968 lines
33 KiB
Plaintext
968 lines
33 KiB
Plaintext
<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
|
|
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
|
|
[<!ENTITY mdash "—">]>
|
|
<!--
|
|
- Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC")
|
|
- Copyright (C) 2000-2003 Internet Software Consortium.
|
|
-
|
|
- Permission to use, copy, modify, and/or distribute this software for any
|
|
- purpose with or without fee is hereby granted, provided that the above
|
|
- copyright notice and this permission notice appear in all copies.
|
|
-
|
|
- THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
|
|
- REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
|
|
- AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
|
|
- INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
|
|
- LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
|
|
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
|
|
- PERFORMANCE OF THIS SOFTWARE.
|
|
-->
|
|
|
|
<!-- $Id: dig.docbook,v 1.47 2010/03/04 23:50:34 tbox Exp $ -->
|
|
<refentry id="man.dig">
|
|
|
|
<refentryinfo>
|
|
<date>Jun 30, 2000</date>
|
|
</refentryinfo>
|
|
|
|
<refmeta>
|
|
<refentrytitle>dig</refentrytitle>
|
|
<manvolnum>1</manvolnum>
|
|
<refmiscinfo>BIND9</refmiscinfo>
|
|
</refmeta>
|
|
|
|
<refnamediv>
|
|
<refname>dig</refname>
|
|
<refpurpose>DNS lookup utility</refpurpose>
|
|
</refnamediv>
|
|
|
|
<docinfo>
|
|
<copyright>
|
|
<year>2004</year>
|
|
<year>2005</year>
|
|
<year>2006</year>
|
|
<year>2007</year>
|
|
<year>2008</year>
|
|
<year>2009</year>
|
|
<year>2010</year>
|
|
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
|
|
</copyright>
|
|
<copyright>
|
|
<year>2000</year>
|
|
<year>2001</year>
|
|
<year>2002</year>
|
|
<year>2003</year>
|
|
<holder>Internet Software Consortium.</holder>
|
|
</copyright>
|
|
</docinfo>
|
|
|
|
<refsynopsisdiv>
|
|
<cmdsynopsis>
|
|
<command>dig</command>
|
|
<arg choice="opt">@server</arg>
|
|
<arg><option>-b <replaceable class="parameter">address</replaceable></option></arg>
|
|
<arg><option>-c <replaceable class="parameter">class</replaceable></option></arg>
|
|
<arg><option>-f <replaceable class="parameter">filename</replaceable></option></arg>
|
|
<arg><option>-k <replaceable class="parameter">filename</replaceable></option></arg>
|
|
<arg><option>-m</option></arg>
|
|
<arg><option>-p <replaceable class="parameter">port#</replaceable></option></arg>
|
|
<arg><option>-q <replaceable class="parameter">name</replaceable></option></arg>
|
|
<arg><option>-t <replaceable class="parameter">type</replaceable></option></arg>
|
|
<arg><option>-x <replaceable class="parameter">addr</replaceable></option></arg>
|
|
<arg><option>-y <replaceable class="parameter"><optional>hmac:</optional>name:key</replaceable></option></arg>
|
|
<arg><option>-4</option></arg>
|
|
<arg><option>-6</option></arg>
|
|
<arg choice="opt">name</arg>
|
|
<arg choice="opt">type</arg>
|
|
<arg choice="opt">class</arg>
|
|
<arg choice="opt" rep="repeat">queryopt</arg>
|
|
</cmdsynopsis>
|
|
|
|
<cmdsynopsis>
|
|
<command>dig</command>
|
|
<arg><option>-h</option></arg>
|
|
</cmdsynopsis>
|
|
|
|
<cmdsynopsis>
|
|
<command>dig</command>
|
|
<arg choice="opt" rep="repeat">global-queryopt</arg>
|
|
<arg choice="opt" rep="repeat">query</arg>
|
|
</cmdsynopsis>
|
|
</refsynopsisdiv>
|
|
|
|
<refsect1>
|
|
<title>DESCRIPTION</title>
|
|
<para><command>dig</command>
|
|
(domain information groper) is a flexible tool
|
|
for interrogating DNS name servers. It performs DNS lookups and
|
|
displays the answers that are returned from the name server(s) that
|
|
were queried. Most DNS administrators use <command>dig</command> to
|
|
troubleshoot DNS problems because of its flexibility, ease of use and
|
|
clarity of output. Other lookup tools tend to have less functionality
|
|
than <command>dig</command>.
