doc/arm/man.dig.html

*00b67f09SDavid van Moolenbroek<!--
*00b67f09SDavid van Moolenbroek - Copyright (C) 2004-2015 Internet Systems Consortium, Inc. ("ISC")
*00b67f09SDavid van Moolenbroek - Copyright (C) 2000-2003 Internet Software Consortium.
*00b67f09SDavid van Moolenbroek -
*00b67f09SDavid van Moolenbroek - Permission to use, copy, modify, and/or distribute this software for any
*00b67f09SDavid van Moolenbroek - purpose with or without fee is hereby granted, provided that the above
*00b67f09SDavid van Moolenbroek - copyright notice and this permission notice appear in all copies.
*00b67f09SDavid van Moolenbroek -
*00b67f09SDavid van Moolenbroek - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
*00b67f09SDavid van Moolenbroek - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
*00b67f09SDavid van Moolenbroek - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
*00b67f09SDavid van Moolenbroek - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
*00b67f09SDavid van Moolenbroek - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
*00b67f09SDavid van Moolenbroek - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
*00b67f09SDavid van Moolenbroek - PERFORMANCE OF THIS SOFTWARE.
*00b67f09SDavid van Moolenbroek-->
*00b67f09SDavid van Moolenbroek<!-- $Id: man.dig.html,v 1.5 2015/09/03 07:33:34 christos Exp $ -->
*00b67f09SDavid van Moolenbroek<html>
*00b67f09SDavid van Moolenbroek<head>
*00b67f09SDavid van Moolenbroek<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
*00b67f09SDavid van Moolenbroek<title>dig</title>
*00b67f09SDavid van Moolenbroek<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
*00b67f09SDavid van Moolenbroek<link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
*00b67f09SDavid van Moolenbroek<link rel="up" href="Bv9ARM.ch13.html" title="Manual pages">
*00b67f09SDavid van Moolenbroek<link rel="prev" href="Bv9ARM.ch13.html" title="Manual pages">
*00b67f09SDavid van Moolenbroek<link rel="next" href="man.host.html" title="host">
*00b67f09SDavid van Moolenbroek</head>
*00b67f09SDavid van Moolenbroek<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
*00b67f09SDavid van Moolenbroek<div class="navheader">
*00b67f09SDavid van Moolenbroek<table width="100%" summary="Navigation header">
*00b67f09SDavid van Moolenbroek<tr><th colspan="3" align="center">dig</th></tr>
*00b67f09SDavid van Moolenbroek<tr>
*00b67f09SDavid van Moolenbroek<td width="20%" align="left">
*00b67f09SDavid van Moolenbroek<a accesskey="p" href="Bv9ARM.ch13.html">Prev</a>�</td>
*00b67f09SDavid van Moolenbroek<th width="60%" align="center">Manual pages</th>
*00b67f09SDavid van Moolenbroek<td width="20%" align="right">�<a accesskey="n" href="man.host.html">Next</a>
*00b67f09SDavid van Moolenbroek</td>
*00b67f09SDavid van Moolenbroek</tr>
*00b67f09SDavid van Moolenbroek</table>
*00b67f09SDavid van Moolenbroek<hr>
*00b67f09SDavid van Moolenbroek</div>
*00b67f09SDavid van Moolenbroek<div class="refentry" lang="en">
*00b67f09SDavid van Moolenbroek<a name="man.dig"></a><div class="titlepage"></div>
*00b67f09SDavid van Moolenbroek<div class="refnamediv">
*00b67f09SDavid van Moolenbroek<h2>Name</h2>
*00b67f09SDavid van Moolenbroek<p>dig &#8212; DNS lookup utility</p>
*00b67f09SDavid van Moolenbroek</div>
*00b67f09SDavid van Moolenbroek<div class="refsynopsisdiv">
*00b67f09SDavid van Moolenbroek<h2>Synopsis</h2>
*00b67f09SDavid van Moolenbroek<div class="cmdsynopsis"><p><code class="command">dig</code>  [@server] [<code class="option">-b <em class="replaceable"><code>address</code></em></code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-f <em class="replaceable"><code>filename</code></em></code>] [<code class="option">-k <em class="replaceable"><code>filename</code></em></code>] [<code class="option">-m</code>] [<code class="option">-p <em class="replaceable"><code>port#</code></em></code>] [<code class="option">-q <em class="replaceable"><code>name</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-v</code>] [<code class="option">-x <em class="replaceable"><code>addr</code></em></code>] [<code class="option">-y <em class="replaceable"><code>[<span class="optional">hmac:</span>]name:key</code></em></code>] [<code class="option">-4</code>] [<code class="option">-6</code>] [name] [type] [class] [queryopt...]</p></div>
*00b67f09SDavid van Moolenbroek<div class="cmdsynopsis"><p><code class="command">dig</code>  [<code class="option">-h</code>]</p></div>
*00b67f09SDavid van Moolenbroek<div class="cmdsynopsis"><p><code class="command">dig</code>  [global-queryopt...] [query...]</p></div>
*00b67f09SDavid van Moolenbroek</div>
*00b67f09SDavid van Moolenbroek<div class="refsect1" lang="en">
*00b67f09SDavid van Moolenbroek<a name="id2613725"></a><h2>DESCRIPTION</h2>
*00b67f09SDavid van Moolenbroek<p><span><strong class="command">dig</strong></span>
*00b67f09SDavid van Moolenbroek      (domain information groper) is a flexible tool
*00b67f09SDavid van Moolenbroek      for interrogating DNS name servers.  It performs DNS lookups and
*00b67f09SDavid van Moolenbroek      displays the answers that are returned from the name server(s) that
*00b67f09SDavid van Moolenbroek      were queried.  Most DNS administrators use <span><strong class="command">dig</strong></span> to
*00b67f09SDavid van Moolenbroek      troubleshoot DNS problems because of its flexibility, ease of use and
*00b67f09SDavid van Moolenbroek      clarity of output.  Other lookup tools tend to have less functionality
*00b67f09SDavid van Moolenbroek      than <span><strong class="command">dig</strong></span>.
*00b67f09SDavid van Moolenbroek    </p>
*00b67f09SDavid van Moolenbroek<p>
*00b67f09SDavid van Moolenbroek      Although <span><strong class="command">dig</strong></span> is normally used with
*00b67f09SDavid van Moolenbroek      command-line
*00b67f09SDavid van Moolenbroek      arguments, it also has a batch mode of operation for reading lookup
*00b67f09SDavid van Moolenbroek      requests from a file.  A brief summary of its command-line arguments
*00b67f09SDavid van Moolenbroek      and options is printed when the <code class="option">-h</code> option is given.
*00b67f09SDavid van Moolenbroek      Unlike earlier versions, the BIND 9 implementation of
*00b67f09SDavid van Moolenbroek      <span><strong class="command">dig</strong></span> allows multiple lookups to be issued
*00b67f09SDavid van Moolenbroek      from the
*00b67f09SDavid van Moolenbroek      command line.
*00b67f09SDavid van Moolenbroek    </p>
*00b67f09SDavid van Moolenbroek<p>
*00b67f09SDavid van Moolenbroek      Unless it is told to query a specific name server,
*00b67f09SDavid van Moolenbroek      <span><strong class="command">dig</strong></span> will try each of the servers listed in
*00b67f09SDavid van Moolenbroek      <code class="filename">/etc/resolv.conf</code>. If no usable server addresses
*00b67f09SDavid van Moolenbroek      are found, <span><strong class="command">dig</strong></span> will send the query to the local
*00b67f09SDavid van Moolenbroek      host.
*00b67f09SDavid van Moolenbroek    </p>
*00b67f09SDavid van Moolenbroek<p>
*00b67f09SDavid van Moolenbroek      When no command line arguments or options are given,
*00b67f09SDavid van Moolenbroek      <span><strong class="command">dig</strong></span> will perform an NS query for "." (the root).
