |
- |
5 |
- Permission to use, copy, modify, and/or distribute this software for any |
6 |
- purpose with or without fee is hereby granted, provided that the above |
7 |
- copyright notice and this permission notice appear in all copies. |
8 |
- |
9 |
- THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH |
10 |
- REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY |
11 |
- AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, |
12 |
- INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM |
13 |
- LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE |
14 |
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR |
15 |
- PERFORMANCE OF THIS SOFTWARE. |
16 |
--> |
17 |
|
18 |
<!-- Converted by db4-upgrade version 1.0 --> |
19 |
<refentry xmlns="http://docbook.org/ns/docbook" version="5.0" xml:id="man.dig"> |
20 |
|
21 |
<info> |
22 |
<date>2014-02-12</date> |
23 |
</info> |
24 |
<refentryinfo> |
25 |
<corpname>ISC</corpname> |
26 |
<corpauthor>Internet Systems Consortium, Inc.</corpauthor> |
27 |
</refentryinfo> |
28 |
|
29 |
<refmeta> |
30 |
<refentrytitle>dig</refentrytitle> |
31 |
<manvolnum>1</manvolnum> |
32 |
<refmiscinfo>BIND9</refmiscinfo> |
33 |
</refmeta> |
34 |
|
35 |
<refnamediv> |
36 |
<refname>dig</refname> |
37 |
<refpurpose>DNS lookup utility</refpurpose> |
38 |
</refnamediv> |
39 |
|
40 |
<docinfo> |
41 |
<copyright> |
42 |
<year>2004</year> |
43 |
<year>2005</year> |
44 |
<year>2006</year> |
45 |
<year>2007</year> |
46 |
<year>2008</year> |
47 |
<year>2009</year> |
48 |
<year>2010</year> |
49 |
<year>2011</year> |
50 |
<year>2013</year> |
51 |
<year>2014</year> |
52 |
<year>2015</year> |
53 |
<holder>Internet Systems Consortium, Inc. ("ISC")</holder> |
54 |
</copyright> |
55 |
<copyright> |
56 |
<year>2000</year> |
57 |
<year>2001</year> |
58 |
<year>2002</year> |
59 |
<year>2003</year> |
60 |
<holder>Internet Software Consortium.</holder> |
61 |
</copyright> |
62 |
</docinfo> |
63 |
|
64 |
<refsynopsisdiv> |
65 |
<cmdsynopsis sepchar=" "> |
66 |
<command>dig</command> |
67 |
<arg choice="opt" rep="norepeat">@server</arg> |
68 |
<arg choice="opt" rep="norepeat"><option>-b <replaceable class="parameter">address</replaceable></option></arg> |
69 |
<arg choice="opt" rep="norepeat"><option>-c <replaceable class="parameter">class</replaceable></option></arg> |
70 |
<arg choice="opt" rep="norepeat"><option>-f <replaceable class="parameter">filename</replaceable></option></arg> |
71 |
<arg choice="opt" rep="norepeat"><option>-k <replaceable class="parameter">filename</replaceable></option></arg> |
72 |
<arg choice="opt" rep="norepeat"><option>-m</option></arg> |
73 |
<arg choice="opt" rep="norepeat"><option>-p <replaceable class="parameter">port#</replaceable></option></arg> |
74 |
<arg choice="opt" rep="norepeat"><option>-q <replaceable class="parameter">name</replaceable></option></arg> |
75 |
<arg choice="opt" rep="norepeat"><option>-t <replaceable class="parameter">type</replaceable></option></arg> |
76 |
<arg choice="opt" rep="norepeat"><option>-v</option></arg> |
77 |
<arg choice="opt" rep="norepeat"><option>-x <replaceable class="parameter">addr</replaceable></option></arg> |
78 |
<arg choice="opt" rep="norepeat"><option>-y <replaceable class="parameter"><optional>hmac:</optional>name:key</replaceable></option></arg> |
79 |
<arg choice="opt" rep="norepeat"><option>-4</option></arg> |
80 |
<arg choice="opt" rep="norepeat"><option>-6</option></arg> |
81 |
<arg choice="opt" rep="norepeat">name</arg> |
82 |
<arg choice="opt" rep="norepeat">type</arg> |
83 |
<arg choice="opt" rep="norepeat">class</arg> |
84 |
<arg choice="opt" rep="repeat">queryopt</arg> |
85 |
</cmdsynopsis> |
86 |
|
87 |
<cmdsynopsis sepchar=" "> |
88 |
<command>dig</command> |
89 |
<arg choice="opt" rep="norepeat"><option>-h</option></arg> |
90 |
</cmdsynopsis> |
91 |
|
92 |
<cmdsynopsis sepchar=" "> |
93 |
<command>dig</command> |
94 |
<arg choice="opt" rep="repeat">global-queryopt</arg> |
95 |
<arg choice="opt" rep="repeat">query</arg> |
96 |
</cmdsynopsis> |
97 |
</refsynopsisdiv> |
98 |
|
99 |
<refsection><info><title>DESCRIPTION</title></info> |
100 |
|
101 |
<para><command>dig</command> |
102 |
(domain information groper) is a flexible tool |
103 |
for interrogating DNS name servers. It performs DNS lookups and |
104 |
displays the answers that are returned from the name server(s) that |
105 |
were queried. Most DNS administrators use <command>dig</command> to |
106 |
troubleshoot DNS problems because of its flexibility, ease of use and |
107 |
clarity of output. Other lookup tools tend to have less functionality |
108 |
than <command>dig</command>. |
109 |
</para> |
110 |
|
111 |
<para> |
112 |
Although <command>dig</command> is normally used with |
113 |
command-line |
114 |
arguments, it also has a batch mode of operation for reading lookup |
115 |
