1*00b67f09SDavid van Moolenbroek<!-- 2*00b67f09SDavid van Moolenbroek - Copyright (C) 2004-2011, 2013, 2014 Internet Systems Consortium, Inc. ("ISC") 3*00b67f09SDavid van Moolenbroek - Copyright (C) 2000-2003 Internet Software Consortium. 4*00b67f09SDavid van Moolenbroek - 5*00b67f09SDavid van Moolenbroek - Permission to use, copy, modify, and/or distribute this software for any 6*00b67f09SDavid van Moolenbroek - purpose with or without fee is hereby granted, provided that the above 7*00b67f09SDavid van Moolenbroek - copyright notice and this permission notice appear in all copies. 8*00b67f09SDavid van Moolenbroek - 9*00b67f09SDavid van Moolenbroek - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH 10*00b67f09SDavid van Moolenbroek - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY 11*00b67f09SDavid van Moolenbroek - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, 12*00b67f09SDavid van Moolenbroek - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM 13*00b67f09SDavid van Moolenbroek - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE 14*00b67f09SDavid van Moolenbroek - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR 15*00b67f09SDavid van Moolenbroek - PERFORMANCE OF THIS SOFTWARE. 16*00b67f09SDavid van Moolenbroek--> 17*00b67f09SDavid van Moolenbroek<!-- Id --> 18*00b67f09SDavid van Moolenbroek<html> 19*00b67f09SDavid van Moolenbroek<head> 20*00b67f09SDavid van Moolenbroek<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> 21*00b67f09SDavid van Moolenbroek<title>dig</title> 22*00b67f09SDavid van Moolenbroek<meta name="generator" content="DocBook XSL Stylesheets V1.71.1"> 23*00b67f09SDavid van Moolenbroek</head> 24*00b67f09SDavid van Moolenbroek<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en"> 25*00b67f09SDavid van Moolenbroek<a name="man.dig"></a><div class="titlepage"></div> 26*00b67f09SDavid van Moolenbroek<div class="refnamediv"> 27*00b67f09SDavid van Moolenbroek<h2>Name</h2> 28*00b67f09SDavid van Moolenbroek<p>dig — DNS lookup utility</p> 29*00b67f09SDavid van Moolenbroek</div> 30*00b67f09SDavid van Moolenbroek<div class="refsynopsisdiv"> 31*00b67f09SDavid van Moolenbroek<h2>Synopsis</h2> 32*00b67f09SDavid van Moolenbroek<div class="cmdsynopsis"><p><code class="command">dig</code> [@server] [<code class="option">-b <em class="replaceable"><code>address</code></em></code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-f <em class="replaceable"><code>filename</code></em></code>] [<code class="option">-k <em class="replaceable"><code>filename</code></em></code>] [<code class="option">-m</code>] [<code class="option">-p <em class="replaceable"><code>port#</code></em></code>] [<code class="option">-q <em class="replaceable"><code>name</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-v</code>] [<code class="option">-x <em class="replaceable"><code>addr</code></em></code>] [<code class="option">-y <em class="replaceable"><code>[<span class="optional">hmac:</span>]name:key</code></em></code>] [<code class="option">-4</code>] [<code class="option">-6</code>] [name] [type] [class] [queryopt...]</p></div> 33*00b67f09SDavid van Moolenbroek<div class="cmdsynopsis"><p><code class="command">dig</code> [<code class="option">-h</code>]</p></div> 34*00b67f09SDavid van Moolenbroek<div class="cmdsynopsis"><p><code class="command">dig</code> [global-queryopt...] [query...]</p></div> 35*00b67f09SDavid van Moolenbroek</div> 36*00b67f09SDavid van Moolenbroek<div class="refsect1" lang="en"> 37*00b67f09SDavid van Moolenbroek<a name="id2543544"></a><h2>DESCRIPTION</h2> 38*00b67f09SDavid van Moolenbroek<p><span><strong class="command">dig</strong></span> 39*00b67f09SDavid van Moolenbroek (domain information groper) is a flexible tool 40*00b67f09SDavid van Moolenbroek for interrogating DNS name servers. It performs DNS lookups and 41*00b67f09SDavid van Moolenbroek displays the answers that are returned from the name server(s) that 42*00b67f09SDavid van Moolenbroek were queried. Most DNS administrators use <span><strong class="command">dig</strong></span> to 43*00b67f09SDavid van Moolenbroek troubleshoot DNS problems because of its flexibility, ease of use and 44*00b67f09SDavid van Moolenbroek clarity of output. Other lookup tools tend to have less functionality 45*00b67f09SDavid van Moolenbroek than <span><strong class="command">dig</strong></span>. 46*00b67f09SDavid van Moolenbroek </p> 47*00b67f09SDavid van Moolenbroek<p> 48*00b67f09SDavid van Moolenbroek Although <span><strong class="command">dig</strong></span> is normally used with 49*00b67f09SDavid van Moolenbroek command-line 50*00b67f09SDavid van Moolenbroek arguments, it also has a batch mode of operation for reading lookup 51*00b67f09SDavid van Moolenbroek requests from a file. A brief summary of its command-line arguments 52*00b67f09SDavid van Moolenbroek and options is printed when the <code class="option">-h</code> option is given. 53*00b67f09SDavid van Moolenbroek Unlike earlier versions, the BIND 9 implementation of 54*00b67f09SDavid van Moolenbroek <span><strong class="command">dig</strong></span> allows multiple lookups to be issued 55*00b67f09SDavid van Moolenbroek from the 56*00b67f09SDavid van Moolenbroek command line. 57*00b67f09SDavid van Moolenbroek </p> 58*00b67f09SDavid van Moolenbroek<p> 59*00b67f09SDavid van Moolenbroek Unless it is told to query a specific name server, 60*00b67f09SDavid van Moolenbroek <span><strong class="command">dig</strong></span> will try each of the servers listed in 61*00b67f09SDavid van Moolenbroek <code class="filename">/etc/resolv.conf</code>. If no usable server addresses 62*00b67f09SDavid van Moolenbroek are found, <span><strong class="command">dig</strong></span> will send the query to the local 63*00b67f09SDavid van Moolenbroek host. 64*00b67f09SDavid van Moolenbroek </p> 65*00b67f09SDavid van Moolenbroek<p> 66*00b67f09SDavid van Moolenbroek When no command line arguments or options are given, 67*00b67f09SDavid van Moolenbroek <span><strong class="command">dig</strong></span> will perform an NS query for "." (the root). 68*00b67f09SDavid van Moolenbroek </p> 69*00b67f09SDavid van Moolenbroek<p> 70*00b67f09SDavid van Moolenbroek It is possible to set per-user defaults for <span><strong class="command">dig</strong></span> via 71*00b67f09SDavid van Moolenbroek <code class="filename">${HOME}/.digrc</code>. This file is read and 72*00b67f09SDavid van Moolenbroek any options in it 73*00b67f09SDavid van Moolenbroek are applied before the command line arguments. 74*00b67f09SDavid van Moolenbroek </p> 75*00b67f09SDavid van Moolenbroek<p> 76*00b67f09SDavid van Moolenbroek The IN and CH class names overlap with the IN and CH top level 77*00b67f09SDavid van Moolenbroek domain names. Either use the <code class="option">-t</code> and 78*00b67f09SDavid van Moolenbroek <code class="option">-c</code> options to specify the type and class, 79*00b67f09SDavid van Moolenbroek use the <code class="option">-q</code> the specify the domain name, or 80*00b67f09SDavid van Moolenbroek use "IN." and "CH." when looking up these top level domains. 