dig.html 39.1 KB
Newer Older
1
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
Andreas Gustafsson's avatar
Andreas Gustafsson committed
2
<!--
Tinderbox User's avatar
Tinderbox User committed
3
 - Copyright (C) 2000-2011, 2013-2017 Internet Systems Consortium, Inc. ("ISC")
Rob Austein's avatar
regen    
Rob Austein committed
4
 - 
Tinderbox User's avatar
Tinderbox User committed
5
6
7
 - This Source Code Form is subject to the terms of the Mozilla Public
 - License, v. 2.0. If a copy of the MPL was not distributed with this
 - file, You can obtain one at http://mozilla.org/MPL/2.0/.
Andreas Gustafsson's avatar
Andreas Gustafsson committed
8
-->
9
<html lang="en">
Rob Austein's avatar
regen    
Rob Austein committed
10
11
12
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>dig</title>
Tinderbox User's avatar
Tinderbox User committed
13
<meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
Rob Austein's avatar
regen    
Rob Austein committed
14
</head>
Tinderbox User's avatar
Tinderbox User committed
15
<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry">
Mark Andrews's avatar
gregen    
Mark Andrews committed
16
<a name="man.dig"></a><div class="titlepage"></div>
Tinderbox User's avatar
Tinderbox User committed
17
18
19
20
21
22
  
  

  

  <div class="refnamediv">
Rob Austein's avatar
regen    
Rob Austein committed
23
<h2>Name</h2>
Tinderbox User's avatar
Tinderbox User committed
24
25
26
27
<p>
    dig
     &#8212; DNS lookup utility
  </p>
Rob Austein's avatar
regen    
Rob Austein committed
28
</div>
Tinderbox User's avatar
Tinderbox User committed
29
30
31
32

  

  <div class="refsynopsisdiv">
Rob Austein's avatar
regen    
Rob Austein committed
33
<h2>Synopsis</h2>
Tinderbox User's avatar
Tinderbox User committed
34
35
36
37
38
39
40
41
42
43
44
45
46
47
    <div class="cmdsynopsis"><p>
      <code class="command">dig</code> 
       [@server]
       [<code class="option">-b <em class="replaceable"><code>address</code></em></code>]
       [<code class="option">-c <em class="replaceable"><code>class</code></em></code>]
       [<code class="option">-f <em class="replaceable"><code>filename</code></em></code>]
       [<code class="option">-k <em class="replaceable"><code>filename</code></em></code>]
       [<code class="option">-m</code>]
       [<code class="option">-p <em class="replaceable"><code>port#</code></em></code>]
       [<code class="option">-q <em class="replaceable"><code>name</code></em></code>]
       [<code class="option">-t <em class="replaceable"><code>type</code></em></code>]
       [<code class="option">-v</code>]
       [<code class="option">-x <em class="replaceable"><code>addr</code></em></code>]
       [<code class="option">-y <em class="replaceable"><code>[<span class="optional">hmac:</span>]name:key</code></em></code>]
Tinderbox User's avatar
Tinderbox User committed
48
49
50
51
       [
	[<code class="option">-4</code>]
	 |  [<code class="option">-6</code>]
      ]
Tinderbox User's avatar
Tinderbox User committed
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
       [name]
       [type]
       [class]
       [queryopt...]
    </p></div>

    <div class="cmdsynopsis"><p>
      <code class="command">dig</code> 
       [<code class="option">-h</code>]
    </p></div>

    <div class="cmdsynopsis"><p>
      <code class="command">dig</code> 
       [global-queryopt...]
       [query...]
    </p></div>
  </div>

  <div class="refsection">
Tinderbox User's avatar
Tinderbox User committed
71
<a name="id-1.7"></a><h2>DESCRIPTION</h2>
Tinderbox User's avatar
Tinderbox User committed
72
73

    <p><span class="command"><strong>dig</strong></span> is a flexible tool
Rob Austein's avatar
regen    
Rob Austein committed
74
75
      for interrogating DNS name servers.  It performs DNS lookups and
      displays the answers that are returned from the name server(s) that
Tinderbox User's avatar
Tinderbox User committed
76
      were queried.  Most DNS administrators use <span class="command"><strong>dig</strong></span> to
Rob Austein's avatar
regen    
Rob Austein committed
77
78
      troubleshoot DNS problems because of its flexibility, ease of use and
      clarity of output.  Other lookup tools tend to have less functionality
Tinderbox User's avatar
Tinderbox User committed
79
      than <span class="command"><strong>dig</strong></span>.
Rob Austein's avatar
regen    
Rob Austein committed
80
    </p>
Tinderbox User's avatar
Tinderbox User committed
81
82

    <p>
Tinderbox User's avatar
Tinderbox User committed
83
      Although <span class="command"><strong>dig</strong></span> is normally used with
Rob Austein's avatar
regen    
Rob Austein committed
84
85
86
87
      command-line
      arguments, it also has a batch mode of operation for reading lookup
      requests from a file.  A brief summary of its command-line arguments
      and options is printed when the <code class="option">-h</code> option is given.
Mark Andrews's avatar
regen    
Mark Andrews committed
88
      Unlike earlier versions, the BIND 9 implementation of
Tinderbox User's avatar
Tinderbox User committed
89
      <span class="command"><strong>dig</strong></span> allows multiple lookups to be issued
Rob Austein's avatar
regen    
Rob Austein committed
90
91
92
      from the
      command line.
    </p>
Tinderbox User's avatar
Tinderbox User committed
93
94

    <p>
Rob Austein's avatar
regen    
Rob Austein committed
95
      Unless it is told to query a specific name server,
Tinderbox User's avatar
Tinderbox User committed
96
      <span class="command"><strong>dig</strong></span> will try each of the servers listed in
Tinderbox User's avatar
Tinderbox User committed
97
      <code class="filename">/etc/resolv.conf</code>. If no usable server addresses
Tinderbox User's avatar
Tinderbox User committed
98
      are found, <span class="command"><strong>dig</strong></span> will send the query to the local
Tinderbox User's avatar
Tinderbox User committed
99
      host.
Rob Austein's avatar
regen    
Rob Austein committed
100
    </p>
Tinderbox User's avatar
Tinderbox User committed
101
102

    <p>
Automatic Updater's avatar
regen    
Automatic Updater committed
103
      When no command line arguments or options are given,
Tinderbox User's avatar
Tinderbox User committed
104
      <span class="command"><strong>dig</strong></span> will perform an NS query for "." (the root).
Rob Austein's avatar
regen    
Rob Austein committed
105
    </p>
Tinderbox User's avatar
Tinderbox User committed
106
107