requests from a file. A brief summary of its command-line arguments |
116 |
and options is printed when the <option>-h</option> option is given. |
117 |
Unlike earlier versions, the BIND 9 implementation of |
118 |
<command>dig</command> allows multiple lookups to be issued |
119 |
from the |
120 |
command line. |
121 |
</para> |
122 |
|
123 |
<para> |
124 |
Unless it is told to query a specific name server, |
125 |
<command>dig</command> will try each of the servers listed in |
126 |
<filename>/etc/resolv.conf</filename>. If no usable server addresses |
127 |
are found, <command>dig</command> will send the query to the local |
128 |
host. |
129 |
</para> |
130 |
|
131 |
<para> |
132 |
When no command line arguments or options are given, |
133 |
<command>dig</command> will perform an NS query for "." (the root). |
134 |
</para> |
135 |
|
136 |
<para> |
137 |
It is possible to set per-user defaults for <command>dig</command> via |
138 |
<filename>${HOME}/.digrc</filename>. This file is read and |
139 |
any options in it |
140 |
are applied before the command line arguments. |
141 |
</para> |
142 |
|
143 |
<para> |
144 |
The IN and CH class names overlap with the IN and CH top level |
145 |
domain names. Either use the <option>-t</option> and |
146 |
<option>-c</option> options to specify the type and class, |
147 |
use the <option>-q</option> the specify the domain name, or |
148 |
use "IN." and "CH." when looking up these top level domains. |
149 |
</para> |
150 |
|
151 |
</refsection> |
152 |
|
153 |
<refsection><info><title>SIMPLE USAGE</title></info> |
154 |
|
155 |
|
156 |
<para> |
157 |
A typical invocation of <command>dig</command> looks like: |
158 |
<programlisting> dig @server name type </programlisting> |
159 |
where: |
160 |
|
161 |
<variablelist> |
162 |
|
163 |
<varlistentry> |
164 |
<term><constant>server</constant></term> |
165 |
<listitem> |
166 |
<para> |
167 |
is the name or IP address of the name server to query. This |
168 |
can be an IPv4 address in dotted-decimal notation or an IPv6 |
169 |
address in colon-delimited notation. When the supplied |
170 |
<parameter>server</parameter> argument is a hostname, |
171 |
<command>dig</command> resolves that name before querying |
172 |
that name server. |
173 |
</para> |
174 |
<para> |
175 |
If no <parameter>server</parameter> argument is |
176 |
provided, <command>dig</command> consults |
177 |
<filename>/etc/resolv.conf</filename>; if an |
178 |
address is found there, it queries the name server at |
179 |
that address. If either of the <option>-4</option> or |
180 |
<option>-6</option> options are in use, then |
181 |
only addresses for the corresponding transport |
182 |
will be tried. If no usable addresses are found, |
183 |
<command>dig</command> will send the query to the |
184 |
local host. The reply from the name server that |
185 |
responds is displayed. |
186 |
</para> |
187 |
</listitem> |
188 |
</varlistentry> |
189 |
|
190 |
<varlistentry> |
191 |
<term><constant>name</constant></term> |
192 |
<listitem> |
193 |
<para> |
194 |
is the name of the resource record that is to be looked up. |
195 |
</para> |
196 |
</listitem> |
197 |
</varlistentry> |
198 |
|
199 |
<varlistentry> |
200 |
<term><constant>type</constant></term> |
201 |
<listitem> |
202 |
<para> |
203 |
indicates what type of query is required — |
204 |
ANY, A, MX, SIG, etc. |
205 |
<parameter>type</parameter> can be any valid query |
206 |
type. If no |
207 |
<parameter>type</parameter> argument is supplied, |
208 |
<command>dig</command> will perform a lookup for an |
209 |
A record. |
210 |
</para> |
211 |
</listitem> |
212 |
</varlistentry> |
213 |
|
214 |
</variablelist> |
215 |
</para> |
216 |
|
217 |
</refsection> |
218 |
|
219 |
<refsection><info><title>OPTIONS</title></info> |
220 |
|
221 |
|
222 |
<variablelist> |
223 |
<varlistentry> |
224 |
<term>-4</term> |
225 |
<listitem> |
226 |
<para> |
227 |
Use IPv4 only. |
228 |
</para> |
229 |
</listitem> |
230 |
</varlistentry> |
231 |
|
232 |
<varlistentry> |
233 |
<term>-6</term> |
234 |
<listitem> |
235 |
<para> |
236 |
Use IPv6 only. |
237 |
</para> |
238 |
</listitem> |
239 |
</varlistentry> |
240 |
|
241 |
<varlistentry> |
242 |
<term>-b <replaceable class="parameter">address<optional>#port</optional></replaceable></term> |
243 |
<listitem> |
244 |
<para> |
245 |
Set the source IP address of the query. |
246 |
The <parameter>address</parameter> must be a valid address on |
247 |
one of the host's network interfaces, or "0.0.0.0" or "::". An |
248 |
optional port may be specified by appending "#<port>" |
249 |
</para> |
250 |
</listitem> |
251 |
</varlistentry> |
252 |
|
253 |
<varlistentry> |
254 |
<term>-c <replaceable class="parameter">class</replaceable></term> |
255 |
<listitem> |
256 |
<para> |
257 |
Set the query class. The |
258 |
default <parameter>class</parameter> is IN; other classes |