*00b67f09SDavid van Moolenbroek    </p>
*00b67f09SDavid van Moolenbroek<p>
*00b67f09SDavid van Moolenbroek      It is possible to set per-user defaults for <span><strong class="command">dig</strong></span> via
*00b67f09SDavid van Moolenbroek      <code class="filename">${HOME}/.digrc</code>.  This file is read and
*00b67f09SDavid van Moolenbroek      any options in it
*00b67f09SDavid van Moolenbroek      are applied before the command line arguments.
*00b67f09SDavid van Moolenbroek    </p>
*00b67f09SDavid van Moolenbroek<p>
*00b67f09SDavid van Moolenbroek      The IN and CH class names overlap with the IN and CH top level
*00b67f09SDavid van Moolenbroek      domain names.  Either use the <code class="option">-t</code> and
*00b67f09SDavid van Moolenbroek      <code class="option">-c</code> options to specify the type and class,
*00b67f09SDavid van Moolenbroek      use the <code class="option">-q</code> the specify the domain name, or
*00b67f09SDavid van Moolenbroek      use "IN." and "CH." when looking up these top level domains.
*00b67f09SDavid van Moolenbroek    </p>
*00b67f09SDavid van Moolenbroek</div>
*00b67f09SDavid van Moolenbroek<div class="refsect1" lang="en">
*00b67f09SDavid van Moolenbroek<a name="id2613828"></a><h2>SIMPLE USAGE</h2>
*00b67f09SDavid van Moolenbroek<p>
*00b67f09SDavid van Moolenbroek      A typical invocation of <span><strong class="command">dig</strong></span> looks like:
*00b67f09SDavid van Moolenbroek      </p>
*00b67f09SDavid van Moolenbroek<pre class="programlisting"> dig @server name type </pre>
*00b67f09SDavid van Moolenbroek<p>
*00b67f09SDavid van Moolenbroek      where:
*00b67f09SDavid van Moolenbroek
*00b67f09SDavid van Moolenbroek      </p>
*00b67f09SDavid van Moolenbroek<div class="variablelist"><dl>
*00b67f09SDavid van Moolenbroek<dt><span class="term"><code class="constant">server</code></span></dt>
*00b67f09SDavid van Moolenbroek<dd>
*00b67f09SDavid van Moolenbroek<p>
*00b67f09SDavid van Moolenbroek	      is the name or IP address of the name server to query.  This
*00b67f09SDavid van Moolenbroek	      can be an IPv4 address in dotted-decimal notation or an IPv6
*00b67f09SDavid van Moolenbroek	      address in colon-delimited notation.  When the supplied
*00b67f09SDavid van Moolenbroek	      <em class="parameter"><code>server</code></em> argument is a hostname,
*00b67f09SDavid van Moolenbroek	      <span><strong class="command">dig</strong></span> resolves that name before querying
*00b67f09SDavid van Moolenbroek	      that name server.
*00b67f09SDavid van Moolenbroek	    </p>
*00b67f09SDavid van Moolenbroek<p>
*00b67f09SDavid van Moolenbroek	      If no <em class="parameter"><code>server</code></em> argument is
*00b67f09SDavid van Moolenbroek	      provided, <span><strong class="command">dig</strong></span> consults
*00b67f09SDavid van Moolenbroek	      <code class="filename">/etc/resolv.conf</code>; if an
*00b67f09SDavid van Moolenbroek	      address is found there, it queries the name server at
*00b67f09SDavid van Moolenbroek	      that address. If either of the <code class="option">-4</code> or
*00b67f09SDavid van Moolenbroek	      <code class="option">-6</code> options are in use, then
*00b67f09SDavid van Moolenbroek	      only addresses for the corresponding transport
*00b67f09SDavid van Moolenbroek	      will be tried.  If no usable addresses are found,
*00b67f09SDavid van Moolenbroek	      <span><strong class="command">dig</strong></span> will send the query to the
*00b67f09SDavid van Moolenbroek	      local host.  The reply from the name server that
*00b67f09SDavid van Moolenbroek	      responds is displayed.
*00b67f09SDavid van Moolenbroek	    </p>
*00b67f09SDavid van Moolenbroek</dd>
*00b67f09SDavid van Moolenbroek<dt><span class="term"><code class="constant">name</code></span></dt>
*00b67f09SDavid van Moolenbroek<dd><p>
*00b67f09SDavid van Moolenbroek	      is the name of the resource record that is to be looked up.
*00b67f09SDavid van Moolenbroek	    </p></dd>
*00b67f09SDavid van Moolenbroek<dt><span class="term"><code class="constant">type</code></span></dt>
*00b67f09SDavid van Moolenbroek<dd><p>
*00b67f09SDavid van Moolenbroek	      indicates what type of query is required &#8212;
*00b67f09SDavid van Moolenbroek	      ANY, A, MX, SIG, etc.
*00b67f09SDavid van Moolenbroek	      <em class="parameter"><code>type</code></em> can be any valid query
*00b67f09SDavid van Moolenbroek	      type.  If no
*00b67f09SDavid van Moolenbroek	      <em class="parameter"><code>type</code></em> argument is supplied,
*00b67f09SDavid van Moolenbroek	      <span><strong class="command">dig</strong></span> will perform a lookup for an
*00b67f09SDavid van Moolenbroek	      A record.
*00b67f09SDavid van Moolenbroek	    </p></dd>
*00b67f09SDavid van Moolenbroek</dl></div>
*00b67f09SDavid van Moolenbroek<p>
*00b67f09SDavid van Moolenbroek    </p>
*00b67f09SDavid van Moolenbroek</div>
*00b67f09SDavid van Moolenbroek<div class="refsect1" lang="en">
*00b67f09SDavid van Moolenbroek<a name="id2613954"></a><h2>OPTIONS</h2>
*00b67f09SDavid van Moolenbroek<p>
*00b67f09SDavid van Moolenbroek      The <code class="option">-b</code> option sets the source IP address of the query
*00b67f09SDavid van Moolenbroek      to <em class="parameter"><code>address</code></em>.  This must be a valid
*00b67f09SDavid van Moolenbroek      address on
*00b67f09SDavid van Moolenbroek      one of the host's network interfaces or "0.0.0.0" or "::".  An optional
*00b67f09SDavid van Moolenbroek      port
*00b67f09SDavid van Moolenbroek      may be specified by appending "#&lt;port&gt;"
*00b67f09SDavid van Moolenbroek    </p>
*00b67f09SDavid van Moolenbroek<p>
*00b67f09SDavid van Moolenbroek      The default query class (IN for internet) is overridden by the
*00b67f09SDavid van Moolenbroek      <code class="option">-c</code> option.  <em class="parameter"><code>class</code></em> is
*00b67f09SDavid van Moolenbroek      any valid
*00b67f09SDavid van Moolenbroek      class, such as HS for Hesiod records or CH for Chaosnet records.
*00b67f09SDavid van Moolenbroek    </p>
*00b67f09SDavid van Moolenbroek<p>
*00b67f09SDavid van Moolenbroek      The <code class="option">-f</code> option makes <span><strong class="command">dig </strong></span>
*00b67f09SDavid van Moolenbroek      operate
*00b67f09SDavid van Moolenbroek      in batch mode by reading a list of lookup requests to process from the
*00b67f09SDavid van Moolenbroek      file <em class="parameter"><code>filename</code></em>.  The file contains a
*00b67f09SDavid van Moolenbroek      number of
*00b67f09SDavid van Moolenbroek      queries, one per line.  Each entry in the file should be organized in
*00b67f09SDavid van Moolenbroek      the same way they would be presented as queries to
*00b67f09SDavid van Moolenbroek      <span><strong class="command">dig</strong></span> using the command-line interface.
*00b67f09SDavid van Moolenbroek    </p>
*00b67f09SDavid van Moolenbroek<p>
*00b67f09SDavid van Moolenbroek      The <code class="option">-m</code> option enables memory usage debugging.