    <p>
Tinderbox User's avatar
Tinderbox User committed
108
      It is possible to set per-user defaults for <span class="command"><strong>dig</strong></span> via
Rob Austein's avatar
regen    
Rob Austein committed
109
110
111
112
      <code class="filename">${HOME}/.digrc</code>.  This file is read and
      any options in it
      are applied before the command line arguments.
    </p>
Tinderbox User's avatar
Tinderbox User committed
113
114

    <p>
Mark Andrews's avatar
regen    
Mark Andrews committed
115
      The IN and CH class names overlap with the IN and CH top level
Tinderbox User's avatar
Tinderbox User committed
116
      domain names.  Either use the <code class="option">-t</code> and
Tinderbox User's avatar
Tinderbox User committed
117
      <code class="option">-c</code> options to specify the type and class,
Automatic Updater's avatar
regen    
Automatic Updater committed
118
      use the <code class="option">-q</code> the specify the domain name, or
Mark Andrews's avatar
regen    
Mark Andrews committed
119
120
      use "IN." and "CH." when looking up these top level domains.
    </p>
Tinderbox User's avatar
Tinderbox User committed
121
122
123
124

  </div>

  <div class="refsection">
Tinderbox User's avatar
Tinderbox User committed
125
<a name="id-1.8"></a><h2>SIMPLE USAGE</h2>
Tinderbox User's avatar
Tinderbox User committed
126
127
128


    <p>
Tinderbox User's avatar
Tinderbox User committed
129
      A typical invocation of <span class="command"><strong>dig</strong></span> looks like:
Rob Austein's avatar
regen    
Rob Austein committed
130
131
132
133
      </p>
<pre class="programlisting"> dig @server name type </pre>
<p>
      where:
Mark Andrews's avatar
regen    
Mark Andrews committed
134

Rob Austein's avatar
regen    
Rob Austein committed
135
      </p>
Tinderbox User's avatar
Tinderbox User committed
136
<div class="variablelist"><dl class="variablelist">
Rob Austein's avatar
regen    
Rob Austein committed
137
<dt><span class="term"><code class="constant">server</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
138
<dd>
Tinderbox User's avatar
Tinderbox User committed
139
	    <p>
Tinderbox User's avatar
Tinderbox User committed
140
141
142
143
	      is the name or IP address of the name server to query.  This
	      can be an IPv4 address in dotted-decimal notation or an IPv6
	      address in colon-delimited notation.  When the supplied
	      <em class="parameter"><code>server</code></em> argument is a hostname,
Tinderbox User's avatar
Tinderbox User committed
144
	      <span class="command"><strong>dig</strong></span> resolves that name before querying
Tinderbox User's avatar
Tinderbox User committed
145
146
	      that name server.
	    </p>
Tinderbox User's avatar
Tinderbox User committed
147
	    <p>
Tinderbox User's avatar
Tinderbox User committed
148
	      If no <em class="parameter"><code>server</code></em> argument is
Tinderbox User's avatar
Tinderbox User committed
149
	      provided, <span class="command"><strong>dig</strong></span> consults
Tinderbox User's avatar
Tinderbox User committed
150
151
152
153
154
155
	      <code class="filename">/etc/resolv.conf</code>; if an
	      address is found there, it queries the name server at
	      that address. If either of the <code class="option">-4</code> or
	      <code class="option">-6</code> options are in use, then
	      only addresses for the corresponding transport
	      will be tried.  If no usable addresses are found,
Tinderbox User's avatar
Tinderbox User committed
156
	      <span class="command"><strong>dig</strong></span> will send the query to the
Tinderbox User's avatar
Tinderbox User committed
157
158
159
	      local host.  The reply from the name server that
	      responds is displayed.
	    </p>
Tinderbox User's avatar
Tinderbox User committed
160
	  </dd>
Rob Austein's avatar
regen    
Rob Austein committed
161
<dt><span class="term"><code class="constant">name</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
162
163
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
164
	      is the name of the resource record that is to be looked up.
Tinderbox User's avatar
Tinderbox User committed
165
166
	    </p>
	  </dd>
Rob Austein's avatar
regen    
Rob Austein committed
167
<dt><span class="term"><code class="constant">type</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
168
169
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
170
171
172
173
174
	      indicates what type of query is required &#8212;
	      ANY, A, MX, SIG, etc.
	      <em class="parameter"><code>type</code></em> can be any valid query
	      type.  If no
	      <em class="parameter"><code>type</code></em> argument is supplied,
Tinderbox User's avatar
Tinderbox User committed
175
	      <span class="command"><strong>dig</strong></span> will perform a lookup for an
Tinderbox User's avatar
Tinderbox User committed
176
	      A record.
Tinderbox User's avatar
Tinderbox User committed
177
178
	    </p>
	  </dd>
Rob Austein's avatar
regen    
Rob Austein committed
179
180
181
</dl></div>
<p>
    </p>
Tinderbox User's avatar
Tinderbox User committed
182
183
184
185

  </div>

  <div class="refsection">
Tinderbox User's avatar
Tinderbox User committed
186
<a name="id-1.9"></a><h2>OPTIONS</h2>
Tinderbox User's avatar
Tinderbox User committed
187
188
189


