man.dig.html 40.6 KB
Newer Older
1
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
Mark Andrews's avatar
gregen  
Mark Andrews committed
2
<!--
Tinderbox User's avatar
Tinderbox User committed
3
 - Copyright (C) 2000-2017 Internet Systems Consortium, Inc. ("ISC")
Mark Andrews's avatar
gregen  
Mark Andrews committed
4
 - 
Tinderbox User's avatar
Tinderbox User committed
5 6 7
 - This Source Code Form is subject to the terms of the Mozilla Public
 - License, v. 2.0. If a copy of the MPL was not distributed with this
 - file, You can obtain one at http://mozilla.org/MPL/2.0/.
Mark Andrews's avatar
gregen  
Mark Andrews committed
8
-->
9
<html lang="en">
Mark Andrews's avatar
gregen  
Mark Andrews committed
10 11 12
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>dig</title>
Tinderbox User's avatar
Tinderbox User committed
13
<meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
Evan Hunt's avatar
Evan Hunt committed
14
<link rel="home" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
Tinderbox User's avatar
Tinderbox User committed
15 16
<link rel="up" href="Bv9ARM.ch13.html" title="Manual pages">
<link rel="prev" href="Bv9ARM.ch13.html" title="Manual pages">
Tinderbox User's avatar
Tinderbox User committed
17
<link rel="next" href="man.mdig.html" title="mdig">
Mark Andrews's avatar
gregen  
Mark Andrews committed
18 19 20 21 22 23 24
</head>
<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
<div class="navheader">
<table width="100%" summary="Navigation header">
<tr><th colspan="3" align="center">dig</th></tr>
<tr>
<td width="20%" align="left">
Tinderbox User's avatar
Tinderbox User committed
25
<a accesskey="p" href="Bv9ARM.ch13.html">Prev</a> </td>
Mark Andrews's avatar
gregen  
Mark Andrews committed
26
<th width="60%" align="center">Manual pages</th>
Tinderbox User's avatar
Tinderbox User committed
27
<td width="20%" align="right"> <a accesskey="n" href="man.mdig.html">Next</a>
Mark Andrews's avatar
gregen  
Mark Andrews committed
28 29 30 31 32
</td>
</tr>
</table>
<hr>
</div>
Tinderbox User's avatar
Tinderbox User committed
33
<div class="refentry">
Mark Andrews's avatar
gregen  
Mark Andrews committed
34
<a name="man.dig"></a><div class="titlepage"></div>
Tinderbox User's avatar
Tinderbox User committed
35 36 37 38 39 40
  
  

  

  <div class="refnamediv">
Mark Andrews's avatar
gregen  
Mark Andrews committed
41
<h2>Name</h2>
Tinderbox User's avatar
Tinderbox User committed
42 43 44 45
<p>
    dig
     &#8212; DNS lookup utility
  </p>
Mark Andrews's avatar
gregen  
Mark Andrews committed
46
</div>
Tinderbox User's avatar
Tinderbox User committed
47 48 49 50

  

  <div class="refsynopsisdiv">
Mark Andrews's avatar
gregen  
Mark Andrews committed
51
<h2>Synopsis</h2>
Tinderbox User's avatar
Tinderbox User committed
52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86
    <div class="cmdsynopsis"><p>
      <code class="command">dig</code> 
       [@server]
       [<code class="option">-b <em class="replaceable"><code>address</code></em></code>]
       [<code class="option">-c <em class="replaceable"><code>class</code></em></code>]
       [<code class="option">-f <em class="replaceable"><code>filename</code></em></code>]
       [<code class="option">-k <em class="replaceable"><code>filename</code></em></code>]
       [<code class="option">-m</code>]
       [<code class="option">-p <em class="replaceable"><code>port#</code></em></code>]
       [<code class="option">-q <em class="replaceable"><code>name</code></em></code>]
       [<code class="option">-t <em class="replaceable"><code>type</code></em></code>]
       [<code class="option">-v</code>]
       [<code class="option">-x <em class="replaceable"><code>addr</code></em></code>]
       [<code class="option">-y <em class="replaceable"><code>[<span class="optional">hmac:</span>]name:key</code></em></code>]
       [<code class="option">-4</code>]
       [<code class="option">-6</code>]
       [name]
       [type]
       [class]
       [queryopt...]
    </p></div>

    <div class="cmdsynopsis"><p>
      <code class="command">dig</code> 
       [<code class="option">-h</code>]
    </p></div>

    <div class="cmdsynopsis"><p>
      <code class="command">dig</code> 
       [global-queryopt...]
       [query...]
    </p></div>
  </div>

  <div class="refsection">
Tinderbox User's avatar
Tinderbox User committed
87
<a name="id-1.14.2.7"></a><h2>DESCRIPTION</h2>
Tinderbox User's avatar
Tinderbox User committed
88 89

    <p><span class="command"><strong>dig</strong></span>
Mark Andrews's avatar
gregen  
Mark Andrews committed
90 91 92
      (domain information groper) is a flexible tool
      for interrogating DNS name servers.  It performs DNS lookups and
      displays the answers that are returned from the name server(s) that
Evan Hunt's avatar
Evan Hunt committed
93
      were queried.  Most DNS administrators use <span class="command"><strong>dig</strong></span> to
Mark Andrews's avatar
gregen  
Mark Andrews committed
94 95
      troubleshoot DNS problems because of its flexibility, ease of use and
      clarity of output.  Other lookup tools tend to have less functionality
Evan Hunt's avatar
Evan Hunt committed
96
      than <span class="command"><strong>dig</strong></span>.
Mark Andrews's avatar
gregen  
Mark Andrews committed
97
    </p>
Tinderbox User's avatar
Tinderbox User committed
98 99

    <p>
Evan Hunt's avatar
Evan Hunt committed
100
      Although <span class="command"><strong>dig</strong></span> is normally used with
Mark Andrews's avatar
gregen  
Mark Andrews committed
101 102 103 104
      command-line
      arguments, it also has a batch mode of operation for reading lookup
      requests from a file.  A brief summary of its command-line arguments
      and options is printed when the <code class="option">-h</code> option is given.
Mark Andrews's avatar
regen  
Mark Andrews committed
105
      Unlike earlier versions, the BIND 9 implementation of
Evan Hunt's avatar
Evan Hunt committed
106
      <span class="command"><strong>dig</strong></span> allows multiple lookups to be issued
Mark Andrews's avatar
gregen  
Mark Andrews committed
107 108 109
      from the
      command line.
    </p>
Tinderbox User's avatar
Tinderbox User committed
110 111