|
|
</para>
|
|
|
|
<para>
|
|
Although <command>dig</command> is normally used with
|
|
command-line
|
|
arguments, it also has a batch mode of operation for reading lookup
|
|
requests from a file. A brief summary of its command-line arguments
|
|
and options is printed when the <option>-h</option> option is given.
|
|
Unlike earlier versions, the BIND 9 implementation of
|
|
<command>dig</command> allows multiple lookups to be issued
|
|
from the
|
|
command line.
|
|
</para>
|
|
|
|
<para>
|
|
Unless it is told to query a specific name server,
|
|
<command>dig</command> will try each of the servers listed
|
|
in
|
|
<filename>/etc/resolv.conf</filename>.
|
|
</para>
|
|
|
|
<para>
|
|
When no command line arguments or options are given,
|
|
<command>dig</command> will perform an NS query for "." (the root).
|
|
</para>
|
|
|
|
<para>
|
|
It is possible to set per-user defaults for <command>dig</command> via
|
|
<filename>${HOME}/.digrc</filename>. This file is read and
|
|
any options in it
|
|
are applied before the command line arguments.
|
|
</para>
|
|
|
|
<para>
|
|
The IN and CH class names overlap with the IN and CH top level
|
|
domains names. Either use the <option>-t</option> and
|
|
<option>-c</option> options to specify the type and class,
|
|
use the <option>-q</option> the specify the domain name, or
|
|
use "IN." and "CH." when looking up these top level domains.
|
|
</para>
|
|
|
|
</refsect1>
|
|
|
|
<refsect1>
|
|
<title>SIMPLE USAGE</title>
|
|
|
|
<para>
|
|
A typical invocation of <command>dig</command> looks like:
|
|
<programlisting> dig @server name type </programlisting>
|
|
where:
|
|
|
|
<variablelist>
|
|
|
|
<varlistentry>
|
|
<term><constant>server</constant></term>
|
|
<listitem>
|
|
<para>
|
|
is the name or IP address of the name server to query. This can
|
|
be an IPv4
|
|
address in dotted-decimal notation or an IPv6
|
|
address in colon-delimited notation. When the supplied
|
|
<parameter>server</parameter> argument is a
|
|
hostname,
|
|
<command>dig</command> resolves that name before
|
|
querying that name
|
|
server. If no <parameter>server</parameter>
|
|
argument is provided,
|
|
<command>dig</command> consults <filename>/etc/resolv.conf</filename>
|
|
and queries the name servers listed there. The reply from the
|
|
name
|
|
server that responds is displayed.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><constant>name</constant></term>
|
|
<listitem>
|
|
<para>
|
|
is the name of the resource record that is to be looked up.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><constant>type</constant></term>
|
|
<listitem>
|
|
<para>
|
|
indicates what type of query is required —
|
|
ANY, A, MX, SIG, etc.
|
|
<parameter>type</parameter> can be any valid query
|
|
type. If no
|
|
<parameter>type</parameter> argument is supplied,
|
|
<command>dig</command> will perform a lookup for an
|
|
A record.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
</variablelist>
|
|
</para>
|
|
|
|
</refsect1>
|
|
|
|
<refsect1>
|
|
<title>OPTIONS</title>
|
|
|
|
<para>
|
|
The <option>-b</option> option sets the source IP address of the query
|
|
to <parameter>address</parameter>. This must be a valid
|
|
address on
|
|
one of the host's network interfaces or "0.0.0.0" or "::". An optional
|
|
port
|
|
may be specified by appending "#<port>"
|
|
</para>
|
|
|
|
<para>
|
|
The default query class (IN for internet) is overridden by the
|
|
<option>-c</option> option. <parameter>class</parameter> is
|
|
any valid
|
|
class, such as HS for Hesiod records or CH for Chaosnet records.
