ViewVC Help
View File | Revision Log | Show Annotations | Download File | View Changeset | Root Listing
root/src/vendor/bind/9.9.9p4/bin/dig/dig.docbook
Revision: 9210
Committed: Sat Nov 5 14:35:34 2016 UTC (7 years, 6 months ago) by laffer1
File size: 35221 byte(s)
Log Message: 
tag

File Contents

# Content
1 <!--
2 - Copyright (C) 2004-2011, 2013-2015 Internet Systems Consortium, Inc. ("ISC")
3 - Copyright (C) 2000-2003 Internet Software Consortium.
4 -
5 - Permission to use, copy, modify, and/or distribute this software for any
6 - purpose with or without fee is hereby granted, provided that the above
7 - copyright notice and this permission notice appear in all copies.
8 -
9 - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
10 - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
11 - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
12 - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
13 - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
14 - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
15 - PERFORMANCE OF THIS SOFTWARE.
16 -->
17
18 <!-- Converted by db4-upgrade version 1.0 -->
19 <refentry xmlns="http://docbook.org/ns/docbook" version="5.0" xml:id="man.dig">
20
21 <info>
22 <date>2014-02-12</date>
23 </info>
24 <refentryinfo>
25 <corpname>ISC</corpname>
26 <corpauthor>Internet Systems Consortium, Inc.</corpauthor>
27 </refentryinfo>
28
29 <refmeta>
30 <refentrytitle>dig</refentrytitle>
31 <manvolnum>1</manvolnum>
32 <refmiscinfo>BIND9</refmiscinfo>
33 </refmeta>
34
35 <refnamediv>
36 <refname>dig</refname>
37 <refpurpose>DNS lookup utility</refpurpose>
38 </refnamediv>
39
40 <docinfo>
41 <copyright>
42 <year>2004</year>
43 <year>2005</year>
44 <year>2006</year>
45 <year>2007</year>
46 <year>2008</year>
47 <year>2009</year>
48 <year>2010</year>
49 <year>2011</year>
50 <year>2013</year>
51 <year>2014</year>
52 <year>2015</year>
53 <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
54 </copyright>
55 <copyright>
56 <year>2000</year>
57 <year>2001</year>
58 <year>2002</year>
59 <year>2003</year>
60 <holder>Internet Software Consortium.</holder>
61 </copyright>
62 </docinfo>
63
64 <refsynopsisdiv>
65 <cmdsynopsis sepchar=" ">
66 <command>dig</command>
67 <arg choice="opt" rep="norepeat">@server</arg>
68 <arg choice="opt" rep="norepeat"><option>-b <replaceable class="parameter">address</replaceable></option></arg>
69 <arg choice="opt" rep="norepeat"><option>-c <replaceable class="parameter">class</replaceable></option></arg>
70 <arg choice="opt" rep="norepeat"><option>-f <replaceable class="parameter">filename</replaceable></option></arg>
71 <arg choice="opt" rep="norepeat"><option>-k <replaceable class="parameter">filename</replaceable></option></arg>
72 <arg choice="opt" rep="norepeat"><option>-m</option></arg>
73 <arg choice="opt" rep="norepeat"><option>-p <replaceable class="parameter">port#</replaceable></option></arg>
74 <arg choice="opt" rep="norepeat"><option>-q <replaceable class="parameter">name</replaceable></option></arg>
75 <arg choice="opt" rep="norepeat"><option>-t <replaceable class="parameter">type</replaceable></option></arg>
76 <arg choice="opt" rep="norepeat"><option>-v</option></arg>
77 <arg choice="opt" rep="norepeat"><option>-x <replaceable class="parameter">addr</replaceable></option></arg>
78 <arg choice="opt" rep="norepeat"><option>-y <replaceable class="parameter"><optional>hmac:</optional>name:key</replaceable></option></arg>
79 <arg choice="opt" rep="norepeat"><option>-4</option></arg>
80 <arg choice="opt" rep="norepeat"><option>-6</option></arg>
81 <arg choice="opt" rep="norepeat">name</arg>
82 <arg choice="opt" rep="norepeat">type</arg>
83 <arg choice="opt" rep="norepeat">class</arg>
84 <arg choice="opt" rep="repeat">queryopt</arg>
85 </cmdsynopsis>
86
87 <cmdsynopsis sepchar=" ">
88 <command>dig</command>
89 <arg choice="opt" rep="norepeat"><option>-h</option></arg>
90 </cmdsynopsis>
91
92 <cmdsynopsis sepchar=" ">
93 <command>dig</command>
94 <arg choice="opt" rep="repeat">global-queryopt</arg>
95 <arg choice="opt" rep="repeat">query</arg>
96 </cmdsynopsis>
97 </refsynopsisdiv>
98
99 <refsection><info><title>DESCRIPTION</title></info>
100
101 <para><command>dig</command>
102 (domain information groper) is a flexible tool
103 for interrogating DNS name servers. It performs DNS lookups and
104 displays the answers that are returned from the name server(s) that
105 were queried. Most DNS administrators use <command>dig</command> to
106 troubleshoot DNS problems because of its flexibility, ease of use and
107 clarity of output. Other lookup tools tend to have less functionality
108 than <command>dig</command>.
