dig.1 23.5 KB
Newer Older
Tinderbox User's avatar
Tinderbox User committed
1
.\" Copyright (C) 2000-2011, 2013-2016 Internet Systems Consortium, Inc. ("ISC")
Rob Austein's avatar
regen  
Rob Austein committed
2
.\" 
Tinderbox User's avatar
Tinderbox User committed
3 4 5
.\" This Source Code Form is subject to the terms of the Mozilla Public
.\" License, v. 2.0. If a copy of the MPL was not distributed with this
.\" file, You can obtain one at http://mozilla.org/MPL/2.0/.
Rob Austein's avatar
regen  
Rob Austein committed
6
.\"
Rob Austein's avatar
regen  
Rob Austein committed
7 8
.hy 0
.ad l
Tinderbox User's avatar
Tinderbox User committed
9
'\" t
Automatic Updater's avatar
regen  
Automatic Updater committed
10
.\"     Title: dig
Tinderbox User's avatar
Tinderbox User committed
11
.\"    Author: 
Tinderbox User's avatar
Tinderbox User committed
12
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
Tinderbox User's avatar
Tinderbox User committed
13
.\"      Date: 2014-02-19
Automatic Updater's avatar
regen  
Automatic Updater committed
14
.\"    Manual: BIND9
Tinderbox User's avatar
Tinderbox User committed
15 16
.\"    Source: ISC
.\"  Language: English
Automatic Updater's avatar
regen  
Automatic Updater committed
17
.\"
Tinderbox User's avatar
Tinderbox User committed
18 19 20 21 22 23 24 25 26 27 28 29 30
.TH "DIG" "1" "2014\-02\-19" "ISC" "BIND9"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
Automatic Updater's avatar
regen  
Automatic Updater committed
31 32 33 34
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
Tinderbox User's avatar
Tinderbox User committed
35 36 37
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
Automatic Updater's avatar
regen  
Automatic Updater committed
38
.SH "NAME"
39
dig \- DNS lookup utility
Rob Austein's avatar
regen  
Rob Austein committed
40
.SH "SYNOPSIS"
Tinderbox User's avatar
Tinderbox User committed
41
.HP \w'\fBdig\fR\ 'u
Tinderbox User's avatar
Tinderbox User committed
42
\fBdig\fR [@server] [\fB\-b\ \fR\fB\fIaddress\fR\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-f\ \fR\fB\fIfilename\fR\fR] [\fB\-k\ \fR\fB\fIfilename\fR\fR] [\fB\-m\fR] [\fB\-p\ \fR\fB\fIport#\fR\fR] [\fB\-q\ \fR\fB\fIname\fR\fR] [\fB\-t\ \fR\fB\fItype\fR\fR] [\fB\-v\fR] [\fB\-x\ \fR\fB\fIaddr\fR\fR] [\fB\-y\ \fR\fB\fI[hmac:]\fR\fIname:key\fR\fR] [\fB\-4\fR] [\fB\-6\fR] [name] [type] [class] [queryopt...]
Tinderbox User's avatar
Tinderbox User committed
43
.HP \w'\fBdig\fR\ 'u
Rob Austein's avatar
regen  
Rob Austein committed
44
\fBdig\fR [\fB\-h\fR]
Tinderbox User's avatar
Tinderbox User committed
45
.HP \w'\fBdig\fR\ 'u
Rob Austein's avatar
regen  
Rob Austein committed
46
\fBdig\fR [global\-queryopt...] [query...]
47 48
.SH "DESCRIPTION"
.PP
Automatic Updater's avatar
regen  
Automatic Updater committed
49
\fBdig\fR
Tinderbox User's avatar
Tinderbox User committed
50
(domain information groper) is a flexible tool for interrogating DNS name servers\&. It performs DNS lookups and displays the answers that are returned from the name server(s) that were queried\&. Most DNS administrators use
Automatic Updater's avatar
regen  
Automatic Updater committed
51
\fBdig\fR
Tinderbox User's avatar
Tinderbox User committed
52 53
to troubleshoot DNS problems because of its flexibility, ease of use and clarity of output\&. Other lookup tools tend to have less functionality than
\fBdig\fR\&.