    <p>
Mark Andrews's avatar
gregen  
Mark Andrews committed
112
      Unless it is told to query a specific name server,
Evan Hunt's avatar
Evan Hunt committed
113
      <span class="command"><strong>dig</strong></span> will try each of the servers listed in
Tinderbox User's avatar
Tinderbox User committed
114
      <code class="filename">/etc/resolv.conf</code>. If no usable server addresses
Evan Hunt's avatar
Evan Hunt committed
115
      are found, <span class="command"><strong>dig</strong></span> will send the query to the local
Tinderbox User's avatar
Tinderbox User committed
116
      host.
Mark Andrews's avatar
gregen  
Mark Andrews committed
117
    </p>
Tinderbox User's avatar
Tinderbox User committed
118 119

    <p>
Automatic Updater's avatar
regen  
Automatic Updater committed
120
      When no command line arguments or options are given,
Evan Hunt's avatar
Evan Hunt committed
121
      <span class="command"><strong>dig</strong></span> will perform an NS query for "." (the root).
Mark Andrews's avatar
gregen  
Mark Andrews committed
122
    </p>
Tinderbox User's avatar
Tinderbox User committed
123 124

    <p>
Evan Hunt's avatar
Evan Hunt committed
125
      It is possible to set per-user defaults for <span class="command"><strong>dig</strong></span> via
Mark Andrews's avatar
gregen  
Mark Andrews committed
126 127 128 129
      <code class="filename">${HOME}/.digrc</code>.  This file is read and
      any options in it
      are applied before the command line arguments.
    </p>
Tinderbox User's avatar
Tinderbox User committed
130 131

    <p>
Mark Andrews's avatar
regen  
Mark Andrews committed
132
      The IN and CH class names overlap with the IN and CH top level
Tinderbox User's avatar
Tinderbox User committed
133
      domain names.  Either use the <code class="option">-t</code> and
Tinderbox User's avatar
Tinderbox User committed
134
      <code class="option">-c</code> options to specify the type and class,
Automatic Updater's avatar
regen  
Automatic Updater committed
135
      use the <code class="option">-q</code> the specify the domain name, or
Mark Andrews's avatar
regen  
Mark Andrews committed
136 137
      use "IN." and "CH." when looking up these top level domains.
    </p>
Tinderbox User's avatar
Tinderbox User committed
138 139 140 141

  </div>

  <div class="refsection">
Tinderbox User's avatar
Tinderbox User committed
142
<a name="id-1.14.2.8"></a><h2>SIMPLE USAGE</h2>
Tinderbox User's avatar
Tinderbox User committed
143 144 145


    <p>
Evan Hunt's avatar
Evan Hunt committed
146
      A typical invocation of <span class="command"><strong>dig</strong></span> looks like:
Mark Andrews's avatar
gregen  
Mark Andrews committed
147 148 149 150 151 152
      </p>
<pre class="programlisting"> dig @server name type </pre>
<p>
      where:

      </p>
Tinderbox User's avatar
Tinderbox User committed
153
<div class="variablelist"><dl class="variablelist">
Mark Andrews's avatar
gregen  
Mark Andrews committed
154
<dt><span class="term"><code class="constant">server</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
155
<dd>
Tinderbox User's avatar
Tinderbox User committed
156
	    <p>
Tinderbox User's avatar
Tinderbox User committed
157 158 159 160
	      is the name or IP address of the name server to query.  This
	      can be an IPv4 address in dotted-decimal notation or an IPv6
	      address in colon-delimited notation.  When the supplied
	      <em class="parameter"><code>server</code></em> argument is a hostname,
Evan Hunt's avatar
Evan Hunt committed
161
	      <span class="command"><strong>dig</strong></span> resolves that name before querying
Tinderbox User's avatar
Tinderbox User committed
162 163
	      that name server.
	    </p>
Tinderbox User's avatar
Tinderbox User committed
164
	    <p>
Tinderbox User's avatar
Tinderbox User committed
165
	      If no <em class="parameter"><code>server</code></em> argument is
Evan Hunt's avatar
Evan Hunt committed
166
	      provided, <span class="command"><strong>dig</strong></span> consults
Tinderbox User's avatar
Tinderbox User committed
167 168 169 170 171 172
	      <code class="filename">/etc/resolv.conf</code>; if an
	      address is found there, it queries the name server at
	      that address. If either of the <code class="option">-4</code> or
	      <code class="option">-6</code> options are in use, then
	      only addresses for the corresponding transport
	      will be tried.  If no usable addresses are found,
Evan Hunt's avatar
Evan Hunt committed
173
	      <span class="command"><strong>dig</strong></span> will send the query to the
Tinderbox User's avatar
Tinderbox User committed
174 175 176
	      local host.  The reply from the name server that
	      responds is displayed.
	    </p>
Tinderbox User's avatar
Tinderbox User committed
177
	  </dd>
Mark Andrews's avatar
gregen  
Mark Andrews committed
178
<dt><span class="term"><code class="constant">name</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
179 180
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
181
	      is the name of the resource record that is to be looked up.
Tinderbox User's avatar
Tinderbox User committed
182 183
	    </p>
	  </dd>
Mark Andrews's avatar
gregen  
Mark Andrews committed
184
<dt><span class="term"><code class="constant">type</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
185 186
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
187 188 189 190 191
	      indicates what type of query is required &#8212;
	      ANY, A, MX, SIG, etc.
	      <em class="parameter"><code>type</code></em> can be any valid query
	      type.  If no
	      <em class="parameter"><code>type</code></em> argument is supplied,
Evan Hunt's avatar
Evan Hunt committed
192
	      <span class="command"><strong>dig</strong></span> will perform a lookup for an
Tinderbox User's avatar
Tinderbox User committed
193
	      A record.
Tinderbox User's avatar
Tinderbox User committed
194 195
	    </p>
	  </dd>
Mark Andrews's avatar
gregen  
Mark Andrews committed
196 197 198
</dl></div>
<p>
    </p>
Tinderbox User's avatar
Tinderbox User committed
199 200 201 202

  </div>

  <div class="refsection">
Tinderbox User's avatar
Tinderbox User committed
203
<a name="id-1.14.2.9"></a><h2>OPTIONS</h2>
Tinderbox User's avatar
Tinderbox User committed
204 205 206


