1<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" 2 "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" 3 [<!ENTITY mdash "—">]> 4<!-- 5 - Copyright (C) 2004-2011, 2013, 2014 Internet Systems Consortium, Inc. ("ISC") 6 - Copyright (C) 2000-2003 Internet Software Consortium. 7 - 8 - Permission to use, copy, modify, and/or distribute this software for any 9 - purpose with or without fee is hereby granted, provided that the above 10 - copyright notice and this permission notice appear in all copies. 11 - 12 - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH 13 - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY 14 - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, 15 - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM 16 - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE 17 - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR 18 - PERFORMANCE OF THIS SOFTWARE. 19--> 20 21<refentry id="man.dig"> 22 23 <refentryinfo> 24 <date>February 19, 2014</date> 25 </refentryinfo> 26 27 <refmeta> 28 <refentrytitle>dig</refentrytitle> 29 <manvolnum>1</manvolnum> 30 <refmiscinfo>BIND9</refmiscinfo> 31 </refmeta> 32 33 <refnamediv> 34 <refname>dig</refname> 35 <refpurpose>DNS lookup utility</refpurpose> 36 </refnamediv> 37 38 <docinfo> 39 <copyright> 40 <year>2004</year> 41 <year>2005</year> 42 <year>2006</year> 43 <year>2007</year> 44 <year>2008</year> 45 <year>2009</year> 46 <year>2010</year> 47 <year>2011</year> 48 <year>2013</year> 49 <year>2014</year> 50 <holder>Internet Systems Consortium, Inc. ("ISC")</holder> 51 </copyright> 52 <copyright> 53 <year>2000</year> 54 <year>2001</year> 55 <year>2002</year> 56 <year>2003</year> 57 <holder>Internet Software Consortium.</holder> 58 </copyright> 59 </docinfo> 60 61 <refsynopsisdiv> 62 <cmdsynopsis> 63 <command>dig</command> 64 <arg choice="opt">@server</arg> 65 <arg><option>-b <replaceable class="parameter">address</replaceable></option></arg> 66 <arg><option>-c <replaceable class="parameter">class</replaceable></option></arg> 67 <arg><option>-f <replaceable class="parameter">filename</replaceable></option></arg> 68 <arg><option>-k <replaceable class="parameter">filename</replaceable></option></arg> 69 <arg><option>-m</option></arg> 70 <arg><option>-p <replaceable class="parameter">port#</replaceable></option></arg> 71 <arg><option>-q <replaceable class="parameter">name</replaceable></option></arg> 72 <arg><option>-t <replaceable class="parameter">type</replaceable></option></arg> 73 <arg><option>-v</option></arg> 74 <arg><option>-x <replaceable class="parameter">addr</replaceable></option></arg> 75 <arg><option>-y <replaceable class="parameter"><optional>hmac:</optional>name:key</replaceable></option></arg> 76 <arg><option>-4</option></arg> 77 <arg><option>-6</option></arg> 78 <arg choice="opt">name</arg> 79 <arg choice="opt">type</arg> 80 <arg choice="opt">class</arg> 81 <arg choice="opt" rep="repeat">queryopt</arg> 82 </cmdsynopsis> 83 84 <cmdsynopsis> 85 <command>dig</command> 86 <arg><option>-h</option></arg> 87 </cmdsynopsis> 88 89 <cmdsynopsis> 90 <command>dig</command> 91 <arg choice="opt" rep="repeat">global-queryopt</arg> 92 <arg choice="opt" rep="repeat">query</arg> 93 </cmdsynopsis> 94 </refsynopsisdiv> 95 96 <refsect1> 97 <title>DESCRIPTION</title> 98 <para><command>dig</command> 99 (domain information groper) is a flexible tool 100 for interrogating DNS name servers. It performs DNS lookups and 101 displays the answers that are returned from the name server(s) that 102 were queried. Most DNS administrators use <command>dig</command> to 103 troubleshoot DNS problems because of its flexibility, ease of use and 104 clarity of output. Other lookup tools tend to have less functionality 105 than <command>dig</command>. 106 </para> 107 108 <para> 109 Although <command>dig</command> is normally used with 110 command-line 111 arguments, it also has a batch mode of operation for reading lookup 112 requests from a file. A brief summary of its command-line arguments 113 and options is printed when the <option>-h</option> option is given. 