*00b67f09SDavid van Moolenbroek
*00b67f09SDavid van Moolenbroek    </p>
*00b67f09SDavid van Moolenbroek<p>
*00b67f09SDavid van Moolenbroek      If a non-standard port number is to be queried, the
*00b67f09SDavid van Moolenbroek      <code class="option">-p</code> option is used.  <em class="parameter"><code>port#</code></em> is
*00b67f09SDavid van Moolenbroek      the port number that <span><strong class="command">dig</strong></span> will send its
*00b67f09SDavid van Moolenbroek      queries
*00b67f09SDavid van Moolenbroek      instead of the standard DNS port number 53.  This option would be used
*00b67f09SDavid van Moolenbroek      to test a name server that has been configured to listen for queries
*00b67f09SDavid van Moolenbroek      on a non-standard port number.
*00b67f09SDavid van Moolenbroek    </p>
*00b67f09SDavid van Moolenbroek<p>
*00b67f09SDavid van Moolenbroek      The <code class="option">-4</code> option forces <span><strong class="command">dig</strong></span>
*00b67f09SDavid van Moolenbroek      to only
*00b67f09SDavid van Moolenbroek      use IPv4 query transport.  The <code class="option">-6</code> option forces
*00b67f09SDavid van Moolenbroek      <span><strong class="command">dig</strong></span> to only use IPv6 query transport.
*00b67f09SDavid van Moolenbroek    </p>
*00b67f09SDavid van Moolenbroek<p>
*00b67f09SDavid van Moolenbroek      The <code class="option">-t</code> option sets the query type to
*00b67f09SDavid van Moolenbroek      <em class="parameter"><code>type</code></em>.  It can be any valid query type
*00b67f09SDavid van Moolenbroek      which is
*00b67f09SDavid van Moolenbroek      supported in BIND 9.  The default query type is "A", unless the
*00b67f09SDavid van Moolenbroek      <code class="option">-x</code> option is supplied to indicate a reverse lookup.
*00b67f09SDavid van Moolenbroek      A zone transfer can be requested by specifying a type of AXFR.  When
*00b67f09SDavid van Moolenbroek      an incremental zone transfer (IXFR) is required,
*00b67f09SDavid van Moolenbroek      <em class="parameter"><code>type</code></em> is set to <code class="literal">ixfr=N</code>.
*00b67f09SDavid van Moolenbroek      The incremental zone transfer will contain the changes made to the zone
*00b67f09SDavid van Moolenbroek      since the serial number in the zone's SOA record was
*00b67f09SDavid van Moolenbroek      <em class="parameter"><code>N</code></em>.
*00b67f09SDavid van Moolenbroek    </p>
*00b67f09SDavid van Moolenbroek<p>
*00b67f09SDavid van Moolenbroek      The <code class="option">-q</code> option sets the query name to
*00b67f09SDavid van Moolenbroek      <em class="parameter"><code>name</code></em>.  This is useful to distinguish the
*00b67f09SDavid van Moolenbroek      <em class="parameter"><code>name</code></em> from other arguments.
*00b67f09SDavid van Moolenbroek    </p>
*00b67f09SDavid van Moolenbroek<p>
*00b67f09SDavid van Moolenbroek      The <code class="option">-v</code> causes <span><strong class="command">dig</strong></span> to
*00b67f09SDavid van Moolenbroek      print the version number and exit.
*00b67f09SDavid van Moolenbroek    </p>
*00b67f09SDavid van Moolenbroek<p>
*00b67f09SDavid van Moolenbroek      Reverse lookups &#8212; mapping addresses to names &#8212; are simplified by the
*00b67f09SDavid van Moolenbroek      <code class="option">-x</code> option.  <em class="parameter"><code>addr</code></em> is
*00b67f09SDavid van Moolenbroek      an IPv4
*00b67f09SDavid van Moolenbroek      address in dotted-decimal notation, or a colon-delimited IPv6 address.
*00b67f09SDavid van Moolenbroek      When this option is used, there is no need to provide the
*00b67f09SDavid van Moolenbroek      <em class="parameter"><code>name</code></em>, <em class="parameter"><code>class</code></em> and
*00b67f09SDavid van Moolenbroek      <em class="parameter"><code>type</code></em> arguments.  <span><strong class="command">dig</strong></span>
*00b67f09SDavid van Moolenbroek      automatically performs a lookup for a name like
*00b67f09SDavid van Moolenbroek      <code class="literal">11.12.13.10.in-addr.arpa</code> and sets the
*00b67f09SDavid van Moolenbroek      query type and
*00b67f09SDavid van Moolenbroek      class to PTR and IN respectively.  By default, IPv6 addresses are
*00b67f09SDavid van Moolenbroek      looked up using nibble format under the IP6.ARPA domain.
*00b67f09SDavid van Moolenbroek      To use the older RFC1886 method using the IP6.INT domain
*00b67f09SDavid van Moolenbroek      specify the <code class="option">-i</code> option.  Bit string labels (RFC2874)
*00b67f09SDavid van Moolenbroek      are now experimental and are not attempted.
*00b67f09SDavid van Moolenbroek    </p>
*00b67f09SDavid van Moolenbroek<p>
*00b67f09SDavid van Moolenbroek      To sign the DNS queries sent by <span><strong class="command">dig</strong></span> and
*00b67f09SDavid van Moolenbroek      their
*00b67f09SDavid van Moolenbroek      responses using transaction signatures (TSIG), specify a TSIG key file
*00b67f09SDavid van Moolenbroek      using the <code class="option">-k</code> option.  You can also specify the TSIG
*00b67f09SDavid van Moolenbroek      key itself on the command line using the <code class="option">-y</code> option;
*00b67f09SDavid van Moolenbroek      <em class="parameter"><code>hmac</code></em> is the type of the TSIG, default HMAC-MD5,
*00b67f09SDavid van Moolenbroek      <em class="parameter"><code>name</code></em> is the name of the TSIG key and
*00b67f09SDavid van Moolenbroek      <em class="parameter"><code>key</code></em> is the actual key.  The key is a
*00b67f09SDavid van Moolenbroek      base-64
*00b67f09SDavid van Moolenbroek      encoded string, typically generated by
*00b67f09SDavid van Moolenbroek      <span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>.
*00b67f09SDavid van Moolenbroek
*00b67f09SDavid van Moolenbroek      Caution should be taken when using the <code class="option">-y</code> option on
*00b67f09SDavid van Moolenbroek      multi-user systems as the key can be visible in the output from
*00b67f09SDavid van Moolenbroek      <span class="citerefentry"><span class="refentrytitle">ps</span>(1)</span>
*00b67f09SDavid van Moolenbroek      or in the shell's history file.  When
*00b67f09SDavid van Moolenbroek      using TSIG authentication with <span><strong class="command">dig</strong></span>, the name
*00b67f09SDavid van Moolenbroek      server that is queried needs to know the key and algorithm that is
*00b67f09SDavid van Moolenbroek      being used.  In BIND, this is done by providing appropriate
*00b67f09SDavid van Moolenbroek      <span><strong class="command">key</strong></span> and <span><strong class="command">server</strong></span> statements in
*00b67f09SDavid van Moolenbroek      <code class="filename">named.conf</code>.
*00b67f09SDavid van Moolenbroek    </p>
*00b67f09SDavid van Moolenbroek</div>
*00b67f09SDavid van Moolenbroek<div class="refsect1" lang="en">
*00b67f09SDavid van Moolenbroek<a name="id2666396"></a><h2>QUERY OPTIONS</h2>
*00b67f09SDavid van Moolenbroek<p><span><strong class="command">dig</strong></span>
*00b67f09SDavid van Moolenbroek      provides a number of query options which affect
*00b67f09SDavid van Moolenbroek      the way in which lookups are made and the results displayed.  Some of
*00b67f09SDavid van Moolenbroek      these set or reset flag bits in the query header, some determine which
*00b67f09SDavid van Moolenbroek      sections of the answer get printed, and others determine the timeout
*00b67f09SDavid van Moolenbroek      and retry strategies.
*00b67f09SDavid van Moolenbroek    </p>
*00b67f09SDavid van Moolenbroek<p>
*00b67f09SDavid van Moolenbroek      Each query option is identified by a keyword preceded by a plus sign
*00b67f09SDavid van Moolenbroek      (<code class="literal">+</code>).  Some keywords set or reset an
*00b67f09SDavid van Moolenbroek      option.  These may be preceded
*00b67f09SDavid van Moolenbroek      by the string <code class="literal">no</code> to negate the meaning of
*00b67f09SDavid van Moolenbroek      that keyword.  Other
*00b67f09SDavid van Moolenbroek      keywords assign values to options like the timeout interval.  They
*00b67f09SDavid van Moolenbroek      have the form <code class="option">+keyword=value</code>.