54
.PP
Automatic Updater's avatar
regen  
Automatic Updater committed
55 56
Although
\fBdig\fR
Tinderbox User's avatar
Tinderbox User committed
57
is normally used with command\-line arguments, it also has a batch mode of operation for reading lookup requests from a file\&. A brief summary of its command\-line arguments and options is printed when the
Automatic Updater's avatar
regen  
Automatic Updater committed
58
\fB\-h\fR
Tinderbox User's avatar
Tinderbox User committed
59
option is given\&. Unlike earlier versions, the BIND 9 implementation of
Automatic Updater's avatar
regen  
Automatic Updater committed
60
\fBdig\fR
Tinderbox User's avatar
Tinderbox User committed
61
allows multiple lookups to be issued from the command line\&.
62
.PP
Automatic Updater's avatar
regen  
Automatic Updater committed
63 64 65
Unless it is told to query a specific name server,
\fBdig\fR
will try each of the servers listed in
Tinderbox User's avatar
Tinderbox User committed
66
/etc/resolv\&.conf\&. If no usable server addresses are found,
Tinderbox User's avatar
Tinderbox User committed
67
\fBdig\fR
Tinderbox User's avatar
Tinderbox User committed
68
will send the query to the local host\&.
69
.PP
Automatic Updater's avatar
regen  
Automatic Updater committed
70 71
When no command line arguments or options are given,
\fBdig\fR
Tinderbox User's avatar
Tinderbox User committed
72
will perform an NS query for "\&." (the root)\&.
Andreas Gustafsson's avatar
Andreas Gustafsson committed
73
.PP
Automatic Updater's avatar
regen  
Automatic Updater committed
74 75 76
It is possible to set per\-user defaults for
\fBdig\fR
via
Tinderbox User's avatar
Tinderbox User committed
77
${HOME}/\&.digrc\&. This file is read and any options in it are applied before the command line arguments\&.
Mark Andrews's avatar
regen  
Mark Andrews committed
78
.PP
Tinderbox User's avatar
Tinderbox User committed
79
The IN and CH class names overlap with the IN and CH top level domain names\&. Either use the
Automatic Updater's avatar
regen  
Automatic Updater committed
80 81 82
\fB\-t\fR
and
\fB\-c\fR
Automatic Updater's avatar
regen  
Automatic Updater committed
83
options to specify the type and class, use the
Automatic Updater's avatar
regen  
Automatic Updater committed
84
\fB\-q\fR
Tinderbox User's avatar
Tinderbox User committed
85
the specify the domain name, or use "IN\&." and "CH\&." when looking up these top level domains\&.
86 87
.SH "SIMPLE USAGE"
.PP
Automatic Updater's avatar
regen  
Automatic Updater committed
88 89 90 91
A typical invocation of
\fBdig\fR
looks like:
.sp
Tinderbox User's avatar
Tinderbox User committed
92
.if n \{\
Automatic Updater's avatar
regen  
Automatic Updater committed
93
.RS 4
Tinderbox User's avatar
Tinderbox User committed
94
.\}
95 96 97
.nf
 dig @server name type 
.fi
Tinderbox User's avatar
Tinderbox User committed
98
.if n \{\
Automatic Updater's avatar
regen  
Automatic Updater committed
99
.RE
Tinderbox User's avatar
Tinderbox User committed
100
.\}
Automatic Updater's avatar
regen  
Automatic Updater committed
101 102 103
.sp
where:
.PP
104
\fBserver\fR
Automatic Updater's avatar
regen  
Automatic Updater committed
105
.RS 4
Tinderbox User's avatar
Tinderbox User committed
106
is the name or IP address of the name server to query\&. This can be an IPv4 address in dotted\-decimal notation or an IPv6 address in colon\-delimited notation\&. When the supplied
Automatic Updater's avatar
regen  
Automatic Updater committed
107 108 109
\fIserver\fR
argument is a hostname,
\fBdig\fR
Tinderbox User's avatar
Tinderbox User committed
110
resolves that name before querying that name server\&.