    <div class="variablelist"><dl class="variablelist">
Tinderbox User's avatar
Tinderbox User committed
190
<dt><span class="term">-4</span></dt>
Tinderbox User's avatar
Tinderbox User committed
191
192
<dd>
	  <p>
Tinderbox User's avatar
Tinderbox User committed
193
	    Use IPv4 only.
Tinderbox User's avatar
Tinderbox User committed
194
195
	  </p>
	</dd>
Tinderbox User's avatar
Tinderbox User committed
196
<dt><span class="term">-6</span></dt>
Tinderbox User's avatar
Tinderbox User committed
197
198
<dd>
	  <p>
Tinderbox User's avatar
Tinderbox User committed
199
	    Use IPv6 only.
Tinderbox User's avatar
Tinderbox User committed
200
201
	  </p>
	</dd>
Tinderbox User's avatar
Tinderbox User committed
202
<dt><span class="term">-b <em class="replaceable"><code>address[<span class="optional">#port</span>]</code></em></span></dt>
Tinderbox User's avatar
Tinderbox User committed
203
204
<dd>
	  <p>
Tinderbox User's avatar
Tinderbox User committed
205
206
207
208
	    Set the source IP address of the query.
	    The <em class="parameter"><code>address</code></em> must be a valid address on
	    one of the host's network interfaces, or "0.0.0.0" or "::". An
	    optional port may be specified by appending "#&lt;port&gt;"
Tinderbox User's avatar
Tinderbox User committed
209
210
	  </p>
	</dd>
Tinderbox User's avatar
Tinderbox User committed
211
<dt><span class="term">-c <em class="replaceable"><code>class</code></em></span></dt>
Tinderbox User's avatar
Tinderbox User committed
212
213
<dd>
	  <p>
Tinderbox User's avatar
Tinderbox User committed
214
215
216
	    Set the query class. The
	    default <em class="parameter"><code>class</code></em> is IN; other classes
	    are HS for Hesiod records or CH for Chaosnet records.
Tinderbox User's avatar
Tinderbox User committed
217
218
	  </p>
	</dd>
Tinderbox User's avatar
Tinderbox User committed
219
<dt><span class="term">-f <em class="replaceable"><code>file</code></em></span></dt>
Tinderbox User's avatar
Tinderbox User committed
220
221
<dd>
	  <p>
Tinderbox User's avatar
Tinderbox User committed
222
	    Batch mode: <span class="command"><strong>dig</strong></span> reads a list of lookup
Tinderbox User's avatar
Tinderbox User committed
223
224
225
226
	    requests to process from the
	    given <em class="parameter"><code>file</code></em>. Each line in the file
	    should be organized in the same way they would be
	    presented as queries to
Tinderbox User's avatar
Tinderbox User committed
227
	    <span class="command"><strong>dig</strong></span> using the command-line interface.
Tinderbox User's avatar
Tinderbox User committed
228
229
	  </p>
	</dd>
Tinderbox User's avatar
Tinderbox User committed
230
<dt><span class="term">-i</span></dt>
Tinderbox User's avatar
Tinderbox User committed
231
232
<dd>
	  <p>
Tinderbox User's avatar
Tinderbox User committed
233
234
235
	    Do reverse IPv6 lookups using the obsolete RFC1886 IP6.INT
	    domain, which is no longer in use. Obsolete bit string
	    label queries (RFC2874) are not attempted.
Tinderbox User's avatar
Tinderbox User committed
236
237
	  </p>
	</dd>
Tinderbox User's avatar
Tinderbox User committed
238
<dt><span class="term">-k <em class="replaceable"><code>keyfile</code></em></span></dt>
Tinderbox User's avatar
Tinderbox User committed
239
240
<dd>
	  <p>
Tinderbox User's avatar
Tinderbox User committed
241
242
	    Sign queries using TSIG using a key read from the given file.
	    Key files can be generated using
Tinderbox User's avatar
Tinderbox User committed
243
244
245
	    <span class="citerefentry">
	      <span class="refentrytitle">tsig-keygen</span>(8)
	    </span>.
Tinderbox User's avatar
Tinderbox User committed
246
	    When using TSIG authentication with <span class="command"><strong>dig</strong></span>,
Tinderbox User's avatar
Tinderbox User committed
247
248
	    the name server that is queried needs to know the key and
	    algorithm that is being used. In BIND, this is done by
Tinderbox User's avatar
Tinderbox User committed
249
250
	    providing appropriate <span class="command"><strong>key</strong></span>
	    and <span class="command"><strong>server</strong></span> statements in
Tinderbox User's avatar
Tinderbox User committed
251
	    <code class="filename">named.conf</code>.
Tinderbox User's avatar
Tinderbox User committed
252
253
	  </p>
	</dd>
Tinderbox User's avatar
Tinderbox User committed
254
<dt><span class="term">-m</span></dt>
Tinderbox User's avatar
Tinderbox User committed
255
256
<dd>
	  <p>
Tinderbox User's avatar
Tinderbox User committed
257
258
	    Enable memory usage debugging.
	    
Tinderbox User's avatar
Tinderbox User committed
259
260
	  </p>
	</dd>
Tinderbox User's avatar
Tinderbox User committed
261
<dt><span class="term">-p <em class="replaceable"><code>port</code></em></span></dt>
Tinderbox User's avatar
Tinderbox User committed
262
263
<dd>
	  <p>
Tinderbox User's avatar
Tinderbox User committed
264
	    Send the query to a non-standard port on the server,
Tinderbox User's avatar
Tinderbox User committed
265
	    instead of the default port 53. This option would be used
Tinderbox User's avatar
Tinderbox User committed
266
267
	    to test a name server that has been configured to listen
	    for queries on a non-standard port number.
Tinderbox User's avatar
Tinderbox User committed
268
269
	  </p>
	</dd>
Tinderbox User's avatar
Tinderbox User committed
270
<dt><span class="term">-q <em class="replaceable"><code>name</code></em></span></dt>
Tinderbox User's avatar
Tinderbox User committed
271
272
<dd>
	  <p>
Tinderbox User's avatar
Tinderbox User committed
273
274
	    The domain name to query. This is useful to distinguish
	    the <em class="parameter"><code>name</code></em> from other arguments.
Tinderbox User's avatar
Tinderbox User committed
275
276
	  </p>
	</dd>
Tinderbox User's avatar
Tinderbox User committed
277
<dt><span class="term">-t <em class="replaceable"><code>type</code></em></span></dt>
Tinderbox User's avatar
Tinderbox User committed
278
279
<dd>
	  <p>
Tinderbox User's avatar
Tinderbox User committed
280
281
282
283
284
285
286
287
288
289
290
	    The resource record type to query. It can be any valid query type
	    which is
	    supported in BIND 9.  The default query type is "A", unless the
	    <code class="option">-x</code> option is supplied to indicate a reverse lookup.
	    A zone transfer can be requested by specifying a type of AXFR.  When
	    an incremental zone transfer (IXFR) is required, set the
	    <em class="parameter"><code>type</code></em> to <code class="literal">ixfr=N</code>.
	    The incremental zone transfer will contain the changes
	    made to the zone since the serial number in the zone's SOA
	    record was
	    <em class="parameter"><code>N</code></em>.
Tinderbox User's avatar
Tinderbox User committed
291
292
	  </p>
	</dd>
Tinderbox User's avatar
Tinderbox User committed
293
<dt><span class="term">-v</span></dt>
Tinderbox User's avatar
Tinderbox User committed
294
295
<dd>
	  <p>
Tinderbox User's avatar
Tinderbox User committed
296
	    Print the version number and exit.
Tinderbox User's avatar
Tinderbox User committed
297
298
	  </p>
	</dd>
Tinderbox User's avatar
Tinderbox User committed
299
<dt><span class="term">-x <em class="replaceable"><code>addr</code></em></span></dt>
Tinderbox User's avatar
Tinderbox User committed
300
301
<dd>
	  <p>
Tinderbox User's avatar
Tinderbox User committed
302
303
304
305
306
307
308
	    Simplified reverse lookups, for mapping addresses to
	    names. The <em class="parameter"><code>addr</code></em> is an IPv4 address
	    in dotted-decimal notation, or a colon-delimited IPv6
	    address. When the <code class="option">-x</code> is used, there is no
	    need to provide
	    the <em class="parameter"><code>name</code></em>, <em class="parameter"><code>class</code></em>
	    and <em class="parameter"><code>type</code></em>
Tinderbox User's avatar
Tinderbox User committed
309
	    arguments. <span class="command"><strong>dig</strong></span> automatically performs a
Tinderbox User's avatar
Tinderbox User committed
310
311
312
313
314
315
	    lookup for a name like
	    <code class="literal">94.2.0.192.in-addr.arpa</code> and sets the
	    query type and class to PTR and IN respectively. IPv6
	    addresses are looked up using nibble format under the
	    IP6.ARPA domain (but see also the <code class="option">-i</code>
	    option).
Tinderbox User's avatar
Tinderbox User committed
316
317
	  </p>
	</dd>
Tinderbox User's avatar
Tinderbox User committed
318
319
<dt><span class="term">-y <em class="replaceable"><code>[<span class="optional">hmac:</span>]keyname:secret</code></em></span></dt>
<dd>
Tinderbox User's avatar
Tinderbox User committed
320
	  <p>
Tinderbox User's avatar
Tinderbox User committed
321
322
323
324
325
326
327
328
	    Sign queries using TSIG with the given authentication key.
	    <em class="parameter"><code>keyname</code></em> is the name of the key, and
	    <em class="parameter"><code>secret</code></em> is the base64 encoded shared secret.
	    <em class="parameter"><code>hmac</code></em> is the name of the key algorithm;
	    valid choices are <code class="literal">hmac-md5</code>,
	    <code class="literal">hmac-sha1</code>, <code class="literal">hmac-sha224</code>,
	    <code class="literal">hmac-sha256</code>, <code class="literal">hmac-sha384</code>, or
	    <code class="literal">hmac-sha512</code>.  If <em class="parameter"><code>hmac</code></em>
Tinderbox User's avatar
Tinderbox User committed
329
330
	    is not specified, the default is <code class="literal">hmac-md5</code>
	    or if MD5 was disabled <code class="literal">hmac-sha256</code>.
Tinderbox User's avatar
Tinderbox User committed
331
	  </p>
Tinderbox User's avatar
Tinderbox User committed
332
	  <p>
Tinderbox User's avatar
Tinderbox User committed
333
334
335
336
337
	    NOTE: You should use the <code class="option">-k</code> option and
	    avoid the <code class="option">-y</code> option, because
	    with <code class="option">-y</code> the shared secret is supplied as
	    a command line argument in clear text. This may be visible
	    in the output from
Tinderbox User's avatar
Tinderbox User committed
338
339
340
	    <span class="citerefentry">
	      <span class="refentrytitle">ps</span>(1)
	    </span>
Tinderbox User's avatar
Tinderbox User committed
341
342
	    or in a history file maintained by the user's shell.
	  </p>
Tinderbox User's avatar
Tinderbox User committed
343
	</dd>
Tinderbox User's avatar
Tinderbox User committed
344
</dl></div>
Tinderbox User's avatar
Tinderbox User committed
345
346
347
  </div>