|
|
</para>
|
|
|
|
<para>
|
|
The <option>-f</option> option makes <command>dig </command>
|
|
operate
|
|
in batch mode by reading a list of lookup requests to process from the
|
|
file <parameter>filename</parameter>. The file contains a
|
|
number of
|
|
queries, one per line. Each entry in the file should be organized in
|
|
the same way they would be presented as queries to
|
|
<command>dig</command> using the command-line interface.
|
|
</para>
|
|
|
|
<para>
|
|
The <option>-m</option> option enables memory usage debugging.
|
|
<!-- It enables ISC_MEM_DEBUGTRACE and ISC_MEM_DEBUGRECORD
|
|
documented in include/isc/mem.h -->
|
|
</para>
|
|
|
|
<para>
|
|
If a non-standard port number is to be queried, the
|
|
<option>-p</option> option is used. <parameter>port#</parameter> is
|
|
the port number that <command>dig</command> will send its
|
|
queries
|
|
instead of the standard DNS port number 53. This option would be used
|
|
to test a name server that has been configured to listen for queries
|
|
on a non-standard port number.
|
|
</para>
|
|
|
|
<para>
|
|
The <option>-4</option> option forces <command>dig</command>
|
|
to only
|
|
use IPv4 query transport. The <option>-6</option> option forces
|
|
<command>dig</command> to only use IPv6 query transport.
|
|
</para>
|
|
|
|
<para>
|
|
The <option>-t</option> option sets the query type to
|
|
<parameter>type</parameter>. It can be any valid query type
|
|
which is
|
|
supported in BIND 9. The default query type is "A", unless the
|
|
<option>-x</option> option is supplied to indicate a reverse lookup.
|
|
A zone transfer can be requested by specifying a type of AXFR. When
|
|
an incremental zone transfer (IXFR) is required,
|
|
<parameter>type</parameter> is set to <literal>ixfr=N</literal>.
|
|
The incremental zone transfer will contain the changes made to the zone
|
|
since the serial number in the zone's SOA record was
|
|
<parameter>N</parameter>.
|
|
</para>
|
|
|
|
<para>
|
|
The <option>-q</option> option sets the query name to
|
|
<parameter>name</parameter>. This useful do distinguish the
|
|
<parameter>name</parameter> from other arguments.
|
|
</para>
|
|
|
|
<para>
|
|
Reverse lookups — mapping addresses to names — are simplified by the
|
|
<option>-x</option> option. <parameter>addr</parameter> is
|
|
an IPv4
|
|
address in dotted-decimal notation, or a colon-delimited IPv6 address.
|
|
When this option is used, there is no need to provide the
|
|
<parameter>name</parameter>, <parameter>class</parameter> and
|
|
<parameter>type</parameter> arguments. <command>dig</command>
|
|
automatically performs a lookup for a name like
|
|
<literal>11.12.13.10.in-addr.arpa</literal> and sets the
|
|
query type and
|
|
class to PTR and IN respectively. By default, IPv6 addresses are
|
|
looked up using nibble format under the IP6.ARPA domain.
|
|
To use the older RFC1886 method using the IP6.INT domain
|
|
specify the <option>-i</option> option. Bit string labels (RFC2874)
|
|
are now experimental and are not attempted.
|
|
</para>
|
|
|
|
<para>
|
|
To sign the DNS queries sent by <command>dig</command> and
|
|
their
|
|
responses using transaction signatures (TSIG), specify a TSIG key file
|
|
using the <option>-k</option> option. You can also specify the TSIG
|
|
key itself on the command line using the <option>-y</option> option;
|
|
<parameter>hmac</parameter> is the type of the TSIG, default HMAC-MD5,
|
|
<parameter>name</parameter> is the name of the TSIG key and
|
|
<parameter>key</parameter> is the actual key. The key is a
|
|
base-64
|
|
encoded string, typically generated by
|
|
<citerefentry>
|
|
<refentrytitle>dnssec-keygen</refentrytitle><manvolnum>8</manvolnum>
|
|
</citerefentry>.