    <div class="variablelist"><dl class="variablelist">
Tinderbox User's avatar
Tinderbox User committed
207
<dt><span class="term">-4</span></dt>
Tinderbox User's avatar
Tinderbox User committed
208 209
<dd>
	  <p>
Tinderbox User's avatar
Tinderbox User committed
210
	    Use IPv4 only.
Tinderbox User's avatar
Tinderbox User committed
211 212
	  </p>
	</dd>
Tinderbox User's avatar
Tinderbox User committed
213
<dt><span class="term">-6</span></dt>
Tinderbox User's avatar
Tinderbox User committed
214 215
<dd>
	  <p>
Tinderbox User's avatar
Tinderbox User committed
216
	    Use IPv6 only.
Tinderbox User's avatar
Tinderbox User committed
217 218
	  </p>
	</dd>
Tinderbox User's avatar
Tinderbox User committed
219
<dt><span class="term">-b <em class="replaceable"><code>address[<span class="optional">#port</span>]</code></em></span></dt>
Tinderbox User's avatar
Tinderbox User committed
220 221
<dd>
	  <p>
Tinderbox User's avatar
Tinderbox User committed
222 223 224 225
	    Set the source IP address of the query.
	    The <em class="parameter"><code>address</code></em> must be a valid address on
	    one of the host's network interfaces, or "0.0.0.0" or "::". An
	    optional port may be specified by appending "#&lt;port&gt;"
Tinderbox User's avatar
Tinderbox User committed
226 227
	  </p>
	</dd>
Tinderbox User's avatar
Tinderbox User committed
228
<dt><span class="term">-c <em class="replaceable"><code>class</code></em></span></dt>
Tinderbox User's avatar
Tinderbox User committed
229 230
<dd>
	  <p>
Tinderbox User's avatar
Tinderbox User committed
231 232 233
	    Set the query class. The
	    default <em class="parameter"><code>class</code></em> is IN; other classes
	    are HS for Hesiod records or CH for Chaosnet records.
Tinderbox User's avatar
Tinderbox User committed
234 235
	  </p>
	</dd>
Tinderbox User's avatar
Tinderbox User committed
236
<dt><span class="term">-f <em class="replaceable"><code>file</code></em></span></dt>
Tinderbox User's avatar
Tinderbox User committed
237 238
<dd>
	  <p>
Evan Hunt's avatar
Evan Hunt committed
239
	    Batch mode: <span class="command"><strong>dig</strong></span> reads a list of lookup
Tinderbox User's avatar
Tinderbox User committed
240 241 242 243
	    requests to process from the
	    given <em class="parameter"><code>file</code></em>. Each line in the file
	    should be organized in the same way they would be
	    presented as queries to
Evan Hunt's avatar
Evan Hunt committed
244
	    <span class="command"><strong>dig</strong></span> using the command-line interface.
Tinderbox User's avatar
Tinderbox User committed
245 246
	  </p>
	</dd>
Tinderbox User's avatar
Tinderbox User committed
247
<dt><span class="term">-i</span></dt>
Tinderbox User's avatar
Tinderbox User committed
248 249
<dd>
	  <p>
Tinderbox User's avatar
Tinderbox User committed
250 251 252
	    Do reverse IPv6 lookups using the obsolete RFC1886 IP6.INT
	    domain, which is no longer in use. Obsolete bit string
	    label queries (RFC2874) are not attempted.
Tinderbox User's avatar
Tinderbox User committed
253 254
	  </p>
	</dd>
Tinderbox User's avatar
Tinderbox User committed
255
<dt><span class="term">-k <em class="replaceable"><code>keyfile</code></em></span></dt>
Tinderbox User's avatar
Tinderbox User committed
256 257
<dd>
	  <p>
Tinderbox User's avatar
Tinderbox User committed
258 259
	    Sign queries using TSIG using a key read from the given file.
	    Key files can be generated using
Tinderbox User's avatar
Tinderbox User committed
260 261 262
	    <span class="citerefentry">
	      <span class="refentrytitle">tsig-keygen</span>(8)
	    </span>.
Evan Hunt's avatar
Evan Hunt committed
263
	    When using TSIG authentication with <span class="command"><strong>dig</strong></span>,
Tinderbox User's avatar
Tinderbox User committed
264 265
	    the name server that is queried needs to know the key and
	    algorithm that is being used. In BIND, this is done by
Evan Hunt's avatar
Evan Hunt committed
266 267
	    providing appropriate <span class="command"><strong>key</strong></span>
	    and <span class="command"><strong>server</strong></span> statements in
Tinderbox User's avatar
Tinderbox User committed
268
	    <code class="filename">named.conf</code>.
Tinderbox User's avatar
Tinderbox User committed
269 270
	  </p>
	</dd>
Tinderbox User's avatar
Tinderbox User committed
271
<dt><span class="term">-m</span></dt>
Tinderbox User's avatar
Tinderbox User committed
272 273
<dd>
	  <p>
Tinderbox User's avatar
Tinderbox User committed
274 275
	    Enable memory usage debugging.
	    
