1.. Copyright (C) Internet Systems Consortium, Inc. ("ISC") 2.. 3.. SPDX-License-Identifier: MPL-2.0 4.. 5.. This Source Code Form is subject to the terms of the Mozilla Public 6.. License, v. 2.0. If a copy of the MPL was not distributed with this 7.. file, you can obtain one at https://mozilla.org/MPL/2.0/. 8.. 9.. See the COPYRIGHT file distributed with this work for additional 10.. information regarding copyright ownership. 11 12.. highlight: console 13 14.. iscman:: mdig 15.. program:: mdig 16.. _man_mdig: 17 18mdig - DNS pipelined lookup utility 19----------------------------------- 20 21Synopsis 22~~~~~~~~ 23 24:program:`mdig` {@server} [**-f** filename] [**-h**] [**-v**] [ [**-4**] | [**-6**] ] [**-m**] [**-b** address] [**-p** port#] [**-c** class] [**-t** type] [**-i**] [**-x** addr] [plusopt...] 25 26:program:`mdig` {**-h**} 27 28:program:`mdig` [@server] {global-opt...} { {local-opt...} {query} ...} 29 30Description 31~~~~~~~~~~~ 32 33:program:`mdig` is a multiple/pipelined query version of :iscman:`dig`: instead of 34waiting for a response after sending each query, it begins by sending 35all queries. Responses are displayed in the order in which they are 36received, not in the order the corresponding queries were sent. 37 38:program:`mdig` options are a subset of the :iscman:`dig` options, and are divided 39into "anywhere options," which can occur anywhere, "global options," which 40must occur before the query name (or they are ignored with a warning), 41and "local options," which apply to the next query on the command line. 42 43The ``@server`` option is a mandatory global option. It is the name or IP 44address of the name server to query. (Unlike :iscman:`dig`, this value is not 45retrieved from ``/etc/resolv.conf``.) It can be an IPv4 address in 46dotted-decimal notation, an IPv6 address in colon-delimited notation, or 47a hostname. When the supplied ``server`` argument is a hostname, 48:program:`mdig` resolves that name before querying the name server. 49 50:program:`mdig` provides a number of query options which affect the way in 51which lookups are made and the results displayed. Some of these set or 52reset flag bits in the query header, some determine which sections of 53the answer get printed, and others determine the timeout and retry 54strategies. 55 56Each query option is identified by a keyword preceded by a plus sign 57(``+``). Some keywords set or reset an option. These may be preceded by 58the string ``no`` to negate the meaning of that keyword. Other keywords 59assign values to options like the timeout interval. They have the form 60``+keyword=value``. 61 62Anywhere Options 63~~~~~~~~~~~~~~~~ 64 65.. option:: -f 66 67 This option makes :program:`mdig` operate in batch mode by reading a list 68 of lookup requests to process from the file ``filename``. The file 69 contains a number of queries, one per line. Each entry in the file 70 should be organized in the same way they would be presented as queries 71 to :program:`mdig` using the command-line interface. 72 73.. option:: -h 74 75 This option causes :program:`mdig` to print detailed help information, with the full list 76 of options, and exit. 77 78.. option:: -v 79 80 This option causes :program:`mdig` to print the version number and exit. 81 82Global Options 83~~~~~~~~~~~~~~ 84 85.. option:: -4 86 87 This option forces :program:`mdig` to only use IPv4 query transport. 88 89.. option:: -6 90 91 This option forces :program:`mdig` to only use IPv6 query transport. 92 93.. option:: -b address 94 95 This option sets the source IP address of the query to 96 ``address``. This must be a valid address on one of the host's network 97 interfaces or "0.0.0.0" or "::". An optional port may be specified by 98 appending "#<port>" 99 100.. option:: -m 101 102 This option enables memory usage debugging. 103 104.. option:: -p port# 105 106 This option is used when a non-standard port number is to be 107 queried. ``port#`` is the port number that :program:`mdig` sends its 108 queries to, instead of the standard DNS port number 53. This option is 109 used to test a name server that has been configured to listen for 110 queries on a non-standard port number. 111 112The global query options are: 113 114.. option:: +additional, +noadditional 115 116 This option displays [or does not display] the additional section of a reply. The 117 default is to display it. 118 119.. option:: +all, +noall 120 121 This option sets or clears all display flags. 