81*00b67f09SDavid van Moolenbroek </p> 82*00b67f09SDavid van Moolenbroek</div> 83*00b67f09SDavid van Moolenbroek<div class="refsect1" lang="en"> 84*00b67f09SDavid van Moolenbroek<a name="id2543623"></a><h2>SIMPLE USAGE</h2> 85*00b67f09SDavid van Moolenbroek<p> 86*00b67f09SDavid van Moolenbroek A typical invocation of <span><strong class="command">dig</strong></span> looks like: 87*00b67f09SDavid van Moolenbroek </p> 88*00b67f09SDavid van Moolenbroek<pre class="programlisting"> dig @server name type </pre> 89*00b67f09SDavid van Moolenbroek<p> 90*00b67f09SDavid van Moolenbroek where: 91*00b67f09SDavid van Moolenbroek 92*00b67f09SDavid van Moolenbroek </p> 93*00b67f09SDavid van Moolenbroek<div class="variablelist"><dl> 94*00b67f09SDavid van Moolenbroek<dt><span class="term"><code class="constant">server</code></span></dt> 95*00b67f09SDavid van Moolenbroek<dd> 96*00b67f09SDavid van Moolenbroek<p> 97*00b67f09SDavid van Moolenbroek is the name or IP address of the name server to query. This 98*00b67f09SDavid van Moolenbroek can be an IPv4 address in dotted-decimal notation or an IPv6 99*00b67f09SDavid van Moolenbroek address in colon-delimited notation. When the supplied 100*00b67f09SDavid van Moolenbroek <em class="parameter"><code>server</code></em> argument is a hostname, 101*00b67f09SDavid van Moolenbroek <span><strong class="command">dig</strong></span> resolves that name before querying 102*00b67f09SDavid van Moolenbroek that name server. 103*00b67f09SDavid van Moolenbroek </p> 104*00b67f09SDavid van Moolenbroek<p> 105*00b67f09SDavid van Moolenbroek If no <em class="parameter"><code>server</code></em> argument is 106*00b67f09SDavid van Moolenbroek provided, <span><strong class="command">dig</strong></span> consults 107*00b67f09SDavid van Moolenbroek <code class="filename">/etc/resolv.conf</code>; if an 108*00b67f09SDavid van Moolenbroek address is found there, it queries the name server at 109*00b67f09SDavid van Moolenbroek that address. If either of the <code class="option">-4</code> or 110*00b67f09SDavid van Moolenbroek <code class="option">-6</code> options are in use, then 111*00b67f09SDavid van Moolenbroek only addresses for the corresponding transport 112*00b67f09SDavid van Moolenbroek will be tried. If no usable addresses are found, 113*00b67f09SDavid van Moolenbroek <span><strong class="command">dig</strong></span> will send the query to the 114*00b67f09SDavid van Moolenbroek local host. The reply from the name server that 115*00b67f09SDavid van Moolenbroek responds is displayed. 116*00b67f09SDavid van Moolenbroek </p> 117*00b67f09SDavid van Moolenbroek</dd> 118*00b67f09SDavid van Moolenbroek<dt><span class="term"><code class="constant">name</code></span></dt> 119*00b67f09SDavid van Moolenbroek<dd><p> 120*00b67f09SDavid van Moolenbroek is the name of the resource record that is to be looked up. 121*00b67f09SDavid van Moolenbroek </p></dd> 122*00b67f09SDavid van Moolenbroek<dt><span class="term"><code class="constant">type</code></span></dt> 123*00b67f09SDavid van Moolenbroek<dd><p> 124*00b67f09SDavid van Moolenbroek indicates what type of query is required — 125*00b67f09SDavid van Moolenbroek ANY, A, MX, SIG, etc. 126*00b67f09SDavid van Moolenbroek <em class="parameter"><code>type</code></em> can be any valid query 127*00b67f09SDavid van Moolenbroek type. If no 128*00b67f09SDavid van Moolenbroek <em class="parameter"><code>type</code></em> argument is supplied, 129*00b67f09SDavid van Moolenbroek <span><strong class="command">dig</strong></span> will perform a lookup for an 130*00b67f09SDavid van Moolenbroek A record. 131*00b67f09SDavid van Moolenbroek </p></dd> 132*00b67f09SDavid van Moolenbroek</dl></div> 133*00b67f09SDavid van Moolenbroek<p> 134*00b67f09SDavid van Moolenbroek </p> 135*00b67f09SDavid van Moolenbroek</div> 136*00b67f09SDavid van Moolenbroek<div class="refsect1" lang="en"> 137*00b67f09SDavid van Moolenbroek<a name="id2543726"></a><h2>OPTIONS</h2> 138*00b67f09SDavid van Moolenbroek<p> 139*00b67f09SDavid van Moolenbroek The <code class="option">-b</code> option sets the source IP address of the query 140*00b67f09SDavid van Moolenbroek to <em class="parameter"><code>address</code></em>. This must be a valid 141*00b67f09SDavid van Moolenbroek address on 142*00b67f09SDavid van Moolenbroek one of the host's network interfaces or "0.0.0.0" or "::". An optional 143*00b67f09SDavid van Moolenbroek port 144*00b67f09SDavid van Moolenbroek may be specified by appending "#<port>" 145*00b67f09SDavid van Moolenbroek </p> 146*00b67f09SDavid van Moolenbroek<p> 147*00b67f09SDavid van Moolenbroek The default query class (IN for internet) is overridden by the 148*00b67f09SDavid van Moolenbroek <code class="option">-c</code> option. <em class="parameter"><code>class</code></em> is 149*00b67f09SDavid van Moolenbroek any valid 150*00b67f09SDavid van Moolenbroek class, such as HS for Hesiod records or CH for Chaosnet records. 151*00b67f09SDavid van Moolenbroek </p> 152*00b67f09SDavid van Moolenbroek<p> 153*00b67f09SDavid van Moolenbroek The <code class="option">-f</code> option makes <span><strong class="command">dig </strong></span> 154*00b67f09SDavid van Moolenbroek operate 155*00b67f09SDavid van Moolenbroek in batch mode by reading a list of lookup requests to process from the 156*00b67f09SDavid van Moolenbroek file <em class="parameter"><code>filename</code></em>. The file contains a 157*00b67f09SDavid van Moolenbroek number of 158*00b67f09SDavid van Moolenbroek queries, one per line. Each entry in the file should be organized in 159*00b67f09SDavid van Moolenbroek the same way they would be presented as queries to 160*00b67f09SDavid van Moolenbroek <span><strong class="command">dig</strong></span> using the command-line interface. 161*00b67f09SDavid van Moolenbroek </p> 162*00b67f09SDavid van Moolenbroek<p> 163*00b67f09SDavid van Moolenbroek The <code class="option">-m</code> option enables memory usage debugging. 164*00b67f09SDavid van Moolenbroek 165*00b67f09SDavid van Moolenbroek </p> 166*00b67f09SDavid van Moolenbroek<p> 167*00b67f09SDavid van Moolenbroek If a non-standard port number is to be queried, the 168*00b67f09SDavid van Moolenbroek <code class="option">-p</code> option is used. <em class="parameter"><code>port#</code></em> is 169*00b67f09SDavid van Moolenbroek the port number that <span><strong class="command">dig</strong></span> will send its 170*00b67f09SDavid van Moolenbroek queries 171*00b67f09SDavid van Moolenbroek instead of the standard DNS port number 53. This option would be used 172*00b67f09SDavid van Moolenbroek to test a name server that has been configured to listen for queries 173*00b67f09SDavid van Moolenbroek on a non-standard port number. 