114 Unlike earlier versions, the BIND 9 implementation of 115 <command>dig</command> allows multiple lookups to be issued 116 from the 117 command line. 118 </para> 119 120 <para> 121 Unless it is told to query a specific name server, 122 <command>dig</command> will try each of the servers listed in 123 <filename>/etc/resolv.conf</filename>. If no usable server addresses 124 are found, <command>dig</command> will send the query to the local 125 host. 126 </para> 127 128 <para> 129 When no command line arguments or options are given, 130 <command>dig</command> will perform an NS query for "." (the root). 131 </para> 132 133 <para> 134 It is possible to set per-user defaults for <command>dig</command> via 135 <filename>${HOME}/.digrc</filename>. This file is read and 136 any options in it 137 are applied before the command line arguments. 138 </para> 139 140 <para> 141 The IN and CH class names overlap with the IN and CH top level 142 domain names. Either use the <option>-t</option> and 143 <option>-c</option> options to specify the type and class, 144 use the <option>-q</option> the specify the domain name, or 145 use "IN." and "CH." when looking up these top level domains. 146 </para> 147 148 </refsect1> 149 150 <refsect1> 151 <title>SIMPLE USAGE</title> 152 153 <para> 154 A typical invocation of <command>dig</command> looks like: 155 <programlisting> dig @server name type </programlisting> 156 where: 157 158 <variablelist> 159 160 <varlistentry> 161 <term><constant>server</constant></term> 162 <listitem> 163 <para> 164 is the name or IP address of the name server to query. This 165 can be an IPv4 address in dotted-decimal notation or an IPv6 166 address in colon-delimited notation. When the supplied 167 <parameter>server</parameter> argument is a hostname, 168 <command>dig</command> resolves that name before querying 169 that name server. 170 </para> 171 <para> 172 If no <parameter>server</parameter> argument is 173 provided, <command>dig</command> consults 174 <filename>/etc/resolv.conf</filename>; if an 175 address is found there, it queries the name server at 176 that address. If either of the <option>-4</option> or 177 <option>-6</option> options are in use, then 178 only addresses for the corresponding transport 179 will be tried. If no usable addresses are found, 180 <command>dig</command> will send the query to the 181 local host. The reply from the name server that 182 responds is displayed. 183 </para> 184 </listitem> 185 </varlistentry> 186 187 <varlistentry> 188 <term><constant>name</constant></term> 189 <listitem> 190 <para> 191 is the name of the resource record that is to be looked up. 192 </para> 193 </listitem> 194 </varlistentry> 195 196 <varlistentry> 197 <term><constant>type</constant></term> 198 <listitem> 199 <para> 200 indicates what type of query is required — 201 ANY, A, MX, SIG, etc. 202 <parameter>type</parameter> can be any valid query 203 type. If no 204 <parameter>type</parameter> argument is supplied, 205 <command>dig</command> will perform a lookup for an 206 A record. 207 </para> 208 </listitem> 209 </varlistentry> 210 211 </variablelist> 212 </para> 213 214 </refsect1> 215 216 <refsect1> 217 <title>OPTIONS</title> 218 219 <para> 220 The <option>-b</option> option sets the source IP address of the query 221 to <parameter>address</parameter>. This must be a valid 222 address on 223 one of the host's network interfaces or "0.0.0.0" or "::". An optional 224 port 225 may be specified by appending "#<port>" 226 </para> 227 228 <para> 229 The default query class (IN for internet) is overridden by the 230 <option>-c</option> option. <parameter>class</parameter> is 231 any valid 232 class, such as HS for Hesiod records or CH for Chaosnet records. 233 </para> 234 235 <para> 236 The <option>-f</option> option makes <command>dig </command> 237 operate 238 in batch mode by reading a list of lookup requests to process from the 239 file <parameter>filename</parameter>. The file contains a 240 number of 241 queries, one per line. Each entry in the file should be organized in 242 the same way they would be presented as queries to 243 <command>dig</command> using the command-line interface. 244 </para> 245 246 <para> 247 The <option>-m</option> option enables memory usage debugging. 