Tinderbox User's avatar
Tinderbox User committed
276 277
	  </p>
	</dd>
Tinderbox User's avatar
Tinderbox User committed
278
<dt><span class="term">-p <em class="replaceable"><code>port</code></em></span></dt>
Tinderbox User's avatar
Tinderbox User committed
279 280
<dd>
	  <p>
Tinderbox User's avatar
Tinderbox User committed
281
	    Send the query to a non-standard port on the server,
Tinderbox User's avatar
Tinderbox User committed
282
	    instead of the default port 53. This option would be used
Tinderbox User's avatar
Tinderbox User committed
283 284
	    to test a name server that has been configured to listen
	    for queries on a non-standard port number.
Tinderbox User's avatar
Tinderbox User committed
285 286
	  </p>
	</dd>
Tinderbox User's avatar
Tinderbox User committed
287
<dt><span class="term">-q <em class="replaceable"><code>name</code></em></span></dt>
Tinderbox User's avatar
Tinderbox User committed
288 289
<dd>
	  <p>
Tinderbox User's avatar
Tinderbox User committed
290 291
	    The domain name to query. This is useful to distinguish
	    the <em class="parameter"><code>name</code></em> from other arguments.
Tinderbox User's avatar
Tinderbox User committed
292 293
	  </p>
	</dd>
Tinderbox User's avatar
Tinderbox User committed
294
<dt><span class="term">-t <em class="replaceable"><code>type</code></em></span></dt>
Tinderbox User's avatar
Tinderbox User committed
295 296
<dd>
	  <p>
Tinderbox User's avatar
Tinderbox User committed
297 298 299 300 301 302 303 304 305 306 307
	    The resource record type to query. It can be any valid query type
	    which is
	    supported in BIND 9.  The default query type is "A", unless the
	    <code class="option">-x</code> option is supplied to indicate a reverse lookup.
	    A zone transfer can be requested by specifying a type of AXFR.  When
	    an incremental zone transfer (IXFR) is required, set the
	    <em class="parameter"><code>type</code></em> to <code class="literal">ixfr=N</code>.
	    The incremental zone transfer will contain the changes
	    made to the zone since the serial number in the zone's SOA
	    record was
	    <em class="parameter"><code>N</code></em>.
Tinderbox User's avatar
Tinderbox User committed
308 309
	  </p>
	</dd>
Tinderbox User's avatar
Tinderbox User committed
310
<dt><span class="term">-v</span></dt>
Tinderbox User's avatar
Tinderbox User committed
311 312
<dd>
	  <p>
Tinderbox User's avatar
Tinderbox User committed
313
	    Print the version number and exit.
Tinderbox User's avatar
Tinderbox User committed
314 315
	  </p>
	</dd>
Tinderbox User's avatar
Tinderbox User committed
316
<dt><span class="term">-x <em class="replaceable"><code>addr</code></em></span></dt>
Tinderbox User's avatar
Tinderbox User committed
317 318
<dd>
	  <p>
Tinderbox User's avatar
Tinderbox User committed
319 320 321 322 323 324 325
	    Simplified reverse lookups, for mapping addresses to
	    names. The <em class="parameter"><code>addr</code></em> is an IPv4 address
	    in dotted-decimal notation, or a colon-delimited IPv6
	    address. When the <code class="option">-x</code> is used, there is no
	    need to provide
	    the <em class="parameter"><code>name</code></em>, <em class="parameter"><code>class</code></em>
	    and <em class="parameter"><code>type</code></em>
Evan Hunt's avatar
Evan Hunt committed
326
	    arguments. <span class="command"><strong>dig</strong></span> automatically performs a
Tinderbox User's avatar
Tinderbox User committed
327 328 329 330 331 332
	    lookup for a name like
	    <code class="literal">94.2.0.192.in-addr.arpa</code> and sets the
	    query type and class to PTR and IN respectively. IPv6
	    addresses are looked up using nibble format under the
	    IP6.ARPA domain (but see also the <code class="option">-i</code>
	    option).
Tinderbox User's avatar
Tinderbox User committed
333 334
	  </p>
	</dd>
Tinderbox User's avatar
Tinderbox User committed
335 336
<dt><span class="term">-y <em class="replaceable"><code>[<span class="optional">hmac:</span>]keyname:secret</code></em></span></dt>
<dd>
Tinderbox User's avatar
Tinderbox User committed
337
	  <p>
Tinderbox User's avatar
Tinderbox User committed
338 339 340 341 342 343 344 345
	    Sign queries using TSIG with the given authentication key.
	    <em class="parameter"><code>keyname</code></em> is the name of the key, and
	    <em class="parameter"><code>secret</code></em> is the base64 encoded shared secret.
	    <em class="parameter"><code>hmac</code></em> is the name of the key algorithm;
	    valid choices are <code class="literal">hmac-md5</code>,
	    <code class="literal">hmac-sha1</code>, <code class="literal">hmac-sha224</code>,
	    <code class="literal">hmac-sha256</code>, <code class="literal">hmac-sha384</code>, or
	    <code class="literal">hmac-sha512</code>.  If <em class="parameter"><code>hmac</code></em>
Tinderbox User's avatar
Tinderbox User committed
346 347
	    is not specified, the default is <code class="literal">hmac-md5</code>
	    or if MD5 was disabled <code class="literal">hmac-sha256</code>.
Tinderbox User's avatar
Tinderbox User committed
348
	  </p>
Tinderbox User's avatar
Tinderbox User committed
349
	  <p>
Tinderbox User's avatar
Tinderbox User committed
350 351 352 353 354
	    NOTE: You should use the <code class="option">-k</code> option and
	    avoid the <code class="option">-y</code> option, because
	    with <code class="option">-y</code> the shared secret is supplied as
	    a command line argument in clear text. This may be visible
	    in the output from
Tinderbox User's avatar
Tinderbox User committed
355 356 357
	    <span class="citerefentry">
	      <span class="refentrytitle">ps</span>(1)
	    </span>
Tinderbox User's avatar
Tinderbox User committed
358 359
	    or in a history file maintained by the user's shell.
	  </p>
Tinderbox User's avatar
Tinderbox User committed
360
	</dd>
Tinderbox User's avatar
Tinderbox User committed
361
</dl></div>
Tinderbox User's avatar
Tinderbox User committed
362 363 364
  </div>

  <div class="refsection">
Tinderbox User's avatar
Tinderbox User committed
365
<a name="id-1.14.2.10"></a><h2>QUERY OPTIONS</h2>
Tinderbox User's avatar
Tinderbox User committed
366 367 368


    <p><span class="command"><strong>dig</strong></span>
Mark Andrews's avatar
gregen  
Mark Andrews committed
369 370 371 372 373 374
      provides a number of query options which affect
      the way in which lookups are made and the results displayed.  Some of
      these set or reset flag bits in the query header, some determine which
      sections of the answer get printed, and others determine the timeout
      and retry strategies.
    </p>
Tinderbox User's avatar
Tinderbox User committed
375 376

    <p>
Mark Andrews's avatar
gregen  
Mark Andrews committed
377 378 379 380 381 382 383
      Each query option is identified by a keyword preceded by a plus sign
      (<code class="literal">+</code>).  Some keywords set or reset an
      option.  These may be preceded
      by the string <code class="literal">no</code> to negate the meaning of
      that keyword.  Other
      keywords assign values to options like the timeout interval.  They
      have the form <code class="option">+keyword=value</code>.
Tinderbox User's avatar
Tinderbox User committed
384 385 386
      Keywords may be abbreviated, provided the abbreviation is
      unambiguous; for example, <code class="literal">+cd</code> is equivalent
      to <code class="literal">+cdflag</code>.
Mark Andrews's avatar
gregen  
Mark Andrews committed
387 388 389
      The query options are:

      </p>
Tinderbox User's avatar
Tinderbox User committed
390
<div class="variablelist"><dl class="variablelist">
Tinderbox User's avatar
Tinderbox User committed
391
<dt><span class="term"><code class="option">+[no]aaflag</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
392 393
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
394
	      A synonym for <em class="parameter"><code>+[no]aaonly</code></em>.
Tinderbox User's avatar
Tinderbox User committed
395 396
	    </p>
	  </dd>
Mark Andrews's avatar
gregen  
Mark Andrews committed
397
<dt><span class="term"><code class="option">+[no]aaonly</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
398 399
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
400
	      Sets the "aa" flag in the query.
Tinderbox User's avatar
Tinderbox User committed
401 402
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
403
<dt><span class="term"><code class="option">+[no]additional</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
404 405
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
406 407
	      Display [do not display] the additional section of a
	      reply.  The default is to display it.
Tinderbox User's avatar
Tinderbox User committed
408 409
	    </p>
	  </dd>
Mark Andrews's avatar
gregen  
Mark Andrews committed
410
<dt><span class="term"><code class="option">+[no]adflag</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
411 412
<dd>
	    <p>
Automatic Updater's avatar
regen  
Automatic Updater committed
413 414 415 416 417 418 419
	      Set [do not set] the AD (authentic data) bit in the
	      query.  This requests the server to return whether
	      all of the answer and authority sections have all
	      been validated as secure according to the security
	      policy of the server.  AD=1 indicates that all records
	      have been validated as secure and the answer is not
	      from a OPT-OUT range.  AD=0 indicate that some part
Automatic Updater's avatar
Automatic Updater committed
420 421
	      of the answer was insecure or not validated.  This
	      bit is set by default.
Tinderbox User's avatar
Tinderbox User committed
422 423
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
424
<dt><span class="term"><code class="option">+[no]all</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
425 426
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
427
	      Set or clear all display flags.
Tinderbox User's avatar
Tinderbox User committed
428 429
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
430
<dt><span class="term"><code class="option">+[no]answer</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
431 432
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
433 434
	      Display [do not display] the answer section of a
	      reply.  The default is to display it.
Tinderbox User's avatar
Tinderbox User committed
435 436
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
437
<dt><span class="term"><code class="option">+[no]authority</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
438 439
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
440 441
	      Display [do not display] the authority section of a
	      reply.  The default is to display it.
Tinderbox User's avatar
Tinderbox User committed
442 443
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
444
<dt><span class="term"><code class="option">+[no]badcookie</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
445 446
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
447 448
	      Retry lookup with the new server cookie if a
	      BADCOOKIE response is received.
Tinderbox User's avatar
Tinderbox User committed
449 450
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
451
<dt><span class="term"><code class="option">+[no]besteffort</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
452 453
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
454 455 456
	      Attempt to display the contents of messages which are
	      malformed.  The default is to not display malformed
	      answers.
Tinderbox User's avatar
Tinderbox User committed
457 458
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
459
<dt><span class="term"><code class="option">+bufsize=B</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
460 461
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
462 463 464 465 466 467
	      Set the UDP message buffer size advertised using EDNS0
	      to <em class="parameter"><code>B</code></em> bytes.  The maximum and
	      minimum sizes of this buffer are 65535 and 0 respectively.
	      Values outside this range are rounded up or down
	      appropriately.  Values other than zero will cause a
	      EDNS query to be sent.
Tinderbox User's avatar
Tinderbox User committed
468 469
	    </p>
	  </dd>
Mark Andrews's avatar
gregen  
Mark Andrews committed
470
<dt><span class="term"><code class="option">+[no]cdflag</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
471 472
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
473 474 475
	      Set [do not set] the CD (checking disabled) bit in
	      the query.  This requests the server to not perform
	      DNSSEC validation of responses.
Tinderbox User's avatar
Tinderbox User committed
476 477
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
478
<dt><span class="term"><code class="option">+[no]class</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
479 480
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
481 482
	      Display [do not display] the CLASS when printing the
	      record.
Tinderbox User's avatar
Tinderbox User committed
483 484
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
485
<dt><span class="term"><code class="option">+[no]cmd</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
486 487
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
488
	      Toggles the printing of the initial comment in the
Evan Hunt's avatar
Evan Hunt committed
489
	      output identifying the version of <span class="command"><strong>dig</strong></span>
Tinderbox User's avatar
Tinderbox User committed
490 491
	      and the query options that have been applied.  This
	      comment is printed by default.
Tinderbox User's avatar
Tinderbox User committed
492 493
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
494
<dt><span class="term"><code class="option">+[no]comments</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
495 496
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
497 498
	      Toggle the display of comment lines in the output.
	      The default is to print comments.
Tinderbox User's avatar
Tinderbox User committed
499 500
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
501 502
<dt><span class="term"><code class="option">+[no]cookie[<span class="optional">=####</span>]</code></span></dt>
<dd>
Tinderbox User's avatar
Tinderbox User committed
503
	    <p>
Tinderbox User's avatar
Tinderbox User committed
504 505 506 507 508
	      Send a COOKIE EDNS option, with optional
	      value.  Replaying a COOKIE from a previous response will
	      allow the server to identify a previous client.  The
	      default is <code class="option">+cookie</code>.
	    </p>
Tinderbox User's avatar
Tinderbox User committed
509
	    <p>
Evan Hunt's avatar
Evan Hunt committed
510
	      <span class="command"><strong>+cookie</strong></span> is also set when +trace
Tinderbox User's avatar
Tinderbox User committed
511 512 513
	      is set to better emulate the default queries from a
	      nameserver.
	    </p>
Tinderbox User's avatar
Tinderbox User committed
514
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
515
<dt><span class="term"><code class="option">+[no]crypto</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
516 517
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
518 519 520 521 522 523 524 525
	      Toggle the display of cryptographic fields in DNSSEC
	      records.  The contents of these field are unnecessary
	      to debug most DNSSEC validation failures and removing
	      them makes it easier to see the common failures.  The
	      default is to display the fields.  When omitted they
	      are replaced by the string "[omitted]" or in the
	      DNSKEY case the key id is displayed as the replacement,
	      e.g. "[ key id = value ]".
Tinderbox User's avatar
Tinderbox User committed
526 527
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
528
<dt><span class="term"><code class="option">+[no]defname</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
529 530
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
531 532
	      Deprecated, treated as a synonym for
	      <em class="parameter"><code>+[no]search</code></em>
Tinderbox User's avatar
Tinderbox User committed
533 534
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
535
<dt><span class="term"><code class="option">+[no]dnssec</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
536 537
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
538 539 540
	      Requests DNSSEC records be sent by setting the DNSSEC
	      OK bit (DO) in the OPT record in the additional section
	      of the query.
Tinderbox User's avatar
Tinderbox User committed
541 542
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
543
<dt><span class="term"><code class="option">+domain=somename</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
544 545
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
546 547
	      Set the search list to contain the single domain
	      <em class="parameter"><code>somename</code></em>, as if specified in
Evan Hunt's avatar
Evan Hunt committed
548
	      a <span class="command"><strong>domain</strong></span> directive in
Tinderbox User's avatar
Tinderbox User committed
549 550 551
	      <code class="filename">/etc/resolv.conf</code>, and enable
	      search list processing as if the
	      <em class="parameter"><code>+search</code></em> option were given.
Tinderbox User's avatar
Tinderbox User committed
552 553