  <div class="refsection">
Tinderbox User's avatar
Tinderbox User committed
348
<a name="id-1.10"></a><h2>QUERY OPTIONS</h2>
Tinderbox User's avatar
Tinderbox User committed
349
350
351


    <p><span class="command"><strong>dig</strong></span>
Rob Austein's avatar
regen    
Rob Austein committed
352
353
354
355
356
357
      provides a number of query options which affect
      the way in which lookups are made and the results displayed.  Some of
      these set or reset flag bits in the query header, some determine which
      sections of the answer get printed, and others determine the timeout
      and retry strategies.
    </p>
Tinderbox User's avatar
Tinderbox User committed
358
359

    <p>
Rob Austein's avatar
regen    
Rob Austein committed
360
361
362
363
364
365
366
      Each query option is identified by a keyword preceded by a plus sign
      (<code class="literal">+</code>).  Some keywords set or reset an
      option.  These may be preceded
      by the string <code class="literal">no</code> to negate the meaning of
      that keyword.  Other
      keywords assign values to options like the timeout interval.  They
      have the form <code class="option">+keyword=value</code>.
Tinderbox User's avatar
Tinderbox User committed
367
368
369
      Keywords may be abbreviated, provided the abbreviation is
      unambiguous; for example, <code class="literal">+cd</code> is equivalent
      to <code class="literal">+cdflag</code>.
Rob Austein's avatar
regen    
Rob Austein committed
370
      The query options are:
Andreas Gustafsson's avatar
Andreas Gustafsson committed
371