248 <!-- It enables ISC_MEM_DEBUGTRACE and ISC_MEM_DEBUGRECORD 249 documented in include/isc/mem.h --> 250 </para> 251 252 <para> 253 If a non-standard port number is to be queried, the 254 <option>-p</option> option is used. <parameter>port#</parameter> is 255 the port number that <command>dig</command> will send its 256 queries 257 instead of the standard DNS port number 53. This option would be used 258 to test a name server that has been configured to listen for queries 259 on a non-standard port number. 260 </para> 261 262 <para> 263 The <option>-4</option> option forces <command>dig</command> 264 to only 265 use IPv4 query transport. The <option>-6</option> option forces 266 <command>dig</command> to only use IPv6 query transport. 267 </para> 268 269 <para> 270 The <option>-t</option> option sets the query type to 271 <parameter>type</parameter>. It can be any valid query type 272 which is 273 supported in BIND 9. The default query type is "A", unless the 274 <option>-x</option> option is supplied to indicate a reverse lookup. 275 A zone transfer can be requested by specifying a type of AXFR. When 276 an incremental zone transfer (IXFR) is required, 277 <parameter>type</parameter> is set to <literal>ixfr=N</literal>. 278 The incremental zone transfer will contain the changes made to the zone 279 since the serial number in the zone's SOA record was 280 <parameter>N</parameter>. 281 </para> 282 283 <para> 284 The <option>-q</option> option sets the query name to 285 <parameter>name</parameter>. This is useful to distinguish the 286 <parameter>name</parameter> from other arguments. 287 </para> 288 289 <para> 290 The <option>-v</option> causes <command>dig</command> to 291 print the version number and exit. 292 </para> 293 294 <para> 295 Reverse lookups — mapping addresses to names — are simplified by the 296 <option>-x</option> option. <parameter>addr</parameter> is 297 an IPv4 298 address in dotted-decimal notation, or a colon-delimited IPv6 address. 299 When this option is used, there is no need to provide the 300 <parameter>name</parameter>, <parameter>class</parameter> and 301 <parameter>type</parameter> arguments. <command>dig</command> 302 automatically performs a lookup for a name like 303 <literal>11.12.13.10.in-addr.arpa</literal> and sets the 304 query type and 305 class to PTR and IN respectively. By default, IPv6 addresses are 306 looked up using nibble format under the IP6.ARPA domain. 307 To use the older RFC1886 method using the IP6.INT domain 308 specify the <option>-i</option> option. Bit string labels (RFC2874) 309 are now experimental and are not attempted. 310 </para> 311 312 <para> 313 To sign the DNS queries sent by <command>dig</command> and 314 their 315 responses using transaction signatures (TSIG), specify a TSIG key file 316 using the <option>-k</option> option. You can also specify the TSIG 317 key itself on the command line using the <option>-y</option> option; 318 <parameter>hmac</parameter> is the type of the TSIG, default HMAC-MD5, 319 <parameter>name</parameter> is the name of the TSIG key and 320 <parameter>key</parameter> is the actual key. The key is a 321 base-64 322 encoded string, typically generated by 323 <citerefentry> 324 <refentrytitle>dnssec-keygen</refentrytitle><manvolnum>8</manvolnum> 325 </citerefentry>. 326 327 Caution should be taken when using the <option>-y</option> option on 328 multi-user systems as the key can be visible in the output from 329 <citerefentry> 330 <refentrytitle>ps</refentrytitle><manvolnum>1</manvolnum> 331 </citerefentry> 332 or in the shell's history file. When 333 using TSIG authentication with <command>dig</command>, the name 334 server that is queried needs to know the key and algorithm that is 335 being used. In BIND, this is done by providing appropriate 336 <command>key</command> and <command>server</command> statements in 337 <filename>named.conf</filename>. 338 </para> 339 340 </refsect1> 341 342 <refsect1> 343 <title>QUERY OPTIONS</title> 344 345 <para><command>dig</command> 346 provides a number of query options which affect 347 the way in which lookups are made and the results displayed. Some of 348 these set or reset flag bits in the query header, some determine which 349 sections of the answer get printed, and others determine the timeout 350 and retry strategies. 