174*00b67f09SDavid van Moolenbroek </p> 175*00b67f09SDavid van Moolenbroek<p> 176*00b67f09SDavid van Moolenbroek The <code class="option">-4</code> option forces <span><strong class="command">dig</strong></span> 177*00b67f09SDavid van Moolenbroek to only 178*00b67f09SDavid van Moolenbroek use IPv4 query transport. The <code class="option">-6</code> option forces 179*00b67f09SDavid van Moolenbroek <span><strong class="command">dig</strong></span> to only use IPv6 query transport. 180*00b67f09SDavid van Moolenbroek </p> 181*00b67f09SDavid van Moolenbroek<p> 182*00b67f09SDavid van Moolenbroek The <code class="option">-t</code> option sets the query type to 183*00b67f09SDavid van Moolenbroek <em class="parameter"><code>type</code></em>. It can be any valid query type 184*00b67f09SDavid van Moolenbroek which is 185*00b67f09SDavid van Moolenbroek supported in BIND 9. The default query type is "A", unless the 186*00b67f09SDavid van Moolenbroek <code class="option">-x</code> option is supplied to indicate a reverse lookup. 187*00b67f09SDavid van Moolenbroek A zone transfer can be requested by specifying a type of AXFR. When 188*00b67f09SDavid van Moolenbroek an incremental zone transfer (IXFR) is required, 189*00b67f09SDavid van Moolenbroek <em class="parameter"><code>type</code></em> is set to <code class="literal">ixfr=N</code>. 190*00b67f09SDavid van Moolenbroek The incremental zone transfer will contain the changes made to the zone 191*00b67f09SDavid van Moolenbroek since the serial number in the zone's SOA record was 192*00b67f09SDavid van Moolenbroek <em class="parameter"><code>N</code></em>. 193*00b67f09SDavid van Moolenbroek </p> 194*00b67f09SDavid van Moolenbroek<p> 195*00b67f09SDavid van Moolenbroek The <code class="option">-q</code> option sets the query name to 196*00b67f09SDavid van Moolenbroek <em class="parameter"><code>name</code></em>. This is useful to distinguish the 197*00b67f09SDavid van Moolenbroek <em class="parameter"><code>name</code></em> from other arguments. 198*00b67f09SDavid van Moolenbroek </p> 199*00b67f09SDavid van Moolenbroek<p> 200*00b67f09SDavid van Moolenbroek The <code class="option">-v</code> causes <span><strong class="command">dig</strong></span> to 201*00b67f09SDavid van Moolenbroek print the version number and exit. 202*00b67f09SDavid van Moolenbroek </p> 203*00b67f09SDavid van Moolenbroek<p> 204*00b67f09SDavid van Moolenbroek Reverse lookups — mapping addresses to names — are simplified by the 205*00b67f09SDavid van Moolenbroek <code class="option">-x</code> option. <em class="parameter"><code>addr</code></em> is 206*00b67f09SDavid van Moolenbroek an IPv4 207*00b67f09SDavid van Moolenbroek address in dotted-decimal notation, or a colon-delimited IPv6 address. 208*00b67f09SDavid van Moolenbroek When this option is used, there is no need to provide the 209*00b67f09SDavid van Moolenbroek <em class="parameter"><code>name</code></em>, <em class="parameter"><code>class</code></em> and 210*00b67f09SDavid van Moolenbroek <em class="parameter"><code>type</code></em> arguments. <span><strong class="command">dig</strong></span> 211*00b67f09SDavid van Moolenbroek automatically performs a lookup for a name like 212*00b67f09SDavid van Moolenbroek <code class="literal">11.12.13.10.in-addr.arpa</code> and sets the 213*00b67f09SDavid van Moolenbroek query type and 214*00b67f09SDavid van Moolenbroek class to PTR and IN respectively. By default, IPv6 addresses are 215*00b67f09SDavid van Moolenbroek looked up using nibble format under the IP6.ARPA domain. 216*00b67f09SDavid van Moolenbroek To use the older RFC1886 method using the IP6.INT domain 217*00b67f09SDavid van Moolenbroek specify the <code class="option">-i</code> option. Bit string labels (RFC2874) 218*00b67f09SDavid van Moolenbroek are now experimental and are not attempted. 219*00b67f09SDavid van Moolenbroek </p> 220*00b67f09SDavid van Moolenbroek<p> 221*00b67f09SDavid van Moolenbroek To sign the DNS queries sent by <span><strong class="command">dig</strong></span> and 222*00b67f09SDavid van Moolenbroek their 223*00b67f09SDavid van Moolenbroek responses using transaction signatures (TSIG), specify a TSIG key file 224*00b67f09SDavid van Moolenbroek using the <code class="option">-k</code> option. You can also specify the TSIG 225*00b67f09SDavid van Moolenbroek key itself on the command line using the <code class="option">-y</code> option; 226*00b67f09SDavid van Moolenbroek <em class="parameter"><code>hmac</code></em> is the type of the TSIG, default HMAC-MD5, 227*00b67f09SDavid van Moolenbroek <em class="parameter"><code>name</code></em> is the name of the TSIG key and 228*00b67f09SDavid van Moolenbroek <em class="parameter"><code>key</code></em> is the actual key. The key is a 229*00b67f09SDavid van Moolenbroek base-64 230*00b67f09SDavid van Moolenbroek encoded string, typically generated by 231*00b67f09SDavid van Moolenbroek <span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>. 232*00b67f09SDavid van Moolenbroek 233*00b67f09SDavid van Moolenbroek Caution should be taken when using the <code class="option">-y</code> option on 234*00b67f09SDavid van Moolenbroek multi-user systems as the key can be visible in the output from 235*00b67f09SDavid van Moolenbroek <span class="citerefentry"><span class="refentrytitle">ps</span>(1)</span> 236*00b67f09SDavid van Moolenbroek or in the shell's history file. When 237*00b67f09SDavid van Moolenbroek using TSIG authentication with <span><strong class="command">dig</strong></span>, the name 238*00b67f09SDavid van Moolenbroek server that is queried needs to know the key and algorithm that is 239*00b67f09SDavid van Moolenbroek being used. In BIND, this is done by providing appropriate 240*00b67f09SDavid van Moolenbroek <span><strong class="command">key</strong></span> and <span><strong class="command">server</strong></span> statements in 241*00b67f09SDavid van Moolenbroek <code class="filename">named.conf</code>. 242*00b67f09SDavid van Moolenbroek </p> 243*00b67f09SDavid van Moolenbroek</div> 244*00b67f09SDavid van Moolenbroek<div class="refsect1" lang="en"> 245*00b67f09SDavid van Moolenbroek<a name="id2544018"></a><h2>QUERY OPTIONS</h2> 246*00b67f09SDavid van Moolenbroek<p><span><strong class="command">dig</strong></span> 247*00b67f09SDavid van Moolenbroek provides a number of query options which affect 248*00b67f09SDavid van Moolenbroek the way in which lookups are made and the results displayed. Some of 249*00b67f09SDavid van Moolenbroek these set or reset flag bits in the query header, some determine which 250*00b67f09SDavid van Moolenbroek sections of the answer get printed, and others determine the timeout 251*00b67f09SDavid van Moolenbroek and retry strategies. 