*00b67f09SDavid van Moolenbroek      The query options are:
*00b67f09SDavid van Moolenbroek
*00b67f09SDavid van Moolenbroek      </p>
*00b67f09SDavid van Moolenbroek<div class="variablelist"><dl>
*00b67f09SDavid van Moolenbroek<dt><span class="term"><code class="option">+[no]aaflag</code></span></dt>
*00b67f09SDavid van Moolenbroek<dd><p>
*00b67f09SDavid van Moolenbroek	      A synonym for <em class="parameter"><code>+[no]aaonly</code></em>.
*00b67f09SDavid van Moolenbroek	    </p></dd>
*00b67f09SDavid van Moolenbroek<dt><span class="term"><code class="option">+[no]aaonly</code></span></dt>
*00b67f09SDavid van Moolenbroek<dd><p>
*00b67f09SDavid van Moolenbroek	      Sets the "aa" flag in the query.
*00b67f09SDavid van Moolenbroek	    </p></dd>
*00b67f09SDavid van Moolenbroek<dt><span class="term"><code class="option">+[no]additional</code></span></dt>
*00b67f09SDavid van Moolenbroek<dd><p>
*00b67f09SDavid van Moolenbroek	      Display [do not display] the additional section of a
*00b67f09SDavid van Moolenbroek	      reply.  The default is to display it.
*00b67f09SDavid van Moolenbroek	    </p></dd>
*00b67f09SDavid van Moolenbroek<dt><span class="term"><code class="option">+[no]adflag</code></span></dt>
*00b67f09SDavid van Moolenbroek<dd><p>
*00b67f09SDavid van Moolenbroek	      Set [do not set] the AD (authentic data) bit in the
*00b67f09SDavid van Moolenbroek	      query.  This requests the server to return whether
*00b67f09SDavid van Moolenbroek	      all of the answer and authority sections have all
*00b67f09SDavid van Moolenbroek	      been validated as secure according to the security
*00b67f09SDavid van Moolenbroek	      policy of the server.  AD=1 indicates that all records
*00b67f09SDavid van Moolenbroek	      have been validated as secure and the answer is not
*00b67f09SDavid van Moolenbroek	      from a OPT-OUT range.  AD=0 indicate that some part
*00b67f09SDavid van Moolenbroek	      of the answer was insecure or not validated.  This
*00b67f09SDavid van Moolenbroek	      bit is set by default.
*00b67f09SDavid van Moolenbroek	    </p></dd>
*00b67f09SDavid van Moolenbroek<dt><span class="term"><code class="option">+[no]all</code></span></dt>
*00b67f09SDavid van Moolenbroek<dd><p>
*00b67f09SDavid van Moolenbroek	      Set or clear all display flags.
*00b67f09SDavid van Moolenbroek	    </p></dd>
*00b67f09SDavid van Moolenbroek<dt><span class="term"><code class="option">+[no]answer</code></span></dt>
*00b67f09SDavid van Moolenbroek<dd><p>
*00b67f09SDavid van Moolenbroek	      Display [do not display] the answer section of a
*00b67f09SDavid van Moolenbroek	      reply.  The default is to display it.
*00b67f09SDavid van Moolenbroek	    </p></dd>
*00b67f09SDavid van Moolenbroek<dt><span class="term"><code class="option">+[no]authority</code></span></dt>
*00b67f09SDavid van Moolenbroek<dd><p>
*00b67f09SDavid van Moolenbroek	      Display [do not display] the authority section of a
*00b67f09SDavid van Moolenbroek	      reply.  The default is to display it.
*00b67f09SDavid van Moolenbroek	    </p></dd>
*00b67f09SDavid van Moolenbroek<dt><span class="term"><code class="option">+[no]besteffort</code></span></dt>
*00b67f09SDavid van Moolenbroek<dd><p>
*00b67f09SDavid van Moolenbroek	      Attempt to display the contents of messages which are
*00b67f09SDavid van Moolenbroek	      malformed.  The default is to not display malformed
*00b67f09SDavid van Moolenbroek	      answers.
*00b67f09SDavid van Moolenbroek	    </p></dd>
*00b67f09SDavid van Moolenbroek<dt><span class="term"><code class="option">+bufsize=B</code></span></dt>
*00b67f09SDavid van Moolenbroek<dd><p>
*00b67f09SDavid van Moolenbroek	      Set the UDP message buffer size advertised using EDNS0
*00b67f09SDavid van Moolenbroek	      to <em class="parameter"><code>B</code></em> bytes.  The maximum and
*00b67f09SDavid van Moolenbroek	      minimum sizes of this buffer are 65535 and 0 respectively.
*00b67f09SDavid van Moolenbroek	      Values outside this range are rounded up or down
*00b67f09SDavid van Moolenbroek	      appropriately.  Values other than zero will cause a
*00b67f09SDavid van Moolenbroek	      EDNS query to be sent.
*00b67f09SDavid van Moolenbroek	    </p></dd>
*00b67f09SDavid van Moolenbroek<dt><span class="term"><code class="option">+[no]cdflag</code></span></dt>
*00b67f09SDavid van Moolenbroek<dd><p>
*00b67f09SDavid van Moolenbroek	      Set [do not set] the CD (checking disabled) bit in
*00b67f09SDavid van Moolenbroek	      the query.  This requests the server to not perform
*00b67f09SDavid van Moolenbroek	      DNSSEC validation of responses.
*00b67f09SDavid van Moolenbroek	    </p></dd>
*00b67f09SDavid van Moolenbroek<dt><span class="term"><code class="option">+[no]cl</code></span></dt>
*00b67f09SDavid van Moolenbroek<dd><p>
*00b67f09SDavid van Moolenbroek	      Display [do not display] the CLASS when printing the
*00b67f09SDavid van Moolenbroek	      record.
*00b67f09SDavid van Moolenbroek	    </p></dd>
*00b67f09SDavid van Moolenbroek<dt><span class="term"><code class="option">+[no]cmd</code></span></dt>
*00b67f09SDavid van Moolenbroek<dd><p>
*00b67f09SDavid van Moolenbroek	      Toggles the printing of the initial comment in the
*00b67f09SDavid van Moolenbroek	      output identifying the version of <span><strong class="command">dig</strong></span>
*00b67f09SDavid van Moolenbroek	      and the query options that have been applied.  This
*00b67f09SDavid van Moolenbroek	      comment is printed by default.
*00b67f09SDavid van Moolenbroek	    </p></dd>
*00b67f09SDavid van Moolenbroek<dt><span class="term"><code class="option">+[no]comments</code></span></dt>
*00b67f09SDavid van Moolenbroek<dd><p>
*00b67f09SDavid van Moolenbroek	      Toggle the display of comment lines in the output.
*00b67f09SDavid van Moolenbroek	      The default is to print comments.
*00b67f09SDavid van Moolenbroek	    </p></dd>
*00b67f09SDavid van Moolenbroek<dt><span class="term"><code class="option">+[no]crypto</code></span></dt>
*00b67f09SDavid van Moolenbroek<dd><p>
*00b67f09SDavid van Moolenbroek	      Toggle the display of cryptographic fields in DNSSEC
*00b67f09SDavid van Moolenbroek	      records.  The contents of these field are unnecessary
*00b67f09SDavid van Moolenbroek	      to debug most DNSSEC validation failures and removing
*00b67f09SDavid van Moolenbroek	      them makes it easier to see the common failures.  The
*00b67f09SDavid van Moolenbroek	      default is to display the fields.  When omitted they
*00b67f09SDavid van Moolenbroek	      are replaced by the string "[omitted]" or in the
*00b67f09SDavid van Moolenbroek	      DNSKEY case the key id is displayed as the replacement,
*00b67f09SDavid van Moolenbroek	      e.g. "[ key id = value ]".