259 |
are HS for Hesiod records or CH for Chaosnet records. |
260 |
</para> |
261 |
</listitem> |
262 |
</varlistentry> |
263 |
|
264 |
<varlistentry> |
265 |
<term>-f <replaceable class="parameter">file</replaceable></term> |
266 |
<listitem> |
267 |
<para> |
268 |
Batch mode: <command>dig</command> reads a list of lookup |
269 |
requests to process from the |
270 |
given <parameter>file</parameter>. Each line in the file |
271 |
should be organized in the same way they would be |
272 |
presented as queries to |
273 |
<command>dig</command> using the command-line interface. |
274 |
</para> |
275 |
</listitem> |
276 |
</varlistentry> |
277 |
|
278 |
<varlistentry> |
279 |
<term>-i</term> |
280 |
<listitem> |
281 |
<para> |
282 |
Do reverse IPv6 lookups using the obsolete RFC1886 IP6.INT |
283 |
domain, which is no longer in use. Obsolete bit string |
284 |
label queries (RFC2874) are not attempted. |
285 |
</para> |
286 |
</listitem> |
287 |
</varlistentry> |
288 |
|
289 |
<varlistentry> |
290 |
<term>-k <replaceable class="parameter">keyfile</replaceable></term> |
291 |
<listitem> |
292 |
<para> |
293 |
Sign queries using TSIG using a key read from the given file. |
294 |
Key files can be generated using |
295 |
<citerefentry> |
296 |
<refentrytitle>tsig-keygen</refentrytitle><manvolnum>8</manvolnum> |
297 |
</citerefentry>. |
298 |
When using TSIG authentication with <command>dig</command>, |
299 |
the name server that is queried needs to know the key and |
300 |
algorithm that is being used. In BIND, this is done by |
301 |
providing appropriate <command>key</command> |
302 |
and <command>server</command> statements in |
303 |
<filename>named.conf</filename>. |
304 |
</para> |
305 |
</listitem> |
306 |
</varlistentry> |
307 |
|
308 |
<varlistentry> |
309 |
<term>-m</term> |
310 |
<listitem> |
311 |
<para> |
312 |
Enable memory usage debugging. |
313 |
<!-- It enables ISC_MEM_DEBUGTRACE and ISC_MEM_DEBUGRECORD |
314 |
documented in include/isc/mem.h --> |
315 |
</para> |
316 |
</listitem> |
317 |
</varlistentry> |
318 |
|
319 |
<varlistentry> |
320 |
<term>-p <replaceable class="parameter">port</replaceable></term> |
321 |
<listitem> |
322 |
<para> |
323 |
Send the query to a non-standard port on the server, |
324 |
instead of the defaut port 53. This option would be used |
325 |
to test a name server that has been configured to listen |
326 |
for queries on a non-standard port number. |
327 |
</para> |
328 |
</listitem> |
329 |
</varlistentry> |
330 |
|
331 |
<varlistentry> |
332 |
<term>-q <replaceable class="parameter">name</replaceable></term> |
333 |
<listitem> |
334 |
<para> |
335 |
The domain name to query. This is useful to distinguish |
336 |
the <parameter>name</parameter> from other arguments. |
337 |
</para> |
338 |
</listitem> |
339 |
</varlistentry> |
340 |
|
341 |
<varlistentry> |
342 |
<term>-t <replaceable class="parameter">type</replaceable></term> |
343 |
<listitem> |
344 |
<para> |
345 |
The resource record type to query. It can be any valid query type |
346 |
which is |
347 |
supported in BIND 9. The default query type is "A", unless the |
348 |
<option>-x</option> option is supplied to indicate a reverse lookup. |
349 |
A zone transfer can be requested by specifying a type of AXFR. When |
350 |
an incremental zone transfer (IXFR) is required, set the |
351 |
<parameter>type</parameter> to <literal>ixfr=N</literal>. |
352 |
The incremental zone transfer will contain the changes |
353 |
made to the zone since the serial number in the zone's SOA |
354 |
record was |
355 |
<parameter>N</parameter>. |
356 |
</para> |
357 |
</listitem> |
358 |
</varlistentry> |
359 |
|
360 |
<varlistentry> |
361 |
<term>-v</term> |
362 |
<listitem> |
363 |
<para> |
364 |
Print the version number and exit. |
365 |
</para> |
366 |
</listitem> |
367 |
</varlistentry> |
368 |
|
369 |
<varlistentry> |
370 |
<term>-x <replaceable class="parameter">addr</replaceable></term> |
371 |
<listitem> |
372 |
<para> |
373 |
Simplified reverse lookups, for mapping addresses to |
374 |
names. The <parameter>addr</parameter> is an IPv4 address |
375 |
in dotted-decimal notation, or a colon-delimited IPv6 |
376 |
address. When the <option>-x</option> is used, there is no |
377 |
need to provide |
378 |
the <parameter>name</parameter>, <parameter>class</parameter> |
379 |
and <parameter>type</parameter> |
380 |
arguments. <command>dig</command> automatically performs a |
381 |
lookup for a name like |
382 |
<literal>94.2.0.192.in-addr.arpa</literal> and sets the |
383 |
query type and class to PTR and IN respectively. IPv6 |
384 |
addresses are looked up using nibble format under the |
385 |
IP6.ARPA domain (but see also the <option>-i</option> |
386 |
option). |
387 |
</para> |
388 |
</listitem> |
389 |
</varlistentry> |
390 |
|
391 |
<varlistentry> |
392 |
