Annotation of src/external/mpl/bind/dist/bin/dig/dig.docbook, Revision 1.1.1.3.2.3
1.1.1.3.2.2 christos 1: <!DOCTYPE book [
2: <!ENTITY mdash "—">]>
3: <!--
4: - Copyright (C) Internet Systems Consortium, Inc. ("ISC")
5: -
6: - This Source Code Form is subject to the terms of the Mozilla Public
7: - License, v. 2.0. If a copy of the MPL was not distributed with this
8: - file, You can obtain one at http://mozilla.org/MPL/2.0/.
9: -
10: - See the COPYRIGHT file distributed with this work for additional
11: - information regarding copyright ownership.
12: -->
13:
14: <!-- Converted by db4-upgrade version 1.0 -->
15: <refentry xmlns:db="http://docbook.org/ns/docbook" version="5.0" xml:id="man.dig">
16: <info>
17: <date>2014-02-19</date>
18: </info>
19: <refentryinfo>
20: <corpname>ISC</corpname>
21: <corpauthor>Internet Systems Consortium, Inc.</corpauthor>
22: </refentryinfo>
23:
24: <refmeta>
25: <refentrytitle>dig</refentrytitle>
26: <manvolnum>1</manvolnum>
27: <refmiscinfo>BIND9</refmiscinfo>
28: </refmeta>
29:
30: <refnamediv>
31: <refname>dig</refname>
32: <refpurpose>DNS lookup utility</refpurpose>
33: </refnamediv>
34:
35: <docinfo>
36: <copyright>
37: <year>2000</year>
38: <year>2001</year>
39: <year>2002</year>
40: <year>2003</year>
41: <year>2004</year>
42: <year>2005</year>
43: <year>2006</year>
44: <year>2007</year>
45: <year>2008</year>
46: <year>2009</year>
47: <year>2010</year>
48: <year>2011</year>
49: <year>2013</year>
50: <year>2014</year>
51: <year>2015</year>
52: <year>2016</year>
53: <year>2017</year>
54: <year>2018</year>
55: <year>2019</year>
56: <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
57: </copyright>
58: </docinfo>
59:
60: <refsynopsisdiv>
61: <cmdsynopsis sepchar=" ">
62: <command>dig</command>
63: <arg choice="opt" rep="norepeat">@server</arg>
64: <arg choice="opt" rep="norepeat"><option>-b <replaceable class="parameter">address</replaceable></option></arg>
65: <arg choice="opt" rep="norepeat"><option>-c <replaceable class="parameter">class</replaceable></option></arg>
66: <arg choice="opt" rep="norepeat"><option>-f <replaceable class="parameter">filename</replaceable></option></arg>
67: <arg choice="opt" rep="norepeat"><option>-k <replaceable class="parameter">filename</replaceable></option></arg>
68: <arg choice="opt" rep="norepeat"><option>-m</option></arg>
69: <arg choice="opt" rep="norepeat"><option>-p <replaceable class="parameter">port#</replaceable></option></arg>
70: <arg choice="opt" rep="norepeat"><option>-q <replaceable class="parameter">name</replaceable></option></arg>
71: <arg choice="opt" rep="norepeat"><option>-t <replaceable class="parameter">type</replaceable></option></arg>
72: <arg choice="opt" rep="norepeat"><option>-v</option></arg>
73: <arg choice="opt" rep="norepeat"><option>-x <replaceable class="parameter">addr</replaceable></option></arg>
74: <arg choice="opt" rep="norepeat"><option>-y <replaceable class="parameter"><optional>hmac:</optional>name:key</replaceable></option></arg>
75: <group choice="opt" rep="norepeat">
76: <arg choice="opt" rep="norepeat"><option>-4</option></arg>
77: <arg choice="opt" rep="norepeat"><option>-6</option></arg>
78: </group>
79: <arg choice="opt" rep="norepeat">name</arg>
80: <arg choice="opt" rep="norepeat">type</arg>
81: <arg choice="opt" rep="norepeat">class</arg>
82: <arg choice="opt" rep="repeat">queryopt</arg>
83: </cmdsynopsis>
84:
85: <cmdsynopsis sepchar=" ">
86: <command>dig</command>
87: <arg choice="opt" rep="norepeat"><option>-h</option></arg>
88: </cmdsynopsis>
89:
90: <cmdsynopsis sepchar=" ">
91: <command>dig</command>
92: <arg choice="opt" rep="repeat">global-queryopt</arg>
93: <arg choice="opt" rep="repeat">query</arg>
94: </cmdsynopsis>
95: </refsynopsisdiv>
96:
97: <refsection><info><title>DESCRIPTION</title></info>
98:
99: <para><command>dig</command> is a flexible tool
100: for interrogating DNS name servers. It performs DNS lookups and
101: displays the answers that are returned from the name server(s) that
102: were queried. Most DNS administrators use <command>dig</command> to
103: troubleshoot DNS problems because of its flexibility, ease of use and
104: clarity of output. Other lookup tools tend to have less functionality
105: than <command>dig</command>.
106: </para>
107:
108: <para>
109: Although <command>dig</command> is normally used with
110: command-line
111: arguments, it also has a batch mode of operation for reading lookup
112: requests from a file. A brief summary of its command-line arguments
113: and options is printed when the <option>-h</option> option is given.
114: Unlike earlier versions, the BIND 9 implementation of
115: <command>dig</command> allows multiple lookups to be issued
116: from the
117: command line.
118: </para>
119:
120: <para>
121: Unless it is told to query a specific name server,
122: <command>dig</command> will try each of the servers listed in
123: <filename>/etc/resolv.conf</filename>. If no usable server addresses
124: are found, <command>dig</command> will send the query to the local
125: host.
126: </para>
127:
128: <para>
129: When no command line arguments or options are given,
130: <command>dig</command> will perform an NS query for "." (the root).