122 123.. option:: +answer, +noanswer 124 125 This option displays [or does not display] the answer section of a reply. The default 126 is to display it. 127 128.. option:: +authority, +noauthority 129 130 This option displays [or does not display] the authority section of a reply. The 131 default is to display it. 132 133.. option:: +besteffort, +nobesteffort 134 135 This option attempts to display [or does not display] the contents of messages which are malformed. The 136 default is to not display malformed answers. 137 138.. option:: +burst 139 140 This option delays queries until the start of the next second. 141 142.. option:: +cl, +nocl 143 144 This option displays [or does not display] the CLASS when printing the record. 145 146.. option:: +comments, +nocomments 147 148 This option toggles the display of comment lines in the output. The default is to 149 print comments. 150 151.. option:: +continue, +nocontinue 152 153 This option toggles continuation on errors (e.g. timeouts). 154 155.. option:: +crypto, +nocrypto 156 157 This option toggles the display of cryptographic fields in DNSSEC records. The 158 contents of these fields are unnecessary to debug most DNSSEC 159 validation failures and removing them makes it easier to see the 160 common failures. The default is to display the fields. When omitted, 161 they are replaced by the string "[omitted]"; in the DNSKEY case, the 162 key ID is displayed as the replacement, e.g., ``[ key id = value ]``. 163 164.. option:: +multiline, +nomultiline 165 166 This option toggles printing of records, like the SOA records, in a verbose multi-line format 167 with human-readable comments. The default is to print each record on 168 a single line, to facilitate machine parsing of the :program:`mdig` output. 169 170.. option:: +question, +noquestion 171 172 This option prints [or does not print] the question section of a query when an answer 173 is returned. The default is to print the question section as a 174 comment. 175 176.. option:: +rrcomments, +norrcomments 177 178 This option toggles the display of per-record comments in the output (for example, 179 human-readable key information about DNSKEY records). The default is 180 not to print record comments unless multiline mode is active. 181 182.. option:: +short, +noshort 183 184 This option provides [or does not provide] a terse answer. The default is to print the answer in a 185 verbose form. 186 187.. option:: +split=W 188 189 This option splits long hex- or base64-formatted fields in resource records into 190 chunks of ``W`` characters (where ``W`` is rounded up to the nearest 191 multiple of 4). ``+nosplit`` or ``+split=0`` causes fields not to be 192 split. The default is 56 characters, or 44 characters when 193 multiline mode is active. 194 195.. option:: +tcp, +notcp 196 197 This option uses [or does not use] TCP when querying name servers. The default behavior 198 is to use UDP. 199 200.. option:: +ttlid, +nottlid 201 202 This option displays [or does not display] the TTL when printing the record. 203 204.. option:: +ttlunits, +nottlunits 205 206 This option displays [or does not display] the TTL in friendly human-readable time 207 units of "s", "m", "h", "d", and "w", representing seconds, minutes, 208 hours, days, and weeks. This implies +ttlid. 209 210.. option:: +vc, +novc 211 212 This option uses [or does not use] TCP when querying name servers. This alternate 213 syntax to :option:`+tcp` is provided for backwards compatibility. The 214 ``vc`` stands for "virtual circuit". 215 216Local Options 217~~~~~~~~~~~~~ 218 219.. option:: -c class 220 221 This option sets the query class to ``class``. It can be any valid 222 query class which is supported in BIND 9. The default query class is 223 "IN". 224 225.. option:: -t type 226 227 This option sets the query type to ``type``. It can be any valid 228 query type which is supported in BIND 9. The default query type is "A", 229 unless the :option:`-x` option is supplied to indicate a reverse lookup with 230 the "PTR" query type. 231 232.. option:: -x addr 233 234 Reverse lookups - mapping addresses to names - are simplified by 235 this option. ``addr`` is an IPv4 address in dotted-decimal 236 notation, or a colon-delimited IPv6 address. :program:`mdig` automatically 237 performs a lookup for a query name like ``11.12.13.10.in-addr.arpa`` and 238 sets the query type and class to PTR and IN respectively. By default, 239 IPv6 addresses are looked up using nibble format under the IP6.ARPA 240 domain. 241 242The local query options are: 243 244.. option:: +aaflag, +noaaflag 245 246 This is a synonym for :option:`+aaonly`, :option:`+noaaonly`. 247 248.. option:: +aaonly, +noaaonly 249 250 This sets the ``aa`` flag in the query. 