<term>-y <replaceable class="parameter"><optional>hmac:</optional>keyname:secret</replaceable></term> |
393 |
<listitem> |
394 |
<para> |
395 |
Sign queries using TSIG with the given authentication key. |
396 |
<parameter>keyname</parameter> is the name of the key, and |
397 |
<parameter>secret</parameter> is the base64 encoded shared secret. |
398 |
<parameter>hmac</parameter> is the name of the key algorithm; |
399 |
valid choices are <literal>hmac-md5</literal>, |
400 |
<literal>hmac-sha1</literal>, <literal>hmac-sha224</literal>, |
401 |
<literal>hmac-sha256</literal>, <literal>hmac-sha384</literal>, or |
402 |
<literal>hmac-sha512</literal>. If <parameter>hmac</parameter> |
403 |
is not specified, the default is <literal>hmac-md5</literal>. |
404 |
</para> |
405 |
<para> |
406 |
NOTE: You should use the <option>-k</option> option and |
407 |
avoid the <option>-y</option> option, because |
408 |
with <option>-y</option> the shared secret is supplied as |
409 |
a command line argument in clear text. This may be visible |
410 |
in the output from |
411 |
<citerefentry> |
412 |
<refentrytitle>ps</refentrytitle><manvolnum>1</manvolnum> |
413 |
</citerefentry> |
414 |
or in a history file maintained by the user's shell. |
415 |
</para> |
416 |
</listitem> |
417 |
</varlistentry> |
418 |
|
419 |
</variablelist> |
420 |
</refsection> |
421 |
|
422 |
<refsection><info><title>QUERY OPTIONS</title></info> |
423 |
|
424 |
|
425 |
<para><command>dig</command> |
426 |
provides a number of query options which affect |
427 |
the way in which lookups are made and the results displayed. Some of |
428 |
these set or reset flag bits in the query header, some determine which |
429 |
sections of the answer get printed, and others determine the timeout |
430 |
and retry strategies. |
431 |
</para> |
432 |
|
433 |
<para> |
434 |
Each query option is identified by a keyword preceded by a plus sign |
435 |
(<literal>+</literal>). Some keywords set or reset an |
436 |
option. These may be preceded |
437 |
by the string <literal>no</literal> to negate the meaning of |
438 |
that keyword. Other |
439 |
keywords assign values to options like the timeout interval. They |
440 |
have the form <option>+keyword=value</option>. |
441 |
Keywords may be abbreviated, provided the abbreviation is |
442 |
unambiguous; for example, <literal>+cd</literal> is equivalent |
443 |
to <literal>+cdflag</literal>. |
444 |
The query options are: |
445 |
|
446 |
<variablelist> |
447 |
|
448 |
<varlistentry> |
449 |
<term><option>+[no]aaflag</option></term> |
450 |
<listitem> |
451 |
<para> |
452 |
A synonym for <parameter>+[no]aaonly</parameter>. |
453 |
</para> |
454 |
</listitem> |
455 |
</varlistentry> |
456 |
|
457 |
<varlistentry> |
458 |
<term><option>+[no]aaonly</option></term> |
459 |
<listitem> |
460 |
<para> |
461 |
Sets the "aa" flag in the query. |
462 |
</para> |
463 |
</listitem> |
464 |
</varlistentry> |
465 |
|
466 |
<varlistentry> |
467 |
<term><option>+[no]additional</option></term> |
468 |
<listitem> |
469 |
<para> |
470 |
Display [do not display] the additional section of a |
471 |
reply. The default is to display it. |
472 |
</para> |
473 |
</listitem> |
474 |
</varlistentry> |
475 |
|
476 |
<varlistentry> |
477 |
<term><option>+[no]adflag</option></term> |
478 |
<listitem> |
479 |
<para> |
480 |
Set [do not set] the AD (authentic data) bit in the |
481 |
query. This requests the server to return whether |
482 |
all of the answer and authority sections have all |
483 |
been validated as secure according to the security |
484 |
policy of the server. AD=1 indicates that all records |
485 |
have been validated as secure and the answer is not |
486 |
from a OPT-OUT range. AD=0 indicate that some part |
487 |
of the answer was insecure or not validated. This |
488 |
bit is set by default. |
489 |
</para> |
490 |
</listitem> |
491 |
</varlistentry> |
492 |
|
493 |
<varlistentry> |
494 |
<term><option>+[no]all</option></term> |
495 |
<listitem> |
496 |
<para> |
497 |
Set or clear all display flags. |
498 |
</para> |
499 |
</listitem> |
500 |
</varlistentry> |
501 |
|
502 |
<varlistentry> |
503 |
<term><option>+[no]answer</option></term> |
504 |
<listitem> |
505 |
<para> |
506 |
Display [do not display] the answer section of a |
507 |
reply. The default is to display it. |
508 |
</para> |
509 |
</listitem> |
510 |
</varlistentry> |
511 |
|
512 |
<varlistentry> |
513 |
<term><option>+[no]authority</option></term> |
514 |
<listitem> |
515 |
<para> |
516 |
Display [do not display] the authority section of a |
517 |
reply. The default is to display it. |
518 |
</para> |
519 |
</listitem> |
520 |
</varlistentry> |
521 |
|
522 |
<varlistentry> |
523 |
<term><option>+[no]besteffort</option></term> |
524 |
<listitem> |
525 |
<para> |
526 |
Attempt to display the contents of messages which are |
527 |
malformed. The default is to not display malformed |