109 </para>
110
111 <para>
112 Although <command>dig</command> is normally used with
113 command-line
114 arguments, it also has a batch mode of operation for reading lookup
115 requests from a file. A brief summary of its command-line arguments
116 and options is printed when the <option>-h</option> option is given.
117 Unlike earlier versions, the BIND 9 implementation of
118 <command>dig</command> allows multiple lookups to be issued
119 from the
120 command line.
121 </para>
122
123 <para>
124 Unless it is told to query a specific name server,
125 <command>dig</command> will try each of the servers listed in
126 <filename>/etc/resolv.conf</filename>. If no usable server addresses
127 are found, <command>dig</command> will send the query to the local
128 host.
129 </para>
130
131 <para>
132 When no command line arguments or options are given,
133 <command>dig</command> will perform an NS query for "." (the root).
134 </para>
135
136 <para>
137 It is possible to set per-user defaults for <command>dig</command> via
138 <filename>${HOME}/.digrc</filename>. This file is read and
139 any options in it
140 are applied before the command line arguments.
141 </para>
142
143 <para>
144 The IN and CH class names overlap with the IN and CH top level
145 domain names. Either use the <option>-t</option> and
146 <option>-c</option> options to specify the type and class,
147 use the <option>-q</option> the specify the domain name, or
148 use "IN." and "CH." when looking up these top level domains.
149 </para>
150
151 </refsection>
152
153 <refsection><info><title>SIMPLE USAGE</title></info>
154
155
156 <para>
157 A typical invocation of <command>dig</command> looks like:
158 <programlisting> dig @server name type </programlisting>
159 where:
160
161 <variablelist>
162
163 <varlistentry>
164 <term><constant>server</constant></term>
165 <listitem>
166 <para>
167 is the name or IP address of the name server to query. This
168 can be an IPv4 address in dotted-decimal notation or an IPv6
169 address in colon-delimited notation. When the supplied
170 <parameter>server</parameter> argument is a hostname,
171 <command>dig</command> resolves that name before querying
172 that name server.
173 </para>
174 <para>
175 If no <parameter>server</parameter> argument is
176 provided, <command>dig</command> consults
177 <filename>/etc/resolv.conf</filename>; if an
178 address is found there, it queries the name server at
179 that address. If either of the <option>-4</option> or
180 <option>-6</option> options are in use, then
181 only addresses for the corresponding transport
182 will be tried. If no usable addresses are found,
183 <command>dig</command> will send the query to the
184 local host. The reply from the name server that
185 responds is displayed.
186 </para>
187 </listitem>
188 </varlistentry>
189
190 <varlistentry>
191 <term><constant>name</constant></term>
192 <listitem>
193 <para>
194 is the name of the resource record that is to be looked up.
195 </para>
196 </listitem>
197 </varlistentry>
198
199 <varlistentry>
200 <term><constant>type</constant></term>
201 <listitem>
202 <para>
203 indicates what type of query is required —
204 ANY, A, MX, SIG, etc.
205 <parameter>type</parameter> can be any valid query
206 type. If no
207 <parameter>type</parameter> argument is supplied,
208 <command>dig</command> will perform a lookup for an
209 A record.
210 </para>
211 </listitem>
212 </varlistentry>
213
214 </variablelist>
215 </para>
216
217 </refsection>
218
219 <refsection><info><title>OPTIONS</title></info>
220
221
222 <variablelist>
223 <varlistentry>
224 <term>-4</term>
225 <listitem>
226 <para>
227 Use IPv4 only.
228 </para>
229 </listitem>
230 </varlistentry>
231
232 <varlistentry>
233 <term>-6</term>
234 <listitem>
235 <para>
236 Use IPv6 only.
237 </para>
238 </listitem>
239 </varlistentry>
240
241 <varlistentry>
242 <term>-b <replaceable class="parameter">address<optional>#port</optional></replaceable></term>
243 <listitem>
244 <para>
245 Set the source IP address of the query.
246 The <parameter>address</parameter> must be a valid address on
247 one of the host's network interfaces, or "0.0.0.0" or "::". An
248 optional port may be specified by appending "#&lt;port&gt;"
249 </para>
250 </listitem>
251 </varlistentry>
252
253 <varlistentry>
254 <term>-c <replaceable class="parameter">class</replaceable></term>
255 <listitem>
256 <para>
257 Set the query class. The
258 default <parameter>class</parameter> is IN; other classes
259 are HS for Hesiod records or CH for Chaosnet records.