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
554
<dt><span class="term"><code class="option">+dscp=value</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
555 556
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
557 558
	      Set the DSCP code point to be used when sending the
	      query.  Valid DSCP code points are in the range
Tinderbox User's avatar
Tinderbox User committed
559
	      [0..63].  By default no code point is explicitly set.
Tinderbox User's avatar
Tinderbox User committed
560 561
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
562
<dt><span class="term"><code class="option">+[no]edns[=#]</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
563 564
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
565 566 567 568 569
	       Specify the EDNS version to query with.  Valid values
	       are 0 to 255.  Setting the EDNS version will cause
	       a EDNS query to be sent.  <code class="option">+noedns</code>
	       clears the remembered EDNS version.  EDNS is set to
	       0 by default.
Tinderbox User's avatar
Tinderbox User committed
570 571
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
572
<dt><span class="term"><code class="option">+[no]ednsflags[=#]</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
573 574
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
575 576 577 578
	      Set the must-be-zero EDNS flags bits (Z bits) to the
	      specified value. Decimal, hex and octal encodings are
	      accepted. Setting a named flag (e.g. DO) will silently be
	      ignored. By default, no Z bits are set.
Tinderbox User's avatar
Tinderbox User committed
579 580
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
581
<dt><span class="term"><code class="option">+[no]ednsnegotiation</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
582 583
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
584 585
	      Enable / disable EDNS version negotiation. By default
	      EDNS version negotiation is enabled.
Tinderbox User's avatar
Tinderbox User committed
586 587
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
588
<dt><span class="term"><code class="option">+[no]ednsopt[=code[:value]]</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
589 590
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
591 592
	      Specify EDNS option with code point <code class="option">code</code>
	      and optionally payload of <code class="option">value</code> as a
Tinderbox User's avatar
Tinderbox User committed
593 594 595 596
	      hexadecimal string.  <code class="option">code</code> can be
	      either an EDNS option name (for example,
	      <code class="literal">NSID</code> or <code class="literal">ECS</code>),
	      or an arbitrary numeric value.  <code class="option">+noednsopt</code>
Tinderbox User's avatar
Tinderbox User committed
597
	      clears the EDNS options to be sent.
Tinderbox User's avatar
Tinderbox User committed
598 599
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
600
<dt><span class="term"><code class="option">+[no]expire</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
601 602
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
603
	      Send an EDNS Expire option.
Tinderbox User's avatar
Tinderbox User committed
604 605
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
606
<dt><span class="term"><code class="option">+[no]fail</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
607 608
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
609 610 611
	      Do not try the next server if you receive a SERVFAIL.
	      The default is to not try the next server which is
	      the reverse of normal stub resolver behavior.
Tinderbox User's avatar
Tinderbox User committed
612 613
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
614
<dt><span class="term"><code class="option">+[no]header-only</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
615 616
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
617 618 619
	      Send a query with a DNS header without a question section.
	      The default is to add a question section.  The query type
	      and query name are ignored when this is set.
Tinderbox User's avatar
Tinderbox User committed
620 621
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
622
<dt><span class="term"><code class="option">+[no]identify</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
623 624
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
625 626 627 628 629 630
	      Show [or do not show] the IP address and port number
	      that supplied the answer when the
	      <em class="parameter"><code>+short</code></em> option is enabled.  If
	      short form answers are requested, the default is not
	      to show the source address and port number of the
	      server that provided the answer.
Tinderbox User's avatar
Tinderbox User committed
631 632
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
633
<dt><span class="term"><code class="option">+[no]idnout</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
634 635
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
636 637 638
	      Convert [do not convert] puny code on output.
	      This requires IDN SUPPORT to have been enabled at
	      compile time.  The default is to convert output.
Tinderbox User's avatar
Tinderbox User committed
639 640
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
641
<dt><span class="term"><code class="option">+[no]ignore</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
642 643
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
644 645
	      Ignore truncation in UDP responses instead of retrying
	      with TCP.  By default, TCP retries are performed.
Tinderbox User's avatar
Tinderbox User committed
646 647
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
648
<dt><span class="term"><code class="option">+[no]keepopen</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
649 650
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
651 652 653
	      Keep the TCP socket open between queries and reuse
	      it rather than creating a new TCP socket for each
	      lookup.  The default is <code class="option">+nokeepopen</code>.
Tinderbox User's avatar
Tinderbox User committed
654 655
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
656
<dt><span class="term"><code class="option">+[no]mapped</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
657 658
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
659 660
	      Allow mapped IPv4 over IPv6 addresses to be used.  The
	      default is <code class="option">+mapped</code>.
Tinderbox User's avatar
Tinderbox User committed
661 662
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
663
<dt><span class="term"><code class="option">+[no]multiline</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
664 665
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
666 667 668
	      Print records like the SOA records in a verbose
	      multi-line format with human-readable comments.  The
	      default is to print each record on a single line, to
Evan Hunt's avatar
Evan Hunt committed
669
	      facilitate machine parsing of the <span class="command"><strong>dig</strong></span>
Tinderbox User's avatar
Tinderbox User committed
670
	      output.
Tinderbox User's avatar
Tinderbox User committed
671 672
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
673
<dt><span class="term"><code class="option">+ndots=D</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
674 675
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
676 677 678 679 680 681 682 683 684
	      Set the number of dots that have to appear in
	      <em class="parameter"><code>name</code></em> to <em class="parameter"><code>D</code></em>
	      for it to be considered absolute.  The default value
	      is that defined using the ndots statement in
	      <code class="filename">/etc/resolv.conf</code>, or 1 if no
	      ndots statement is present.  Names with fewer dots
	      are interpreted as relative names and will be searched
	      for in the domains listed in the <code class="option">search</code>
	      or <code class="option">domain</code> directive in
Tinderbox User's avatar
Tinderbox User committed
685 686
	      <code class="filename">/etc/resolv.conf</code> if
	      <code class="option">+search</code> is set.
Tinderbox User's avatar
Tinderbox User committed
687 688
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
689
<dt><span class="term"><code class="option">+[no]nsid</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
690 691
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
692 693
	      Include an EDNS name server ID request when sending
	      a query.
Tinderbox User's avatar
Tinderbox User committed
694 695
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
696
<dt><span class="term"><code class="option">+[no]nssearch</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
697 698
<dd>
	    <p>
Evan Hunt's avatar
Evan Hunt committed
699
	      When this option is set, <span class="command"><strong>dig</strong></span>
Tinderbox User's avatar
Tinderbox User committed
700 701 702 703
	      attempts to find the authoritative name servers for
	      the zone containing the name being looked up and
	      display the SOA record that each name server has for
	      the zone.
Tinderbox User's avatar
Tinderbox User committed
704 705
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
706
<dt><span class="term"><code class="option">+[no]onesoa</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
707 708
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
709 710 711
	      Print only one (starting) SOA record when performing
	      an AXFR. The default is to print both the starting
	      and ending SOA records.
Tinderbox User's avatar
Tinderbox User committed
712 713
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
714
<dt><span class="term"><code class="option">+[no]opcode=value</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