351 </para> 352 353 <para> 354 Each query option is identified by a keyword preceded by a plus sign 355 (<literal>+</literal>). Some keywords set or reset an 356 option. These may be preceded 357 by the string <literal>no</literal> to negate the meaning of 358 that keyword. Other 359 keywords assign values to options like the timeout interval. They 360 have the form <option>+keyword=value</option>. 361 The query options are: 362 363 <variablelist> 364 365 <varlistentry> 366 <term><option>+[no]aaflag</option></term> 367 <listitem> 368 <para> 369 A synonym for <parameter>+[no]aaonly</parameter>. 370 </para> 371 </listitem> 372 </varlistentry> 373 374 <varlistentry> 375 <term><option>+[no]aaonly</option></term> 376 <listitem> 377 <para> 378 Sets the "aa" flag in the query. 379 </para> 380 </listitem> 381 </varlistentry> 382 383 <varlistentry> 384 <term><option>+[no]additional</option></term> 385 <listitem> 386 <para> 387 Display [do not display] the additional section of a 388 reply. The default is to display it. 389 </para> 390 </listitem> 391 </varlistentry> 392 393 <varlistentry> 394 <term><option>+[no]adflag</option></term> 395 <listitem> 396 <para> 397 Set [do not set] the AD (authentic data) bit in the 398 query. This requests the server to return whether 399 all of the answer and authority sections have all 400 been validated as secure according to the security 401 policy of the server. AD=1 indicates that all records 402 have been validated as secure and the answer is not 403 from a OPT-OUT range. AD=0 indicate that some part 404 of the answer was insecure or not validated. This 405 bit is set by default. 406 </para> 407 </listitem> 408 </varlistentry> 409 410 <varlistentry> 411 <term><option>+[no]all</option></term> 412 <listitem> 413 <para> 414 Set or clear all display flags. 415 </para> 416 </listitem> 417 </varlistentry> 418 419 <varlistentry> 420 <term><option>+[no]answer</option></term> 421 <listitem> 422 <para> 423 Display [do not display] the answer section of a 424 reply. The default is to display it. 425 </para> 426 </listitem> 427 </varlistentry> 428 429 <varlistentry> 430 <term><option>+[no]authority</option></term> 431 <listitem> 432 <para> 433 Display [do not display] the authority section of a 434 reply. The default is to display it. 435 </para> 436 </listitem> 437 </varlistentry> 438 439 <varlistentry> 440 <term><option>+[no]besteffort</option></term> 441 <listitem> 442 <para> 443 Attempt to display the contents of messages which are 444 malformed. The default is to not display malformed 445 answers. 446 </para> 447 </listitem> 448 </varlistentry> 449 450 <varlistentry> 451 <term><option>+bufsize=B</option></term> 452 <listitem> 453 <para> 454 Set the UDP message buffer size advertised using EDNS0 455 to <parameter>B</parameter> bytes. The maximum and 456 minimum sizes of this buffer are 65535 and 0 respectively. 457 Values outside this range are rounded up or down 458 appropriately. Values other than zero will cause a 459 EDNS query to be sent. 460 </para> 461 </listitem> 462 </varlistentry> 463 464 <varlistentry> 465 <term><option>+[no]cdflag</option></term> 466 <listitem> 467 <para> 468 Set [do not set] the CD (checking disabled) bit in 469 the query. This requests the server to not perform 470 DNSSEC validation of responses. 471 </para> 472 </listitem> 473 </varlistentry> 474 475 <varlistentry> 476 <term><option>+[no]cl</option></term> 477 <listitem> 478 <para> 479 Display [do not display] the CLASS when printing the 480 record. 481 </para> 482 </listitem> 483 </varlistentry> 484 485 <varlistentry> 486 <term><option>+[no]cmd</option></term> 487 <listitem> 488 <para> 489 Toggles the printing of the initial comment in the 490 output identifying the version of <command>dig</command> 491 and the query options that have been applied. This 492 comment is printed by default. 493 </para> 494 </listitem> 495 </varlistentry> 496 497 <varlistentry> 498 <term><option>+[no]comments</option></term> 499 <listitem> 500 <para> 501 Toggle the display of comment lines in the output. 