252*00b67f09SDavid van Moolenbroek </p> 253*00b67f09SDavid van Moolenbroek<p> 254*00b67f09SDavid van Moolenbroek Each query option is identified by a keyword preceded by a plus sign 255*00b67f09SDavid van Moolenbroek (<code class="literal">+</code>). Some keywords set or reset an 256*00b67f09SDavid van Moolenbroek option. These may be preceded 257*00b67f09SDavid van Moolenbroek by the string <code class="literal">no</code> to negate the meaning of 258*00b67f09SDavid van Moolenbroek that keyword. Other 259*00b67f09SDavid van Moolenbroek keywords assign values to options like the timeout interval. They 260*00b67f09SDavid van Moolenbroek have the form <code class="option">+keyword=value</code>. 261*00b67f09SDavid van Moolenbroek The query options are: 262*00b67f09SDavid van Moolenbroek 263*00b67f09SDavid van Moolenbroek </p> 264*00b67f09SDavid van Moolenbroek<div class="variablelist"><dl> 265*00b67f09SDavid van Moolenbroek<dt><span class="term"><code class="option">+[no]aaflag</code></span></dt> 266*00b67f09SDavid van Moolenbroek<dd><p> 267*00b67f09SDavid van Moolenbroek A synonym for <em class="parameter"><code>+[no]aaonly</code></em>. 268*00b67f09SDavid van Moolenbroek </p></dd> 269*00b67f09SDavid van Moolenbroek<dt><span class="term"><code class="option">+[no]aaonly</code></span></dt> 270*00b67f09SDavid van Moolenbroek<dd><p> 271*00b67f09SDavid van Moolenbroek Sets the "aa" flag in the query. 272*00b67f09SDavid van Moolenbroek </p></dd> 273*00b67f09SDavid van Moolenbroek<dt><span class="term"><code class="option">+[no]additional</code></span></dt> 274*00b67f09SDavid van Moolenbroek<dd><p> 275*00b67f09SDavid van Moolenbroek Display [do not display] the additional section of a 276*00b67f09SDavid van Moolenbroek reply. The default is to display it. 277*00b67f09SDavid van Moolenbroek </p></dd> 278*00b67f09SDavid van Moolenbroek<dt><span class="term"><code class="option">+[no]adflag</code></span></dt> 279*00b67f09SDavid van Moolenbroek<dd><p> 280*00b67f09SDavid van Moolenbroek Set [do not set] the AD (authentic data) bit in the 281*00b67f09SDavid van Moolenbroek query. This requests the server to return whether 282*00b67f09SDavid van Moolenbroek all of the answer and authority sections have all 283*00b67f09SDavid van Moolenbroek been validated as secure according to the security 284*00b67f09SDavid van Moolenbroek policy of the server. AD=1 indicates that all records 285*00b67f09SDavid van Moolenbroek have been validated as secure and the answer is not 286*00b67f09SDavid van Moolenbroek from a OPT-OUT range. AD=0 indicate that some part 287*00b67f09SDavid van Moolenbroek of the answer was insecure or not validated. This 288*00b67f09SDavid van Moolenbroek bit is set by default. 289*00b67f09SDavid van Moolenbroek </p></dd> 290*00b67f09SDavid van Moolenbroek<dt><span class="term"><code class="option">+[no]all</code></span></dt> 291*00b67f09SDavid van Moolenbroek<dd><p> 292*00b67f09SDavid van Moolenbroek Set or clear all display flags. 293*00b67f09SDavid van Moolenbroek </p></dd> 294*00b67f09SDavid van Moolenbroek<dt><span class="term"><code class="option">+[no]answer</code></span></dt> 295*00b67f09SDavid van Moolenbroek<dd><p> 296*00b67f09SDavid van Moolenbroek Display [do not display] the answer section of a 297*00b67f09SDavid van Moolenbroek reply. The default is to display it. 298*00b67f09SDavid van Moolenbroek </p></dd> 299*00b67f09SDavid van Moolenbroek<dt><span class="term"><code class="option">+[no]authority</code></span></dt> 300*00b67f09SDavid van Moolenbroek<dd><p> 301*00b67f09SDavid van Moolenbroek Display [do not display] the authority section of a 302*00b67f09SDavid van Moolenbroek reply. The default is to display it. 303*00b67f09SDavid van Moolenbroek </p></dd> 304*00b67f09SDavid van Moolenbroek<dt><span class="term"><code class="option">+[no]besteffort</code></span></dt> 305*00b67f09SDavid van Moolenbroek<dd><p> 306*00b67f09SDavid van Moolenbroek Attempt to display the contents of messages which are 307*00b67f09SDavid van Moolenbroek malformed. The default is to not display malformed 308*00b67f09SDavid van Moolenbroek answers. 309*00b67f09SDavid van Moolenbroek </p></dd> 310*00b67f09SDavid van Moolenbroek<dt><span class="term"><code class="option">+bufsize=B</code></span></dt> 311*00b67f09SDavid van Moolenbroek<dd><p> 312*00b67f09SDavid van Moolenbroek Set the UDP message buffer size advertised using EDNS0 313*00b67f09SDavid van Moolenbroek to <em class="parameter"><code>B</code></em> bytes. The maximum and 314*00b67f09SDavid van Moolenbroek minimum sizes of this buffer are 65535 and 0 respectively. 315*00b67f09SDavid van Moolenbroek Values outside this range are rounded up or down 316*00b67f09SDavid van Moolenbroek appropriately. Values other than zero will cause a 317*00b67f09SDavid van Moolenbroek EDNS query to be sent. 318*00b67f09SDavid van Moolenbroek </p></dd> 319*00b67f09SDavid van Moolenbroek<dt><span class="term"><code class="option">+[no]cdflag</code></span></dt> 320*00b67f09SDavid van Moolenbroek<dd><p> 321*00b67f09SDavid van Moolenbroek Set [do not set] the CD (checking disabled) bit in 322*00b67f09SDavid van Moolenbroek the query. This requests the server to not perform 323*00b67f09SDavid van Moolenbroek DNSSEC validation of responses. 324*00b67f09SDavid van Moolenbroek </p></dd> 325*00b67f09SDavid van Moolenbroek<dt><span class="term"><code class="option">+[no]cl</code></span></dt> 326*00b67f09SDavid van Moolenbroek<dd><p> 327*00b67f09SDavid van Moolenbroek Display [do not display] the CLASS when printing the 328*00b67f09SDavid van Moolenbroek record. 329*00b67f09SDavid van Moolenbroek </p></dd> 330*00b67f09SDavid van Moolenbroek<dt><span class="term"><code class="option">+[no]cmd</code></span></dt> 331*00b67f09SDavid van Moolenbroek<dd><p> 332*00b67f09SDavid van Moolenbroek Toggles the printing of the initial comment in the 333*00b67f09SDavid van Moolenbroek output identifying the version of <span><strong class="command">dig</strong></span> 334*00b67f09SDavid van Moolenbroek and the query options that have been applied. This 335*00b67f09SDavid van Moolenbroek comment is printed by default. 336*00b67f09SDavid van Moolenbroek </p></dd> 337*00b67f09SDavid van Moolenbroek<dt><span class="term"><code class="option">+[no]comments</code></span></dt> 338*00b67f09SDavid van Moolenbroek<dd><p> 339*00b67f09SDavid van Moolenbroek Toggle the display of comment lines in the output. 340*00b67f09SDavid van Moolenbroek The default is to print comments. 