131: </para>
132:
133: <para>
134: It is possible to set per-user defaults for <command>dig</command> via
135: <filename>${HOME}/.digrc</filename>. This file is read and any
136: options in it are applied before the command line arguments.
137: The <option>-r</option> option disables this feature, for
138: scripts that need predictable behaviour.
139: </para>
140:
141: <para>
142: The IN and CH class names overlap with the IN and CH top level
143: domain names. Either use the <option>-t</option> and
144: <option>-c</option> options to specify the type and class,
145: use the <option>-q</option> the specify the domain name, or
146: use "IN." and "CH." when looking up these top level domains.
147: </para>
148:
149: </refsection>
150:
151: <refsection><info><title>SIMPLE USAGE</title></info>
152:
153:
154: <para>
155: A typical invocation of <command>dig</command> looks like:
156: <programlisting> dig @server name type </programlisting>
157: where:
158:
159: <variablelist>
160:
161: <varlistentry>
162: <term><constant>server</constant></term>
163: <listitem>
164: <para>
165: is the name or IP address of the name server to query. This
166: can be an IPv4 address in dotted-decimal notation or an IPv6
167: address in colon-delimited notation. When the supplied
168: <parameter>server</parameter> argument is a hostname,
169: <command>dig</command> resolves that name before querying
170: that name server.
171: </para>
172: <para>
173: If no <parameter>server</parameter> argument is
174: provided, <command>dig</command> consults
175: <filename>/etc/resolv.conf</filename>; if an
176: address is found there, it queries the name server at
177: that address. If either of the <option>-4</option> or
178: <option>-6</option> options are in use, then
179: only addresses for the corresponding transport
180: will be tried. If no usable addresses are found,
181: <command>dig</command> will send the query to the
182: local host. The reply from the name server that
183: responds is displayed.
184: </para>
185: </listitem>
186: </varlistentry>
187:
188: <varlistentry>
189: <term><constant>name</constant></term>
190: <listitem>
191: <para>
192: is the name of the resource record that is to be looked up.
193: </para>
194: </listitem>
195: </varlistentry>
196:
197: <varlistentry>
198: <term><constant>type</constant></term>
199: <listitem>
200: <para>
201: indicates what type of query is required —
202: ANY, A, MX, SIG, etc.
203: <parameter>type</parameter> can be any valid query
204: type. If no
205: <parameter>type</parameter> argument is supplied,
206: <command>dig</command> will perform a lookup for an
207: A record.
208: </para>
209: </listitem>
210: </varlistentry>
211:
212: </variablelist>
213: </para>
214:
215: </refsection>
216:
217: <refsection><info><title>OPTIONS</title></info>
218:
219:
220: <variablelist>
221: <varlistentry>
222: <term>-4</term>
223: <listitem>
224: <para>
225: Use IPv4 only.
226: </para>
227: </listitem>
228: </varlistentry>
229:
230: <varlistentry>
231: <term>-6</term>
232: <listitem>
233: <para>
234: Use IPv6 only.
235: </para>
236: </listitem>
237: </varlistentry>
238:
239: <varlistentry>
240: <term>-b <replaceable class="parameter">address<optional>#port</optional></replaceable></term>
241: <listitem>
242: <para>
243: Set the source IP address of the query.
244: The <parameter>address</parameter> must be a valid address on
245: one of the host's network interfaces, or "0.0.0.0" or "::". An
246: optional port may be specified by appending "#<port>"
247: </para>
248: </listitem>
249: </varlistentry>
250:
251: <varlistentry>
252: <term>-c <replaceable class="parameter">class</replaceable></term>
253: <listitem>
254: <para>
255: Set the query class. The
256: default <parameter>class</parameter> is IN; other classes
257: are HS for Hesiod records or CH for Chaosnet records.
258: </para>
259: </listitem>
260: </varlistentry>
261:
262: <varlistentry>
263: <term>-f <replaceable class="parameter">file</replaceable></term>
264: <listitem>
265: <para>
266: Batch mode: <command>dig</command> reads a list of lookup
267: requests to process from the
268: given <parameter>file</parameter>. Each line in the file
269: should be organized in the same way they would be
270: presented as queries to
271: <command>dig</command> using the command-line interface.
272: </para>
273: </listitem>
274: </varlistentry>
275:
276: <varlistentry>
277: <term>-k <replaceable class="parameter">keyfile</replaceable></term>
278: <listitem>
279: <para>
280: Sign queries using TSIG using a key read from the given file.
281: Key files can be generated using
282: <citerefentry>
283: <refentrytitle>tsig-keygen</refentrytitle><manvolnum>8</manvolnum>
284: </citerefentry>.
285: When using TSIG authentication with <command>dig</command>,
286: the name server that is queried needs to know the key and
287: algorithm that is being used. In BIND, this is done by
288: providing appropriate <command>key</command>
289: and <command>server</command> statements in
290: <filename>named.conf</filename>.
291: </para>
292: </listitem>
293: </varlistentry>
294:
295: <varlistentry>
296: <term>-m</term>
297: <listitem>
298: <para>
299: Enable memory usage debugging.
300: <!-- It enables ISC_MEM_DEBUGTRACE and ISC_MEM_DEBUGRECORD
301: documented in include/isc/mem.h -->
302: </para>
303: </listitem>
304: </varlistentry>
305:
306: <varlistentry>
307: <term>-p <replaceable class="parameter">port</replaceable></term>
308: <listitem>
309: <para>
310: Send the query to a non-standard port on the server,
311: instead of the default port 53. This option would be used
312: to test a name server that has been configured to listen
313: for queries on a non-standard port number.
314: </para>
315: </listitem>
316: </varlistentry>
317:
318: <varlistentry>
319: <term>-q <replaceable class="parameter">name</replaceable></term>
320: <listitem>
321: <para>
322: The domain name to query. This is useful to distinguish
323: the <parameter>name</parameter> from other arguments.