260 </para>
261 </listitem>
262 </varlistentry>
263
264 <varlistentry>
265 <term>-f <replaceable class="parameter">file</replaceable></term>
266 <listitem>
267 <para>
268 Batch mode: <command>dig</command> reads a list of lookup
269 requests to process from the
270 given <parameter>file</parameter>. Each line in the file
271 should be organized in the same way they would be
272 presented as queries to
273 <command>dig</command> using the command-line interface.
274 </para>
275 </listitem>
276 </varlistentry>
277
278 <varlistentry>
279 <term>-i</term>
280 <listitem>
281 <para>
282 Do reverse IPv6 lookups using the obsolete RFC1886 IP6.INT
283 domain, which is no longer in use. Obsolete bit string
284 label queries (RFC2874) are not attempted.
285 </para>
286 </listitem>
287 </varlistentry>
288
289 <varlistentry>
290 <term>-k <replaceable class="parameter">keyfile</replaceable></term>
291 <listitem>
292 <para>
293 Sign queries using TSIG using a key read from the given file.
294 Key files can be generated using
295 <citerefentry>
296 <refentrytitle>tsig-keygen</refentrytitle><manvolnum>8</manvolnum>
297 </citerefentry>.
298 When using TSIG authentication with <command>dig</command>,
299 the name server that is queried needs to know the key and
300 algorithm that is being used. In BIND, this is done by
301 providing appropriate <command>key</command>
302 and <command>server</command> statements in
303 <filename>named.conf</filename>.
304 </para>
305 </listitem>
306 </varlistentry>
307
308 <varlistentry>
309 <term>-m</term>
310 <listitem>
311 <para>
312 Enable memory usage debugging.
313 <!-- It enables ISC_MEM_DEBUGTRACE and ISC_MEM_DEBUGRECORD
314 documented in include/isc/mem.h -->
315 </para>
316 </listitem>
317 </varlistentry>
318
319 <varlistentry>
320 <term>-p <replaceable class="parameter">port</replaceable></term>
321 <listitem>
322 <para>
323 Send the query to a non-standard port on the server,
324 instead of the defaut port 53. This option would be used
325 to test a name server that has been configured to listen
326 for queries on a non-standard port number.
327 </para>
328 </listitem>
329 </varlistentry>
330
331 <varlistentry>
332 <term>-q <replaceable class="parameter">name</replaceable></term>
333 <listitem>
334 <para>
335 The domain name to query. This is useful to distinguish
336 the <parameter>name</parameter> from other arguments.
337 </para>
338 </listitem>
339 </varlistentry>
340
341 <varlistentry>
342 <term>-t <replaceable class="parameter">type</replaceable></term>
343 <listitem>
344 <para>
345 The resource record type to query. It can be any valid query type
346 which is
347 supported in BIND 9. The default query type is "A", unless the
348 <option>-x</option> option is supplied to indicate a reverse lookup.
349 A zone transfer can be requested by specifying a type of AXFR. When
350 an incremental zone transfer (IXFR) is required, set the
351 <parameter>type</parameter> to <literal>ixfr=N</literal>.
352 The incremental zone transfer will contain the changes
353 made to the zone since the serial number in the zone's SOA
354 record was
355 <parameter>N</parameter>.
356 </para>
357 </listitem>
358 </varlistentry>
359
360 <varlistentry>
361 <term>-v</term>
362 <listitem>
363 <para>
364 Print the version number and exit.
365 </para>
366 </listitem>
367 </varlistentry>
368
369 <varlistentry>
370 <term>-x <replaceable class="parameter">addr</replaceable></term>
371 <listitem>
372 <para>
373 Simplified reverse lookups, for mapping addresses to
374 names. The <parameter>addr</parameter> is an IPv4 address
375 in dotted-decimal notation, or a colon-delimited IPv6
376 address. When the <option>-x</option> is used, there is no
377 need to provide
378 the <parameter>name</parameter>, <parameter>class</parameter>
379 and <parameter>type</parameter>
380 arguments. <command>dig</command> automatically performs a
381 lookup for a name like
382 <literal>94.2.0.192.in-addr.arpa</literal> and sets the
383 query type and class to PTR and IN respectively. IPv6
384 addresses are looked up using nibble format under the
385 IP6.ARPA domain (but see also the <option>-i</option>
386 option).