341*00b67f09SDavid van Moolenbroek </p></dd> 342*00b67f09SDavid van Moolenbroek<dt><span class="term"><code class="option">+[no]crypto</code></span></dt> 343*00b67f09SDavid van Moolenbroek<dd><p> 344*00b67f09SDavid van Moolenbroek Toggle the display of cryptographic fields in DNSSEC 345*00b67f09SDavid van Moolenbroek records. The contents of these field are unnecessary 346*00b67f09SDavid van Moolenbroek to debug most DNSSEC validation failures and removing 347*00b67f09SDavid van Moolenbroek them makes it easier to see the common failures. The 348*00b67f09SDavid van Moolenbroek default is to display the fields. When omitted they 349*00b67f09SDavid van Moolenbroek are replaced by the string "[omitted]" or in the 350*00b67f09SDavid van Moolenbroek DNSKEY case the key id is displayed as the replacement, 351*00b67f09SDavid van Moolenbroek e.g. "[ key id = value ]". 352*00b67f09SDavid van Moolenbroek </p></dd> 353*00b67f09SDavid van Moolenbroek<dt><span class="term"><code class="option">+[no]defname</code></span></dt> 354*00b67f09SDavid van Moolenbroek<dd><p> 355*00b67f09SDavid van Moolenbroek Deprecated, treated as a synonym for 356*00b67f09SDavid van Moolenbroek <em class="parameter"><code>+[no]search</code></em> 357*00b67f09SDavid van Moolenbroek </p></dd> 358*00b67f09SDavid van Moolenbroek<dt><span class="term"><code class="option">+[no]dnssec</code></span></dt> 359*00b67f09SDavid van Moolenbroek<dd><p> 360*00b67f09SDavid van Moolenbroek Requests DNSSEC records be sent by setting the DNSSEC 361*00b67f09SDavid van Moolenbroek OK bit (DO) in the OPT record in the additional section 362*00b67f09SDavid van Moolenbroek of the query. 363*00b67f09SDavid van Moolenbroek </p></dd> 364*00b67f09SDavid van Moolenbroek<dt><span class="term"><code class="option">+domain=somename</code></span></dt> 365*00b67f09SDavid van Moolenbroek<dd><p> 366*00b67f09SDavid van Moolenbroek Set the search list to contain the single domain 367*00b67f09SDavid van Moolenbroek <em class="parameter"><code>somename</code></em>, as if specified in 368*00b67f09SDavid van Moolenbroek a <span><strong class="command">domain</strong></span> directive in 369*00b67f09SDavid van Moolenbroek <code class="filename">/etc/resolv.conf</code>, and enable 370*00b67f09SDavid van Moolenbroek search list processing as if the 371*00b67f09SDavid van Moolenbroek <em class="parameter"><code>+search</code></em> option were given. 372*00b67f09SDavid van Moolenbroek </p></dd> 373*00b67f09SDavid van Moolenbroek<dt><span class="term"><code class="option">+[no]edns[=#]</code></span></dt> 374*00b67f09SDavid van Moolenbroek<dd><p> 375*00b67f09SDavid van Moolenbroek Specify the EDNS version to query with. Valid values 376*00b67f09SDavid van Moolenbroek are 0 to 255. Setting the EDNS version will cause 377*00b67f09SDavid van Moolenbroek a EDNS query to be sent. <code class="option">+noedns</code> 378*00b67f09SDavid van Moolenbroek clears the remembered EDNS version. EDNS is set to 379*00b67f09SDavid van Moolenbroek 0 by default. 380*00b67f09SDavid van Moolenbroek </p></dd> 381*00b67f09SDavid van Moolenbroek<dt><span class="term"><code class="option">+[no]expire</code></span></dt> 382*00b67f09SDavid van Moolenbroek<dd><p> 383*00b67f09SDavid van Moolenbroek Send an EDNS Expire option. 384*00b67f09SDavid van Moolenbroek </p></dd> 385*00b67f09SDavid van Moolenbroek<dt><span class="term"><code class="option">+[no]fail</code></span></dt> 386*00b67f09SDavid van Moolenbroek<dd><p> 387*00b67f09SDavid van Moolenbroek Do not try the next server if you receive a SERVFAIL. 388*00b67f09SDavid van Moolenbroek The default is to not try the next server which is 389*00b67f09SDavid van Moolenbroek the reverse of normal stub resolver behavior. 390*00b67f09SDavid van Moolenbroek </p></dd> 391*00b67f09SDavid van Moolenbroek<dt><span class="term"><code class="option">+[no]identify</code></span></dt> 392*00b67f09SDavid van Moolenbroek<dd><p> 393*00b67f09SDavid van Moolenbroek Show [or do not show] the IP address and port number 394*00b67f09SDavid van Moolenbroek that supplied the answer when the 395*00b67f09SDavid van Moolenbroek <em class="parameter"><code>+short</code></em> option is enabled. If 396*00b67f09SDavid van Moolenbroek short form answers are requested, the default is not 397*00b67f09SDavid van Moolenbroek to show the source address and port number of the 398*00b67f09SDavid van Moolenbroek server that provided the answer. 399*00b67f09SDavid van Moolenbroek </p></dd> 400*00b67f09SDavid van Moolenbroek<dt><span class="term"><code class="option">+[no]ignore</code></span></dt> 401*00b67f09SDavid van Moolenbroek<dd><p> 402*00b67f09SDavid van Moolenbroek Ignore truncation in UDP responses instead of retrying 403*00b67f09SDavid van Moolenbroek with TCP. By default, TCP retries are performed. 404*00b67f09SDavid van Moolenbroek </p></dd> 405*00b67f09SDavid van Moolenbroek<dt><span class="term"><code class="option">+[no]keepopen</code></span></dt> 406*00b67f09SDavid van Moolenbroek<dd><p> 407*00b67f09SDavid van Moolenbroek Keep the TCP socket open between queries and reuse 408*00b67f09SDavid van Moolenbroek it rather than creating a new TCP socket for each 409*00b67f09SDavid van Moolenbroek lookup. The default is <code class="option">+nokeepopen</code>. 410*00b67f09SDavid van Moolenbroek </p></dd> 411*00b67f09SDavid van Moolenbroek<dt><span class="term"><code class="option">+[no]multiline</code></span></dt> 412*00b67f09SDavid van Moolenbroek<dd><p> 413*00b67f09SDavid van Moolenbroek Print records like the SOA records in a verbose 414*00b67f09SDavid van Moolenbroek multi-line format with human-readable comments. The 415*00b67f09SDavid van Moolenbroek default is to print each record on a single line, to 416*00b67f09SDavid van Moolenbroek facilitate machine parsing of the <span><strong class="command">dig</strong></span> 417*00b67f09SDavid van Moolenbroek output. 418*00b67f09SDavid van Moolenbroek </p></dd> 419*00b67f09SDavid van Moolenbroek<dt><span class="term"><code class="option">+ndots=D</code></span></dt> 420*00b67f09SDavid van Moolenbroek<dd><p> 421*00b67f09SDavid van Moolenbroek Set the number of dots that have to appear in 422*00b67f09SDavid van Moolenbroek <em class="parameter"><code>name</code></em> to <em class="parameter"><code>D</code></em> 423*00b67f09SDavid van Moolenbroek for it to be considered absolute. The default value 424*00b67f09SDavid van Moolenbroek is that defined using the ndots statement in 425*00b67f09SDavid van Moolenbroek <code class="filename">/etc/resolv.conf</code>, or 1 if no 426*00b67f09SDavid van Moolenbroek ndots statement is present. Names with fewer dots 427*00b67f09SDavid van Moolenbroek are interpreted as relative names and will be searched 428*00b67f09SDavid van Moolenbroek for in the domains listed in the <code class="option">search</code> 429*00b67f09SDavid van Moolenbroek or <code class="option">domain</code> directive in 430*00b67f09SDavid van Moolenbroek <code class="filename">/etc/resolv.conf</code> if 431*00b67f09SDavid van Moolenbroek <code class="option">+search</code> is set. 432*00b67f09SDavid van Moolenbroek </p></dd> 433*00b67f09SDavid van Moolenbroek<dt><span class="term"><code class="option">+[no]nsid</code></span></dt> 434*00b67f09SDavid van Moolenbroek<dd><p> 435*00b67f09SDavid van Moolenbroek Include an EDNS name server ID request when sending 436*00b67f09SDavid van Moolenbroek a query. 