715 716
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
717 718
	      Set [restore] the DNS message opcode to the specified
	      value.  The default value is QUERY (0).
Tinderbox User's avatar
Tinderbox User committed
719 720
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
721 722 723 724 725 726 727 728 729 730 731 732 733 734
<dt><span class="term"><code class="option">+padding=value</code></span></dt>
<dd>
	    <p>
	      Pad the size of the query packet using the EDNS Padding option
	      to blocks of <em class="parameter"><code>value</code></em> bytes. For example,
	      <code class="option">+padding=32</code> would cause a 48-byte query to
	      be padded to 64 bytes.  The default block size is 0, which
	      disables padding. The maximum is 512. Values are
	      ordinarily expected to be powers of two, such as 128;
	      however, this is not mandatory.  Responses to
	      padded queries may also be padded, but only if the query
	      uses TCP or DNS COOKIE.
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
735
<dt><span class="term"><code class="option">+[no]qr</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
736 737
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
738 739
	      Print [do not print] the query as it is sent.  By
	      default, the query is not printed.
Tinderbox User's avatar
Tinderbox User committed
740 741
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
742
<dt><span class="term"><code class="option">+[no]question</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
743 744
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
745 746 747
	      Print [do not print] the question section of a query
	      when an answer is returned.  The default is to print
	      the question section as a comment.
Tinderbox User's avatar
Tinderbox User committed
748 749
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
750
<dt><span class="term"><code class="option">+[no]rdflag</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
751 752
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
753
	      A synonym for <em class="parameter"><code>+[no]recurse</code></em>.
Tinderbox User's avatar
Tinderbox User committed
754 755
	    </p>
	  </dd>
Mark Andrews's avatar
gregen  
Mark Andrews committed
756
<dt><span class="term"><code class="option">+[no]recurse</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
757 758
<dd>
	    <p>
Automatic Updater's avatar
Automatic Updater committed
759 760
	      Toggle the setting of the RD (recursion desired) bit
	      in the query.  This bit is set by default, which means
Evan Hunt's avatar
Evan Hunt committed
761
	      <span class="command"><strong>dig</strong></span> normally sends recursive
Automatic Updater's avatar
Automatic Updater committed
762 763 764
	      queries.  Recursion is automatically disabled when
	      the <em class="parameter"><code>+nssearch</code></em> or
	      <em class="parameter"><code>+trace</code></em> query options are used.
Tinderbox User's avatar
Tinderbox User committed
765 766
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
767
<dt><span class="term"><code class="option">+retry=T</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
768 769
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
770 771 772 773
	      Sets the number of times to retry UDP queries to
	      server to <em class="parameter"><code>T</code></em> instead of the
	      default, 2.  Unlike <em class="parameter"><code>+tries</code></em>,
	      this does not include the initial query.
Tinderbox User's avatar
Tinderbox User committed
774 775
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
776
<dt><span class="term"><code class="option">+[no]rrcomments</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
777 778
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
779 780 781 782
	      Toggle the display of per-record comments in the
	      output (for example, human-readable key information
	      about DNSKEY records).  The default is not to print
	      record comments unless multiline mode is active.
Tinderbox User's avatar
Tinderbox User committed
783 784
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
785
<dt><span class="term"><code class="option">+[no]search</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
786
<dd>
Tinderbox User's avatar
Tinderbox User committed
787
	    <p>
Tinderbox User's avatar
Tinderbox User committed
788 789 790 791
	      Use [do not use] the search list defined by the
	      searchlist or domain directive in
	      <code class="filename">resolv.conf</code> (if any).  The search
	      list is not used by default.
Tinderbox User's avatar
Tinderbox User committed
792
	    </p>
Tinderbox User's avatar
Tinderbox User committed
793
	    <p>
Tinderbox User's avatar
Tinderbox User committed
794 795 796 797 798 799
	      'ndots' from <code class="filename">resolv.conf</code> (default 1)
	       which may be overridden by <em class="parameter"><code>+ndots</code></em>
	      determines if the name will be treated as relative
	      or not and hence whether a search is eventually
	      performed or not.
	    </p>
Tinderbox User's avatar
Tinderbox User committed
800
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
801
<dt><span class="term"><code class="option">+[no]short</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
802 803
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
804 805
	      Provide a terse answer.  The default is to print the
	      answer in a verbose form.
Tinderbox User's avatar
Tinderbox User committed
806 807
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
808
<dt><span class="term"><code class="option">+[no]showsearch</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
809 810
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
811 812
	      Perform [do not perform] a search showing intermediate
	      results.
Tinderbox User's avatar
Tinderbox User committed
813 814
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
815
<dt><span class="term"><code class="option">+[no]sigchase</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
816 817
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
818 819 820
	      Chase DNSSEC signature chains. Requires dig be compiled
	      with -DDIG_SIGCHASE. This feature is deprecated.
	      Use <span class="command"><strong>delv</strong></span> instead.
Tinderbox User's avatar
Tinderbox User committed
821 822
	    </p>
	  </dd>
Automatic Updater's avatar
Automatic Updater committed
823
<dt><span class="term"><code class="option">+split=W</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
824 825
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
826 827 828 829 830 831 832 833
	      Split long hex- or base64-formatted fields in resource
	      records into chunks of <em class="parameter"><code>W</code></em>
	      characters (where <em class="parameter"><code>W</code></em> is rounded
	      up to the nearest multiple of 4).
	      <em class="parameter"><code>+nosplit</code></em> or
	      <em class="parameter"><code>+split=0</code></em> causes fields not to
	      be split at all.  The default is 56 characters, or
	      44 characters when multiline mode is active.
Tinderbox User's avatar
Tinderbox User committed
834 835
	    </p>
	  </dd>
Mark Andrews's avatar
gregen  
Mark Andrews committed
836
<dt><span class="term"><code class="option">+[no]stats</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
837 838
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
839 840 841 842
	      This query option toggles the printing of statistics:
	      when the query was made, the size of the reply and
	      so on.  The default behavior is to print the query
	      statistics.
Tinderbox User's avatar
Tinderbox User committed
843 844
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
845
<dt><span class="term"><code class="option">+[no]subnet=addr[/prefix-length]</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
846
<dd>
Tinderbox User's avatar
Tinderbox User committed
847
	    <p>
Tinderbox User's avatar
Tinderbox User committed
848
	      Send (don't send) an EDNS Client Subnet option with the
Tinderbox User's avatar
Tinderbox User committed
849
	      specified IP address or network prefix.
Tinderbox User's avatar
Tinderbox User committed
850
	    </p>
Tinderbox User's avatar
Tinderbox User committed
851
	    <p>
Tinderbox User's avatar
Tinderbox User committed
852 853 854 855 856 857 858
	      <span class="command"><strong>dig +subnet=0.0.0.0/0</strong></span>, or simply
	      <span class="command"><strong>dig +subnet=0</strong></span> for short, sends an EDNS
	      CLIENT-SUBNET option with an empty address and a source
	      prefix-length of zero, which signals a resolver that
	      the client's address information must
	      <span class="emphasis"><em>not</em></span> be used when resolving
	      this query.
Tinderbox User's avatar
Tinderbox User committed
859
	    </p>
Tinderbox User's avatar
Tinderbox User committed
860
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
861
<dt><span class="term"><code class="option">+[no]tcp</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
862 863
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
864
	      Use [do not use] TCP when querying name servers. The
Tinderbox User's avatar
Tinderbox User committed
865 866 867 868
	      default behavior is to use UDP unless a type
	      <code class="literal">any</code> or <code class="literal">ixfr=N</code>
	      query is requested, in which case the default is TCP.
	      AXFR queries always use TCP.
Tinderbox User's avatar
Tinderbox User committed
869 870
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
871
<dt><span class="term"><code class="option">+timeout=T</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
872 873
<dd>
	    <p>
Mark Andrews's avatar
gregen  
Mark Andrews committed
874