*00b67f09SDavid van Moolenbroek	    </p></dd>
*00b67f09SDavid van Moolenbroek<dt><span class="term"><code class="option">+[no]defname</code></span></dt>
*00b67f09SDavid van Moolenbroek<dd><p>
*00b67f09SDavid van Moolenbroek	      Deprecated, treated as a synonym for
*00b67f09SDavid van Moolenbroek	      <em class="parameter"><code>+[no]search</code></em>
*00b67f09SDavid van Moolenbroek	    </p></dd>
*00b67f09SDavid van Moolenbroek<dt><span class="term"><code class="option">+[no]dnssec</code></span></dt>
*00b67f09SDavid van Moolenbroek<dd><p>
*00b67f09SDavid van Moolenbroek	      Requests DNSSEC records be sent by setting the DNSSEC
*00b67f09SDavid van Moolenbroek	      OK bit (DO) in the OPT record in the additional section
*00b67f09SDavid van Moolenbroek	      of the query.
*00b67f09SDavid van Moolenbroek	    </p></dd>
*00b67f09SDavid van Moolenbroek<dt><span class="term"><code class="option">+domain=somename</code></span></dt>
*00b67f09SDavid van Moolenbroek<dd><p>
*00b67f09SDavid van Moolenbroek	      Set the search list to contain the single domain
*00b67f09SDavid van Moolenbroek	      <em class="parameter"><code>somename</code></em>, as if specified in
*00b67f09SDavid van Moolenbroek	      a <span><strong class="command">domain</strong></span> directive in
*00b67f09SDavid van Moolenbroek	      <code class="filename">/etc/resolv.conf</code>, and enable
*00b67f09SDavid van Moolenbroek	      search list processing as if the
*00b67f09SDavid van Moolenbroek	      <em class="parameter"><code>+search</code></em> option were given.
*00b67f09SDavid van Moolenbroek	    </p></dd>
*00b67f09SDavid van Moolenbroek<dt><span class="term"><code class="option">+[no]edns[=#]</code></span></dt>
*00b67f09SDavid van Moolenbroek<dd><p>
*00b67f09SDavid van Moolenbroek	       Specify the EDNS version to query with.  Valid values
*00b67f09SDavid van Moolenbroek	       are 0 to 255.  Setting the EDNS version will cause
*00b67f09SDavid van Moolenbroek	       a EDNS query to be sent.  <code class="option">+noedns</code>
*00b67f09SDavid van Moolenbroek	       clears the remembered EDNS version.  EDNS is set to
*00b67f09SDavid van Moolenbroek	       0 by default.
*00b67f09SDavid van Moolenbroek	    </p></dd>
*00b67f09SDavid van Moolenbroek<dt><span class="term"><code class="option">+[no]expire</code></span></dt>
*00b67f09SDavid van Moolenbroek<dd><p>
*00b67f09SDavid van Moolenbroek	      Send an EDNS Expire option.
*00b67f09SDavid van Moolenbroek	    </p></dd>
*00b67f09SDavid van Moolenbroek<dt><span class="term"><code class="option">+[no]fail</code></span></dt>
*00b67f09SDavid van Moolenbroek<dd><p>
*00b67f09SDavid van Moolenbroek	      Do not try the next server if you receive a SERVFAIL.
*00b67f09SDavid van Moolenbroek	      The default is to not try the next server which is
*00b67f09SDavid van Moolenbroek	      the reverse of normal stub resolver behavior.
*00b67f09SDavid van Moolenbroek	    </p></dd>
*00b67f09SDavid van Moolenbroek<dt><span class="term"><code class="option">+[no]identify</code></span></dt>
*00b67f09SDavid van Moolenbroek<dd><p>
*00b67f09SDavid van Moolenbroek	      Show [or do not show] the IP address and port number
*00b67f09SDavid van Moolenbroek	      that supplied the answer when the
*00b67f09SDavid van Moolenbroek	      <em class="parameter"><code>+short</code></em> option is enabled.  If
*00b67f09SDavid van Moolenbroek	      short form answers are requested, the default is not
*00b67f09SDavid van Moolenbroek	      to show the source address and port number of the
*00b67f09SDavid van Moolenbroek	      server that provided the answer.
*00b67f09SDavid van Moolenbroek	    </p></dd>
*00b67f09SDavid van Moolenbroek<dt><span class="term"><code class="option">+[no]ignore</code></span></dt>
*00b67f09SDavid van Moolenbroek<dd><p>
*00b67f09SDavid van Moolenbroek	      Ignore truncation in UDP responses instead of retrying
*00b67f09SDavid van Moolenbroek	      with TCP.  By default, TCP retries are performed.
*00b67f09SDavid van Moolenbroek	    </p></dd>
*00b67f09SDavid van Moolenbroek<dt><span class="term"><code class="option">+[no]keepopen</code></span></dt>
*00b67f09SDavid van Moolenbroek<dd><p>
*00b67f09SDavid van Moolenbroek	      Keep the TCP socket open between queries and reuse
*00b67f09SDavid van Moolenbroek	      it rather than creating a new TCP socket for each
*00b67f09SDavid van Moolenbroek	      lookup.  The default is <code class="option">+nokeepopen</code>.
*00b67f09SDavid van Moolenbroek	    </p></dd>
*00b67f09SDavid van Moolenbroek<dt><span class="term"><code class="option">+[no]multiline</code></span></dt>
*00b67f09SDavid van Moolenbroek<dd><p>
*00b67f09SDavid van Moolenbroek	      Print records like the SOA records in a verbose
*00b67f09SDavid van Moolenbroek	      multi-line format with human-readable comments.  The
*00b67f09SDavid van Moolenbroek	      default is to print each record on a single line, to
*00b67f09SDavid van Moolenbroek	      facilitate machine parsing of the <span><strong class="command">dig</strong></span>
*00b67f09SDavid van Moolenbroek	      output.
*00b67f09SDavid van Moolenbroek	    </p></dd>
*00b67f09SDavid van Moolenbroek<dt><span class="term"><code class="option">+ndots=D</code></span></dt>
*00b67f09SDavid van Moolenbroek<dd><p>
*00b67f09SDavid van Moolenbroek	      Set the number of dots that have to appear in
*00b67f09SDavid van Moolenbroek	      <em class="parameter"><code>name</code></em> to <em class="parameter"><code>D</code></em>
*00b67f09SDavid van Moolenbroek	      for it to be considered absolute.  The default value
*00b67f09SDavid van Moolenbroek	      is that defined using the ndots statement in
*00b67f09SDavid van Moolenbroek	      <code class="filename">/etc/resolv.conf</code>, or 1 if no
*00b67f09SDavid van Moolenbroek	      ndots statement is present.  Names with fewer dots
*00b67f09SDavid van Moolenbroek	      are interpreted as relative names and will be searched
*00b67f09SDavid van Moolenbroek	      for in the domains listed in the <code class="option">search</code>
*00b67f09SDavid van Moolenbroek	      or <code class="option">domain</code> directive in
*00b67f09SDavid van Moolenbroek	      <code class="filename">/etc/resolv.conf</code> if
*00b67f09SDavid van Moolenbroek	      <code class="option">+search</code> is set.
*00b67f09SDavid van Moolenbroek	    </p></dd>
*00b67f09SDavid van Moolenbroek<dt><span class="term"><code class="option">+[no]nsid</code></span></dt>
*00b67f09SDavid van Moolenbroek<dd><p>
*00b67f09SDavid van Moolenbroek	      Include an EDNS name server ID request when sending
*00b67f09SDavid van Moolenbroek	      a query.
*00b67f09SDavid van Moolenbroek	    </p></dd>
*00b67f09SDavid van Moolenbroek<dt><span class="term"><code class="option">+[no]nssearch</code></span></dt>
*00b67f09SDavid van Moolenbroek<dd><p>
*00b67f09SDavid van Moolenbroek	      When this option is set, <span><strong class="command">dig</strong></span>
*00b67f09SDavid van Moolenbroek	      attempts to find the authoritative name servers for
*00b67f09SDavid van Moolenbroek	      the zone containing the name being looked up and
*00b67f09SDavid van Moolenbroek	      display the SOA record that each name server has for
*00b67f09SDavid van Moolenbroek	      the zone.