437*00b67f09SDavid van Moolenbroek </p></dd> 438*00b67f09SDavid van Moolenbroek<dt><span class="term"><code class="option">+[no]nssearch</code></span></dt> 439*00b67f09SDavid van Moolenbroek<dd><p> 440*00b67f09SDavid van Moolenbroek When this option is set, <span><strong class="command">dig</strong></span> 441*00b67f09SDavid van Moolenbroek attempts to find the authoritative name servers for 442*00b67f09SDavid van Moolenbroek the zone containing the name being looked up and 443*00b67f09SDavid van Moolenbroek display the SOA record that each name server has for 444*00b67f09SDavid van Moolenbroek the zone. 445*00b67f09SDavid van Moolenbroek </p></dd> 446*00b67f09SDavid van Moolenbroek<dt><span class="term"><code class="option">+[no]onesoa</code></span></dt> 447*00b67f09SDavid van Moolenbroek<dd><p> 448*00b67f09SDavid van Moolenbroek Print only one (starting) SOA record when performing 449*00b67f09SDavid van Moolenbroek an AXFR. The default is to print both the starting 450*00b67f09SDavid van Moolenbroek and ending SOA records. 451*00b67f09SDavid van Moolenbroek </p></dd> 452*00b67f09SDavid van Moolenbroek<dt><span class="term"><code class="option">+[no]qr</code></span></dt> 453*00b67f09SDavid van Moolenbroek<dd><p> 454*00b67f09SDavid van Moolenbroek Print [do not print] the query as it is sent. By 455*00b67f09SDavid van Moolenbroek default, the query is not printed. 456*00b67f09SDavid van Moolenbroek </p></dd> 457*00b67f09SDavid van Moolenbroek<dt><span class="term"><code class="option">+[no]question</code></span></dt> 458*00b67f09SDavid van Moolenbroek<dd><p> 459*00b67f09SDavid van Moolenbroek Print [do not print] the question section of a query 460*00b67f09SDavid van Moolenbroek when an answer is returned. The default is to print 461*00b67f09SDavid van Moolenbroek the question section as a comment. 462*00b67f09SDavid van Moolenbroek </p></dd> 463*00b67f09SDavid van Moolenbroek<dt><span class="term"><code class="option">+[no]recurse</code></span></dt> 464*00b67f09SDavid van Moolenbroek<dd><p> 465*00b67f09SDavid van Moolenbroek Toggle the setting of the RD (recursion desired) bit 466*00b67f09SDavid van Moolenbroek in the query. This bit is set by default, which means 467*00b67f09SDavid van Moolenbroek <span><strong class="command">dig</strong></span> normally sends recursive 468*00b67f09SDavid van Moolenbroek queries. Recursion is automatically disabled when 469*00b67f09SDavid van Moolenbroek the <em class="parameter"><code>+nssearch</code></em> or 470*00b67f09SDavid van Moolenbroek <em class="parameter"><code>+trace</code></em> query options are used. 471*00b67f09SDavid van Moolenbroek </p></dd> 472*00b67f09SDavid van Moolenbroek<dt><span class="term"><code class="option">+retry=T</code></span></dt> 473*00b67f09SDavid van Moolenbroek<dd><p> 474*00b67f09SDavid van Moolenbroek Sets the number of times to retry UDP queries to 475*00b67f09SDavid van Moolenbroek server to <em class="parameter"><code>T</code></em> instead of the 476*00b67f09SDavid van Moolenbroek default, 2. Unlike <em class="parameter"><code>+tries</code></em>, 477*00b67f09SDavid van Moolenbroek this does not include the initial query. 478*00b67f09SDavid van Moolenbroek </p></dd> 479*00b67f09SDavid van Moolenbroek<dt><span class="term"><code class="option">+[no]rrcomments</code></span></dt> 480*00b67f09SDavid van Moolenbroek<dd><p> 481*00b67f09SDavid van Moolenbroek Toggle the display of per-record comments in the 482*00b67f09SDavid van Moolenbroek output (for example, human-readable key information 483*00b67f09SDavid van Moolenbroek about DNSKEY records). The default is not to print 484*00b67f09SDavid van Moolenbroek record comments unless multiline mode is active. 485*00b67f09SDavid van Moolenbroek </p></dd> 486*00b67f09SDavid van Moolenbroek<dt><span class="term"><code class="option">+[no]search</code></span></dt> 487*00b67f09SDavid van Moolenbroek<dd> 488*00b67f09SDavid van Moolenbroek<p> 489*00b67f09SDavid van Moolenbroek Use [do not use] the search list defined by the 490*00b67f09SDavid van Moolenbroek searchlist or domain directive in 491*00b67f09SDavid van Moolenbroek <code class="filename">resolv.conf</code> (if any). The search 492*00b67f09SDavid van Moolenbroek list is not used by default. 493*00b67f09SDavid van Moolenbroek </p> 494*00b67f09SDavid van Moolenbroek<p> 495*00b67f09SDavid van Moolenbroek 'ndots' from <code class="filename">resolv.conf</code> (default 1) 496*00b67f09SDavid van Moolenbroek which may be overridden by <em class="parameter"><code>+ndots</code></em> 497*00b67f09SDavid van Moolenbroek determines if the name will be treated as relative 498*00b67f09SDavid van Moolenbroek or not and hence whether a search is eventually 499*00b67f09SDavid van Moolenbroek performed or not. 500*00b67f09SDavid van Moolenbroek </p> 501*00b67f09SDavid van Moolenbroek</dd> 502*00b67f09SDavid van Moolenbroek<dt><span class="term"><code class="option">+[no]short</code></span></dt> 503*00b67f09SDavid van Moolenbroek<dd><p> 504*00b67f09SDavid van Moolenbroek Provide a terse answer. The default is to print the 505*00b67f09SDavid van Moolenbroek answer in a verbose form. 506*00b67f09SDavid van Moolenbroek </p></dd> 507*00b67f09SDavid van Moolenbroek<dt><span class="term"><code class="option">+[no]showsearch</code></span></dt> 508*00b67f09SDavid van Moolenbroek<dd><p> 509*00b67f09SDavid van Moolenbroek Perform [do not perform] a search showing intermediate 510*00b67f09SDavid van Moolenbroek results. 511*00b67f09SDavid van Moolenbroek </p></dd> 512*00b67f09SDavid van Moolenbroek<dt><span class="term"><code class="option">+[no]sigchase</code></span></dt> 513*00b67f09SDavid van Moolenbroek<dd><p> 514*00b67f09SDavid van Moolenbroek Chase DNSSEC signature chains. Requires dig be 515*00b67f09SDavid van Moolenbroek compiled with -DDIG_SIGCHASE. 516*00b67f09SDavid van Moolenbroek </p></dd> 517*00b67f09SDavid van Moolenbroek<dt><span class="term"><code class="option">+[no]sit[<span class="optional">=####</span>]</code></span></dt> 518*00b67f09SDavid van Moolenbroek<dd><p> 519*00b67f09SDavid van Moolenbroek Send a Source Identity Token EDNS option, with optional 520*00b67f09SDavid van Moolenbroek value. Replaying a SIT from a previous response will 521*00b67f09SDavid van Moolenbroek allow the server to identify a previous client. The 522*00b67f09SDavid van Moolenbroek default is <code class="option">+nosit</code>. Currently using 523*00b67f09SDavid van Moolenbroek experimental value 65001 for the option code. 524*00b67f09SDavid van Moolenbroek </p></dd> 525*00b67f09SDavid van Moolenbroek<dt><span class="term"><code class="option">+split=W</code></span></dt> 526*00b67f09SDavid van Moolenbroek<dd><p> 527*00b67f09SDavid van Moolenbroek Split long hex- or base64-formatted fields in resource 528*00b67f09SDavid van Moolenbroek records into chunks of <em class="parameter"><code>W</code></em> 529*00b67f09SDavid van Moolenbroek characters (where <em class="parameter"><code>W</code></em> is rounded 530*00b67f09SDavid van Moolenbroek up to the nearest multiple of 4). 