Tinderbox User's avatar
Tinderbox User committed
875 876
	      Sets the timeout for a query to
	      <em class="parameter"><code>T</code></em> seconds.  The default
Mark Andrews's avatar
regen  
Mark Andrews committed
877
	      timeout is 5 seconds.
Tinderbox User's avatar
Tinderbox User committed
878 879 880
	      An attempt to set <em class="parameter"><code>T</code></em> to less
	      than 1 will result
	      in a query timeout of 1 second being applied.
Tinderbox User's avatar
Tinderbox User committed
881 882
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
883
<dt><span class="term"><code class="option">+[no]topdown</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
884 885
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
886 887
	      When chasing DNSSEC signature chains perform a top-down
	      validation.  Requires dig be compiled with -DDIG_SIGCHASE.
Tinderbox User's avatar
Tinderbox User committed
888
	      This feature is deprecated. Use <span class="command"><strong>delv</strong></span> instead.
Tinderbox User's avatar
Tinderbox User committed
889 890
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
891 892
<dt><span class="term"><code class="option">+[no]trace</code></span></dt>
<dd>
Tinderbox User's avatar
Tinderbox User committed
893
	    <p>
Tinderbox User's avatar
Tinderbox User committed
894 895 896
	      Toggle tracing of the delegation path from the root
	      name servers for the name being looked up.  Tracing
	      is disabled by default.  When tracing is enabled,
Evan Hunt's avatar
Evan Hunt committed
897
	      <span class="command"><strong>dig</strong></span> makes iterative queries to
Tinderbox User's avatar
Tinderbox User committed
898 899 900
	      resolve the name being looked up.  It will follow
	      referrals from the root servers, showing the answer
	      from each server that was used to resolve the lookup.
Tinderbox User's avatar
Tinderbox User committed
901
	    </p> <p>
Tinderbox User's avatar
Tinderbox User committed
902 903
	      If @server is also specified, it affects only the
	      initial query for the root zone name servers.
Tinderbox User's avatar
Tinderbox User committed
904
	    </p> <p>
Evan Hunt's avatar
Evan Hunt committed
905
	      <span class="command"><strong>+dnssec</strong></span> is also set when +trace
Tinderbox User's avatar
Tinderbox User committed
906 907 908
	      is set to better emulate the default queries from a
	      nameserver.
	    </p>
Tinderbox User's avatar
Tinderbox User committed
909
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
910
<dt><span class="term"><code class="option">+tries=T</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
911 912
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
913 914 915 916 917
	      Sets the number of times to try UDP queries to server
	      to <em class="parameter"><code>T</code></em> instead of the default,
	      3.  If <em class="parameter"><code>T</code></em> is less than or equal
	      to zero, the number of tries is silently rounded up
	      to 1.
Tinderbox User's avatar
Tinderbox User committed