528 |
answers. |
529 |
</para> |
530 |
</listitem> |
531 |
</varlistentry> |
532 |
|
533 |
<varlistentry> |
534 |
<term><option>+bufsize=B</option></term> |
535 |
<listitem> |
536 |
<para> |
537 |
Set the UDP message buffer size advertised using EDNS0 |
538 |
to <parameter>B</parameter> bytes. The maximum and |
539 |
minimum sizes of this buffer are 65535 and 0 respectively. |
540 |
Values outside this range are rounded up or down |
541 |
appropriately. Values other than zero will cause a |
542 |
EDNS query to be sent. |
543 |
</para> |
544 |
</listitem> |
545 |
</varlistentry> |
546 |
|
547 |
<varlistentry> |
548 |
<term><option>+[no]cdflag</option></term> |
549 |
<listitem> |
550 |
<para> |
551 |
Set [do not set] the CD (checking disabled) bit in |
552 |
the query. This requests the server to not perform |
553 |
DNSSEC validation of responses. |
554 |
</para> |
555 |
</listitem> |
556 |
</varlistentry> |
557 |
|
558 |
<varlistentry> |
559 |
<term><option>+[no]class</option></term> |
560 |
<listitem> |
561 |
<para> |
562 |
Display [do not display] the CLASS when printing the |
563 |
record. |
564 |
</para> |
565 |
</listitem> |
566 |
</varlistentry> |
567 |
|
568 |
<varlistentry> |
569 |
<term><option>+[no]cmd</option></term> |
570 |
<listitem> |
571 |
<para> |
572 |
Toggles the printing of the initial comment in the |
573 |
output identifying the version of <command>dig</command> |
574 |
and the query options that have been applied. This |
575 |
comment is printed by default. |
576 |
</para> |
577 |
</listitem> |
578 |
</varlistentry> |
579 |
|
580 |
<varlistentry> |
581 |
<term><option>+[no]comments</option></term> |
582 |
<listitem> |
583 |
<para> |
584 |
Toggle the display of comment lines in the output. |
585 |
The default is to print comments. |
586 |
</para> |
587 |
</listitem> |
588 |
</varlistentry> |
589 |
|
590 |
<varlistentry> |
591 |
<term><option>+[no]defname</option></term> |
592 |
<listitem> |
593 |
<para> |
594 |
Deprecated, treated as a synonym for |
595 |
<parameter>+[no]search</parameter> |
596 |
</para> |
597 |
</listitem> |
598 |
</varlistentry> |
599 |
|
600 |
<varlistentry> |
601 |
<term><option>+[no]dnssec</option></term> |
602 |
<listitem> |
603 |
<para> |
604 |
Requests DNSSEC records be sent by setting the DNSSEC |
605 |
OK bit (DO) in the OPT record in the additional section |
606 |
of the query. |
607 |
</para> |
608 |
</listitem> |
609 |
</varlistentry> |
610 |
|
611 |
<varlistentry> |
612 |
<term><option>+domain=somename</option></term> |
613 |
<listitem> |
614 |
<para> |
615 |
Set the search list to contain the single domain |
616 |
<parameter>somename</parameter>, as if specified in |
617 |
a <command>domain</command> directive in |
618 |
<filename>/etc/resolv.conf</filename>, and enable |
619 |
search list processing as if the |
620 |
<parameter>+search</parameter> option were given. |
621 |
</para> |
622 |
</listitem> |
623 |
</varlistentry> |
624 |
|
625 |
<varlistentry> |
626 |
<term><option>+[no]edns[=#]</option></term> |
627 |
<listitem> |
628 |
<para> |
629 |
Specify the EDNS version to query with. Valid values |
630 |
are 0 to 255. Setting the EDNS version will cause |
631 |
a EDNS query to be sent. <option>+noedns</option> |
632 |
clears the remembered EDNS version. EDNS is set to |
633 |
0 by default. |
634 |
</para> |
635 |
</listitem> |
636 |
</varlistentry> |
637 |
|
638 |
<varlistentry> |
639 |
<term><option>+[no]fail</option></term> |
640 |
<listitem> |
641 |
<para> |
642 |
Do not try the next server if you receive a SERVFAIL. |
643 |
The default is to not try the next server which is |
644 |
the reverse of normal stub resolver behavior. |
645 |
</para> |
646 |
</listitem> |
647 |
</varlistentry> |
648 |
|
649 |
<varlistentry> |
650 |
<term><option>+[no]identify</option></term> |
651 |
<listitem> |
652 |
<para> |
653 |
Show [or do not show] the IP address and port number |
654 |
that supplied the answer when the |
655 |
<parameter>+short</parameter> option is enabled. If |
656 |
short form answers are requested, the default is not |
657 |
to show the source address and port number of the |
658 |
server that provided the answer. |
659 |
</para> |
660 |
</listitem> |
661 |
</varlistentry> |
662 |
|
663 |
<varlistentry> |
664 |
<term><option>+[no]ignore</option></term> |
665 |
<listitem> |
666 |
<para> |
667 |
Ignore truncation in UDP responses instead of retrying |
668 |
with TCP. By default, TCP retries are performed. |
669 |
</para> |
670 |
</listitem> |
671 |
</varlistentry> |
672 |
|
673 |
<varlistentry> |
674 |
<term><option>+[no]keepopen</option></term> |
675 |
<listitem> |
676 |
<para> |
677 |
Keep the TCP socket open between queries and reuse |
678 |
it rather than creating a new TCP socket for each |
679 |
lookup. The default is <option>+nokeepopen</option>. |
680 |
</para> |
681 |
</listitem> |
682 |