324: </para>
325: </listitem>
326: </varlistentry>
327:
328: <varlistentry>
329: <term>-r</term>
330: <listitem>
331: <para>
332: Do not read options from <filename>${HOME}/.digrc</filename>.
333: This is useful for scripts that need predictable behaviour.
334: </para>
335: </listitem>
336: </varlistentry>
337:
338: <varlistentry>
339: <term>-t <replaceable class="parameter">type</replaceable></term>
340: <listitem>
341: <para>
342: The resource record type to query. It can be any valid query
343: type. If it is a resource record type supported in BIND 9, it
344: can be given by the type mnemonic (such as "NS" or "AAAA").
345: The default query type is "A", unless the <option>-x</option>
346: option is supplied to indicate a reverse lookup. A zone
347: transfer can be requested by specifying a type of AXFR. When
348: an incremental zone transfer (IXFR) is required, set the
349: <parameter>type</parameter> to <literal>ixfr=N</literal>.
350: The incremental zone transfer will contain the changes
351: made to the zone since the serial number in the zone's SOA
352: record was
353: <parameter>N</parameter>.
354: </para>
355: <para>
356: All resource record types can be expressed as "TYPEnn", where
357: "nn" is the number of the type. If the resource record type is
358: not supported in BIND 9, the result will be displayed as
359: described in RFC 3597.
360: </para>
361: </listitem>
362: </varlistentry>
363:
364: <varlistentry>
365: <term>-u</term>
366: <listitem>
367: <para>
368: Print query times in microseconds instead of milliseconds.
369: </para>
370: </listitem>
371: </varlistentry>
372:
373: <varlistentry>
374: <term>-v</term>
375: <listitem>
376: <para>
377: Print the version number and exit.
378: </para>
379: </listitem>
380: </varlistentry>
381:
382: <varlistentry>
383: <term>-x <replaceable class="parameter">addr</replaceable></term>
384: <listitem>
385: <para>
386: Simplified reverse lookups, for mapping addresses to
387: names. The <parameter>addr</parameter> is an IPv4 address
388: in dotted-decimal notation, or a colon-delimited IPv6
389: address. When the <option>-x</option> is used, there is no
390: need to provide
391: the <parameter>name</parameter>, <parameter>class</parameter>
392: and <parameter>type</parameter>
393: arguments. <command>dig</command> automatically performs a
394: lookup for a name like
395: <literal>94.2.0.192.in-addr.arpa</literal> and sets the
396: query type and class to PTR and IN respectively. IPv6
397: addresses are looked up using nibble format under the
398: IP6.ARPA domain.
399: </para>
400: </listitem>
401: </varlistentry>
402:
403: <varlistentry>
404: <term>-y <replaceable class="parameter"><optional>hmac:</optional>keyname:secret</replaceable></term>
405: <listitem>
406: <para>
407: Sign queries using TSIG with the given authentication key.
408: <parameter>keyname</parameter> is the name of the key, and
409: <parameter>secret</parameter> is the base64 encoded shared secret.
410: <parameter>hmac</parameter> is the name of the key algorithm;
411: valid choices are <literal>hmac-md5</literal>,
412: <literal>hmac-sha1</literal>, <literal>hmac-sha224</literal>,
413: <literal>hmac-sha256</literal>, <literal>hmac-sha384</literal>, or
414: <literal>hmac-sha512</literal>. If <parameter>hmac</parameter>
415: is not specified, the default is <literal>hmac-md5</literal>
416: or if MD5 was disabled <literal>hmac-sha256</literal>.
417: </para>
418: <para>
419: NOTE: You should use the <option>-k</option> option and
420: avoid the <option>-y</option> option, because
421: with <option>-y</option> the shared secret is supplied as
422: a command line argument in clear text. This may be visible
423: in the output from
424: <citerefentry>
425: <refentrytitle>ps</refentrytitle><manvolnum>1</manvolnum>
426: </citerefentry>
427: or in a history file maintained by the user's shell.
428: </para>
429: </listitem>
430: </varlistentry>
431:
432: </variablelist>
433: </refsection>
434:
435: <refsection><info><title>QUERY OPTIONS</title></info>
436:
437:
438: <para><command>dig</command>
439: provides a number of query options which affect
440: the way in which lookups are made and the results displayed. Some of
441: these set or reset flag bits in the query header, some determine which
442: sections of the answer get printed, and others determine the timeout
443: and retry strategies.
444: </para>
445:
446: <para>
447: Each query option is identified by a keyword preceded by a plus sign
448: (<literal>+</literal>). Some keywords set or reset an
449: option. These may be preceded
450: by the string <literal>no</literal> to negate the meaning of
451: that keyword. Other
452: keywords assign values to options like the timeout interval. They
453: have the form <option>+keyword=value</option>.
454: Keywords may be abbreviated, provided the abbreviation is
455: unambiguous; for example, <literal>+cd</literal> is equivalent
456: to <literal>+cdflag</literal>.
457: The query options are:
458:
459: <variablelist>
460:
461: <varlistentry>
462: <term><option>+[no]aaflag</option></term>
463: <listitem>
464: <para>
465: A synonym for <parameter>+[no]aaonly</parameter>.
466: </para>
467: </listitem>
468: </varlistentry>
469:
470: <varlistentry>
471: <term><option>+[no]aaonly</option></term>
472: <listitem>
473: <para>
474: Sets the "aa" flag in the query.
475: </para>
476: </listitem>
477: </varlistentry>
478:
479: <varlistentry>
480: <term><option>+[no]additional</option></term>
481: <listitem>
482: <para>
483: Display [do not display] the additional section of a
484: reply. The default is to display it.