387 </para>
388 </listitem>
389 </varlistentry>
390
391 <varlistentry>
392 <term>-y <replaceable class="parameter"><optional>hmac:</optional>keyname:secret</replaceable></term>
393 <listitem>
394 <para>
395 Sign queries using TSIG with the given authentication key.
396 <parameter>keyname</parameter> is the name of the key, and
397 <parameter>secret</parameter> is the base64 encoded shared secret.
398 <parameter>hmac</parameter> is the name of the key algorithm;
399 valid choices are <literal>hmac-md5</literal>,
400 <literal>hmac-sha1</literal>, <literal>hmac-sha224</literal>,
401 <literal>hmac-sha256</literal>, <literal>hmac-sha384</literal>, or
402 <literal>hmac-sha512</literal>. If <parameter>hmac</parameter>
403 is not specified, the default is <literal>hmac-md5</literal>.
404 </para>
405 <para>
406 NOTE: You should use the <option>-k</option> option and
407 avoid the <option>-y</option> option, because
408 with <option>-y</option> the shared secret is supplied as
409 a command line argument in clear text. This may be visible
410 in the output from
411 <citerefentry>
412 <refentrytitle>ps</refentrytitle><manvolnum>1</manvolnum>
413 </citerefentry>
414 or in a history file maintained by the user's shell.
415 </para>
416 </listitem>
417 </varlistentry>
418
419 </variablelist>
420 </refsection>
421
422 <refsection><info><title>QUERY OPTIONS</title></info>
423
424
425 <para><command>dig</command>
426 provides a number of query options which affect
427 the way in which lookups are made and the results displayed. Some of
428 these set or reset flag bits in the query header, some determine which
429 sections of the answer get printed, and others determine the timeout
430 and retry strategies.
431 </para>
432
433 <para>
434 Each query option is identified by a keyword preceded by a plus sign
435 (<literal>+</literal>). Some keywords set or reset an
436 option. These may be preceded
437 by the string <literal>no</literal> to negate the meaning of
438 that keyword. Other
439 keywords assign values to options like the timeout interval. They
440 have the form <option>+keyword=value</option>.
441 Keywords may be abbreviated, provided the abbreviation is
442 unambiguous; for example, <literal>+cd</literal> is equivalent
443 to <literal>+cdflag</literal>.
444 The query options are:
445
446 <variablelist>
447
448 <varlistentry>
449 <term><option>+[no]aaflag</option></term>
450 <listitem>
451 <para>
452 A synonym for <parameter>+[no]aaonly</parameter>.
453 </para>
454 </listitem>
455 </varlistentry>
456
457 <varlistentry>
458 <term><option>+[no]aaonly</option></term>
459 <listitem>
460 <para>
461 Sets the "aa" flag in the query.
462 </para>
463 </listitem>
464 </varlistentry>
465
466 <varlistentry>
467 <term><option>+[no]additional</option></term>
468 <listitem>
469 <para>
470 Display [do not display] the additional section of a
471 reply. The default is to display it.
472 </para>
473 </listitem>
474 </varlistentry>
475
476 <varlistentry>
477 <term><option>+[no]adflag</option></term>
478 <listitem>
479 <para>
480 Set [do not set] the AD (authentic data) bit in the
481 query. This requests the server to return whether
482 all of the answer and authority sections have all
483 been validated as secure according to the security
484 policy of the server. AD=1 indicates that all records
485 have been validated as secure and the answer is not
486 from a OPT-OUT range. AD=0 indicate that some part
487 of the answer was insecure or not validated. This
488 bit is set by default.
489 </para>
490 </listitem>
491 </varlistentry>
492
493 <varlistentry>
494 <term><option>+[no]all</option></term>
495 <listitem>
496 <para>
497 Set or clear all display flags.
498 </para>
499 </listitem>
500 </varlistentry>
501
502 <varlistentry>
503 <term><option>+[no]answer</option></term>
504 <listitem>
505 <para>
506 Display [do not display] the answer section of a
507 reply. The default is to display it.