Tinderbox User's avatar
Tinderbox User committed
111 112
.sp
If no
Automatic Updater's avatar
regen  
Automatic Updater committed
113 114 115 116
\fIserver\fR
argument is provided,
\fBdig\fR
consults
Tinderbox User's avatar
Tinderbox User committed
117
/etc/resolv\&.conf; if an address is found there, it queries the name server at that address\&. If either of the
Tinderbox User's avatar
Tinderbox User committed
118 119 120
\fB\-4\fR
or
\fB\-6\fR
Tinderbox User's avatar
Tinderbox User committed
121
options are in use, then only addresses for the corresponding transport will be tried\&. If no usable addresses are found,
Tinderbox User's avatar
Tinderbox User committed
122
\fBdig\fR
Tinderbox User's avatar
Tinderbox User committed
123
will send the query to the local host\&. The reply from the name server that responds is displayed\&.
Automatic Updater's avatar
regen  
Automatic Updater committed
124 125
.RE
.PP
126
\fBname\fR
Automatic Updater's avatar
regen  
Automatic Updater committed
127
.RS 4
Tinderbox User's avatar
Tinderbox User committed
128
is the name of the resource record that is to be looked up\&.
Automatic Updater's avatar
regen  
Automatic Updater committed
129 130
.RE
.PP
131
\fBtype\fR
Automatic Updater's avatar
regen  
Automatic Updater committed
132
.RS 4
Tinderbox User's avatar
Tinderbox User committed
133
indicates what type of query is required \(em ANY, A, MX, SIG, etc\&.
Automatic Updater's avatar
regen  
Automatic Updater committed
134
\fItype\fR
Tinderbox User's avatar
Tinderbox User committed
135
can be any valid query type\&. If no
Automatic Updater's avatar
regen  
Automatic Updater committed
136 137 138
\fItype\fR
argument is supplied,
\fBdig\fR
Tinderbox User's avatar
Tinderbox User committed
139
will perform a lookup for an A record\&.
Automatic Updater's avatar
regen  
Automatic Updater committed
140
.RE
141 142
.SH "OPTIONS"
.PP
Tinderbox User's avatar
Tinderbox User committed
143 144
\-4
.RS 4
Tinderbox User's avatar
Tinderbox User committed
145
Use IPv4 only\&.
Tinderbox User's avatar
Tinderbox User committed
146
.RE
147
.PP
Tinderbox User's avatar
Tinderbox User committed
148 149
\-6
.RS 4
Tinderbox User's avatar
Tinderbox User committed
150
Use IPv6 only\&.
Tinderbox User's avatar
Tinderbox User committed
151 152 153 154
.RE
.PP
\-b \fIaddress\fR\fI[#port]\fR
.RS 4
Tinderbox User's avatar
Tinderbox User committed
155
Set the source IP address of the query\&. The
Tinderbox User's avatar
Tinderbox User committed
156
\fIaddress\fR
Tinderbox User's avatar
Tinderbox User committed
157
must be a valid address on one of the host\*(Aqs network interfaces, or "0\&.0\&.0\&.0" or "::"\&. An optional port may be specified by appending "#<port>"
Tinderbox User's avatar
Tinderbox User committed
158 159 160 161
.RE
.PP
\-c \fIclass\fR
.RS 4
Tinderbox User's avatar
Tinderbox User committed
162
Set the query class\&. The default
Automatic Updater's avatar
regen  
Automatic Updater committed
163
\fIclass\fR
Tinderbox User's avatar
Tinderbox User committed
164
is IN; other classes are HS for Hesiod records or CH for Chaosnet records\&.
Tinderbox User's avatar
Tinderbox User committed
165
.RE
166
.PP
Tinderbox User's avatar
Tinderbox User committed
167 168 169 170 171
\-f \fIfile\fR
.RS 4
Batch mode:
\fBdig\fR
reads a list of lookup requests to process from the given
Tinderbox User's avatar
Tinderbox User committed
172
\fIfile\fR\&. Each line in the file should be organized in the same way they would be presented as queries to
Automatic Updater's avatar
regen  
Automatic Updater committed
173
\fBdig\fR
Tinderbox User's avatar
Tinderbox User committed
174
using the command\-line interface\&.