531*00b67f09SDavid van Moolenbroek <em class="parameter"><code>+nosplit</code></em> or 532*00b67f09SDavid van Moolenbroek <em class="parameter"><code>+split=0</code></em> causes fields not to 533*00b67f09SDavid van Moolenbroek be split at all. The default is 56 characters, or 534*00b67f09SDavid van Moolenbroek 44 characters when multiline mode is active. 535*00b67f09SDavid van Moolenbroek </p></dd> 536*00b67f09SDavid van Moolenbroek<dt><span class="term"><code class="option">+[no]stats</code></span></dt> 537*00b67f09SDavid van Moolenbroek<dd><p> 538*00b67f09SDavid van Moolenbroek This query option toggles the printing of statistics: 539*00b67f09SDavid van Moolenbroek when the query was made, the size of the reply and 540*00b67f09SDavid van Moolenbroek so on. The default behavior is to print the query 541*00b67f09SDavid van Moolenbroek statistics. 542*00b67f09SDavid van Moolenbroek </p></dd> 543*00b67f09SDavid van Moolenbroek<dt><span class="term"><code class="option">+[no]subnet=addr/prefix</code></span></dt> 544*00b67f09SDavid van Moolenbroek<dd><p> 545*00b67f09SDavid van Moolenbroek Send an EDNS Client Subnet option with the specified 546*00b67f09SDavid van Moolenbroek IP address or network prefix. 547*00b67f09SDavid van Moolenbroek </p></dd> 548*00b67f09SDavid van Moolenbroek<dt><span class="term"><code class="option">+[no]tcp</code></span></dt> 549*00b67f09SDavid van Moolenbroek<dd><p> 550*00b67f09SDavid van Moolenbroek Use [do not use] TCP when querying name servers. The 551*00b67f09SDavid van Moolenbroek default behavior is to use UDP unless an 552*00b67f09SDavid van Moolenbroek <code class="literal">ixfr=N</code> query is requested, in which 553*00b67f09SDavid van Moolenbroek case the default is TCP. AXFR queries always use 554*00b67f09SDavid van Moolenbroek TCP. 555*00b67f09SDavid van Moolenbroek </p></dd> 556*00b67f09SDavid van Moolenbroek<dt><span class="term"><code class="option">+time=T</code></span></dt> 557*00b67f09SDavid van Moolenbroek<dd><p> 558*00b67f09SDavid van Moolenbroek 559*00b67f09SDavid van Moolenbroek Sets the timeout for a query to 560*00b67f09SDavid van Moolenbroek <em class="parameter"><code>T</code></em> seconds. The default 561*00b67f09SDavid van Moolenbroek timeout is 5 seconds. 562*00b67f09SDavid van Moolenbroek An attempt to set <em class="parameter"><code>T</code></em> to less 563*00b67f09SDavid van Moolenbroek than 1 will result 564*00b67f09SDavid van Moolenbroek in a query timeout of 1 second being applied. 565*00b67f09SDavid van Moolenbroek </p></dd> 566*00b67f09SDavid van Moolenbroek<dt><span class="term"><code class="option">+[no]topdown</code></span></dt> 567*00b67f09SDavid van Moolenbroek<dd><p> 568*00b67f09SDavid van Moolenbroek When chasing DNSSEC signature chains perform a top-down 569*00b67f09SDavid van Moolenbroek validation. Requires dig be compiled with -DDIG_SIGCHASE. 570*00b67f09SDavid van Moolenbroek </p></dd> 571*00b67f09SDavid van Moolenbroek<dt><span class="term"><code class="option">+[no]trace</code></span></dt> 572*00b67f09SDavid van Moolenbroek<dd> 573*00b67f09SDavid van Moolenbroek<p> 574*00b67f09SDavid van Moolenbroek Toggle tracing of the delegation path from the root 575*00b67f09SDavid van Moolenbroek name servers for the name being looked up. Tracing 576*00b67f09SDavid van Moolenbroek is disabled by default. When tracing is enabled, 577*00b67f09SDavid van Moolenbroek <span><strong class="command">dig</strong></span> makes iterative queries to 578*00b67f09SDavid van Moolenbroek resolve the name being looked up. It will follow 579*00b67f09SDavid van Moolenbroek referrals from the root servers, showing the answer 580*00b67f09SDavid van Moolenbroek from each server that was used to resolve the lookup. 581*00b67f09SDavid van Moolenbroek </p> 582*00b67f09SDavid van Moolenbroek<p> 583*00b67f09SDavid van Moolenbroek <span><strong class="command">+dnssec</strong></span> is also set when +trace 584*00b67f09SDavid van Moolenbroek is set to better emulate the default queries from a 585*00b67f09SDavid van Moolenbroek nameserver. 586*00b67f09SDavid van Moolenbroek </p> 587*00b67f09SDavid van Moolenbroek</dd> 588*00b67f09SDavid van Moolenbroek<dt><span class="term"><code class="option">+tries=T</code></span></dt> 589*00b67f09SDavid van Moolenbroek<dd><p> 590*00b67f09SDavid van Moolenbroek Sets the number of times to try UDP queries to server 591*00b67f09SDavid van Moolenbroek to <em class="parameter"><code>T</code></em> instead of the default, 592*00b67f09SDavid van Moolenbroek 3. If <em class="parameter"><code>T</code></em> is less than or equal 593*00b67f09SDavid van Moolenbroek to zero, the number of tries is silently rounded up 594*00b67f09SDavid van Moolenbroek to 1. 595*00b67f09SDavid van Moolenbroek </p></dd> 596*00b67f09SDavid van Moolenbroek<dt><span class="term"><code class="option">+trusted-key=####</code></span></dt> 597*00b67f09SDavid van Moolenbroek<dd> 598*00b67f09SDavid van Moolenbroek<p> 599*00b67f09SDavid van Moolenbroek Specifies a file containing trusted keys to be used 600*00b67f09SDavid van Moolenbroek with <code class="option">+sigchase</code>. Each DNSKEY record 601*00b67f09SDavid van Moolenbroek must be on its own line. 602*00b67f09SDavid van Moolenbroek </p> 603*00b67f09SDavid van Moolenbroek<p> 604*00b67f09SDavid van Moolenbroek If not specified, <span><strong class="command">dig</strong></span> will look 605*00b67f09SDavid van Moolenbroek for <code class="filename">/etc/trusted-key.key</code> then 606*00b67f09SDavid van Moolenbroek <code class="filename">trusted-key.key</code> in the current 607*00b67f09SDavid van Moolenbroek directory. 608*00b67f09SDavid van Moolenbroek </p> 609*00b67f09SDavid van Moolenbroek<p> 610*00b67f09SDavid van Moolenbroek Requires dig be compiled with -DDIG_SIGCHASE. 611*00b67f09SDavid van Moolenbroek </p> 612*00b67f09SDavid van Moolenbroek</dd> 613*00b67f09SDavid van Moolenbroek<dt><span class="term"><code class="option">+[no]ttlid</code></span></dt> 614*00b67f09SDavid van Moolenbroek<dd><p> 615*00b67f09SDavid van Moolenbroek Display [do not display] the TTL when printing the 616*00b67f09SDavid van Moolenbroek record. 