Rob Austein's avatar
regen    
Rob Austein committed
372
      </p>
Tinderbox User's avatar
Tinderbox User committed
373
<div class="variablelist"><dl class="variablelist">
Tinderbox User's avatar
Tinderbox User committed
374
<dt><span class="term"><code class="option">+[no]aaflag</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
375
376
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
377
	      A synonym for <em class="parameter"><code>+[no]aaonly</code></em>.
Tinderbox User's avatar
Tinderbox User committed
378
379
	    </p>
	  </dd>
Rob Austein's avatar
regen    
Rob Austein committed
380
<dt><span class="term"><code class="option">+[no]aaonly</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
381
382
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
383
	      Sets the "aa" flag in the query.
Tinderbox User's avatar
Tinderbox User committed
384
385
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
386
<dt><span class="term"><code class="option">+[no]additional</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
387
388
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
389
390
	      Display [do not display] the additional section of a
	      reply.  The default is to display it.
Tinderbox User's avatar
Tinderbox User committed
391
392
	    </p>
	  </dd>
Rob Austein's avatar
regen    
Rob Austein committed
393
<dt><span class="term"><code class="option">+[no]adflag</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
394
395
<dd>
	    <p>
Automatic Updater's avatar
regen    
Automatic Updater committed
396
397
398
399
400
401
402
	      Set [do not set] the AD (authentic data) bit in the
	      query.  This requests the server to return whether
	      all of the answer and authority sections have all
	      been validated as secure according to the security
	      policy of the server.  AD=1 indicates that all records
	      have been validated as secure and the answer is not
	      from a OPT-OUT range.  AD=0 indicate that some part
Automatic Updater's avatar
Automatic Updater committed
403
404
	      of the answer was insecure or not validated.  This
	      bit is set by default.
Tinderbox User's avatar
Tinderbox User committed
405
406
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
407
<dt><span class="term"><code class="option">+[no]all</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
408
409
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
410
	      Set or clear all display flags.
Tinderbox User's avatar
Tinderbox User committed
411
412
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
413
<dt><span class="term"><code class="option">+[no]answer</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
414
415
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
416
417
	      Display [do not display] the answer section of a
	      reply.  The default is to display it.
Tinderbox User's avatar
Tinderbox User committed
418
419
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
420
<dt><span class="term"><code class="option">+[no]authority</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
421
422
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
423
424
	      Display [do not display] the authority section of a
	      reply.  The default is to display it.
Tinderbox User's avatar
Tinderbox User committed
425
426
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
427
<dt><span class="term"><code class="option">+[no]badcookie</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
428
429
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
430
431
	      Retry lookup with the new server cookie if a
	      BADCOOKIE response is received.
Tinderbox User's avatar
Tinderbox User committed
432
433
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
434
<dt><span class="term"><code class="option">+[no]besteffort</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
435
436
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
437
438
439
	      Attempt to display the contents of messages which are
	      malformed.  The default is to not display malformed
	      answers.
Tinderbox User's avatar
Tinderbox User committed
440
441
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
442
<dt><span class="term"><code class="option">+bufsize=B</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
443
444
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
445
446
447
448
449
450
	      Set the UDP message buffer size advertised using EDNS0
	      to <em class="parameter"><code>B</code></em> bytes.  The maximum and
	      minimum sizes of this buffer are 65535 and 0 respectively.
	      Values outside this range are rounded up or down
	      appropriately.  Values other than zero will cause a
	      EDNS query to be sent.
Tinderbox User's avatar
Tinderbox User committed
451
452
	    </p>
	  </dd>
Rob Austein's avatar
regen    
Rob Austein committed
453
<dt><span class="term"><code class="option">+[no]cdflag</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
454
455
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
456
457
458
	      Set [do not set] the CD (checking disabled) bit in
	      the query.  This requests the server to not perform
	      DNSSEC validation of responses.
Tinderbox User's avatar
Tinderbox User committed
459
460
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
461
<dt><span class="term"><code class="option">+[no]class</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
462
463
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
464
465
	      Display [do not display] the CLASS when printing the
	      record.
Tinderbox User's avatar
Tinderbox User committed
466
467
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
468
<dt><span class="term"><code class="option">+[no]cmd</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
469
470
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
471
	      Toggles the printing of the initial comment in the
Tinderbox User's avatar
Tinderbox User committed
472
	      output identifying the version of <span class="command"><strong>dig</strong></span>
Tinderbox User's avatar
Tinderbox User committed
473
474
	      and the query options that have been applied.  This
	      comment is printed by default.
Tinderbox User's avatar
Tinderbox User committed
475
476
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
477
<dt><span class="term"><code class="option">+[no]comments</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
478
479
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
480
481
	      Toggle the display of comment lines in the output.
	      The default is to print comments.
Tinderbox User's avatar
Tinderbox User committed
482
483
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
484
485
<dt><span class="term"><code class="option">+[no]cookie[<span class="optional">=####</span>]</code></span></dt>
<dd>
Tinderbox User's avatar
Tinderbox User committed
486
	    <p>
Tinderbox User's avatar
Tinderbox User committed
487
488
489
490
491
	      Send a COOKIE EDNS option, with optional
	      value.  Replaying a COOKIE from a previous response will
	      allow the server to identify a previous client.  The
	      default is <code class="option">+cookie</code>.
	    </p>
Tinderbox User's avatar
Tinderbox User committed
492
	    <p>
Tinderbox User's avatar
Tinderbox User committed
493
	      <span class="command"><strong>+cookie</strong></span> is also set when +trace
Tinderbox User's avatar
Tinderbox User committed
494
495
496
	      is set to better emulate the default queries from a
	      nameserver.
	    </p>
Tinderbox User's avatar
Tinderbox User committed
497
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
498
<dt><span class="term"><code class="option">+[no]crypto</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
499
500
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
501
502
503
504
505
506
507
508
	      Toggle the display of cryptographic fields in DNSSEC
	      records.  The contents of these field are unnecessary
	      to debug most DNSSEC validation failures and removing
	      them makes it easier to see the common failures.  The
	      default is to display the fields.  When omitted they
	      are replaced by the string "[omitted]" or in the
	      DNSKEY case the key id is displayed as the replacement,
	      e.g. "[ key id = value ]".
Tinderbox User's avatar
Tinderbox User committed
509
510
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
511
<dt><span class="term"><code class="option">+[no]defname</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
512
513
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
514
515
	      Deprecated, treated as a synonym for
	      <em class="parameter"><code>+[no]search</code></em>
Tinderbox User's avatar
Tinderbox User committed
516
517
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
518
<dt><span class="term"><code class="option">+[no]dnssec</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
519
520
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
521
522
523
	      Requests DNSSEC records be sent by setting the DNSSEC
	      OK bit (DO) in the OPT record in the additional section
	      of the query.
Tinderbox User's avatar
Tinderbox User committed
524
525
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
526
<dt><span class="term"><code class="option">+domain=somename</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
527
528
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
529
530
	      Set the search list to contain the single domain
	      <em class="parameter"><code>somename</code></em>, as if specified in
Tinderbox User's avatar
Tinderbox User committed
531
	      a <span class="command"><strong>domain</strong></span> directive in
Tinderbox User's avatar
Tinderbox User committed
532
533
534
	      <code class="filename">/etc/resolv.conf</code>, and enable
	      search list processing as if the
	      <em class="parameter"><code>+search</code></em> option were given.
Tinderbox User's avatar
Tinderbox User committed
535
536
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
537
<dt><span class="term"><code class="option">+dscp=value</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
538
539
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
540
541
	      Set the DSCP code point to be used when sending the
	      query.  Valid DSCP code points are in the range
Tinderbox User's avatar
Tinderbox User committed
542
	      [0..63].  By default no code point is explicitly set.
Tinderbox User's avatar
Tinderbox User committed
543
544
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
545
<dt><span class="term"><code class="option">+[no]edns[=#]</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
546
547
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
548
549
550
551
552
	       Specify the EDNS version to query with.  Valid values
	       are 0 to 255.  Setting the EDNS version will cause
	       a EDNS query to be sent.  <code class="option">+noedns</code>
	       clears the remembered EDNS version.  EDNS is set to
	       0 by default.
Tinderbox User's avatar
Tinderbox User committed
553
554
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
555
<dt><span class="term"><code class="option">+[no]ednsflags[=#]</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
556
557
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
558
559
560
561
	      Set the must-be-zero EDNS flags bits (Z bits) to the
	      specified value. Decimal, hex and octal encodings are
	      accepted. Setting a named flag (e.g. DO) will silently be
	      ignored. By default, no Z bits are set.
Tinderbox User's avatar
Tinderbox User committed
562
563
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
564
<dt><span class="term"><code class="option">+[no]ednsnegotiation</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
565
566
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
567
568
	      Enable / disable EDNS version negotiation. By default
	      EDNS version negotiation is enabled.
Tinderbox User's avatar
Tinderbox User committed
569
570
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
571
<dt><span class="term"><code class="option">+[no]ednsopt[=code[:value]]</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
572
573
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
574
575
	      Specify EDNS option with code point <code class="option">code</code>
	      and optionally payload of <code class="option">value</code> as a
Tinderbox User's avatar
Tinderbox User committed
576
577
578
579
	      hexadecimal string.  <code class="option">code</code> can be
	      either an EDNS option name (for example,
	      <code class="literal">NSID</code> or <code class="literal">ECS</code>),
	      or an arbitrary numeric value.  <code class="option">+noednsopt</code>
Tinderbox User's avatar
Tinderbox User committed
580
	      clears the EDNS options to be sent.
Tinderbox User's avatar
Tinderbox User committed
581
582
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
583
<dt><span class="term"><code class="option">+[no]expire</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
584
585
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
586
	      Send an EDNS Expire option.
Tinderbox User's avatar
Tinderbox User committed
587
588
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
589
<dt><span class="term"><code class="option">+[no]fail</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
590
591
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
592
593
594
	      Do not try the next server if you receive a SERVFAIL.
	      The default is to not try the next server which is
	      the reverse of normal stub resolver behavior.
Tinderbox User's avatar
Tinderbox User committed
595
596
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
597
<dt><span class="term"><code class="option">+[no]header-only</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
598
599
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
600
601
602
	      Send a query with a DNS header without a question section.
	      The default is to add a question section.  The query type
	      and query name are ignored when this is set.
Tinderbox User's avatar
Tinderbox User committed
603
604
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
605
<dt><span class="term"><code class="option">+[no]identify</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
606
607
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
608
609
610
611
612
613
	      Show [or do not show] the IP address and port number
	      that supplied the answer when the
	      <em class="parameter"><code>+short</code></em> option is enabled.  If
	      short form answers are requested, the default is not
	      to show the source address and port number of the
	      server that provided the answer.
Tinderbox User's avatar
Tinderbox User committed
614
615
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
616
<dt><span class="term"><code class="option">+[no]idnout</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
617
618
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