502 The default is to print comments. 503 </para> 504 </listitem> 505 </varlistentry> 506 507 <varlistentry> 508 <term><option>+[no]crypto</option></term> 509 <listitem> 510 <para> 511 Toggle the display of cryptographic fields in DNSSEC 512 records. The contents of these field are unnecessary 513 to debug most DNSSEC validation failures and removing 514 them makes it easier to see the common failures. The 515 default is to display the fields. When omitted they 516 are replaced by the string "[omitted]" or in the 517 DNSKEY case the key id is displayed as the replacement, 518 e.g. "[ key id = value ]". 519 </para> 520 </listitem> 521 </varlistentry> 522 523 <varlistentry> 524 <term><option>+[no]defname</option></term> 525 <listitem> 526 <para> 527 Deprecated, treated as a synonym for 528 <parameter>+[no]search</parameter> 529 </para> 530 </listitem> 531 </varlistentry> 532 533 <varlistentry> 534 <term><option>+[no]dnssec</option></term> 535 <listitem> 536 <para> 537 Requests DNSSEC records be sent by setting the DNSSEC 538 OK bit (DO) in the OPT record in the additional section 539 of the query. 540 </para> 541 </listitem> 542 </varlistentry> 543 544 <varlistentry> 545 <term><option>+domain=somename</option></term> 546 <listitem> 547 <para> 548 Set the search list to contain the single domain 549 <parameter>somename</parameter>, as if specified in 550 a <command>domain</command> directive in 551 <filename>/etc/resolv.conf</filename>, and enable 552 search list processing as if the 553 <parameter>+search</parameter> option were given. 554 </para> 555 </listitem> 556 </varlistentry> 557 558 <varlistentry> 559 <term><option>+[no]edns[=#]</option></term> 560 <listitem> 561 <para> 562 Specify the EDNS version to query with. Valid values 563 are 0 to 255. Setting the EDNS version will cause 564 a EDNS query to be sent. <option>+noedns</option> 565 clears the remembered EDNS version. EDNS is set to 566 0 by default. 567 </para> 568 </listitem> 569 </varlistentry> 570 571 <varlistentry> 572 <term><option>+[no]expire</option></term> 573 <listitem> 574 <para> 575 Send an EDNS Expire option. 576 </para> 577 </listitem> 578 </varlistentry> 579 580 <varlistentry> 581 <term><option>+[no]fail</option></term> 582 <listitem> 583 <para> 584 Do not try the next server if you receive a SERVFAIL. 585 The default is to not try the next server which is 586 the reverse of normal stub resolver behavior. 587 </para> 588 </listitem> 589 </varlistentry> 590 591 <varlistentry> 592 <term><option>+[no]identify</option></term> 593 <listitem> 594 <para> 595 Show [or do not show] the IP address and port number 596 that supplied the answer when the 597 <parameter>+short</parameter> option is enabled. If 598 short form answers are requested, the default is not 599 to show the source address and port number of the 600 server that provided the answer. 601 </para> 602 </listitem> 603 </varlistentry> 604 605 <varlistentry> 606 <term><option>+[no]ignore</option></term> 607 <listitem> 608 <para> 609 Ignore truncation in UDP responses instead of retrying 610 with TCP. By default, TCP retries are performed. 611 </para> 612 </listitem> 613 </varlistentry> 614 615 <varlistentry> 616 <term><option>+[no]keepopen</option></term> 617 <listitem> 618 <para> 619 Keep the TCP socket open between queries and reuse 620 it rather than creating a new TCP socket for each 621 lookup. The default is <option>+nokeepopen</option>. 622 </para> 623 </listitem> 624 </varlistentry> 625 626 <varlistentry> 627 <term><option>+[no]multiline</option></term> 628 <listitem> 629 <para> 630 Print records like the SOA records in a verbose 631 multi-line format with human-readable comments. The 632 default is to print each record on a single line, to 633 facilitate machine parsing of the <command>dig</command> 634 output. 