*00b67f09SDavid van Moolenbroek	    </p></dd>
*00b67f09SDavid van Moolenbroek<dt><span class="term"><code class="option">+[no]onesoa</code></span></dt>
*00b67f09SDavid van Moolenbroek<dd><p>
*00b67f09SDavid van Moolenbroek	      Print only one (starting) SOA record when performing
*00b67f09SDavid van Moolenbroek	      an AXFR. The default is to print both the starting
*00b67f09SDavid van Moolenbroek	      and ending SOA records.
*00b67f09SDavid van Moolenbroek	    </p></dd>
*00b67f09SDavid van Moolenbroek<dt><span class="term"><code class="option">+[no]qr</code></span></dt>
*00b67f09SDavid van Moolenbroek<dd><p>
*00b67f09SDavid van Moolenbroek	      Print [do not print] the query as it is sent.  By
*00b67f09SDavid van Moolenbroek	      default, the query is not printed.
*00b67f09SDavid van Moolenbroek	    </p></dd>
*00b67f09SDavid van Moolenbroek<dt><span class="term"><code class="option">+[no]question</code></span></dt>
*00b67f09SDavid van Moolenbroek<dd><p>
*00b67f09SDavid van Moolenbroek	      Print [do not print] the question section of a query
*00b67f09SDavid van Moolenbroek	      when an answer is returned.  The default is to print
*00b67f09SDavid van Moolenbroek	      the question section as a comment.
*00b67f09SDavid van Moolenbroek	    </p></dd>
*00b67f09SDavid van Moolenbroek<dt><span class="term"><code class="option">+[no]recurse</code></span></dt>
*00b67f09SDavid van Moolenbroek<dd><p>
*00b67f09SDavid van Moolenbroek	      Toggle the setting of the RD (recursion desired) bit
*00b67f09SDavid van Moolenbroek	      in the query.  This bit is set by default, which means
*00b67f09SDavid van Moolenbroek	      <span><strong class="command">dig</strong></span> normally sends recursive
*00b67f09SDavid van Moolenbroek	      queries.  Recursion is automatically disabled when
*00b67f09SDavid van Moolenbroek	      the <em class="parameter"><code>+nssearch</code></em> or
*00b67f09SDavid van Moolenbroek	      <em class="parameter"><code>+trace</code></em> query options are used.
*00b67f09SDavid van Moolenbroek	    </p></dd>
*00b67f09SDavid van Moolenbroek<dt><span class="term"><code class="option">+retry=T</code></span></dt>
*00b67f09SDavid van Moolenbroek<dd><p>
*00b67f09SDavid van Moolenbroek	      Sets the number of times to retry UDP queries to
*00b67f09SDavid van Moolenbroek	      server to <em class="parameter"><code>T</code></em> instead of the
*00b67f09SDavid van Moolenbroek	      default, 2.  Unlike <em class="parameter"><code>+tries</code></em>,
*00b67f09SDavid van Moolenbroek	      this does not include the initial query.
*00b67f09SDavid van Moolenbroek	    </p></dd>
*00b67f09SDavid van Moolenbroek<dt><span class="term"><code class="option">+[no]rrcomments</code></span></dt>
*00b67f09SDavid van Moolenbroek<dd><p>
*00b67f09SDavid van Moolenbroek	      Toggle the display of per-record comments in the
*00b67f09SDavid van Moolenbroek	      output (for example, human-readable key information
*00b67f09SDavid van Moolenbroek	      about DNSKEY records).  The default is not to print
*00b67f09SDavid van Moolenbroek	      record comments unless multiline mode is active.
*00b67f09SDavid van Moolenbroek	    </p></dd>
*00b67f09SDavid van Moolenbroek<dt><span class="term"><code class="option">+[no]search</code></span></dt>
*00b67f09SDavid van Moolenbroek<dd>
*00b67f09SDavid van Moolenbroek<p>
*00b67f09SDavid van Moolenbroek	      Use [do not use] the search list defined by the
*00b67f09SDavid van Moolenbroek	      searchlist or domain directive in
*00b67f09SDavid van Moolenbroek	      <code class="filename">resolv.conf</code> (if any).  The search
*00b67f09SDavid van Moolenbroek	      list is not used by default.
*00b67f09SDavid van Moolenbroek	    </p>
*00b67f09SDavid van Moolenbroek<p>
*00b67f09SDavid van Moolenbroek	      'ndots' from <code class="filename">resolv.conf</code> (default 1)
*00b67f09SDavid van Moolenbroek	       which may be overridden by <em class="parameter"><code>+ndots</code></em>
*00b67f09SDavid van Moolenbroek	      determines if the name will be treated as relative
*00b67f09SDavid van Moolenbroek	      or not and hence whether a search is eventually
*00b67f09SDavid van Moolenbroek	      performed or not.
*00b67f09SDavid van Moolenbroek	    </p>
*00b67f09SDavid van Moolenbroek</dd>
*00b67f09SDavid van Moolenbroek<dt><span class="term"><code class="option">+[no]short</code></span></dt>
*00b67f09SDavid van Moolenbroek<dd><p>
*00b67f09SDavid van Moolenbroek	      Provide a terse answer.  The default is to print the
*00b67f09SDavid van Moolenbroek	      answer in a verbose form.
*00b67f09SDavid van Moolenbroek	    </p></dd>
*00b67f09SDavid van Moolenbroek<dt><span class="term"><code class="option">+[no]showsearch</code></span></dt>
*00b67f09SDavid van Moolenbroek<dd><p>
*00b67f09SDavid van Moolenbroek	      Perform [do not perform] a search showing intermediate
*00b67f09SDavid van Moolenbroek	      results.
*00b67f09SDavid van Moolenbroek	    </p></dd>
*00b67f09SDavid van Moolenbroek<dt><span class="term"><code class="option">+[no]sigchase</code></span></dt>
*00b67f09SDavid van Moolenbroek<dd><p>
*00b67f09SDavid van Moolenbroek	      Chase DNSSEC signature chains.  Requires dig be
*00b67f09SDavid van Moolenbroek	      compiled with -DDIG_SIGCHASE.
*00b67f09SDavid van Moolenbroek	    </p></dd>
*00b67f09SDavid van Moolenbroek<dt><span class="term"><code class="option">+[no]sit[<span class="optional">=####</span>]</code></span></dt>
*00b67f09SDavid van Moolenbroek<dd><p>
*00b67f09SDavid van Moolenbroek	      Send a Source Identity Token EDNS option, with optional
*00b67f09SDavid van Moolenbroek	      value.  Replaying a SIT from a previous response will
*00b67f09SDavid van Moolenbroek	      allow the server to identify a previous client.  The
*00b67f09SDavid van Moolenbroek	      default is <code class="option">+nosit</code>.  Currently using
*00b67f09SDavid van Moolenbroek	      experimental value 65001 for the option code.
*00b67f09SDavid van Moolenbroek	    </p></dd>
*00b67f09SDavid van Moolenbroek<dt><span class="term"><code class="option">+split=W</code></span></dt>
*00b67f09SDavid van Moolenbroek<dd><p>
*00b67f09SDavid van Moolenbroek	      Split long hex- or base64-formatted fields in resource
*00b67f09SDavid van Moolenbroek	      records into chunks of <em class="parameter"><code>W</code></em>
*00b67f09SDavid van Moolenbroek	      characters (where <em class="parameter"><code>W</code></em> is rounded
*00b67f09SDavid van Moolenbroek	      up to the nearest multiple of 4).
*00b67f09SDavid van Moolenbroek	      <em class="parameter"><code>+nosplit</code></em> or
*00b67f09SDavid van Moolenbroek	      <em class="parameter"><code>+split=0</code></em> causes fields not to
*00b67f09SDavid van Moolenbroek	      be split at all.  The default is 56 characters, or
*00b67f09SDavid van Moolenbroek	      44 characters when multiline mode is active.