485: </para>
486: </listitem>
487: </varlistentry>
488:
489: <varlistentry>
490: <term><option>+[no]adflag</option></term>
491: <listitem>
492: <para>
493: Set [do not set] the AD (authentic data) bit in the
494: query. This requests the server to return whether
495: all of the answer and authority sections have all
496: been validated as secure according to the security
497: policy of the server. AD=1 indicates that all records
498: have been validated as secure and the answer is not
499: from a OPT-OUT range. AD=0 indicate that some part
500: of the answer was insecure or not validated. This
501: bit is set by default.
502: </para>
503: </listitem>
504: </varlistentry>
505:
506: <varlistentry>
507: <term><option>+[no]all</option></term>
508: <listitem>
509: <para>
510: Set or clear all display flags.
511: </para>
512: </listitem>
513: </varlistentry>
514:
515: <varlistentry>
516: <term><option>+[no]answer</option></term>
517: <listitem>
518: <para>
519: Display [do not display] the answer section of a
520: reply. The default is to display it.
521: </para>
522: </listitem>
523: </varlistentry>
524:
525: <varlistentry>
526: <term><option>+[no]authority</option></term>
527: <listitem>
528: <para>
529: Display [do not display] the authority section of a
530: reply. The default is to display it.
531: </para>
532: </listitem>
533: </varlistentry>
534:
535: <varlistentry>
536: <term><option>+[no]badcookie</option></term>
537: <listitem>
538: <para>
539: Retry lookup with the new server cookie if a
540: BADCOOKIE response is received.
541: </para>
542: </listitem>
543: </varlistentry>
544:
545: <varlistentry>
546: <term><option>+[no]besteffort</option></term>
547: <listitem>
548: <para>
549: Attempt to display the contents of messages which are
550: malformed. The default is to not display malformed
551: answers.
552: </para>
553: </listitem>
554: </varlistentry>
555:
556: <varlistentry>
557: <term><option>+bufsize=B</option></term>
558: <listitem>
559: <para>
560: Set the UDP message buffer size advertised using EDNS0
561: to <parameter>B</parameter> bytes. The maximum and
562: minimum sizes of this buffer are 65535 and 0 respectively.
563: Values outside this range are rounded up or down
564: appropriately. Values other than zero will cause a
565: EDNS query to be sent.
566: </para>
567: </listitem>
568: </varlistentry>
569:
570: <varlistentry>
571: <term><option>+[no]cdflag</option></term>
572: <listitem>
573: <para>
574: Set [do not set] the CD (checking disabled) bit in
575: the query. This requests the server to not perform
576: DNSSEC validation of responses.
577: </para>
578: </listitem>
579: </varlistentry>
580:
581: <varlistentry>
582: <term><option>+[no]class</option></term>
583: <listitem>
584: <para>
585: Display [do not display] the CLASS when printing the
586: record.
587: </para>
588: </listitem>
589: </varlistentry>
590:
591: <varlistentry>
592: <term><option>+[no]cmd</option></term>
593: <listitem>
594: <para>
595: Toggles the printing of the initial comment in the
1.1.1.3.2.3! martin 596: output, identifying the version of <command>dig</command>
! 597: and the query options that have been applied. This option
! 598: always has global effect; it cannot be set globally
! 599: and then overridden on a per-lookup basis. The default
! 600: is to print this comment.
1.1.1.3.2.2 christos 601: </para>
602: </listitem>
603: </varlistentry>
604:
605: <varlistentry>
606: <term><option>+[no]comments</option></term>
607: <listitem>
608: <para>
1.1.1.3.2.3! martin 609: Toggles the display of some comment lines in the output,
! 610: containing information about the packet header and
! 611: OPT pseudosection, and the names of the response
! 612: section. The default is to print these comments.
! 613: </para>
! 614: <para>
! 615: Other types of comments in the output are not affected by
! 616: this option, but can be controlled using other command
! 617: line switches. These include <command>+[no]cmd</command>,
! 618: <command>+[no]question</command>,
! 619: <command>+[no]stats</command>, and
! 620: <command>+[no]rrcomments</command>.
1.1.1.3.2.2 christos 621: </para>
622: </listitem>
623: </varlistentry>
624:
625: <varlistentry>
626: <term><option>+[no]cookie<optional>=####</optional></option></term>
627: <listitem>
628: <para>
629: Send a COOKIE EDNS option, with optional
630: value. Replaying a COOKIE from a previous response will
631: allow the server to identify a previous client. The
632: default is <option>+cookie</option>.
633: </para>
634: <para>
635: <command>+cookie</command> is also set when +trace
636: is set to better emulate the default queries from a
637: nameserver.
638: </para>
639: </listitem>
640: </varlistentry>
641:
642: <varlistentry>
643: <term><option>+[no]crypto</option></term>
644: <listitem>
645: <para>
646: Toggle the display of cryptographic fields in DNSSEC
647: records. The contents of these field are unnecessary
648: to debug most DNSSEC validation failures and removing
649: them makes it easier to see the common failures. The
650: default is to display the fields. When omitted they
651: are replaced by the string "[omitted]" or in the
652: DNSKEY case the key id is displayed as the replacement,
653: e.g. "[ key id = value ]".
654: </para>
655: </listitem>
656: </varlistentry>
657:
658: <varlistentry>
659: <term><option>+[no]defname</option></term>
660: <listitem>
661: <para>
662: Deprecated, treated as a synonym for
663: <parameter>+[no]search</parameter>
664: </para>
665: </listitem>
666: </varlistentry>
667:
668: <varlistentry>
669: <term><option>+[no]dnssec</option></term>
670: <listitem>
671: <para>
672: Requests DNSSEC records be sent by setting the DNSSEC
673: OK bit (DO) in the OPT record in the additional section
674: of the query.
675: </para>
676: </listitem>
677: </varlistentry>
678:
679: <varlistentry>
680: <term><option>+domain=somename</option></term>
681: <listitem>
682: <para>
683: Set the search list to contain the single domain
684: <parameter>somename</parameter>, as if specified in
685: a <command>domain</command> directive in
686: <filename>/etc/resolv.conf</filename>, and enable
687: search list processing as if the
688: <parameter>+search</parameter> option were given.