635 </para> 636 </listitem> 637 </varlistentry> 638 639 <varlistentry> 640 <term><option>+ndots=D</option></term> 641 <listitem> 642 <para> 643 Set the number of dots that have to appear in 644 <parameter>name</parameter> to <parameter>D</parameter> 645 for it to be considered absolute. The default value 646 is that defined using the ndots statement in 647 <filename>/etc/resolv.conf</filename>, or 1 if no 648 ndots statement is present. Names with fewer dots 649 are interpreted as relative names and will be searched 650 for in the domains listed in the <option>search</option> 651 or <option>domain</option> directive in 652 <filename>/etc/resolv.conf</filename> if 653 <option>+search</option> is set. 654 </para> 655 </listitem> 656 </varlistentry> 657 658 <varlistentry> 659 <term><option>+[no]nsid</option></term> 660 <listitem> 661 <para> 662 Include an EDNS name server ID request when sending 663 a query. 664 </para> 665 </listitem> 666 </varlistentry> 667 668 <varlistentry> 669 <term><option>+[no]nssearch</option></term> 670 <listitem> 671 <para> 672 When this option is set, <command>dig</command> 673 attempts to find the authoritative name servers for 674 the zone containing the name being looked up and 675 display the SOA record that each name server has for 676 the zone. 677 </para> 678 </listitem> 679 </varlistentry> 680 681 <varlistentry> 682 <term><option>+[no]onesoa</option></term> 683 <listitem> 684 <para> 685 Print only one (starting) SOA record when performing 686 an AXFR. The default is to print both the starting 687 and ending SOA records. 688 </para> 689 </listitem> 690 </varlistentry> 691 692 <varlistentry> 693 <term><option>+[no]qr</option></term> 694 <listitem> 695 <para> 696 Print [do not print] the query as it is sent. By 697 default, the query is not printed. 698 </para> 699 </listitem> 700 </varlistentry> 701 702 <varlistentry> 703 <term><option>+[no]question</option></term> 704 <listitem> 705 <para> 706 Print [do not print] the question section of a query 707 when an answer is returned. The default is to print 708 the question section as a comment. 709 </para> 710 </listitem> 711 </varlistentry> 712 713 <varlistentry> 714 <term><option>+[no]recurse</option></term> 715 <listitem> 716 <para> 717 Toggle the setting of the RD (recursion desired) bit 718 in the query. This bit is set by default, which means 719 <command>dig</command> normally sends recursive 720 queries. Recursion is automatically disabled when 721 the <parameter>+nssearch</parameter> or 722 <parameter>+trace</parameter> query options are used. 723 </para> 724 </listitem> 725 </varlistentry> 726 727 <varlistentry> 728 <term><option>+retry=T</option></term> 729 <listitem> 730 <para> 731 Sets the number of times to retry UDP queries to 732 server to <parameter>T</parameter> instead of the 733 default, 2. Unlike <parameter>+tries</parameter>, 734 this does not include the initial query. 735 </para> 736 </listitem> 737 </varlistentry> 738 739 <varlistentry> 740 <term><option>+[no]rrcomments</option></term> 741 <listitem> 742 <para> 743 Toggle the display of per-record comments in the 744 output (for example, human-readable key information 745 about DNSKEY records). The default is not to print 746 record comments unless multiline mode is active. 747 </para> 748 </listitem> 749 </varlistentry> 750 751 <varlistentry> 752 <term><option>+[no]search</option></term> 753 <listitem> 754 <para> 755 Use [do not use] the search list defined by the 756 searchlist or domain directive in 757 <filename>resolv.conf</filename> (if any). The search 758 list is not used by default. 759 </para> 760 <para> 761 'ndots' from <filename>resolv.conf</filename> (default 1) 762 which may be overridden by <parameter>+ndots</parameter> 763 determines if the name will be treated as relative 764 or not and hence whether a search is eventually 765 performed or not. 766 </para> 767 </listitem> 768 </varlistentry> 769 770 <varlistentry> 771 <term><option>+[no]short</option></term> 772 <listitem> 773 <para> 774 Provide a terse answer. The default is to print the 775 answer in a verbose form. 776 </para> 777 </listitem> 778 </varlistentry> 779 780 <varlistentry> 781 <term><option>+[no]showsearch</option></term> 782 <listitem> 783 <para> 784 Perform [do not perform] a search showing intermediate 785 results. 786 </para> 787 </listitem> 788 </varlistentry> 789 790 <varlistentry> 791 <term><option>+[no]sigchase</option></term> 792 <listitem> 793 <para> 794 Chase DNSSEC signature chains. Requires dig be 795 compiled with -DDIG_SIGCHASE. 