|
|
|
|
Caution should be taken when using the <option>-y</option> option on
|
|
multi-user systems as the key can be visible in the output from
|
|
<citerefentry>
|
|
<refentrytitle>ps</refentrytitle><manvolnum>1</manvolnum>
|
|
</citerefentry>
|
|
or in the shell's history file. When
|
|
using TSIG authentication with <command>dig</command>, the name
|
|
server that is queried needs to know the key and algorithm that is
|
|
being used. In BIND, this is done by providing appropriate
|
|
<command>key</command> and <command>server</command> statements in
|
|
<filename>named.conf</filename>.
|
|
</para>
|
|
|
|
</refsect1>
|
|
|
|
<refsect1>
|
|
<title>QUERY OPTIONS</title>
|
|
|
|
<para><command>dig</command>
|
|
provides a number of query options which affect
|
|
the way in which lookups are made and the results displayed. Some of
|
|
these set or reset flag bits in the query header, some determine which
|
|
sections of the answer get printed, and others determine the timeout
|
|
and retry strategies.
|
|
</para>
|
|
|
|
<para>
|
|
Each query option is identified by a keyword preceded by a plus sign
|
|
(<literal>+</literal>). Some keywords set or reset an
|
|
option. These may be preceded
|
|
by the string <literal>no</literal> to negate the meaning of
|
|
that keyword. Other
|
|
keywords assign values to options like the timeout interval. They
|
|
have the form <option>+keyword=value</option>.
|
|
The query options are:
|
|
|
|
<variablelist>
|
|
|
|
<varlistentry>
|
|
<term><option>+[no]tcp</option></term>
|
|
<listitem>
|
|
<para>
|
|
Use [do not use] TCP when querying name servers. The default
|
|
behavior is to use UDP unless an AXFR or IXFR query is
|
|
requested, in
|
|
which case a TCP connection is used.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><option>+[no]vc</option></term>
|
|
<listitem>
|
|
<para>
|
|
Use [do not use] TCP when querying name servers. This alternate
|
|
syntax to <parameter>+[no]tcp</parameter> is
|
|
provided for backwards
|
|
compatibility. The "vc" stands for "virtual circuit".
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><option>+[no]ignore</option></term>
|
|
<listitem>
|
|
<para>
|
|
Ignore truncation in UDP responses instead of retrying with TCP.
|
|
By
|
|
default, TCP retries are performed.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><option>+domain=somename</option></term>
|
|
<listitem>
|
|
<para>
|
|
Set the search list to contain the single domain
|
|
<parameter>somename</parameter>, as if specified in
|
|
a
|
|
<command>domain</command> directive in
|
|
<filename>/etc/resolv.conf</filename>, and enable
|
|
search list
|
|
processing as if the <parameter>+search</parameter>
|
|
option were given.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><option>+[no]search</option></term>
|
|
<listitem>
|
|
<para>
|
|
Use [do not use] the search list defined by the searchlist or
|
|
domain
|
|
directive in <filename>resolv.conf</filename> (if
|
|
any).
|
|
The search list is not used by default.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><option>+[no]showsearch</option></term>
|
|
<listitem>
|
|
<para>
|
|
Perform [do not perform] a search showing intermediate
|
|
results.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><option>+[no]defname</option></term>
|
|
<listitem>
|
|
<para>
|
|
Deprecated, treated as a synonym for <parameter>+[no]search</parameter>
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><option>+[no]aaonly</option></term>
|
|
<listitem>
|
|
<para>
|
|
Sets the "aa" flag in the query.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><option>+[no]aaflag</option></term>
|
|
<listitem>
|
|
<para>
|
|
A synonym for <parameter>+[no]aaonly</parameter>.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><option>+[no]adflag</option></term>
|
|
<listitem>
|
|
<para>
|
|
Set [do not set] the AD (authentic data) bit in the
|
|
query. This requests the server to return whether
|
|
all of the answer and authority sections have all
|
|
been validated as secure according to the security
|
|
policy of the server. AD=1 indicates that all records
|
|
have been validated as secure and the answer is not
|
|
from a OPT-OUT range. AD=0 indicate that some part
|
|
of the answer was insecure or not validated.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><option>+[no]cdflag</option></term>
|
|
<listitem>
|
|
<para>
|
|
Set [do not set] the CD (checking disabled) bit in the query.