617*00b67f09SDavid van Moolenbroek </p></dd> 618*00b67f09SDavid van Moolenbroek<dt><span class="term"><code class="option">+[no]vc</code></span></dt> 619*00b67f09SDavid van Moolenbroek<dd><p> 620*00b67f09SDavid van Moolenbroek Use [do not use] TCP when querying name servers. This 621*00b67f09SDavid van Moolenbroek alternate syntax to <em class="parameter"><code>+[no]tcp</code></em> 622*00b67f09SDavid van Moolenbroek is provided for backwards compatibility. The "vc" 623*00b67f09SDavid van Moolenbroek stands for "virtual circuit". 624*00b67f09SDavid van Moolenbroek </p></dd> 625*00b67f09SDavid van Moolenbroek</dl></div> 626*00b67f09SDavid van Moolenbroek<p> 627*00b67f09SDavid van Moolenbroek 628*00b67f09SDavid van Moolenbroek </p> 629*00b67f09SDavid van Moolenbroek</div> 630*00b67f09SDavid van Moolenbroek<div class="refsect1" lang="en"> 631*00b67f09SDavid van Moolenbroek<a name="id2545243"></a><h2>MULTIPLE QUERIES</h2> 632*00b67f09SDavid van Moolenbroek<p> 633*00b67f09SDavid van Moolenbroek The BIND 9 implementation of <span><strong class="command">dig </strong></span> 634*00b67f09SDavid van Moolenbroek supports 635*00b67f09SDavid van Moolenbroek specifying multiple queries on the command line (in addition to 636*00b67f09SDavid van Moolenbroek supporting the <code class="option">-f</code> batch file option). Each of those 637*00b67f09SDavid van Moolenbroek queries can be supplied with its own set of flags, options and query 638*00b67f09SDavid van Moolenbroek options. 639*00b67f09SDavid van Moolenbroek </p> 640*00b67f09SDavid van Moolenbroek<p> 641*00b67f09SDavid van Moolenbroek In this case, each <em class="parameter"><code>query</code></em> argument 642*00b67f09SDavid van Moolenbroek represent an 643*00b67f09SDavid van Moolenbroek individual query in the command-line syntax described above. Each 644*00b67f09SDavid van Moolenbroek consists of any of the standard options and flags, the name to be 645*00b67f09SDavid van Moolenbroek looked up, an optional query type and class and any query options that 646*00b67f09SDavid van Moolenbroek should be applied to that query. 647*00b67f09SDavid van Moolenbroek </p> 648*00b67f09SDavid van Moolenbroek<p> 649*00b67f09SDavid van Moolenbroek A global set of query options, which should be applied to all queries, 650*00b67f09SDavid van Moolenbroek can also be supplied. These global query options must precede the 651*00b67f09SDavid van Moolenbroek first tuple of name, class, type, options, flags, and query options 652*00b67f09SDavid van Moolenbroek supplied on the command line. Any global query options (except 653*00b67f09SDavid van Moolenbroek the <code class="option">+[no]cmd</code> option) can be 654*00b67f09SDavid van Moolenbroek overridden by a query-specific set of query options. For example: 655*00b67f09SDavid van Moolenbroek </p> 656*00b67f09SDavid van Moolenbroek<pre class="programlisting"> 657*00b67f09SDavid van Moolenbroekdig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr 658*00b67f09SDavid van Moolenbroek</pre> 659*00b67f09SDavid van Moolenbroek<p> 660*00b67f09SDavid van Moolenbroek shows how <span><strong class="command">dig</strong></span> could be used from the 661*00b67f09SDavid van Moolenbroek command line 662*00b67f09SDavid van Moolenbroek to make three lookups: an ANY query for <code class="literal">www.isc.org</code>, a 663*00b67f09SDavid van Moolenbroek reverse lookup of 127.0.0.1 and a query for the NS records of 664*00b67f09SDavid van Moolenbroek <code class="literal">isc.org</code>. 665*00b67f09SDavid van Moolenbroek 666*00b67f09SDavid van Moolenbroek A global query option of <em class="parameter"><code>+qr</code></em> is 667*00b67f09SDavid van Moolenbroek applied, so 668*00b67f09SDavid van Moolenbroek that <span><strong class="command">dig</strong></span> shows the initial query it made 669*00b67f09SDavid van Moolenbroek for each 670*00b67f09SDavid van Moolenbroek lookup. The final query has a local query option of 671*00b67f09SDavid van Moolenbroek <em class="parameter"><code>+noqr</code></em> which means that <span><strong class="command">dig</strong></span> 672*00b67f09SDavid van Moolenbroek will not print the initial query when it looks up the NS records for 673*00b67f09SDavid van Moolenbroek <code class="literal">isc.org</code>. 674*00b67f09SDavid van Moolenbroek </p> 675*00b67f09SDavid van Moolenbroek</div> 676*00b67f09SDavid van Moolenbroek<div class="refsect1" lang="en"> 677*00b67f09SDavid van Moolenbroek<a name="id2545305"></a><h2>IDN SUPPORT</h2> 678*00b67f09SDavid van Moolenbroek<p> 679*00b67f09SDavid van Moolenbroek If <span><strong class="command">dig</strong></span> has been built with IDN (internationalized 680*00b67f09SDavid van Moolenbroek domain name) support, it can accept and display non-ASCII domain names. 681*00b67f09SDavid van Moolenbroek <span><strong class="command">dig</strong></span> appropriately converts character encoding of 682*00b67f09SDavid van Moolenbroek domain name before sending a request to DNS server or displaying a 683*00b67f09SDavid van Moolenbroek reply from the server. 684*00b67f09SDavid van Moolenbroek If you'd like to turn off the IDN support for some reason, defines 685*00b67f09SDavid van Moolenbroek the <code class="envar">IDN_DISABLE</code> environment variable. 686*00b67f09SDavid van Moolenbroek The IDN support is disabled if the variable is set when 687*00b67f09SDavid van Moolenbroek <span><strong class="command">dig</strong></span> runs. 688*00b67f09SDavid van Moolenbroek </p> 689*00b67f09SDavid van Moolenbroek</div> 690*00b67f09SDavid van Moolenbroek<div class="refsect1" lang="en"> 691*00b67f09SDavid van Moolenbroek<a name="id2545328"></a><h2>FILES</h2> 692*00b67f09SDavid van Moolenbroek<p><code class="filename">/etc/resolv.conf</code> 693*00b67f09SDavid van Moolenbroek </p> 694*00b67f09SDavid van Moolenbroek<p><code class="filename">${HOME}/.digrc</code> 695*00b67f09SDavid van Moolenbroek </p> 696*00b67f09SDavid van Moolenbroek</div> 697*00b67f09SDavid van Moolenbroek<div class="refsect1" lang="en"> 698*00b67f09SDavid van Moolenbroek<a name="id2545345"></a><h2>SEE ALSO</h2> 699*00b67f09SDavid van Moolenbroek<p><span class="citerefentry"><span class="refentrytitle">host</span>(1)</span>, 700*00b67f09SDavid van Moolenbroek <span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>, 701*00b67f09SDavid van Moolenbroek <span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>, 702*00b67f09SDavid van Moolenbroek <em class="citetitle">RFC1035</em>. 703*00b67f09SDavid van Moolenbroek </p> 704*00b67f09SDavid van Moolenbroek</div> 705*00b67f09SDavid van Moolenbroek<div class="refsect1" lang="en"> 706*00b67f09SDavid van Moolenbroek<a name="id2545382"></a><h2>BUGS</h2> 707*00b67f09SDavid van Moolenbroek<p> 708*00b67f09SDavid van Moolenbroek There are probably too many query options. 709*00b67f09SDavid van Moolenbroek </p> 710*00b67f09SDavid van Moolenbroek</div> 711*00b67f09SDavid van Moolenbroek</div></body> 712*00b67f09SDavid van Moolenbroek</html> 713