Tinderbox User's avatar
Tinderbox User committed
175
.RE
176
.PP
Tinderbox User's avatar
Tinderbox User committed
177 178
\-i
.RS 4
Tinderbox User's avatar
Tinderbox User committed
179
Do reverse IPv6 lookups using the obsolete RFC1886 IP6\&.INT domain, which is no longer in use\&. Obsolete bit string label queries (RFC2874) are not attempted\&.
Tinderbox User's avatar
Tinderbox User committed
180
.RE
Automatic Updater's avatar
regen  
Automatic Updater committed
181
.PP
Tinderbox User's avatar
Tinderbox User committed
182 183
\-k \fIkeyfile\fR
.RS 4
Tinderbox User's avatar
Tinderbox User committed
184 185 186
Sign queries using TSIG using a key read from the given file\&. Key files can be generated using
\fBtsig-keygen\fR(8)\&. When using TSIG authentication with
\fBdig\fR, the name server that is queried needs to know the key and algorithm that is being used\&. In BIND, this is done by providing appropriate
Tinderbox User's avatar
Tinderbox User committed
187 188 189 190
\fBkey\fR
and
\fBserver\fR
statements in
Tinderbox User's avatar
Tinderbox User committed
191
named\&.conf\&.
Tinderbox User's avatar
Tinderbox User committed
192
.RE
193
.PP
Tinderbox User's avatar
Tinderbox User committed
194 195
\-m
.RS 4
Tinderbox User's avatar
Tinderbox User committed
196
Enable memory usage debugging\&.
Tinderbox User's avatar
Tinderbox User committed
197
.RE
Mark Andrews's avatar
regen  
Mark Andrews committed
198
.PP
Tinderbox User's avatar
Tinderbox User committed
199 200
\-p \fIport\fR
.RS 4
Tinderbox User's avatar
Tinderbox User committed
201
Send the query to a non\-standard port on the server, instead of the default port 53\&. This option would be used to test a name server that has been configured to listen for queries on a non\-standard port number\&.
Tinderbox User's avatar
Tinderbox User committed
202 203 204 205
.RE
.PP
\-q \fIname\fR
.RS 4
Tinderbox User's avatar
Tinderbox User committed
206
The domain name to query\&. This is useful to distinguish the
Tinderbox User's avatar
Tinderbox User committed
207
\fIname\fR
Tinderbox User's avatar
Tinderbox User committed
208
from other arguments\&.
Tinderbox User's avatar
Tinderbox User committed
209 210 211 212
.RE
.PP
\-t \fItype\fR
.RS 4
Tinderbox User's avatar
Tinderbox User committed
213
The resource record type to query\&. It can be any valid query type which is supported in BIND 9\&. The default query type is "A", unless the
Automatic Updater's avatar
regen  
Automatic Updater committed
214
\fB\-x\fR
Tinderbox User's avatar
Tinderbox User committed
215
option is supplied to indicate a reverse lookup\&. A zone transfer can be requested by specifying a type of AXFR\&. When an incremental zone transfer (IXFR) is required, set the
Automatic Updater's avatar
regen  
Automatic Updater committed
216
\fItype\fR
Tinderbox User's avatar
Tinderbox User committed
217
to
Tinderbox User's avatar
Tinderbox User committed
218 219
ixfr=N\&. The incremental zone transfer will contain the changes made to the zone since the serial number in the zone\*(Aqs SOA record was
\fIN\fR\&.
Tinderbox User's avatar
Tinderbox User committed
220
.RE
221
.PP
Tinderbox User's avatar
Tinderbox User committed
222 223
\-v
.RS 4
Tinderbox User's avatar
Tinderbox User committed
224
Print the version number and exit\&.
Tinderbox User's avatar
Tinderbox User committed
225
.RE
Tinderbox User's avatar
Tinderbox User committed
226
.PP
Tinderbox User's avatar
Tinderbox User committed
227 228
\-x \fIaddr\fR
.RS 4
Tinderbox User's avatar
Tinderbox User committed
229
Simplified reverse lookups, for mapping addresses to names\&. The
Automatic Updater's avatar
regen  
Automatic Updater committed
230
\fIaddr\fR
Tinderbox User's avatar
Tinderbox User committed
231
is an IPv4 address in dotted\-decimal notation, or a colon\-delimited IPv6 address\&. When the
Tinderbox User's avatar
Tinderbox User committed
232 233
\fB\-x\fR
is used, there is no need to provide the
Automatic Updater's avatar
regen  
Automatic Updater committed
234 235 236 237
\fIname\fR,
\fIclass\fR
and
\fItype\fR
Tinderbox User's avatar
Tinderbox User committed
238
arguments\&.