</varlistentry> |
683 |
|
684 |
<varlistentry> |
685 |
<term><option>+[no]multiline</option></term> |
686 |
<listitem> |
687 |
<para> |
688 |
Print records like the SOA records in a verbose |
689 |
multi-line format with human-readable comments. The |
690 |
default is to print each record on a single line, to |
691 |
facilitate machine parsing of the <command>dig</command> |
692 |
output. |
693 |
</para> |
694 |
</listitem> |
695 |
</varlistentry> |
696 |
|
697 |
<varlistentry> |
698 |
<term><option>+ndots=D</option></term> |
699 |
<listitem> |
700 |
<para> |
701 |
Set the number of dots that have to appear in |
702 |
<parameter>name</parameter> to <parameter>D</parameter> |
703 |
for it to be considered absolute. The default value |
704 |
is that defined using the ndots statement in |
705 |
<filename>/etc/resolv.conf</filename>, or 1 if no |
706 |
ndots statement is present. Names with fewer dots |
707 |
are interpreted as relative names and will be searched |
708 |
for in the domains listed in the <option>search</option> |
709 |
or <option>domain</option> directive in |
710 |
<filename>/etc/resolv.conf</filename> if |
711 |
<option>+search</option> is set. |
712 |
</para> |
713 |
</listitem> |
714 |
</varlistentry> |
715 |
|
716 |
<varlistentry> |
717 |
<term><option>+[no]nsid</option></term> |
718 |
<listitem> |
719 |
<para> |
720 |
Include an EDNS name server ID request when sending |
721 |
a query. |
722 |
</para> |
723 |
</listitem> |
724 |
</varlistentry> |
725 |
|
726 |
<varlistentry> |
727 |
<term><option>+[no]nssearch</option></term> |
728 |
<listitem> |
729 |
<para> |
730 |
When this option is set, <command>dig</command> |
731 |
attempts to find the authoritative name servers for |
732 |
the zone containing the name being looked up and |
733 |
display the SOA record that each name server has for |
734 |
the zone. |
735 |
</para> |
736 |
</listitem> |
737 |
</varlistentry> |
738 |
|
739 |
<varlistentry> |
740 |
<term><option>+[no]onesoa</option></term> |
741 |
<listitem> |
742 |
<para> |
743 |
Print only one (starting) SOA record when performing |
744 |
an AXFR. The default is to print both the starting |
745 |
and ending SOA records. |
746 |
</para> |
747 |
</listitem> |
748 |
</varlistentry> |
749 |
|
750 |
<varlistentry> |
751 |
<term><option>+[no]qr</option></term> |
752 |
<listitem> |
753 |
<para> |
754 |
Print [do not print] the query as it is sent. By |
755 |
default, the query is not printed. |
756 |
</para> |
757 |
</listitem> |
758 |
</varlistentry> |
759 |
|
760 |
<varlistentry> |
761 |
<term><option>+[no]question</option></term> |
762 |
<listitem> |
763 |
<para> |
764 |
Print [do not print] the question section of a query |
765 |
when an answer is returned. The default is to print |
766 |
the question section as a comment. |
767 |
</para> |
768 |
</listitem> |
769 |
</varlistentry> |
770 |
|
771 |
<varlistentry> |
772 |
<term><option>+[no]rdflag</option></term> |
773 |
<listitem> |
774 |
<para> |
775 |
A synonym for <parameter>+[no]recurse</parameter>. |
776 |
</para> |
777 |
</listitem> |
778 |
</varlistentry> |
779 |
|
780 |
<varlistentry> |
781 |
<term><option>+[no]recurse</option></term> |
782 |
<listitem> |
783 |
<para> |
784 |
Toggle the setting of the RD (recursion desired) bit |
785 |
in the query. This bit is set by default, which means |
786 |
<command>dig</command> normally sends recursive |
787 |
queries. Recursion is automatically disabled when |
788 |
the <parameter>+nssearch</parameter> or |
789 |
<parameter>+trace</parameter> query options are used. |
790 |
</para> |
791 |
</listitem> |
792 |
</varlistentry> |
793 |
|
794 |
<varlistentry> |
795 |
<term><option>+retry=T</option></term> |
796 |
<listitem> |
797 |
<para> |
798 |
Sets the number of times to retry UDP queries to |
799 |
server to <parameter>T</parameter> instead of the |
800 |
default, 2. Unlike <parameter>+tries</parameter>, |
801 |
this does not include the initial query. |
802 |
</para> |
803 |
</listitem> |
804 |
</varlistentry> |
805 |
|
806 |
<varlistentry> |
807 |
<term><option>+[no]rrcomments</option></term> |
808 |
<listitem> |
809 |
<para> |
810 |
Toggle the display of per-record comments in the |
811 |
output (for example, human-readable key information |
812 |
about DNSKEY records). The default is not to print |
813 |
record comments unless multiline mode is active. |
814 |
</para> |
815 |
</listitem> |
816 |
</varlistentry> |
817 |
|
818 |
<varlistentry> |
819 |
<term><option>+[no]search</option></term> |
820 |
<listitem> |
821 |
<para> |
822 |
Use [do not use] the search list defined by the |
823 |
searchlist or domain directive in |
824 |
<filename>resolv.conf</filename> (if any). The search |
825 |
list is not used by default. |
826 |
</para> |
827 |
<para> |
828 |
'ndots' from <filename>resolv.conf</filename> (default 1) |
829 |