619
620
621
	      Convert [do not convert] puny code on output.
	      This requires IDN SUPPORT to have been enabled at
	      compile time.  The default is to convert output.
Tinderbox User's avatar
Tinderbox User committed
622
623
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
624
<dt><span class="term"><code class="option">+[no]ignore</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
625
626
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
627
628
	      Ignore truncation in UDP responses instead of retrying
	      with TCP.  By default, TCP retries are performed.
Tinderbox User's avatar
Tinderbox User committed
629
630
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
631
632
633
634
635
636
<dt><span class="term"><code class="option">+[no]keepalive</code></span></dt>
<dd>
	    <p>
	      Send [or do not send] an EDNS Keepalive option.
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
637
<dt><span class="term"><code class="option">+[no]keepopen</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
638
639
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
640
641
642
	      Keep the TCP socket open between queries and reuse
	      it rather than creating a new TCP socket for each
	      lookup.  The default is <code class="option">+nokeepopen</code>.
Tinderbox User's avatar
Tinderbox User committed
643
644
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
645
<dt><span class="term"><code class="option">+[no]mapped</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
646
647
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
648
649
	      Allow mapped IPv4 over IPv6 addresses to be used.  The
	      default is <code class="option">+mapped</code>.
Tinderbox User's avatar
Tinderbox User committed
650
651
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
652
<dt><span class="term"><code class="option">+[no]multiline</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
653
654
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
655
656
657
	      Print records like the SOA records in a verbose
	      multi-line format with human-readable comments.  The
	      default is to print each record on a single line, to
Tinderbox User's avatar
Tinderbox User committed
658
	      facilitate machine parsing of the <span class="command"><strong>dig</strong></span>
Tinderbox User's avatar
Tinderbox User committed
659
	      output.
Tinderbox User's avatar
Tinderbox User committed
660
661
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
662
<dt><span class="term"><code class="option">+ndots=D</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
663
664
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
665
666
667
668
669
670
671
672
673
	      Set the number of dots that have to appear in
	      <em class="parameter"><code>name</code></em> to <em class="parameter"><code>D</code></em>
	      for it to be considered absolute.  The default value
	      is that defined using the ndots statement in
	      <code class="filename">/etc/resolv.conf</code>, or 1 if no
	      ndots statement is present.  Names with fewer dots
	      are interpreted as relative names and will be searched
	      for in the domains listed in the <code class="option">search</code>
	      or <code class="option">domain</code> directive in
Tinderbox User's avatar
Tinderbox User committed
674
675
	      <code class="filename">/etc/resolv.conf</code> if
	      <code class="option">+search</code> is set.
Tinderbox User's avatar
Tinderbox User committed
676
677
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
678
<dt><span class="term"><code class="option">+[no]nsid</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
679
680
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
681
682
	      Include an EDNS name server ID request when sending
	      a query.
Tinderbox User's avatar
Tinderbox User committed
683
684
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
685
<dt><span class="term"><code class="option">+[no]nssearch</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
686
687
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
688
	      When this option is set, <span class="command"><strong>dig</strong></span>
Tinderbox User's avatar
Tinderbox User committed
689
690
691
692
	      attempts to find the authoritative name servers for
	      the zone containing the name being looked up and
	      display the SOA record that each name server has for
	      the zone.
Tinderbox User's avatar
Tinderbox User committed
693
694
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
695
<dt><span class="term"><code class="option">+[no]onesoa</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
696
697
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
698
699
700
	      Print only one (starting) SOA record when performing
	      an AXFR. The default is to print both the starting
	      and ending SOA records.
Tinderbox User's avatar
Tinderbox User committed
701
702
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
703
<dt><span class="term"><code class="option">+[no]opcode=value</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
704
705
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
706
707
	      Set [restore] the DNS message opcode to the specified
	      value.  The default value is QUERY (0).
Tinderbox User's avatar
Tinderbox User committed
708
709
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
710
<dt><span class="term"><code class="option">+padding=value</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
711
712
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
713
714
715
716
717
718
719
720
721
	      Pad the size of the query packet using the EDNS Padding option
	      to blocks of <em class="parameter"><code>value</code></em> bytes. For example,
	      <code class="option">+padding=32</code> would cause a 48-byte query to
	      be padded to 64 bytes.  The default block size is 0, which
	      disables padding. The maximum is 512. Values are
	      ordinarily expected to be powers of two, such as 128;
	      however, this is not mandatory.  Responses to
	      padded queries may also be padded, but only if the query
	      uses TCP or DNS COOKIE.
Tinderbox User's avatar
Tinderbox User committed
722
723
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
724
<dt><span class="term"><code class="option">+[no]qr</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
725
726
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
727
728
	      Print [do not print] the query as it is sent.  By
	      default, the query is not printed.
Tinderbox User's avatar
Tinderbox User committed
729
730
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
731
<dt><span class="term"><code class="option">+[no]question</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
732
733
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
734
735
736
	      Print [do not print] the question section of a query
	      when an answer is returned.  The default is to print
	      the question section as a comment.
Tinderbox User's avatar
Tinderbox User committed
737
738
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
739
<dt><span class="term"><code class="option">+[no]rdflag</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
740
741
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
742
	      A synonym for <em class="parameter"><code>+[no]recurse</code></em>.
Tinderbox User's avatar
Tinderbox User committed
743
744
	    </p>
	  </dd>
Rob Austein's avatar
regen    
Rob Austein committed
745
<dt><span class="term"><code class="option">+[no]recurse</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
746
747
<dd>
	    <p>
Automatic Updater's avatar
Automatic Updater committed
748
749
	      Toggle the setting of the RD (recursion desired) bit
	      in the query.  This bit is set by default, which means
Tinderbox User's avatar
Tinderbox User committed
750
	      <span class="command"><strong>dig</strong></span> normally sends recursive
Automatic Updater's avatar
Automatic Updater committed
751
752
753
	      queries.  Recursion is automatically disabled when
	      the <em class="parameter"><code>+nssearch</code></em> or
	      <em class="parameter"><code>+trace</code></em> query options are used.
Tinderbox User's avatar
Tinderbox User committed
754
755
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
756
<dt><span class="term"><code class="option">+retry=T</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
757
758
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
759
760
761
762
	      Sets the number of times to retry UDP queries to
	      server to <em class="parameter"><code>T</code></em> instead of the
	      default, 2.  Unlike <em class="parameter"><code>+tries</code></em>,
	      this does not include the initial query.
Tinderbox User's avatar
Tinderbox User committed
763
764
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
765
<dt><span class="term"><code class="option">+[no]rrcomments</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
766
767
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
768
769
770
771
	      Toggle the display of per-record comments in the
	      output (for example, human-readable key information
	      about DNSKEY records).  The default is not to print
	      record comments unless multiline mode is active.
Tinderbox User's avatar
Tinderbox User committed
772
773
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
774
<dt><span class="term"><code class="option">+[no]search</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
775
<dd>
Tinderbox User's avatar
Tinderbox User committed
776
	    <p>
Tinderbox User's avatar
Tinderbox User committed
777
778
779
780
	      Use [do not use] the search list defined by the
	      searchlist or domain directive in
	      <code class="filename">resolv.conf</code> (if any).  The search
	      list is not used by default.
Tinderbox User's avatar
Tinderbox User committed
781
	    </p>
Tinderbox User's avatar
Tinderbox User committed
782
	    <p>
Tinderbox User's avatar
Tinderbox User committed
783
784
785
786
787
788
	      'ndots' from <code class="filename">resolv.conf</code> (default 1)
	       which may be overridden by <em class="parameter"><code>+ndots</code></em>
	      determines if the name will be treated as relative
	      or not and hence whether a search is eventually
	      performed or not.
	    </p>
Tinderbox User's avatar
Tinderbox User committed
789
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
790
<dt><span class="term"><code class="option">+[no]short</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
791
792
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
793
794
	      Provide a terse answer.  The default is to print the
	      answer in a verbose form.
Tinderbox User's avatar
Tinderbox User committed
795
796
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
797
<dt><span class="term"><code class="option">+[no]showsearch</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
798
799
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
800
801
	      Perform [do not perform] a search showing intermediate
	      results.
Tinderbox User's avatar
Tinderbox User committed
802
803
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
804
<dt><span class="term"><code class="option">+[no]sigchase</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
805
806
<dd>
	    <p>
Evan Hunt's avatar
Evan Hunt committed
807
808
	      This feature is now obsolete and has been removed;
              use <span class="command"><strong>delv</strong></span> instead.
Tinderbox User's avatar
Tinderbox User committed
809
810
	    </p>
	  </dd>
Automatic Updater's avatar
Automatic Updater committed
811
<dt><span class="term"><code class="option">+split=W</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
812
813
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
814
815
816
817
818
819
820
821
	      Split long hex- or base64-formatted fields in resource
	      records into chunks of <em class="parameter"><code>W</code></em>
	      characters (where <em class="parameter"><code>W</code></em> is rounded
	      up to the nearest multiple of 4).
	      <em class="parameter"><code>+nosplit</code></em> or
	      <em class="parameter"><code>+split=0</code></em> causes fields not to
	      be split at all.  The default is 56 characters, or
	      44 characters when multiline mode is active.
Tinderbox User's avatar
Tinderbox User committed
822
823
	    </p>
	  </dd>
Rob Austein's avatar
regen    
Rob Austein committed
824
<dt><span class="term"><code class="option">+[no]stats</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
825
826
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
827
828
829
830
	      This query option toggles the printing of statistics:
	      when the query was made, the size of the reply and
	      so on.  The default behavior is to print the query
	      statistics.
Tinderbox User's avatar
Tinderbox User committed
831
832
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
833
<dt><span class="term"><code class="option">+[no]subnet=addr[/prefix-length]</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
834
<dd>
Tinderbox User's avatar
Tinderbox User committed
835
	    <p>
Tinderbox User's avatar
Tinderbox User committed
836
	      Send (don't send) an EDNS Client Subnet option with the
Tinderbox User's avatar
Tinderbox User committed
837
	      specified IP address or network prefix.
Tinderbox User's avatar
Tinderbox User committed
838
	    </p>
Tinderbox User's avatar
Tinderbox User committed
839
	    <p>
Tinderbox User's avatar
Tinderbox User committed
840
841
842
843
844
845
846
	      <span class="command"><strong>dig +subnet=0.0.0.0/0</strong></span>, or simply
	      <span class="command"><strong>dig +subnet=0</strong></span> for short, sends an EDNS
	      CLIENT-SUBNET option with an empty address and a source
	      prefix-length of zero, which signals a resolver that
	      the client's address information must
	      <span class="emphasis"><em>not</em></span> be used when resolving
	      this query.
Tinderbox User's avatar
Tinderbox User committed
847
	    </p>
Tinderbox User's avatar
Tinderbox User committed
848
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
849
<dt><span class="term"><code class="option">+[no]tcp</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
850
851
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
852
	      Use [do not use] TCP when querying name servers. The
Tinderbox User's avatar
Tinderbox User committed
853
854
855
856
	      default behavior is to use UDP unless a type
	      <code class="literal">any</code> or <code class="literal">ixfr=N</code>
	      query is requested, in which case the default is TCP.
	      AXFR queries always use TCP.
Tinderbox User's avatar
Tinderbox User committed
857
858
	    </p>
	  </dd>
Francis Dupont's avatar
Francis Dupont committed
859
<dt><span class="term"><code class="option">+timeout=T</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
860
861
<dd>
	    <p>
Andreas Gustafsson's avatar
Andreas Gustafsson committed
862