508 </para>
509 </listitem>
510 </varlistentry>
511
512 <varlistentry>
513 <term><option>+[no]authority</option></term>
514 <listitem>
515 <para>
516 Display [do not display] the authority section of a
517 reply. The default is to display it.
518 </para>
519 </listitem>
520 </varlistentry>
521
522 <varlistentry>
523 <term><option>+[no]besteffort</option></term>
524 <listitem>
525 <para>
526 Attempt to display the contents of messages which are
527 malformed. The default is to not display malformed
528 answers.
529 </para>
530 </listitem>
531 </varlistentry>
532
533 <varlistentry>
534 <term><option>+bufsize=B</option></term>
535 <listitem>
536 <para>
537 Set the UDP message buffer size advertised using EDNS0
538 to <parameter>B</parameter> bytes. The maximum and
539 minimum sizes of this buffer are 65535 and 0 respectively.
540 Values outside this range are rounded up or down
541 appropriately. Values other than zero will cause a
542 EDNS query to be sent.
543 </para>
544 </listitem>
545 </varlistentry>
546
547 <varlistentry>
548 <term><option>+[no]cdflag</option></term>
549 <listitem>
550 <para>
551 Set [do not set] the CD (checking disabled) bit in
552 the query. This requests the server to not perform
553 DNSSEC validation of responses.
554 </para>
555 </listitem>
556 </varlistentry>
557
558 <varlistentry>
559 <term><option>+[no]class</option></term>
560 <listitem>
561 <para>
562 Display [do not display] the CLASS when printing the
563 record.
564 </para>
565 </listitem>
566 </varlistentry>
567
568 <varlistentry>
569 <term><option>+[no]cmd</option></term>
570 <listitem>
571 <para>
572 Toggles the printing of the initial comment in the
573 output identifying the version of <command>dig</command>
574 and the query options that have been applied. This
575 comment is printed by default.
576 </para>
577 </listitem>
578 </varlistentry>
579
580 <varlistentry>
581 <term><option>+[no]comments</option></term>
582 <listitem>
583 <para>
584 Toggle the display of comment lines in the output.
585 The default is to print comments.
586 </para>
587 </listitem>
588 </varlistentry>
589
590 <varlistentry>
591 <term><option>+[no]defname</option></term>
592 <listitem>
593 <para>
594 Deprecated, treated as a synonym for
595 <parameter>+[no]search</parameter>
596 </para>
597 </listitem>
598 </varlistentry>
599
600 <varlistentry>
601 <term><option>+[no]dnssec</option></term>
602 <listitem>
603 <para>
604 Requests DNSSEC records be sent by setting the DNSSEC
605 OK bit (DO) in the OPT record in the additional section
606 of the query.
607 </para>
608 </listitem>
609 </varlistentry>
610
611 <varlistentry>
612 <term><option>+domain=somename</option></term>
613 <listitem>
614 <para>
615 Set the search list to contain the single domain
616 <parameter>somename</parameter>, as if specified in
617 a <command>domain</command> directive in
618 <filename>/etc/resolv.conf</filename>, and enable
619 search list processing as if the
620 <parameter>+search</parameter> option were given.
621 </para>
622 </listitem>
623 </varlistentry>
624
625 <varlistentry>
626 <term><option>+[no]edns[=#]</option></term>
627 <listitem>
628 <para>
629 Specify the EDNS version to query with. Valid values
630 are 0 to 255. Setting the EDNS version will cause
631 a EDNS query to be sent. <option>+noedns</option>
632 clears the remembered EDNS version. EDNS is set to
633 0 by default.
634 </para>
635 </listitem>
636 </varlistentry>
637
638 <varlistentry>
639 <term><option>+[no]fail</option></term>
640 <listitem>
641 <para>
642 Do not try the next server if you receive a SERVFAIL.
643 The default is to not try the next server which is
644 the reverse of normal stub resolver behavior.
645 </para>
646 </listitem>
647 </varlistentry>
648
649 <varlistentry>
650 <term><option>+[no]identify</option></term>
651 <listitem>
652 <para>
653 Show [or do not show] the IP address and port number
654 that supplied the answer when the
655 <parameter>+short</parameter> option is enabled. If
656 short form answers are requested, the default is not
657 to show the source address and port number of the
658 server that provided the answer.
659 </para>
660 </listitem>
661 </varlistentry>
662
663 <varlistentry>
664 <term><option>+[no]ignore</option></term>
665 <listitem>
666 <para>
667 Ignore truncation in UDP responses instead of retrying
668 with TCP. By default, TCP retries are performed.