Automatic Updater's avatar
regen  
Automatic Updater committed
239 240
\fBdig\fR
automatically performs a lookup for a name like
Tinderbox User's avatar
Tinderbox User committed
241 242
94\&.2\&.0\&.192\&.in\-addr\&.arpa
and sets the query type and class to PTR and IN respectively\&. IPv6 addresses are looked up using nibble format under the IP6\&.ARPA domain (but see also the
Automatic Updater's avatar
regen  
Automatic Updater committed
243
\fB\-i\fR
Tinderbox User's avatar
Tinderbox User committed
244
option)\&.
Tinderbox User's avatar
Tinderbox User committed
245
.RE
246
.PP
Tinderbox User's avatar
Tinderbox User committed
247 248
\-y \fI[hmac:]\fR\fIkeyname:secret\fR
.RS 4
Tinderbox User's avatar
Tinderbox User committed
249
Sign queries using TSIG with the given authentication key\&.
Tinderbox User's avatar
Tinderbox User committed
250 251 252
\fIkeyname\fR
is the name of the key, and
\fIsecret\fR
Tinderbox User's avatar
Tinderbox User committed
253
is the base64 encoded shared secret\&.
Tinderbox User's avatar
Tinderbox User committed
254 255 256 257 258 259 260
\fIhmac\fR
is the name of the key algorithm; valid choices are
hmac\-md5,
hmac\-sha1,
hmac\-sha224,
hmac\-sha256,
hmac\-sha384, or
Tinderbox User's avatar
Tinderbox User committed
261
hmac\-sha512\&. If
Tinderbox User's avatar
Tinderbox User committed
262 263
\fIhmac\fR
is not specified, the default is
Tinderbox User's avatar
Tinderbox User committed
264
hmac\-md5\&.
Tinderbox User's avatar
Tinderbox User committed
265 266
.sp
NOTE: You should use the
Automatic Updater's avatar
regen  
Automatic Updater committed
267
\fB\-k\fR
Tinderbox User's avatar
Tinderbox User committed
268
option and avoid the
Automatic Updater's avatar
regen  
Automatic Updater committed
269
\fB\-y\fR
Tinderbox User's avatar
Tinderbox User committed
270
option, because with
Automatic Updater's avatar
regen  
Automatic Updater committed
271
\fB\-y\fR
Tinderbox User's avatar
Tinderbox User committed
272
the shared secret is supplied as a command line argument in clear text\&. This may be visible in the output from
Automatic Updater's avatar
regen  
Automatic Updater committed
273
\fBps\fR(1)
Tinderbox User's avatar
Tinderbox User committed
274
or in a history file maintained by the user\*(Aqs shell\&.
Tinderbox User's avatar
Tinderbox User committed
275
.RE
276 277
.SH "QUERY OPTIONS"
.PP
Automatic Updater's avatar
regen  
Automatic Updater committed
278
\fBdig\fR
Tinderbox User's avatar
Tinderbox User committed
279
provides a number of query options which affect the way in which lookups are made and the results displayed\&. Some of these set or reset flag bits in the query header, some determine which sections of the answer get printed, and others determine the timeout and retry strategies\&.