|
|
This
|
|
requests the server to not perform DNSSEC validation of
|
|
responses.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><option>+[no]cl</option></term>
|
|
<listitem>
|
|
<para>
|
|
Display [do not display] the CLASS when printing the record.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><option>+[no]ttlid</option></term>
|
|
<listitem>
|
|
<para>
|
|
Display [do not display] the TTL when printing the record.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><option>+[no]recurse</option></term>
|
|
<listitem>
|
|
<para>
|
|
Toggle the setting of the RD (recursion desired) bit in the
|
|
query.
|
|
This bit is set by default, which means <command>dig</command>
|
|
normally sends recursive queries. Recursion is automatically
|
|
disabled
|
|
when the <parameter>+nssearch</parameter> or
|
|
<parameter>+trace</parameter> query options are
|
|
used.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><option>+[no]nssearch</option></term>
|
|
<listitem>
|
|
<para>
|
|
When this option is set, <command>dig</command>
|
|
attempts to find the
|
|
authoritative name servers for the zone containing the name
|
|
being
|
|
looked up and display the SOA record that each name server has
|
|
for the
|
|
zone.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><option>+[no]trace</option></term>
|
|
<listitem>
|
|
<para>
|
|
Toggle tracing of the delegation path from the root name servers
|
|
for
|
|
the name being looked up. Tracing is disabled by default. When
|
|
tracing is enabled, <command>dig</command> makes
|
|
iterative queries to
|
|
resolve the name being looked up. It will follow referrals from
|
|
the
|
|
root servers, showing the answer from each server that was used
|
|
to
|
|
resolve the lookup.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><option>+[no]cmd</option></term>
|
|
<listitem>
|
|
<para>
|
|
Toggles the printing of the initial comment in the output
|
|
identifying
|
|
the version of <command>dig</command> and the query
|
|
options that have
|
|
been applied. This comment is printed by default.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><option>+[no]short</option></term>
|
|
<listitem>
|
|
<para>
|
|
Provide a terse answer. The default is to print the answer in a
|
|
verbose form.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><option>+[no]identify</option></term>
|
|
<listitem>
|
|
<para>
|
|
Show [or do not show] the IP address and port number that
|
|
supplied the
|
|
answer when the <parameter>+short</parameter> option
|
|
is enabled. If
|
|
short form answers are requested, the default is not to show the
|
|
source address and port number of the server that provided the
|
|
answer.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><option>+[no]comments</option></term>
|
|
<listitem>
|
|
<para>
|
|
Toggle the display of comment lines in the output. The default
|
|
is to
|
|
print comments.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><option>+[no]stats</option></term>
|
|
<listitem>
|
|
<para>
|
|
This query option toggles the printing of statistics: when the
|
|
query
|
|
was made, the size of the reply and so on. The default
|
|
behavior is
|
|
to print the query statistics.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><option>+[no]qr</option></term>
|
|
<listitem>
|
|
<para>
|
|
Print [do not print] the query as it is sent.
|
|
By default, the query is not printed.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><option>+[no]question</option></term>
|
|
<listitem>
|
|
<para>
|
|
Print [do not print] the question section of a query when an
|
|
answer is
|
|
returned. The default is to print the question section as a
|
|
comment.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><option>+[no]answer</option></term>
|
|
<listitem>
|
|
<para>
|
|
Display [do not display] the answer section of a reply. The
|
|
default
|
|
is to display it.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><option>+[no]authority</option></term>
|
|
<listitem>
|
|
<para>
|
|
Display [do not display] the authority section of a reply. The
|
|
default is to display it.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><option>+[no]additional</option></term>
|
|
<listitem>
|
|
<para>
|
|
Display [do not display] the additional section of a reply.
|
|
The default is to display it.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><option>+[no]all</option></term>
|
|
<listitem>
|
|
<para>
|
|
Set or clear all display flags.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><option>+time=T</option></term>
|
|
<listitem>
|
|
<para>
|
|
|
|
Sets the timeout for a query to
|
|
<parameter>T</parameter> seconds. The default
|
|
timeout is 5 seconds.