669 </para>
670 </listitem>
671 </varlistentry>
672
673 <varlistentry>
674 <term><option>+[no]keepopen</option></term>
675 <listitem>
676 <para>
677 Keep the TCP socket open between queries and reuse
678 it rather than creating a new TCP socket for each
679 lookup. The default is <option>+nokeepopen</option>.
680 </para>
681 </listitem>
682 </varlistentry>
683
684 <varlistentry>
685 <term><option>+[no]multiline</option></term>
686 <listitem>
687 <para>
688 Print records like the SOA records in a verbose
689 multi-line format with human-readable comments. The
690 default is to print each record on a single line, to
691 facilitate machine parsing of the <command>dig</command>
692 output.
693 </para>
694 </listitem>
695 </varlistentry>
696
697 <varlistentry>
698 <term><option>+ndots=D</option></term>
699 <listitem>
700 <para>
701 Set the number of dots that have to appear in
702 <parameter>name</parameter> to <parameter>D</parameter>
703 for it to be considered absolute. The default value
704 is that defined using the ndots statement in
705 <filename>/etc/resolv.conf</filename>, or 1 if no
706 ndots statement is present. Names with fewer dots
707 are interpreted as relative names and will be searched
708 for in the domains listed in the <option>search</option>
709 or <option>domain</option> directive in
710 <filename>/etc/resolv.conf</filename> if
711 <option>+search</option> is set.
712 </para>
713 </listitem>
714 </varlistentry>
715
716 <varlistentry>
717 <term><option>+[no]nsid</option></term>
718 <listitem>
719 <para>
720 Include an EDNS name server ID request when sending
721 a query.
722 </para>
723 </listitem>
724 </varlistentry>
725
726 <varlistentry>
727 <term><option>+[no]nssearch</option></term>
728 <listitem>
729 <para>
730 When this option is set, <command>dig</command>
731 attempts to find the authoritative name servers for
732 the zone containing the name being looked up and
733 display the SOA record that each name server has for
734 the zone.
735 </para>
736 </listitem>
737 </varlistentry>
738
739 <varlistentry>
740 <term><option>+[no]onesoa</option></term>
741 <listitem>
742 <para>
743 Print only one (starting) SOA record when performing
744 an AXFR. The default is to print both the starting
745 and ending SOA records.
746 </para>
747 </listitem>
748 </varlistentry>
749
750 <varlistentry>
751 <term><option>+[no]qr</option></term>
752 <listitem>
753 <para>
754 Print [do not print] the query as it is sent. By
755 default, the query is not printed.
756 </para>
757 </listitem>
758 </varlistentry>
759
760 <varlistentry>
761 <term><option>+[no]question</option></term>
762 <listitem>
763 <para>
764 Print [do not print] the question section of a query
765 when an answer is returned. The default is to print
766 the question section as a comment.
767 </para>
768 </listitem>
769 </varlistentry>
770
771 <varlistentry>
772 <term><option>+[no]rdflag</option></term>
773 <listitem>
774 <para>
775 A synonym for <parameter>+[no]recurse</parameter>.
776 </para>
777 </listitem>
778 </varlistentry>
779
780 <varlistentry>
781 <term><option>+[no]recurse</option></term>
782 <listitem>
783 <para>
784 Toggle the setting of the RD (recursion desired) bit
785 in the query. This bit is set by default, which means
786 <command>dig</command> normally sends recursive
787 queries. Recursion is automatically disabled when
788 the <parameter>+nssearch</parameter> or
789 <parameter>+trace</parameter> query options are used.
790 </para>
791 </listitem>
792 </varlistentry>
793
794 <varlistentry>
795 <term><option>+retry=T</option></term>
796 <listitem>
797 <para>
798 Sets the number of times to retry UDP queries to
799 server to <parameter>T</parameter> instead of the
800 default, 2. Unlike <parameter>+tries</parameter>,
801 this does not include the initial query.
802 </para>
803 </listitem>
804 </varlistentry>
805
806 <varlistentry>
807 <term><option>+[no]rrcomments</option></term>
808 <listitem>
809 <para>
810 Toggle the display of per-record comments in the
811 output (for example, human-readable key information
812 about DNSKEY records). The default is not to print
813 record comments unless multiline mode is active.
814 </para>
815 </listitem>
816 </varlistentry>
817
818 <varlistentry>
819 <term><option>+[no]search</option></term>
820 <listitem>
821 <para>
822 Use [do not use] the search list defined by the
823 searchlist or domain directive in
824 <filename>resolv.conf</filename> (if any). The search
825 list is not used by default.