689: </para>
690: </listitem>
691: </varlistentry>
692:
693: <varlistentry>
694: <term><option>+dscp=value</option></term> <listitem>
695: <para>
696: Set the DSCP code point to be used when sending the
697: query. Valid DSCP code points are in the range
698: [0..63]. By default no code point is explicitly set.
699: </para>
700: </listitem>
701: </varlistentry>
702:
703: <varlistentry>
704: <term><option>+[no]edns[=#]</option></term>
705: <listitem>
706: <para>
707: Specify the EDNS version to query with. Valid values
708: are 0 to 255. Setting the EDNS version will cause
709: a EDNS query to be sent. <option>+noedns</option>
710: clears the remembered EDNS version. EDNS is set to
711: 0 by default.
712: </para>
713: </listitem>
714: </varlistentry>
715:
716: <varlistentry>
717: <term><option>+[no]ednsflags[=#]</option></term>
718: <listitem>
719: <para>
720: Set the must-be-zero EDNS flags bits (Z bits) to the
721: specified value. Decimal, hex and octal encodings are
722: accepted. Setting a named flag (e.g. DO) will silently be
723: ignored. By default, no Z bits are set.
724: </para>
725: </listitem>
726: </varlistentry>
727:
728: <varlistentry>
729: <term><option>+[no]ednsnegotiation</option></term>
730: <listitem>
731: <para>
732: Enable / disable EDNS version negotiation. By default
733: EDNS version negotiation is enabled.
734: </para>
735: </listitem>
736: </varlistentry>
737:
738: <varlistentry>
739: <term><option>+[no]ednsopt[=code[:value]]</option></term>
740: <listitem>
741: <para>
742: Specify EDNS option with code point <option>code</option>
743: and optionally payload of <option>value</option> as a
744: hexadecimal string. <option>code</option> can be
745: either an EDNS option name (for example,
746: <literal>NSID</literal> or <literal>ECS</literal>),
747: or an arbitrary numeric value. <option>+noednsopt</option>
748: clears the EDNS options to be sent.
749: </para>
750: </listitem>
751: </varlistentry>
752:
753: <varlistentry>
754: <term><option>+[no]expire</option></term>
755: <listitem>
756: <para>
757: Send an EDNS Expire option.
758: </para>
759: </listitem>
760: </varlistentry>
761:
762: <varlistentry>
763: <term><option>+[no]fail</option></term>
764: <listitem>
765: <para>
766: Do not try the next server if you receive a SERVFAIL.
767: The default is to not try the next server which is
768: the reverse of normal stub resolver behavior.
769: </para>
770: </listitem>
771: </varlistentry>
772:
773: <varlistentry>
774: <term><option>+[no]header-only</option></term>
775: <listitem>
776: <para>
777: Send a query with a DNS header without a question section.
778: The default is to add a question section. The query type
779: and query name are ignored when this is set.
780: </para>
781: </listitem>
782: </varlistentry>
783:
784: <varlistentry>
785: <term><option>+[no]identify</option></term>
786: <listitem>
787: <para>
788: Show [or do not show] the IP address and port number
789: that supplied the answer when the
790: <parameter>+short</parameter> option is enabled. If
791: short form answers are requested, the default is not
792: to show the source address and port number of the
793: server that provided the answer.
794: </para>
795: </listitem>
796: </varlistentry>
797:
798: <varlistentry>
799: <term><option>+[no]idnin</option></term>
800: <listitem>
801: <para>
802: Process [do not process] IDN domain names on input.
803: This requires IDN SUPPORT to have been enabled at
804: compile time.
805: </para>
806: <para>
807: The default is to process IDN input when standard output
808: is a tty. The IDN processing on input is disabled when
809: dig output is redirected to files, pipes, and other
810: non-tty file descriptors.
811: </para>
812: </listitem>
813: </varlistentry>
814:
815: <varlistentry>
816: <term><option>+[no]idnout</option></term>
817: <listitem>
818: <para>
819: Convert [do not convert] puny code on output.
820: This requires IDN SUPPORT to have been enabled at
821: compile time.
822: </para>
823: <para>
824: The default is to process puny code on output when
825: standard output is a tty. The puny code processing on
826: output is disabled when dig output is redirected to
827: files, pipes, and other non-tty file descriptors.
828: </para>
829: </listitem>
830: </varlistentry>
831:
832: <varlistentry>
833: <term><option>+[no]ignore</option></term>
834: <listitem>
835: <para>
836: Ignore truncation in UDP responses instead of retrying
837: with TCP. By default, TCP retries are performed.
838: </para>
839: </listitem>
840: </varlistentry>
841:
842: <varlistentry>
843: <term><option>+[no]keepalive</option></term>
844: <listitem>
845: <para>
846: Send [or do not send] an EDNS Keepalive option.
847: </para>
848: </listitem>
849: </varlistentry>
850:
851: <varlistentry>
852: <term><option>+[no]keepopen</option></term>
853: <listitem>
854: <para>
855: Keep the TCP socket open between queries and reuse
856: it rather than creating a new TCP socket for each
857: lookup. The default is <option>+nokeepopen</option>.
858: </para>
859: </listitem>
860: </varlistentry>
861:
862: <varlistentry>
863: <term><option>+[no]mapped</option></term>
864: <listitem>
865: <para>
866: Allow mapped IPv4 over IPv6 addresses to be used. The
867: default is <option>+mapped</option>.
868: </para>
869: </listitem>
870: </varlistentry>
871:
872: <varlistentry>
873: <term><option>+[no]multiline</option></term>
874: <listitem>
875: <para>
876: Print records like the SOA records in a verbose
877: multi-line format with human-readable comments. The
878: default is to print each record on a single line, to
879: facilitate machine parsing of the <command>dig</command>
880: output.