|
|
An attempt to set <parameter>T</parameter> to less
|
|
than 1 will result
|
|
in a query timeout of 1 second being applied.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><option>+tries=T</option></term>
|
|
<listitem>
|
|
<para>
|
|
Sets the number of times to try UDP queries to server to
|
|
<parameter>T</parameter> instead of the default, 3.
|
|
If
|
|
<parameter>T</parameter> is less than or equal to
|
|
zero, the number of
|
|
tries is silently rounded up to 1.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><option>+retry=T</option></term>
|
|
<listitem>
|
|
<para>
|
|
Sets the number of times to retry UDP queries to server to
|
|
<parameter>T</parameter> instead of the default, 2.
|
|
Unlike
|
|
<parameter>+tries</parameter>, this does not include
|
|
the initial
|
|
query.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><option>+ndots=D</option></term>
|
|
<listitem>
|
|
<para>
|
|
Set the number of dots that have to appear in
|
|
<parameter>name</parameter> to <parameter>D</parameter> for it to be
|
|
considered absolute. The default value is that defined using
|
|
the
|
|
ndots statement in <filename>/etc/resolv.conf</filename>, or 1 if no
|
|
ndots statement is present. Names with fewer dots are
|
|
interpreted as
|
|
relative names and will be searched for in the domains listed in
|
|
the
|
|
<option>search</option> or <option>domain</option> directive in
|
|
<filename>/etc/resolv.conf</filename>.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><option>+bufsize=B</option></term>
|
|
<listitem>
|
|
<para>
|
|
Set the UDP message buffer size advertised using EDNS0 to
|
|
<parameter>B</parameter> bytes. The maximum and minimum sizes
|
|
of this buffer are 65535 and 0 respectively. Values outside
|
|
this range are rounded up or down appropriately.
|
|
Values other than zero will cause a EDNS query to be sent.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><option>+edns=#</option></term>
|
|
<listitem>
|
|
<para>
|
|
Specify the EDNS version to query with. Valid values
|
|
are 0 to 255. Setting the EDNS version will cause a
|
|
EDNS query to be sent. <option>+noedns</option> clears the
|
|
remembered EDNS version.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><option>+[no]multiline</option></term>
|
|
<listitem>
|
|
<para>
|
|
Print records like the SOA records in a verbose multi-line
|
|
format with human-readable comments. The default is to print
|
|
each record on a single line, to facilitate machine parsing
|
|
of the <command>dig</command> output.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><option>+[no]onesoa</option></term>
|
|
<listitem>
|
|
<para>
|
|
Print only one (starting) SOA record when performing
|
|
an AXFR. The default is to print both the starting and
|
|
ending SOA records.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><option>+[no]fail</option></term>
|
|
<listitem>
|
|
<para>
|
|
Do not try the next server if you receive a SERVFAIL. The
|
|
default is
|
|
to not try the next server which is the reverse of normal stub
|
|
resolver
|
|
behavior.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><option>+[no]besteffort</option></term>
|
|
<listitem>
|
|
<para>
|
|
Attempt to display the contents of messages which are malformed.
|
|
The default is to not display malformed answers.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><option>+[no]dnssec</option></term>
|
|
<listitem>
|
|
<para>
|
|
Requests DNSSEC records be sent by setting the DNSSEC OK bit
|
|
(DO)
|
|
in the OPT record in the additional section of the query.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><option>+[no]sigchase</option></term>
|
|
<listitem>
|
|
<para>
|
|
Chase DNSSEC signature chains. Requires dig be compiled with
|
|
-DDIG_SIGCHASE.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><option>+trusted-key=####</option></term>
|
|
<listitem>
|
|
<para>
|
|
Specifies a file containing trusted keys to be used with
|
|
<option>+sigchase</option>. Each DNSKEY record must be
|
|
on its own line.
|
|
</para>
|
|
<para>
|
|
If not specified, <command>dig</command> will look for
|
|
<filename>/etc/trusted-key.key</filename> then
|
|
<filename>trusted-key.key</filename> in the current directory.
|
|
</para>
|
|
<para>
|
|
Requires dig be compiled with -DDIG_SIGCHASE.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><option>+[no]topdown</option></term>
|
|
<listitem>
|
|
<para>
|
|
When chasing DNSSEC signature chains perform a top-down
|
|
validation.