Tinderbox User's avatar
Tinderbox User committed
863
864
	      Sets the timeout for a query to
	      <em class="parameter"><code>T</code></em> seconds.  The default
Mark Andrews's avatar
regen    
Mark Andrews committed
865
	      timeout is 5 seconds.
Tinderbox User's avatar
Tinderbox User committed
866
867
868
	      An attempt to set <em class="parameter"><code>T</code></em> to less
	      than 1 will result
	      in a query timeout of 1 second being applied.
Tinderbox User's avatar
Tinderbox User committed
869
870
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
871
<dt><span class="term"><code class="option">+[no]topdown</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
872
873
<dd>
	    <p>
Evan Hunt's avatar
Evan Hunt committed
874
875
876
	      This feature is related to <span class="command"><strong>dig +sigchase</strong></span>,
              which is obsolete and has been removed. Use
              <span class="command"><strong>delv</strong></span> instead.
Tinderbox User's avatar
Tinderbox User committed
877
878
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
879
880
<dt><span class="term"><code class="option">+[no]trace</code></span></dt>
<dd>
Tinderbox User's avatar
Tinderbox User committed
881
	    <p>
Tinderbox User's avatar
Tinderbox User committed
882
883
884
	      Toggle tracing of the delegation path from the root
	      name servers for the name being looked up.  Tracing
	      is disabled by default.  When tracing is enabled,
Tinderbox User's avatar
Tinderbox User committed
885
	      <span class="command"><strong>dig</strong></span> makes iterative queries to
Tinderbox User's avatar
Tinderbox User committed
886
887
888
	      resolve the name being looked up.  It will follow
	      referrals from the root servers, showing the answer
	      from each server that was used to resolve the lookup.
Tinderbox User's avatar
Tinderbox User committed
889
	    </p> <p>
Tinderbox User's avatar
Tinderbox User committed
890
891
	      If @server is also specified, it affects only the
	      initial query for the root zone name servers.
Tinderbox User's avatar
Tinderbox User committed
892
	    </p> <p>
Tinderbox User's avatar
Tinderbox User committed
893
	      <span class="command"><strong>+dnssec</strong></span> is also set when +trace
Tinderbox User's avatar
Tinderbox User committed
894
895
896
	      is set to better emulate the default queries from a
	      nameserver.
	    </p>
Tinderbox User's avatar
Tinderbox User committed
897
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
898
<dt><span class="term"><code class="option">+tries=T</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
899
900
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
901
902
903
904
905
	      Sets the number of times to try UDP queries to server
	      to <em class="parameter"><code>T</code></em> instead of the default,
	      3.  If <em class="parameter"><code>T</code></em> is less than or equal
	      to zero, the number of tries is silently rounded up
	      to 1.
Tinderbox User's avatar
Tinderbox User committed
906
907
	    </p>
	  </dd>
Rob Austein's avatar
regen    
Rob Austein committed
908
<dt><span class="term"><code class="option">+trusted-key=####</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
909
910
<dd>
	    <p>
Evan Hunt's avatar
Evan Hunt committed
911
912
913
914
	      Formerly specified trusted keys for use with
              <span class="command"><strong>dig +sigchase</strong></span>.  This feature is now
              obsolete and has been removed; use
              <span class="command"><strong>delv</strong></span> instead.
Tinderbox User's avatar
Tinderbox User committed
915
916
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
917
<dt><span class="term"><code class="option">+[no]ttlid</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
918
919
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
920
921
	      Display [do not display] the TTL when printing the
	      record.
Tinderbox User's avatar
Tinderbox User committed
922
923
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
924
<dt><span class="term"><code class="option">+[no]ttlunits</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
925
926
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
927
928
929
	      Display [do not display] the TTL in friendly human-readable
	      time units of "s", "m", "h", "d", and "w", representing
	      seconds, minutes, hours, days and weeks.  Implies +ttlid.
Tinderbox User's avatar
Tinderbox User committed
930
931
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
932
<dt><span class="term"><code class="option">+[no]unknownformat</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
933
934
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
935
936
937
	      Print all RDATA in unknown RR type presentation format
	      (RFC 3597). The default is to print RDATA for known types
	      in the type's presentation format.
Tinderbox User's avatar
Tinderbox User committed
938
939
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
940
<dt><span class="term"><code class="option">+[no]vc</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
941
942
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
943
944
945
946
	      Use [do not use] TCP when querying name servers.  This
	      alternate syntax to <em class="parameter"><code>+[no]tcp</code></em>
	      is provided for backwards compatibility.  The "vc"
	      stands for "virtual circuit".
Tinderbox User's avatar
Tinderbox User committed
947
948
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
949
<dt><span class="term"><code class="option">+[no]zflag</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
950
951
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
952
953
	      Set [do not set] the last unassigned DNS header flag in a
	      DNS query.  This flag is off by default.
Tinderbox User's avatar
Tinderbox User committed
954
955
	    </p>
	  </dd>
Rob Austein's avatar
regen    
Rob Austein committed
956
957
</dl></div>
<p>
Andreas Gustafsson's avatar
Andreas Gustafsson committed
958