881: </para>
882: </listitem>
883: </varlistentry>
884:
885: <varlistentry>
886: <term><option>+ndots=D</option></term>
887: <listitem>
888: <para>
889: Set the number of dots that have to appear in
890: <parameter>name</parameter> to <parameter>D</parameter>
891: for it to be considered absolute. The default value
892: is that defined using the ndots statement in
893: <filename>/etc/resolv.conf</filename>, or 1 if no
894: ndots statement is present. Names with fewer dots
895: are interpreted as relative names and will be searched
896: for in the domains listed in the <option>search</option>
897: or <option>domain</option> directive in
898: <filename>/etc/resolv.conf</filename> if
899: <option>+search</option> is set.
900: </para>
901: </listitem>
902: </varlistentry>
903:
904: <varlistentry>
905: <term><option>+[no]nsid</option></term>
906: <listitem>
907: <para>
908: Include an EDNS name server ID request when sending
909: a query.
910: </para>
911: </listitem>
912: </varlistentry>
913:
914: <varlistentry>
915: <term><option>+[no]nssearch</option></term>
916: <listitem>
917: <para>
918: When this option is set, <command>dig</command>
919: attempts to find the authoritative name servers for
920: the zone containing the name being looked up and
921: display the SOA record that each name server has for
922: the zone. Addresses of servers that that did not
923: respond are also printed.
924: </para>
925: </listitem>
926: </varlistentry>
927:
928: <varlistentry>
929: <term><option>+[no]onesoa</option></term>
930: <listitem>
931: <para>
932: Print only one (starting) SOA record when performing
933: an AXFR. The default is to print both the starting
934: and ending SOA records.
935: </para>
936: </listitem>
937: </varlistentry>
938:
939: <varlistentry>
940: <term><option>+[no]opcode=value</option></term>
941: <listitem>
942: <para>
943: Set [restore] the DNS message opcode to the specified
944: value. The default value is QUERY (0).
945: </para>
946: </listitem>
947: </varlistentry>
948:
949: <varlistentry>
950: <term><option>+padding=value</option></term>
951: <listitem>
952: <para>
953: Pad the size of the query packet using the EDNS Padding option
954: to blocks of <parameter>value</parameter> bytes. For example,
955: <option>+padding=32</option> would cause a 48-byte query to
956: be padded to 64 bytes. The default block size is 0, which
957: disables padding. The maximum is 512. Values are
958: ordinarily expected to be powers of two, such as 128;
959: however, this is not mandatory. Responses to
960: padded queries may also be padded, but only if the query
961: uses TCP or DNS COOKIE.
962: </para>
963: </listitem>
964: </varlistentry>
965:
966: <varlistentry>
967: <term><option>+[no]qr</option></term>
968: <listitem>
969: <para>
1.1.1.3.2.3! martin 970: Toggles the display of the query message as it is sent.
! 971: By default, the query is not printed.
1.1.1.3.2.2 christos 972: </para>
973: </listitem>
974: </varlistentry>
975:
976: <varlistentry>
977: <term><option>+[no]question</option></term>
978: <listitem>
979: <para>
1.1.1.3.2.3! martin 980: Toggles the display of the question section of a query
1.1.1.3.2.2 christos 981: when an answer is returned. The default is to print
982: the question section as a comment.
983: </para>
984: </listitem>
985: </varlistentry>
986:
987: <varlistentry>
988: <term><option>+[no]raflag</option></term>
989: <listitem>
990: <para>
991: Set [do not set] the RA (Recursion Available) bit in
992: the query. The default is +noraflag. This bit should
993: be ignored by the server for QUERY.
994: </para>
995: </listitem>
996: </varlistentry>
997:
998: <varlistentry>
999: <term><option>+[no]rdflag</option></term>
1000: <listitem>
1001: <para>
1002: A synonym for <parameter>+[no]recurse</parameter>.
1003: </para>
1004: </listitem>
1005: </varlistentry>
1006:
1007: <varlistentry>
1008: <term><option>+[no]recurse</option></term>
1009: <listitem>
1010: <para>
1011: Toggle the setting of the RD (recursion desired) bit
1012: in the query. This bit is set by default, which means
1013: <command>dig</command> normally sends recursive
1014: queries. Recursion is automatically disabled when
1.1.1.3.2.3! martin 1015: using the <parameter>+nssearch</parameter> option, and
! 1016: when using <parameter>+trace</parameter> except for
! 1017: an initial recursive query to get the list of root
! 1018: servers.
1.1.1.3.2.2 christos 1019: </para>
1020: </listitem>
1021: </varlistentry>
1022:
1023: <varlistentry>
1024: <term><option>+retry=T</option></term>
1025: <listitem>
1026: <para>
1027: Sets the number of times to retry UDP queries to
1028: server to <parameter>T</parameter> instead of the
1029: default, 2. Unlike <parameter>+tries</parameter>,
1030: this does not include the initial query.
1031: </para>
1032: </listitem>
1033: </varlistentry>
1034:
1035: <varlistentry>
1036: <term><option>+[no]rrcomments</option></term>
1037: <listitem>
1038: <para>
1039: Toggle the display of per-record comments in the
1040: output (for example, human-readable key information
1041: about DNSKEY records). The default is not to print
1042: record comments unless multiline mode is active.
1043: </para>
1044: </listitem>
1045: </varlistentry>
1046:
1047: <varlistentry>
1048: <term><option>+[no]search</option></term>
1049: <listitem>
1050: <para>
1051: Use [do not use] the search list defined by the
1052: searchlist or domain directive in
1053: <filename>resolv.conf</filename> (if any). The search
1054: list is not used by default.
1055: </para>
1056: <para>
1057: 'ndots' from <filename>resolv.conf</filename> (default 1)
1058: which may be overridden by <parameter>+ndots</parameter>
1059: determines if the name will be treated as relative
1060: or not and hence whether a search is eventually
1061: performed or not.