|
|
Requires dig be compiled with -DDIG_SIGCHASE.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><option>+[no]nsid</option></term>
|
|
<listitem>
|
|
<para>
|
|
Include an EDNS name server ID request when sending a query.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
|
|
</variablelist>
|
|
|
|
</para>
|
|
</refsect1>
|
|
|
|
<refsect1>
|
|
<title>MULTIPLE QUERIES</title>
|
|
|
|
<para>
|
|
The BIND 9 implementation of <command>dig </command>
|
|
supports
|
|
specifying multiple queries on the command line (in addition to
|
|
supporting the <option>-f</option> batch file option). Each of those
|
|
queries can be supplied with its own set of flags, options and query
|
|
options.
|
|
</para>
|
|
|
|
<para>
|
|
In this case, each <parameter>query</parameter> argument
|
|
represent an
|
|
individual query in the command-line syntax described above. Each
|
|
consists of any of the standard options and flags, the name to be
|
|
looked up, an optional query type and class and any query options that
|
|
should be applied to that query.
|
|
</para>
|
|
|
|
<para>
|
|
A global set of query options, which should be applied to all queries,
|
|
can also be supplied. These global query options must precede the
|
|
first tuple of name, class, type, options, flags, and query options
|
|
supplied on the command line. Any global query options (except
|
|
the <option>+[no]cmd</option> option) can be
|
|
overridden by a query-specific set of query options. For example:
|
|
<programlisting>
|
|
dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
|
|
</programlisting>
|
|
shows how <command>dig</command> could be used from the
|
|
command line
|
|
to make three lookups: an ANY query for <literal>www.isc.org</literal>, a
|
|
reverse lookup of 127.0.0.1 and a query for the NS records of
|
|
<literal>isc.org</literal>.
|
|
|
|
A global query option of <parameter>+qr</parameter> is
|
|
applied, so
|
|
that <command>dig</command> shows the initial query it made
|
|
for each
|
|
lookup. The final query has a local query option of
|
|
<parameter>+noqr</parameter> which means that <command>dig</command>
|
|
will not print the initial query when it looks up the NS records for
|
|
<literal>isc.org</literal>.
|
|
</para>
|
|
|
|
</refsect1>
|
|
|
|
<refsect1>
|
|
<title>IDN SUPPORT</title>
|
|
<para>
|
|
If <command>dig</command> has been built with IDN (internationalized
|
|
domain name) support, it can accept and display non-ASCII domain names.
|
|
<command>dig</command> appropriately converts character encoding of
|
|
domain name before sending a request to DNS server or displaying a
|
|
reply from the server.
|
|
If you'd like to turn off the IDN support for some reason, defines
|
|
the <envar>IDN_DISABLE</envar> environment variable.
|
|
The IDN support is disabled if the variable is set when
|
|
<command>dig</command> runs.
|
|
</para>
|
|
</refsect1>
|
|
|
|
<refsect1>
|
|
<title>FILES</title>
|
|
<para><filename>/etc/resolv.conf</filename>
|
|
</para>
|
|
<para><filename>${HOME}/.digrc</filename>
|
|
</para>
|
|
</refsect1>
|
|
|
|
<refsect1>
|
|
<title>SEE ALSO</title>
|
|
<para><citerefentry>
|
|
<refentrytitle>host</refentrytitle><manvolnum>1</manvolnum>
|
|
</citerefentry>,
|
|
<citerefentry>
|
|
<refentrytitle>named</refentrytitle><manvolnum>8</manvolnum>
|
|
</citerefentry>,
|
|
<citerefentry>
|
|
<refentrytitle>dnssec-keygen</refentrytitle><manvolnum>8</manvolnum>
|
|
</citerefentry>,
|
|
<citetitle>RFC1035</citetitle>.
|
|
</para>
|
|
</refsect1>
|
|
|
|
<refsect1>
|
|
<title>BUGS</title>
|
|
<para>
|
|
There are probably too many query options.
|
|
</para>
|
|
</refsect1>
|
|
</refentry><!--
|
|
- Local variables:
|
|
- mode: sgml
|
|
- End:
|
|
-->
|