826 </para>
827 <para>
828 'ndots' from <filename>resolv.conf</filename> (default 1)
829 which may be overridden by <parameter>+ndots</parameter>
830 determines if the name will be treated as relative
831 or not and hence whether a search is eventually
832 performed or not.
833 </para>
834 </listitem>
835 </varlistentry>
836
837 <varlistentry>
838 <term><option>+[no]short</option></term>
839 <listitem>
840 <para>
841 Provide a terse answer. The default is to print the
842 answer in a verbose form.
843 </para>
844 </listitem>
845 </varlistentry>
846
847 <varlistentry>
848 <term><option>+[no]showsearch</option></term>
849 <listitem>
850 <para>
851 Perform [do not perform] a search showing intermediate
852 results.
853 </para>
854 </listitem>
855 </varlistentry>
856
857 <varlistentry>
858 <term><option>+[no]sigchase</option></term>
859 <listitem>
860 <para>
861 Chase DNSSEC signature chains. Requires dig be
862 compiled with -DDIG_SIGCHASE.
863 </para>
864 </listitem>
865 </varlistentry>
866
867 <varlistentry>
868 <term><option>+split=W</option></term>
869 <listitem>
870 <para>
871 Split long hex- or base64-formatted fields in resource
872 records into chunks of <parameter>W</parameter>
873 characters (where <parameter>W</parameter> is rounded
874 up to the nearest multiple of 4).
875 <parameter>+nosplit</parameter> or
876 <parameter>+split=0</parameter> causes fields not to
877 be split at all. The default is 56 characters, or
878 44 characters when multiline mode is active.
879 </para>
880 </listitem>
881 </varlistentry>
882
883 <varlistentry>
884 <term><option>+[no]stats</option></term>
885 <listitem>
886 <para>
887 This query option toggles the printing of statistics:
888 when the query was made, the size of the reply and
889 so on. The default behavior is to print the query
890 statistics.
891 </para>
892 </listitem>
893 </varlistentry>
894
895 <varlistentry>
896 <term><option>+[no]tcp</option></term>
897 <listitem>
898 <para>
899 Use [do not use] TCP when querying name servers. The
900 default behavior is to use UDP unless an
901 <literal>ixfr=N</literal> query is requested, in which
902 case the default is TCP. AXFR queries always use
903 TCP.
904 </para>
905 </listitem>
906 </varlistentry>
907
908 <varlistentry>
909 <term><option>+time=T</option></term>
910 <listitem>
911 <para>
912
913 Sets the timeout for a query to
914 <parameter>T</parameter> seconds. The default
915 timeout is 5 seconds.
916 An attempt to set <parameter>T</parameter> to less
917 than 1 will result
918 in a query timeout of 1 second being applied.
919 </para>
920 </listitem>
921 </varlistentry>
922
923 <varlistentry>
924 <term><option>+[no]topdown</option></term>
925 <listitem>
926 <para>
927 When chasing DNSSEC signature chains perform a top-down
928 validation. Requires dig be compiled with -DDIG_SIGCHASE.
929 </para>
930 </listitem>
931 </varlistentry>
932
933 <varlistentry>
934 <term><option>+[no]trace</option></term>
935 <listitem>
936 <para>
937 Toggle tracing of the delegation path from the root
938 name servers for the name being looked up. Tracing
939 is disabled by default. When tracing is enabled,
940 <command>dig</command> makes iterative queries to
941 resolve the name being looked up. It will follow
942 referrals from the root servers, showing the answer
943 from each server that was used to resolve the lookup.
944 </para> <para>
945 If @server is also specified, it affects only the
946 initial query for the root zone name servers.
947 </para> <para>
948 <command>+dnssec</command> is also set when +trace
949 is set to better emulate the default queries from a
950 nameserver.
951 </para>
952 </listitem>
953 </varlistentry>
954
955 <varlistentry>
956 <term><option>+tries=T</option></term>
957 <listitem>
958 <para>
959 Sets the number of times to try UDP queries to server
960 to <parameter>T</parameter> instead of the default,
961 3. If <parameter>T</parameter> is less than or equal
962 to zero, the number of tries is silently rounded up
963 to 1.
964 </para>
965 </listitem>
966 </varlistentry>
967
968 <varlistentry>
969 <term><option>+trusted-key=####</option></term>
970 <listitem>
971 <para>
972 Specifies a file containing trusted keys to be used
973 with <option>+sigchase</option>. Each DNSKEY record
974 must be on its own line.