which may be overridden by <parameter>+ndots</parameter> |
830 |
determines if the name will be treated as relative |
831 |
or not and hence whether a search is eventually |
832 |
performed or not. |
833 |
</para> |
834 |
</listitem> |
835 |
</varlistentry> |
836 |
|
837 |
<varlistentry> |
838 |
<term><option>+[no]short</option></term> |
839 |
<listitem> |
840 |
<para> |
841 |
Provide a terse answer. The default is to print the |
842 |
answer in a verbose form. |
843 |
</para> |
844 |
</listitem> |
845 |
</varlistentry> |
846 |
|
847 |
<varlistentry> |
848 |
<term><option>+[no]showsearch</option></term> |
849 |
<listitem> |
850 |
<para> |
851 |
Perform [do not perform] a search showing intermediate |
852 |
results. |
853 |
</para> |
854 |
</listitem> |
855 |
</varlistentry> |
856 |
|
857 |
<varlistentry> |
858 |
<term><option>+[no]sigchase</option></term> |
859 |
<listitem> |
860 |
<para> |
861 |
Chase DNSSEC signature chains. Requires dig be |
862 |
compiled with -DDIG_SIGCHASE. |
863 |
</para> |
864 |
</listitem> |
865 |
</varlistentry> |
866 |
|
867 |
<varlistentry> |
868 |
<term><option>+split=W</option></term> |
869 |
<listitem> |
870 |
<para> |
871 |
Split long hex- or base64-formatted fields in resource |
872 |
records into chunks of <parameter>W</parameter> |
873 |
characters (where <parameter>W</parameter> is rounded |
874 |
up to the nearest multiple of 4). |
875 |
<parameter>+nosplit</parameter> or |
876 |
<parameter>+split=0</parameter> causes fields not to |
877 |
be split at all. The default is 56 characters, or |
878 |
44 characters when multiline mode is active. |
879 |
</para> |
880 |
</listitem> |
881 |
</varlistentry> |
882 |
|
883 |
<varlistentry> |
884 |
<term><option>+[no]stats</option></term> |
885 |
<listitem> |
886 |
<para> |
887 |
This query option toggles the printing of statistics: |
888 |
when the query was made, the size of the reply and |
889 |
so on. The default behavior is to print the query |
890 |
statistics. |
891 |
</para> |
892 |
</listitem> |
893 |
</varlistentry> |
894 |
|
895 |
<varlistentry> |
896 |
<term><option>+[no]tcp</option></term> |
897 |
<listitem> |
898 |
<para> |
899 |
Use [do not use] TCP when querying name servers. The |
900 |
default behavior is to use UDP unless an |
901 |
<literal>ixfr=N</literal> query is requested, in which |
902 |
case the default is TCP. AXFR queries always use |
903 |
TCP. |
904 |
</para> |
905 |
</listitem> |
906 |
</varlistentry> |
907 |
|
908 |
<varlistentry> |
909 |
<term><option>+time=T</option></term> |
910 |
<listitem> |
911 |
<para> |
912 |
|
913 |
Sets the timeout for a query to |
914 |
<parameter>T</parameter> seconds. The default |
915 |
timeout is 5 seconds. |
916 |
An attempt to set <parameter>T</parameter> to less |
917 |
than 1 will result |
918 |
in a query timeout of 1 second being applied. |
919 |
</para> |
920 |
</listitem> |
921 |
</varlistentry> |
922 |
|
923 |
<varlistentry> |
924 |
<term><option>+[no]topdown</option></term> |
925 |
<listitem> |
926 |
<para> |
927 |
When chasing DNSSEC signature chains perform a top-down |
928 |
validation. Requires dig be compiled with -DDIG_SIGCHASE. |
929 |
</para> |
930 |
</listitem> |
931 |
</varlistentry> |
932 |
|
933 |
<varlistentry> |
934 |
<term><option>+[no]trace</option></term> |
935 |
<listitem> |
936 |
<para> |
937 |
Toggle tracing of the delegation path from the root |
938 |
name servers for the name being looked up. Tracing |
939 |
is disabled by default. When tracing is enabled, |
940 |
<command>dig</command> makes iterative queries to |
941 |
resolve the name being looked up. It will follow |
942 |
referrals from the root servers, showing the answer |
943 |
from each server that was used to resolve the lookup. |
944 |
</para> <para> |
945 |
If @server is also specified, it affects only the |
946 |
initial query for the root zone name servers. |
947 |
</para> <para> |
948 |
<command>+dnssec</command> is also set when +trace |
949 |
is set to better emulate the default queries from a |
950 |
nameserver. |
951 |
</para> |
952 |
</listitem> |
953 |
</varlistentry> |
954 |
|
955 |
<varlistentry> |
956 |
<term><option>+tries=T</option></term> |
957 |
<listitem> |
958 |
<para> |
959 |
Sets the number of times to try UDP queries to server |
960 |
to <parameter>T</parameter> instead of the default, |
961 |
3. If <parameter>T</parameter> is less than or equal |
962 |
to zero, the number of tries is silently rounded up |
963 |
to 1. |
964 |
</para> |
965 |
</listitem> |
966 |
</varlistentry> |
967 |
|
968 |
<varlistentry> |
969 |
<term><option>+trusted-key=####</option></term> |
970 |
<listitem> |
971 |
<para> |
972 |
Specifies a file containing trusted keys to be used |
973 |
with <option>+sigchase</option>. Each DNSKEY record |
974 |
must be on its own line. |
975 |
</para> <para> |
976 |
If not specified, <command>dig</command> will look |
977 |