1062: </para>
1063: </listitem>
1064: </varlistentry>
1065:
1066: <varlistentry>
1067: <term><option>+[no]short</option></term>
1068: <listitem>
1069: <para>
1070: Provide a terse answer. The default is to print the
1.1.1.3.2.3! martin 1071: answer in a verbose form. This option always has global
! 1072: effect; it cannot be set globally and then overridden on
! 1073: a per-lookup basis.
1.1.1.3.2.2 christos 1074: </para>
1075: </listitem>
1076: </varlistentry>
1077:
1078: <varlistentry>
1079: <term><option>+[no]showsearch</option></term>
1080: <listitem>
1081: <para>
1082: Perform [do not perform] a search showing intermediate
1083: results.
1084: </para>
1085: </listitem>
1086: </varlistentry>
1087:
1088: <varlistentry>
1089: <term><option>+[no]sigchase</option></term>
1090: <listitem>
1091: <para>
1092: This feature is now obsolete and has been removed;
1093: use <command>delv</command> instead.
1094: </para>
1095: </listitem>
1096: </varlistentry>
1097:
1098: <varlistentry>
1099: <term><option>+split=W</option></term>
1100: <listitem>
1101: <para>
1102: Split long hex- or base64-formatted fields in resource
1103: records into chunks of <parameter>W</parameter>
1104: characters (where <parameter>W</parameter> is rounded
1105: up to the nearest multiple of 4).
1106: <parameter>+nosplit</parameter> or
1107: <parameter>+split=0</parameter> causes fields not to
1108: be split at all. The default is 56 characters, or
1109: 44 characters when multiline mode is active.
1110: </para>
1111: </listitem>
1112: </varlistentry>
1113:
1114: <varlistentry>
1115: <term><option>+[no]stats</option></term>
1116: <listitem>
1117: <para>
1.1.1.3.2.3! martin 1118: Toggles the printing of statistics: when the query was made,
! 1119: the size of the reply and so on. The default behavior is to
! 1120: print the query statistics as a comment after each lookup.
1.1.1.3.2.2 christos 1121: </para>
1122: </listitem>
1123: </varlistentry>
1124:
1125: <varlistentry>
1126: <term><option>+[no]subnet=addr[/prefix-length]</option></term>
1127: <listitem>
1128: <para>
1129: Send (don't send) an EDNS Client Subnet option with the
1130: specified IP address or network prefix.
1131: </para>
1132: <para>
1133: <command>dig +subnet=0.0.0.0/0</command>, or simply
1134: <command>dig +subnet=0</command> for short, sends an EDNS
1135: CLIENT-SUBNET option with an empty address and a source
1136: prefix-length of zero, which signals a resolver that
1137: the client's address information must
1138: <emphasis>not</emphasis> be used when resolving
1139: this query.
1140: </para>
1141: </listitem>
1142: </varlistentry>
1143:
1144: <varlistentry>
1145: <term><option>+[no]tcflag</option></term>
1146: <listitem>
1147: <para>
1148: Set [do not set] the TC (TrunCation) bit in the query.
1149: The default is +notcflag. This bit should be ignored
1150: by the server for QUERY.
1151: </para>
1152: </listitem>
1153: </varlistentry>
1154:
1155: <varlistentry>
1156: <term><option>+[no]tcp</option></term>
1157: <listitem>
1158: <para>
1159: Use [do not use] TCP when querying name servers. The
1160: default behavior is to use UDP unless a type
1161: <literal>any</literal> or <literal>ixfr=N</literal>
1162: query is requested, in which case the default is TCP.
1163: AXFR queries always use TCP.
1164: </para>
1165: </listitem>
1166: </varlistentry>
1167:
1168: <varlistentry>
1169: <term><option>+timeout=T</option></term>
1170: <listitem>
1171: <para>
1172:
1173: Sets the timeout for a query to
1174: <parameter>T</parameter> seconds. The default
1175: timeout is 5 seconds.
1176: An attempt to set <parameter>T</parameter> to less
1177: than 1 will result
1178: in a query timeout of 1 second being applied.
1179: </para>
1180: </listitem>
1181: </varlistentry>
1182:
1183: <varlistentry>
1184: <term><option>+[no]topdown</option></term>
1185: <listitem>
1186: <para>
1187: This feature is related to <command>dig +sigchase</command>,
1188: which is obsolete and has been removed. Use
1189: <command>delv</command> instead.
1190: </para>
1191: </listitem>
1192: </varlistentry>
1193:
1194: <varlistentry>
1195: <term><option>+[no]trace</option></term>
1196: <listitem>
1197: <para>
1198: Toggle tracing of the delegation path from the root
1199: name servers for the name being looked up. Tracing
1200: is disabled by default. When tracing is enabled,
1201: <command>dig</command> makes iterative queries to
1202: resolve the name being looked up. It will follow
1203: referrals from the root servers, showing the answer
1204: from each server that was used to resolve the lookup.
1205: </para> <para>
1206: If @server is also specified, it affects only the
1207: initial query for the root zone name servers.
1208: </para> <para>
1209: <command>+dnssec</command> is also set when +trace
1210: is set to better emulate the default queries from a
1211: nameserver.
1212: </para>
1213: </listitem>
1214: </varlistentry>
1215:
1216: <varlistentry>
1217: <term><option>+tries=T</option></term>
1218: <listitem>
1219: <para>
1220: Sets the number of times to try UDP queries to server
1221: to <parameter>T</parameter> instead of the default,
1222: 3. If <parameter>T</parameter> is less than or equal
1223: to zero, the number of tries is silently rounded up
1224: to 1.