975 </para> <para>
976 If not specified, <command>dig</command> will look
977 for <filename>/etc/trusted-key.key</filename> then
978 <filename>trusted-key.key</filename> in the current
979 directory.
980 </para> <para>
981 Requires dig be compiled with -DDIG_SIGCHASE.
982 </para>
983 </listitem>
984 </varlistentry>
985
986 <varlistentry>
987 <term><option>+[no]ttlid</option></term>
988 <listitem>
989 <para>
990 Display [do not display] the TTL when printing the
991 record.
992 </para>
993 </listitem>
994 </varlistentry>
995
996 <varlistentry>
997 <term><option>+[no]vc</option></term>
998 <listitem>
999 <para>
1000 Use [do not use] TCP when querying name servers. This
1001 alternate syntax to <parameter>+[no]tcp</parameter>
1002 is provided for backwards compatibility. The "vc"
1003 stands for "virtual circuit".
1004 </para>
1005 </listitem>
1006 </varlistentry>
1007
1008 </variablelist>
1009
1010 </para>
1011 </refsection>
1012
1013 <refsection><info><title>MULTIPLE QUERIES</title></info>
1014
1015
1016 <para>
1017 The BIND 9 implementation of <command>dig </command>
1018 supports
1019 specifying multiple queries on the command line (in addition to
1020 supporting the <option>-f</option> batch file option). Each of those
1021 queries can be supplied with its own set of flags, options and query
1022 options.
1023 </para>
1024
1025 <para>
1026 In this case, each <parameter>query</parameter> argument
1027 represent an
1028 individual query in the command-line syntax described above. Each
1029 consists of any of the standard options and flags, the name to be
1030 looked up, an optional query type and class and any query options that
1031 should be applied to that query.
1032 </para>
1033
1034 <para>
1035 A global set of query options, which should be applied to all queries,
1036 can also be supplied. These global query options must precede the
1037 first tuple of name, class, type, options, flags, and query options
1038 supplied on the command line. Any global query options (except
1039 the <option>+[no]cmd</option> option) can be
1040 overridden by a query-specific set of query options. For example:
1041 <programlisting>
1042 dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
1043 </programlisting>
1044 shows how <command>dig</command> could be used from the
1045 command line
1046 to make three lookups: an ANY query for <literal>www.isc.org</literal>, a
1047 reverse lookup of 127.0.0.1 and a query for the NS records of
1048 <literal>isc.org</literal>.
1049
1050 A global query option of <parameter>+qr</parameter> is
1051 applied, so
1052 that <command>dig</command> shows the initial query it made
1053 for each
1054 lookup. The final query has a local query option of
1055 <parameter>+noqr</parameter> which means that <command>dig</command>
1056 will not print the initial query when it looks up the NS records for
1057 <literal>isc.org</literal>.
1058 </para>
1059
1060 </refsection>
1061
1062 <refsection><info><title>IDN SUPPORT</title></info>
1063
1064 <para>
1065 If <command>dig</command> has been built with IDN (internationalized
1066 domain name) support, it can accept and display non-ASCII domain names.
1067 <command>dig</command> appropriately converts character encoding of
1068 domain name before sending a request to DNS server or displaying a
1069 reply from the server.
1070 If you'd like to turn off the IDN support for some reason, defines
1071 the <envar>IDN_DISABLE</envar> environment variable.
1072 The IDN support is disabled if the variable is set when
1073 <command>dig</command> runs.
1074 </para>
1075 </refsection>
1076
1077 <refsection><info><title>FILES</title></info>
1078
1079 <para><filename>/etc/resolv.conf</filename>
1080 </para>
1081 <para><filename>${HOME}/.digrc</filename>
1082 </para>
1083 </refsection>
1084
1085 <refsection><info><title>SEE ALSO</title></info>
1086
1087 <para><citerefentry>
1088 <refentrytitle>host</refentrytitle><manvolnum>1</manvolnum>
1089 </citerefentry>,
1090 <citerefentry>
1091 <refentrytitle>named</refentrytitle><manvolnum>8</manvolnum>
1092 </citerefentry>,
1093 <citerefentry>
1094 <refentrytitle>dnssec-keygen</refentrytitle><manvolnum>8</manvolnum>
1095 </citerefentry>,
1096 <citetitle>RFC1035</citetitle>.
1097 </para>
1098 </refsection>
1099
1100 <refsection><info><title>BUGS</title></info>
1101
1102 <para>
1103 There are probably too many query options.
1104 </para>
1105 </refsection>
1106 </refentry>