796 </para> 797 </listitem> 798 </varlistentry> 799 800 <varlistentry> 801 <term><option>+[no]sit<optional>=####</optional></option></term> 802 <listitem> 803 <para> 804 Send a Source Identity Token EDNS option, with optional 805 value. Replaying a SIT from a previous response will 806 allow the server to identify a previous client. The 807 default is <option>+nosit</option>. Currently using 808 experimental value 65001 for the option code. 809 </para> 810 </listitem> 811 </varlistentry> 812 813 <varlistentry> 814 <term><option>+split=W</option></term> 815 <listitem> 816 <para> 817 Split long hex- or base64-formatted fields in resource 818 records into chunks of <parameter>W</parameter> 819 characters (where <parameter>W</parameter> is rounded 820 up to the nearest multiple of 4). 821 <parameter>+nosplit</parameter> or 822 <parameter>+split=0</parameter> causes fields not to 823 be split at all. The default is 56 characters, or 824 44 characters when multiline mode is active. 825 </para> 826 </listitem> 827 </varlistentry> 828 829 <varlistentry> 830 <term><option>+[no]stats</option></term> 831 <listitem> 832 <para> 833 This query option toggles the printing of statistics: 834 when the query was made, the size of the reply and 835 so on. The default behavior is to print the query 836 statistics. 837 </para> 838 </listitem> 839 </varlistentry> 840 841 <varlistentry> 842 <term><option>+[no]subnet=addr/prefix</option></term> 843 <listitem> 844 <para> 845 Send an EDNS Client Subnet option with the specified 846 IP address or network prefix. 847 </para> 848 </listitem> 849 </varlistentry> 850 851 <varlistentry> 852 <term><option>+[no]tcp</option></term> 853 <listitem> 854 <para> 855 Use [do not use] TCP when querying name servers. The 856 default behavior is to use UDP unless an 857 <literal>ixfr=N</literal> query is requested, in which 858 case the default is TCP. AXFR queries always use 859 TCP. 860 </para> 861 </listitem> 862 </varlistentry> 863 864 <varlistentry> 865 <term><option>+time=T</option></term> 866 <listitem> 867 <para> 868 869 Sets the timeout for a query to 870 <parameter>T</parameter> seconds. The default 871 timeout is 5 seconds. 872 An attempt to set <parameter>T</parameter> to less 873 than 1 will result 874 in a query timeout of 1 second being applied. 875 </para> 876 </listitem> 877 </varlistentry> 878 879 <varlistentry> 880 <term><option>+[no]topdown</option></term> 881 <listitem> 882 <para> 883 When chasing DNSSEC signature chains perform a top-down 884 validation. Requires dig be compiled with -DDIG_SIGCHASE. 885 </para> 886 </listitem> 887 </varlistentry> 888 889 <varlistentry> 890 <term><option>+[no]trace</option></term> 891 <listitem> 892 <para> 893 Toggle tracing of the delegation path from the root 894 name servers for the name being looked up. Tracing 895 is disabled by default. When tracing is enabled, 896 <command>dig</command> makes iterative queries to 897 resolve the name being looked up. It will follow 898 referrals from the root servers, showing the answer 899 from each server that was used to resolve the lookup. 900 </para> <para> 901 <command>+dnssec</command> is also set when +trace 902 is set to better emulate the default queries from a 903 nameserver. 904 </para> 905 </listitem> 906 </varlistentry> 907 908 <varlistentry> 909 <term><option>+tries=T</option></term> 910 <listitem> 911 <para> 912 Sets the number of times to try UDP queries to server 913 to <parameter>T</parameter> instead of the default, 914 3. If <parameter>T</parameter> is less than or equal 915 to zero, the number of tries is silently rounded up 916 to 1. 917 </para> 918 </listitem> 919 </varlistentry> 920 921 <varlistentry> 922 <term><option>+trusted-key=####</option></term> 923 <listitem> 924 <para> 925 Specifies a file containing trusted keys to be used 926 with <option>+sigchase</option>. Each DNSKEY record 927 must be on its own line. 928 </para> <para> 929 If not specified, <command>dig</command> will look 930 for <filename>/etc/trusted-key.key</filename> then 931 <filename>trusted-key.key</filename> in the current 932 directory. 