*00b67f09SDavid van Moolenbroek	    </p></dd>
*00b67f09SDavid van Moolenbroek<dt><span class="term"><code class="option">+[no]stats</code></span></dt>
*00b67f09SDavid van Moolenbroek<dd><p>
*00b67f09SDavid van Moolenbroek	      This query option toggles the printing of statistics:
*00b67f09SDavid van Moolenbroek	      when the query was made, the size of the reply and
*00b67f09SDavid van Moolenbroek	      so on.  The default behavior is to print the query
*00b67f09SDavid van Moolenbroek	      statistics.
*00b67f09SDavid van Moolenbroek	    </p></dd>
*00b67f09SDavid van Moolenbroek<dt><span class="term"><code class="option">+[no]subnet=addr/prefix</code></span></dt>
*00b67f09SDavid van Moolenbroek<dd><p>
*00b67f09SDavid van Moolenbroek	      Send an EDNS Client Subnet option with the specified
*00b67f09SDavid van Moolenbroek	      IP address or network prefix.
*00b67f09SDavid van Moolenbroek	    </p></dd>
*00b67f09SDavid van Moolenbroek<dt><span class="term"><code class="option">+[no]tcp</code></span></dt>
*00b67f09SDavid van Moolenbroek<dd><p>
*00b67f09SDavid van Moolenbroek	      Use [do not use] TCP when querying name servers. The
*00b67f09SDavid van Moolenbroek	      default behavior is to use UDP unless an
*00b67f09SDavid van Moolenbroek	      <code class="literal">ixfr=N</code> query is requested, in which
*00b67f09SDavid van Moolenbroek	      case the default is TCP.  AXFR queries always use
*00b67f09SDavid van Moolenbroek	      TCP.
*00b67f09SDavid van Moolenbroek	    </p></dd>
*00b67f09SDavid van Moolenbroek<dt><span class="term"><code class="option">+time=T</code></span></dt>
*00b67f09SDavid van Moolenbroek<dd><p>
*00b67f09SDavid van Moolenbroek
*00b67f09SDavid van Moolenbroek	      Sets the timeout for a query to
*00b67f09SDavid van Moolenbroek	      <em class="parameter"><code>T</code></em> seconds.  The default
*00b67f09SDavid van Moolenbroek	      timeout is 5 seconds.
*00b67f09SDavid van Moolenbroek	      An attempt to set <em class="parameter"><code>T</code></em> to less
*00b67f09SDavid van Moolenbroek	      than 1 will result
*00b67f09SDavid van Moolenbroek	      in a query timeout of 1 second being applied.
*00b67f09SDavid van Moolenbroek	    </p></dd>
*00b67f09SDavid van Moolenbroek<dt><span class="term"><code class="option">+[no]topdown</code></span></dt>
*00b67f09SDavid van Moolenbroek<dd><p>
*00b67f09SDavid van Moolenbroek	      When chasing DNSSEC signature chains perform a top-down
*00b67f09SDavid van Moolenbroek	      validation.  Requires dig be compiled with -DDIG_SIGCHASE.
*00b67f09SDavid van Moolenbroek	    </p></dd>
*00b67f09SDavid van Moolenbroek<dt><span class="term"><code class="option">+[no]trace</code></span></dt>
*00b67f09SDavid van Moolenbroek<dd>
*00b67f09SDavid van Moolenbroek<p>
*00b67f09SDavid van Moolenbroek	      Toggle tracing of the delegation path from the root
*00b67f09SDavid van Moolenbroek	      name servers for the name being looked up.  Tracing
*00b67f09SDavid van Moolenbroek	      is disabled by default.  When tracing is enabled,
*00b67f09SDavid van Moolenbroek	      <span><strong class="command">dig</strong></span> makes iterative queries to
*00b67f09SDavid van Moolenbroek	      resolve the name being looked up.  It will follow
*00b67f09SDavid van Moolenbroek	      referrals from the root servers, showing the answer
*00b67f09SDavid van Moolenbroek	      from each server that was used to resolve the lookup.
*00b67f09SDavid van Moolenbroek	    </p>
*00b67f09SDavid van Moolenbroek<p>
*00b67f09SDavid van Moolenbroek	      <span><strong class="command">+dnssec</strong></span> is also set when +trace
*00b67f09SDavid van Moolenbroek	      is set to better emulate the default queries from a
*00b67f09SDavid van Moolenbroek	      nameserver.
*00b67f09SDavid van Moolenbroek	    </p>
*00b67f09SDavid van Moolenbroek</dd>
*00b67f09SDavid van Moolenbroek<dt><span class="term"><code class="option">+tries=T</code></span></dt>
*00b67f09SDavid van Moolenbroek<dd><p>
*00b67f09SDavid van Moolenbroek	      Sets the number of times to try UDP queries to server
*00b67f09SDavid van Moolenbroek	      to <em class="parameter"><code>T</code></em> instead of the default,
*00b67f09SDavid van Moolenbroek	      3.  If <em class="parameter"><code>T</code></em> is less than or equal
*00b67f09SDavid van Moolenbroek	      to zero, the number of tries is silently rounded up
*00b67f09SDavid van Moolenbroek	      to 1.
*00b67f09SDavid van Moolenbroek	    </p></dd>
*00b67f09SDavid van Moolenbroek<dt><span class="term"><code class="option">+trusted-key=####</code></span></dt>
*00b67f09SDavid van Moolenbroek<dd>
*00b67f09SDavid van Moolenbroek<p>
*00b67f09SDavid van Moolenbroek	      Specifies a file containing trusted keys to be used
*00b67f09SDavid van Moolenbroek	      with <code class="option">+sigchase</code>.  Each DNSKEY record
*00b67f09SDavid van Moolenbroek	      must be on its own line.
*00b67f09SDavid van Moolenbroek	    </p>
*00b67f09SDavid van Moolenbroek<p>
*00b67f09SDavid van Moolenbroek	      If not specified, <span><strong class="command">dig</strong></span> will look
*00b67f09SDavid van Moolenbroek	      for <code class="filename">/etc/trusted-key.key</code> then
*00b67f09SDavid van Moolenbroek	      <code class="filename">trusted-key.key</code> in the current
*00b67f09SDavid van Moolenbroek	      directory.
*00b67f09SDavid van Moolenbroek	    </p>
*00b67f09SDavid van Moolenbroek<p>
*00b67f09SDavid van Moolenbroek	      Requires dig be compiled with -DDIG_SIGCHASE.
*00b67f09SDavid van Moolenbroek	    </p>
*00b67f09SDavid van Moolenbroek</dd>
*00b67f09SDavid van Moolenbroek<dt><span class="term"><code class="option">+[no]ttlid</code></span></dt>
*00b67f09SDavid van Moolenbroek<dd><p>
*00b67f09SDavid van Moolenbroek	      Display [do not display] the TTL when printing the
*00b67f09SDavid van Moolenbroek	      record.
*00b67f09SDavid van Moolenbroek	    </p></dd>
*00b67f09SDavid van Moolenbroek<dt><span class="term"><code class="option">+[no]vc</code></span></dt>
*00b67f09SDavid van Moolenbroek<dd><p>
*00b67f09SDavid van Moolenbroek	      Use [do not use] TCP when querying name servers.  This
*00b67f09SDavid van Moolenbroek	      alternate syntax to <em class="parameter"><code>+[no]tcp</code></em>
*00b67f09SDavid van Moolenbroek	      is provided for backwards compatibility.  The "vc"
*00b67f09SDavid van Moolenbroek	      stands for "virtual circuit".
*00b67f09SDavid van Moolenbroek	    </p></dd>
*00b67f09SDavid van Moolenbroek</dl></div>
*00b67f09SDavid van Moolenbroek<p>
*00b67f09SDavid van Moolenbroek
*00b67f09SDavid van Moolenbroek    </p>
*00b67f09SDavid van Moolenbroek</div>
*00b67f09SDavid van Moolenbroek<div class="refsect1" lang="en">
*00b67f09SDavid van Moolenbroek<a name="id2667573"></a><h2>MULTIPLE QUERIES</h2>
*00b67f09SDavid van Moolenbroek<p>
*00b67f09SDavid van Moolenbroek      The BIND 9 implementation of <span><strong class="command">dig </strong></span>
*00b67f09SDavid van Moolenbroek      supports
*00b67f09SDavid van Moolenbroek      specifying multiple queries on the command line (in addition to
*00b67f09SDavid van Moolenbroek      supporting the <code class="option">-f</code> batch file option).  Each of those
*00b67f09SDavid van Moolenbroek      queries can be supplied with its own set of flags, options and query
*00b67f09SDavid van Moolenbroek      options.