1225: </para>
1226: </listitem>
1227: </varlistentry>
1228:
1229: <varlistentry>
1230: <term><option>+trusted-key=####</option></term>
1231: <listitem>
1232: <para>
1233: Formerly specified trusted keys for use with
1234: <command>dig +sigchase</command>. This feature is now
1235: obsolete and has been removed; use
1236: <command>delv</command> instead.
1237: </para>
1238: </listitem>
1239: </varlistentry>
1240:
1241: <varlistentry>
1242: <term><option>+[no]ttlid</option></term>
1243: <listitem>
1244: <para>
1245: Display [do not display] the TTL when printing the
1246: record.
1247: </para>
1248: </listitem>
1249: </varlistentry>
1250:
1251: <varlistentry>
1252: <term><option>+[no]ttlunits</option></term>
1253: <listitem>
1254: <para>
1255: Display [do not display] the TTL in friendly human-readable
1256: time units of "s", "m", "h", "d", and "w", representing
1257: seconds, minutes, hours, days and weeks. Implies +ttlid.
1258: </para>
1259: </listitem>
1260: </varlistentry>
1261:
1262: <varlistentry>
1263: <term><option>+[no]unknownformat</option></term>
1264: <listitem>
1265: <para>
1266: Print all RDATA in unknown RR type presentation format
1267: (RFC 3597). The default is to print RDATA for known types
1268: in the type's presentation format.
1269: </para>
1270: </listitem>
1271: </varlistentry>
1272:
1273: <varlistentry>
1274: <term><option>+[no]vc</option></term>
1275: <listitem>
1276: <para>
1277: Use [do not use] TCP when querying name servers. This
1278: alternate syntax to <parameter>+[no]tcp</parameter>
1279: is provided for backwards compatibility. The "vc"
1280: stands for "virtual circuit".
1281: </para>
1282: </listitem>
1283: </varlistentry>
1284:
1285: <varlistentry>
1286: <term><option>+[no]zflag</option></term>
1287: <listitem>
1288: <para>
1289: Set [do not set] the last unassigned DNS header flag in a
1290: DNS query. This flag is off by default.
1291: </para>
1292: </listitem>
1293: </varlistentry>
1294:
1295: </variablelist>
1296:
1297: </para>
1298: </refsection>
1299:
1300: <refsection><info><title>MULTIPLE QUERIES</title></info>
1301:
1302:
1303: <para>
1304: The BIND 9 implementation of <command>dig </command>
1305: supports
1306: specifying multiple queries on the command line (in addition to
1307: supporting the <option>-f</option> batch file option). Each of those
1308: queries can be supplied with its own set of flags, options and query
1309: options.
1310: </para>
1311:
1312: <para>
1313: In this case, each <parameter>query</parameter> argument
1314: represent an
1315: individual query in the command-line syntax described above. Each
1316: consists of any of the standard options and flags, the name to be
1317: looked up, an optional query type and class and any query options that
1318: should be applied to that query.
1319: </para>
1320:
1321: <para>
1322: A global set of query options, which should be applied to all queries,
1323: can also be supplied. These global query options must precede the
1324: first tuple of name, class, type, options, flags, and query options
1325: supplied on the command line. Any global query options (except
1326: <option>+[no]cmd</option> and <option>+[no]short</option> options)
1327: can be overridden by a query-specific set of query options.
1328: For example:
1329: <programlisting>
1330: dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
1331: </programlisting>
1332: shows how <command>dig</command> could be used from the
1333: command line
1334: to make three lookups: an ANY query for <literal>www.isc.org</literal>, a
1335: reverse lookup of 127.0.0.1 and a query for the NS records of
1336: <literal>isc.org</literal>.
1337:
1338: A global query option of <parameter>+qr</parameter> is
1339: applied, so
1340: that <command>dig</command> shows the initial query it made
1341: for each
1342: lookup. The final query has a local query option of
1343: <parameter>+noqr</parameter> which means that <command>dig</command>
1344: will not print the initial query when it looks up the NS records for
1345: <literal>isc.org</literal>.
1346: </para>
1347:
1348: </refsection>
1349:
1350: <refsection><info><title>IDN SUPPORT</title></info>
1351:
1352: <para>
1353: If <command>dig</command> has been built with IDN (internationalized
1354: domain name) support, it can accept and display non-ASCII domain names.
1355: <command>dig</command> appropriately converts character encoding of
1356: domain name before sending a request to DNS server or displaying a
1357: reply from the server.
1358: If you'd like to turn off the IDN support for some reason, use
1359: parameters <parameter>+noidnin</parameter> and
1360: <parameter>+noidnout</parameter> or define
1361: the <envar>IDN_DISABLE</envar> environment variable.
1362:
1363: </para>
1364: </refsection>
1365:
1366: <refsection><info><title>FILES</title></info>
1367:
1368: <para><filename>/etc/resolv.conf</filename>
1369: </para>
1370: <para><filename>${HOME}/.digrc</filename>
1371: </para>
1372: </refsection>
1373:
1374: <refsection><info><title>SEE ALSO</title></info>
1375:
1376: <para><citerefentry>
1377: <refentrytitle>delv</refentrytitle><manvolnum>1</manvolnum>
1378: </citerefentry>,
1379: <citerefentry>
1380: <refentrytitle>host</refentrytitle><manvolnum>1</manvolnum>
1381: </citerefentry>,
1382: <citerefentry>
1383: <refentrytitle>named</refentrytitle><manvolnum>8</manvolnum>
1384: </citerefentry>,
1385: <citerefentry>
1386: <refentrytitle>dnssec-keygen</refentrytitle><manvolnum>8</manvolnum>
1387: </citerefentry>,
1388: <citetitle>RFC 1035</citetitle>.
1389: </para>
1390: </refsection>
1391:
1392: <refsection><info><title>BUGS</title></info>
1393:
1394: <para>
1395: There are probably too many query options.
1396: </para>
1397: </refsection>
1398:
1399: </refentry>
CVSweb <webmaster@jp.NetBSD.org>