933 </para> <para> 934 Requires dig be compiled with -DDIG_SIGCHASE. 935 </para> 936 </listitem> 937 </varlistentry> 938 939 <varlistentry> 940 <term><option>+[no]ttlid</option></term> 941 <listitem> 942 <para> 943 Display [do not display] the TTL when printing the 944 record. 945 </para> 946 </listitem> 947 </varlistentry> 948 949 <varlistentry> 950 <term><option>+[no]vc</option></term> 951 <listitem> 952 <para> 953 Use [do not use] TCP when querying name servers. This 954 alternate syntax to <parameter>+[no]tcp</parameter> 955 is provided for backwards compatibility. The "vc" 956 stands for "virtual circuit". 957 </para> 958 </listitem> 959 </varlistentry> 960 961 </variablelist> 962 963 </para> 964 </refsect1> 965 966 <refsect1> 967 <title>MULTIPLE QUERIES</title> 968 969 <para> 970 The BIND 9 implementation of <command>dig </command> 971 supports 972 specifying multiple queries on the command line (in addition to 973 supporting the <option>-f</option> batch file option). Each of those 974 queries can be supplied with its own set of flags, options and query 975 options. 976 </para> 977 978 <para> 979 In this case, each <parameter>query</parameter> argument 980 represent an 981 individual query in the command-line syntax described above. Each 982 consists of any of the standard options and flags, the name to be 983 looked up, an optional query type and class and any query options that 984 should be applied to that query. 985 </para> 986 987 <para> 988 A global set of query options, which should be applied to all queries, 989 can also be supplied. These global query options must precede the 990 first tuple of name, class, type, options, flags, and query options 991 supplied on the command line. Any global query options (except 992 the <option>+[no]cmd</option> option) can be 993 overridden by a query-specific set of query options. For example: 994 <programlisting> 995dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr 996</programlisting> 997 shows how <command>dig</command> could be used from the 998 command line 999 to make three lookups: an ANY query for <literal>www.isc.org</literal>, a 1000 reverse lookup of 127.0.0.1 and a query for the NS records of 1001 <literal>isc.org</literal>. 1002 1003 A global query option of <parameter>+qr</parameter> is 1004 applied, so 1005 that <command>dig</command> shows the initial query it made 1006 for each 1007 lookup. The final query has a local query option of 1008 <parameter>+noqr</parameter> which means that <command>dig</command> 1009 will not print the initial query when it looks up the NS records for 1010 <literal>isc.org</literal>. 1011 </para> 1012 1013 </refsect1> 1014 1015 <refsect1> 1016 <title>IDN SUPPORT</title> 1017 <para> 1018 If <command>dig</command> has been built with IDN (internationalized 1019 domain name) support, it can accept and display non-ASCII domain names. 1020 <command>dig</command> appropriately converts character encoding of 1021 domain name before sending a request to DNS server or displaying a 1022 reply from the server. 1023 If you'd like to turn off the IDN support for some reason, defines 1024 the <envar>IDN_DISABLE</envar> environment variable. 1025 The IDN support is disabled if the variable is set when 1026 <command>dig</command> runs. 1027 </para> 1028 </refsect1> 1029 1030 <refsect1> 1031 <title>FILES</title> 1032 <para><filename>/etc/resolv.conf</filename> 1033 </para> 1034 <para><filename>${HOME}/.digrc</filename> 1035 </para> 1036 </refsect1> 1037 1038 <refsect1> 1039 <title>SEE ALSO</title> 1040 <para><citerefentry> 1041 <refentrytitle>host</refentrytitle><manvolnum>1</manvolnum> 1042 </citerefentry>, 1043 <citerefentry> 1044 <refentrytitle>named</refentrytitle><manvolnum>8</manvolnum> 1045 </citerefentry>, 1046 <citerefentry> 1047 <refentrytitle>dnssec-keygen</refentrytitle><manvolnum>8</manvolnum> 1048 </citerefentry>, 1049 <citetitle>RFC1035</citetitle>. 1050 </para> 1051 </refsect1> 1052 1053 <refsect1> 1054 <title>BUGS</title> 1055 <para> 1056 There are probably too many query options. 1057 </para> 1058 </refsect1> 1059</refentry><!-- 1060 - Local variables: 1061 - mode: sgml 1062 - End: 1063--> 1064