Rob Austein's avatar
regen    
Rob Austein committed
959
    </p>
Tinderbox User's avatar
Tinderbox User committed
960
961
962
  </div>

  <div class="refsection">
Tinderbox User's avatar
Tinderbox User committed
963
<a name="id-1.11"></a><h2>MULTIPLE QUERIES</h2>
Tinderbox User's avatar
Tinderbox User committed
964
965
966


    <p>
Tinderbox User's avatar
Tinderbox User committed
967
      The BIND 9 implementation of <span class="command"><strong>dig </strong></span>
Rob Austein's avatar
regen    
Rob Austein committed
968
969
970
971
972
973
      supports
      specifying multiple queries on the command line (in addition to
      supporting the <code class="option">-f</code> batch file option).  Each of those
      queries can be supplied with its own set of flags, options and query
      options.
    </p>
Tinderbox User's avatar
Tinderbox User committed
974
975

    <p>
Rob Austein's avatar
regen    
Rob Austein committed
976
977
978
979
980
981
982
      In this case, each <em class="parameter"><code>query</code></em> argument
      represent an
      individual query in the command-line syntax described above.  Each
      consists of any of the standard options and flags, the name to be
      looked up, an optional query type and class and any query options that
      should be applied to that query.
    </p>
Tinderbox User's avatar
Tinderbox User committed
983
984

    <p>
Rob Austein's avatar
regen    
Rob Austein committed
985
986
987
988
      A global set of query options, which should be applied to all queries,
      can also be supplied.  These global query options must precede the
      first tuple of name, class, type, options, flags, and query options
      supplied on the command line.  Any global query options (except