for <filename>/etc/trusted-key.key</filename> then |
978 |
<filename>trusted-key.key</filename> in the current |
979 |
directory. |
980 |
</para> <para> |
981 |
Requires dig be compiled with -DDIG_SIGCHASE. |
982 |
</para> |
983 |
</listitem> |
984 |
</varlistentry> |
985 |
|
986 |
<varlistentry> |
987 |
<term><option>+[no]ttlid</option></term> |
988 |
<listitem> |
989 |
<para> |
990 |
Display [do not display] the TTL when printing the |
991 |
record. |
992 |
</para> |
993 |
</listitem> |
994 |
</varlistentry> |
995 |
|
996 |
<varlistentry> |
997 |
<term><option>+[no]vc</option></term> |
998 |
<listitem> |
999 |
<para> |
1000 |
Use [do not use] TCP when querying name servers. This |
1001 |
alternate syntax to <parameter>+[no]tcp</parameter> |
1002 |
is provided for backwards compatibility. The "vc" |
1003 |
stands for "virtual circuit". |
1004 |
</para> |
1005 |
</listitem> |
1006 |
</varlistentry> |
1007 |
|
1008 |
</variablelist> |
1009 |
|
1010 |
</para> |
1011 |
</refsection> |
1012 |
|
1013 |
<refsection><info><title>MULTIPLE QUERIES</title></info> |
1014 |
|
1015 |
|
1016 |
<para> |
1017 |
The BIND 9 implementation of <command>dig </command> |
1018 |
supports |
1019 |
specifying multiple queries on the command line (in addition to |
1020 |
supporting the <option>-f</option> batch file option). Each of those |
1021 |
queries can be supplied with its own set of flags, options and query |
1022 |
options. |
1023 |
</para> |
1024 |
|
1025 |
<para> |
1026 |
In this case, each <parameter>query</parameter> argument |
1027 |
represent an |
1028 |
individual query in the command-line syntax described above. Each |
1029 |
consists of any of the standard options and flags, the name to be |
1030 |
looked up, an optional query type and class and any query options that |
1031 |
should be applied to that query. |
1032 |
</para> |
1033 |
|
1034 |
<para> |
1035 |
A global set of query options, which should be applied to all queries, |
1036 |
can also be supplied. These global query options must precede the |
1037 |
first tuple of name, class, type, options, flags, and query options |
1038 |
supplied on the command line. Any global query options (except |
1039 |
the <option>+[no]cmd</option> option) can be |
1040 |
overridden by a query-specific set of query options. For example: |
1041 |
<programlisting> |
1042 |
dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr |
1043 |
</programlisting> |
1044 |
shows how <command>dig</command> could be used from the |
1045 |
command line |
1046 |
to make three lookups: an ANY query for <literal>www.isc.org</literal>, a |
1047 |
reverse lookup of 127.0.0.1 and a query for the NS records of |
1048 |
<literal>isc.org</literal>. |
1049 |
|
1050 |
A global query option of <parameter>+qr</parameter> is |
1051 |
applied, so |
1052 |
that <command>dig</command> shows the initial query it made |
1053 |
for each |
1054 |
lookup. The final query has a local query option of |
1055 |
<parameter>+noqr</parameter> which means that <command>dig</command> |
1056 |
will not print the initial query when it looks up the NS records for |
1057 |
<literal>isc.org</literal>. |
1058 |
</para> |
1059 |
|
1060 |
</refsection> |
1061 |
|
1062 |
<refsection><info><title>IDN SUPPORT</title></info> |
1063 |
|
1064 |
<para> |
1065 |
If <command>dig</command> has been built with IDN (internationalized |
1066 |
domain name) support, it can accept and display non-ASCII domain names. |
1067 |
<command>dig</command> appropriately converts character encoding of |
1068 |
domain name before sending a request to DNS server or displaying a |
1069 |
reply from the server. |
1070 |
If you'd like to turn off the IDN support for some reason, defines |
1071 |
the <envar>IDN_DISABLE</envar> environment variable. |
1072 |
The IDN support is disabled if the variable is set when |
1073 |
<command>dig</command> runs. |
1074 |
</para> |
1075 |
</refsection> |
1076 |
|
1077 |
<refsection><info><title>FILES</title></info> |
1078 |
|
1079 |
<para><filename>/etc/resolv.conf</filename> |
1080 |
</para> |
1081 |
<para><filename>${HOME}/.digrc</filename> |
1082 |
</para> |
1083 |
</refsection> |
1084 |
|
1085 |
<refsection><info><title>SEE ALSO</title></info> |
1086 |
|
1087 |
<para><citerefentry> |
1088 |
<refentrytitle>host</refentrytitle><manvolnum>1</manvolnum> |
1089 |
</citerefentry>, |
1090 |
<citerefentry> |
1091 |
<refentrytitle>named</refentrytitle><manvolnum>8</manvolnum> |
1092 |
</citerefentry>, |
1093 |
<citerefentry> |
1094 |
<refentrytitle>dnssec-keygen</refentrytitle><manvolnum>8</manvolnum> |
1095 |
</citerefentry>, |
1096 |
<citetitle>RFC1035</citetitle>. |
1097 |
</para> |
1098 |
</refsection> |
1099 |
|
1100 |
<refsection><info><title>BUGS</title></info> |
1101 |
|
1102 |
<para> |
1103 |
There are probably too many query options. |
1104 |
</para> |
1105 |
</refsection> |
1106 |
</refentry> |