*00b67f09SDavid van Moolenbroek    </p>
*00b67f09SDavid van Moolenbroek<p>
*00b67f09SDavid van Moolenbroek      In this case, each <em class="parameter"><code>query</code></em> argument
*00b67f09SDavid van Moolenbroek      represent an
*00b67f09SDavid van Moolenbroek      individual query in the command-line syntax described above.  Each
*00b67f09SDavid van Moolenbroek      consists of any of the standard options and flags, the name to be
*00b67f09SDavid van Moolenbroek      looked up, an optional query type and class and any query options that
*00b67f09SDavid van Moolenbroek      should be applied to that query.
*00b67f09SDavid van Moolenbroek    </p>
*00b67f09SDavid van Moolenbroek<p>
*00b67f09SDavid van Moolenbroek      A global set of query options, which should be applied to all queries,
*00b67f09SDavid van Moolenbroek      can also be supplied.  These global query options must precede the
*00b67f09SDavid van Moolenbroek      first tuple of name, class, type, options, flags, and query options
*00b67f09SDavid van Moolenbroek      supplied on the command line.  Any global query options (except
*00b67f09SDavid van Moolenbroek      the <code class="option">+[no]cmd</code> option) can be
*00b67f09SDavid van Moolenbroek      overridden by a query-specific set of query options.  For example:
*00b67f09SDavid van Moolenbroek      </p>
*00b67f09SDavid van Moolenbroek<pre class="programlisting">
*00b67f09SDavid van Moolenbroekdig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
*00b67f09SDavid van Moolenbroek</pre>
*00b67f09SDavid van Moolenbroek<p>
*00b67f09SDavid van Moolenbroek      shows how <span><strong class="command">dig</strong></span> could be used from the
*00b67f09SDavid van Moolenbroek      command line
*00b67f09SDavid van Moolenbroek      to make three lookups: an ANY query for <code class="literal">www.isc.org</code>, a
*00b67f09SDavid van Moolenbroek      reverse lookup of 127.0.0.1 and a query for the NS records of
*00b67f09SDavid van Moolenbroek      <code class="literal">isc.org</code>.
*00b67f09SDavid van Moolenbroek
*00b67f09SDavid van Moolenbroek      A global query option of <em class="parameter"><code>+qr</code></em> is
*00b67f09SDavid van Moolenbroek      applied, so
*00b67f09SDavid van Moolenbroek      that <span><strong class="command">dig</strong></span> shows the initial query it made
*00b67f09SDavid van Moolenbroek      for each
*00b67f09SDavid van Moolenbroek      lookup.  The final query has a local query option of
*00b67f09SDavid van Moolenbroek      <em class="parameter"><code>+noqr</code></em> which means that <span><strong class="command">dig</strong></span>
*00b67f09SDavid van Moolenbroek      will not print the initial query when it looks up the NS records for
*00b67f09SDavid van Moolenbroek      <code class="literal">isc.org</code>.
*00b67f09SDavid van Moolenbroek    </p>
*00b67f09SDavid van Moolenbroek</div>
*00b67f09SDavid van Moolenbroek<div class="refsect1" lang="en">
*00b67f09SDavid van Moolenbroek<a name="id2667726"></a><h2>IDN SUPPORT</h2>
*00b67f09SDavid van Moolenbroek<p>
*00b67f09SDavid van Moolenbroek      If <span><strong class="command">dig</strong></span> has been built with IDN (internationalized
*00b67f09SDavid van Moolenbroek      domain name) support, it can accept and display non-ASCII domain names.
*00b67f09SDavid van Moolenbroek      <span><strong class="command">dig</strong></span> appropriately converts character encoding of
*00b67f09SDavid van Moolenbroek      domain name before sending a request to DNS server or displaying a
*00b67f09SDavid van Moolenbroek      reply from the server.
*00b67f09SDavid van Moolenbroek      If you'd like to turn off the IDN support for some reason, defines
*00b67f09SDavid van Moolenbroek      the <code class="envar">IDN_DISABLE</code> environment variable.
*00b67f09SDavid van Moolenbroek      The IDN support is disabled if the variable is set when
*00b67f09SDavid van Moolenbroek      <span><strong class="command">dig</strong></span> runs.
*00b67f09SDavid van Moolenbroek    </p>
*00b67f09SDavid van Moolenbroek</div>
*00b67f09SDavid van Moolenbroek<div class="refsect1" lang="en">
*00b67f09SDavid van Moolenbroek<a name="id2667755"></a><h2>FILES</h2>
*00b67f09SDavid van Moolenbroek<p><code class="filename">/etc/resolv.conf</code>
*00b67f09SDavid van Moolenbroek    </p>
*00b67f09SDavid van Moolenbroek<p><code class="filename">${HOME}/.digrc</code>
*00b67f09SDavid van Moolenbroek    </p>
*00b67f09SDavid van Moolenbroek</div>
*00b67f09SDavid van Moolenbroek<div class="refsect1" lang="en">
*00b67f09SDavid van Moolenbroek<a name="id2667777"></a><h2>SEE ALSO</h2>
*00b67f09SDavid van Moolenbroek<p><span class="citerefentry"><span class="refentrytitle">host</span>(1)</span>,
*00b67f09SDavid van Moolenbroek      <span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
*00b67f09SDavid van Moolenbroek      <span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
*00b67f09SDavid van Moolenbroek      <em class="citetitle">RFC1035</em>.
*00b67f09SDavid van Moolenbroek    </p>
*00b67f09SDavid van Moolenbroek</div>
*00b67f09SDavid van Moolenbroek<div class="refsect1" lang="en">
*00b67f09SDavid van Moolenbroek<a name="id2667882"></a><h2>BUGS</h2>
*00b67f09SDavid van Moolenbroek<p>
*00b67f09SDavid van Moolenbroek      There are probably too many query options.
*00b67f09SDavid van Moolenbroek    </p>
*00b67f09SDavid van Moolenbroek</div>
*00b67f09SDavid van Moolenbroek</div>
*00b67f09SDavid van Moolenbroek<div class="navfooter">
*00b67f09SDavid van Moolenbroek<hr>
*00b67f09SDavid van Moolenbroek<table width="100%" summary="Navigation footer">
*00b67f09SDavid van Moolenbroek<tr>
*00b67f09SDavid van Moolenbroek<td width="40%" align="left">
*00b67f09SDavid van Moolenbroek<a accesskey="p" href="Bv9ARM.ch13.html">Prev</a>�</td>
*00b67f09SDavid van Moolenbroek<td width="20%" align="center"><a accesskey="u" href="Bv9ARM.ch13.html">Up</a></td>
*00b67f09SDavid van Moolenbroek<td width="40%" align="right">�<a accesskey="n" href="man.host.html">Next</a>
*00b67f09SDavid van Moolenbroek</td>
*00b67f09SDavid van Moolenbroek</tr>
*00b67f09SDavid van Moolenbroek<tr>
*00b67f09SDavid van Moolenbroek<td width="40%" align="left" valign="top">Manual pages�</td>
*00b67f09SDavid van Moolenbroek<td width="20%" align="center"><a accesskey="h" href="Bv9ARM.html">Home</a></td>
*00b67f09SDavid van Moolenbroek<td width="40%" align="right" valign="top">�host</td>
*00b67f09SDavid van Moolenbroek</tr>
*00b67f09SDavid van Moolenbroek</table>
*00b67f09SDavid van Moolenbroek</div>
*00b67f09SDavid van Moolenbroek<p style="text-align: center;">BIND 9.10.2-P4</p>
*00b67f09SDavid van Moolenbroek</body>
*00b67f09SDavid van Moolenbroek</html>