251 252.. option:: +adflag, +noadflag 253 254 This sets [or does not set] the AD (authentic data) bit in the query. This 255 requests the server to return whether all of the answer and authority 256 sections have all been validated as secure, according to the security 257 policy of the server. AD=1 indicates that all records have been 258 validated as secure and the answer is not from a OPT-OUT range. AD=0 259 indicates that some part of the answer was insecure or not validated. 260 This bit is set by default. 261 262.. option:: +bufsize=B 263 264 This sets the UDP message buffer size advertised using EDNS0 to ``B`` 265 bytes. The maximum and minimum sizes of this buffer are 65535 and 0 266 respectively. Values outside this range are rounded up or down 267 appropriately. Values other than zero cause a EDNS query to be 268 sent. 269 270.. option:: +cdflag, +nocdflag 271 272 This sets [or does not set] the CD (checking disabled) bit in the query. This 273 requests the server to not perform DNSSEC validation of responses. 274 275.. option:: +cookie=####, +nocookie 276 277 This sends [or does not send] a COOKIE EDNS option, with an optional value. Replaying a COOKIE 278 from a previous response allows the server to identify a previous 279 client. The default is ``+nocookie``. 280 281.. option:: +dnssec, +nodnssec 282 283 This requests that DNSSEC records be sent by setting the DNSSEC OK (DO) bit in 284 the OPT record in the additional section of the query. 285 286.. option:: +edns[=#], +noedns 287 288 This specifies [or does not specify] the EDNS version to query with. Valid values are 0 to 255. 289 Setting the EDNS version causes an EDNS query to be sent. 290 ``+noedns`` clears the remembered EDNS version. EDNS is set to 0 by 291 default. 292 293.. option:: +ednsflags[=#], +noednsflags 294 295 This sets the must-be-zero EDNS flag bits (Z bits) to the specified value. 296 Decimal, hex, and octal encodings are accepted. Setting a named flag 297 (e.g. DO) is silently ignored. By default, no Z bits are set. 298 299.. option:: +ednsopt[=code[:value]], +noednsopt 300 301 This specifies [or does not specify] an EDNS option with code point ``code`` and an optional payload 302 of ``value`` as a hexadecimal string. ``+noednsopt`` clears the EDNS 303 options to be sent. 304 305.. option:: +expire, +noexpire 306 307 This toggles sending of an EDNS Expire option. 308 309.. option:: +nsid, +nonsid 310 311 This toggles inclusion of an EDNS name server ID request when sending a query. 312 313.. option:: +recurse, +norecurse 314 315 This toggles the setting of the RD (recursion desired) bit in the query. 316 This bit is set by default, which means :program:`mdig` normally sends 317 recursive queries. 318 319.. option:: +retry=T 320 321 This sets the number of times to retry UDP queries to server to ``T`` 322 instead of the default, 2. Unlike :option:`+tries`, this does not include 323 the initial query. 324 325.. option:: +subnet=addr[/prefix-length], +nosubnet 326 327 This sends [or does not send] an EDNS Client Subnet option with the specified IP 328 address or network prefix. 329 330``mdig +subnet=0.0.0.0/0``, or simply ``mdig +subnet=0`` 331 This sends an EDNS client-subnet option with an empty address and a source 332 prefix-length of zero, which signals a resolver that the client's 333 address information must *not* be used when resolving this query. 334 335.. option:: +timeout=T 336 337 This sets the timeout for a query to ``T`` seconds. The default timeout is 338 5 seconds for UDP transport and 10 for TCP. An attempt to set ``T`` 339 to less than 1 results in a query timeout of 1 second being 340 applied. 341 342.. option:: +tries=T 343 344 This sets the number of times to try UDP queries to server to ``T`` 345 instead of the default, 3. If ``T`` is less than or equal to zero, 346 the number of tries is silently rounded up to 1. 347 348.. option:: +udptimeout=T 349 350 This sets the timeout between UDP query retries to ``T``. 351 352.. option:: +unknownformat, +nounknownformat 353 354 This prints [or does not print] all RDATA in unknown RR-type presentation format (see :rfc:`3597`). 355 The default is to print RDATA for known types in the type's 356 presentation format. 357 358.. option:: +yaml, +noyaml 359 360 This toggles printing of the responses in a detailed YAML format. 361 362.. option:: +zflag, +nozflag 363 364 This sets [or does not set] the last unassigned DNS header flag in a DNS query. 365 This flag is off by default. 366 367See Also 368~~~~~~~~ 369 370:iscman:`dig(1) <dig>`, :rfc:`1035`. 371