Automatic Updater's avatar
regen  
Automatic Updater committed
280
.PP
Tinderbox User's avatar
Tinderbox User committed
281
Each query option is identified by a keyword preceded by a plus sign (+)\&. Some keywords set or reset an option\&. These may be preceded by the string
Automatic Updater's avatar
regen  
Automatic Updater committed
282
no
Tinderbox User's avatar
Tinderbox User committed
283 284
to negate the meaning of that keyword\&. Other keywords assign values to options like the timeout interval\&. They have the form
\fB+keyword=value\fR\&. Keywords may be abbreviated, provided the abbreviation is unambiguous; for example,
Tinderbox User's avatar
Tinderbox User committed
285 286
+cd
is equivalent to
Tinderbox User's avatar
Tinderbox User committed
287
+cdflag\&. The query options are:
Mark Andrews's avatar
regen  
Mark Andrews committed
288
.PP
Tinderbox User's avatar
Tinderbox User committed
289
\fB+[no]aaflag\fR
Automatic Updater's avatar
regen  
Automatic Updater committed
290
.RS 4
Tinderbox User's avatar
Tinderbox User committed
291
A synonym for
Tinderbox User's avatar
Tinderbox User committed
292
\fI+[no]aaonly\fR\&.
Automatic Updater's avatar
regen  
Automatic Updater committed
293 294
.RE
.PP
Tinderbox User's avatar
Tinderbox User committed
295
\fB+[no]aaonly\fR
Automatic Updater's avatar
regen  
Automatic Updater committed
296
.RS 4
Tinderbox User's avatar
Tinderbox User committed
297
Sets the "aa" flag in the query\&.
Automatic Updater's avatar
regen  
Automatic Updater committed
298 299
.RE
.PP
Tinderbox User's avatar
Tinderbox User committed
300
\fB+[no]additional\fR
Automatic Updater's avatar
regen  
Automatic Updater committed
301
.RS 4
Tinderbox User's avatar
Tinderbox User committed
302
Display [do not display] the additional section of a reply\&. The default is to display it\&.
Automatic Updater's avatar
regen  
Automatic Updater committed
303 304
.RE
.PP
Tinderbox User's avatar
Tinderbox User committed
305
\fB+[no]adflag\fR
Automatic Updater's avatar
regen  
Automatic Updater committed
306
.RS 4
Tinderbox User's avatar
Tinderbox User committed
307
Set [do not set] the AD (authentic data) bit in the query\&. This requests the server to return whether all of the answer and authority sections have all been validated as secure according to the security policy of the server\&. AD=1 indicates that all records have been validated as secure and the answer is not from a OPT\-OUT range\&. AD=0 indicate that some part of the answer was insecure or not validated\&. This bit is set by default\&.
Automatic Updater's avatar
regen  
Automatic Updater committed
308 309
.RE
.PP
Tinderbox User's avatar
Tinderbox User committed
310
\fB+[no]all\fR
Automatic Updater's avatar
regen  
Automatic Updater committed
311
.RS 4
Tinderbox User's avatar
Tinderbox User committed
312
Set or clear all display flags\&.
Automatic Updater's avatar
regen  
Automatic Updater committed
313 314
.RE
.PP
Tinderbox User's avatar
Tinderbox User committed
315
\fB+[no]answer\fR
Automatic Updater's avatar
regen  
Automatic Updater committed
316
.RS 4
Tinderbox User's avatar
Tinderbox User committed
317
Display [do not display] the answer section of a reply\&. The default is to display it\&.
Automatic Updater's avatar
regen  
Automatic Updater committed
318 319
.RE
.PP
Tinderbox User's avatar
Tinderbox User committed
320
\fB+[no]authority\fR
Automatic Updater's avatar
regen  
Automatic Updater committed
321
.RS 4
Tinderbox User's avatar
Tinderbox User committed
322
Display [do not display] the authority section of a reply\&. The default is to display it\&.
Automatic Updater's avatar
regen  
Automatic Updater committed
323 324
.RE
.PP
Tinderbox User's avatar
Tinderbox User committed
325 326
\fB+[no]badcookie\fR
.RS 4
Tinderbox User's avatar
Tinderbox User committed
327
Retry lookup with the new server cookie if a BADCOOKIE response is received\&.
Tinderbox User's avatar
Tinderbox User committed
328 329
.RE
.PP
Tinderbox User's avatar
Tinderbox User committed
330
\fB+[no]besteffort\fR
Automatic Updater's avatar
regen  
Automatic Updater committed
331
.RS 4
Tinderbox User's avatar
Tinderbox User committed
332
Attempt to display the contents of messages which are malformed\&. The default is to not display malformed answers\&.
Automatic Updater's avatar
regen  
Automatic Updater committed
333 334
.RE
.PP
Tinderbox User's avatar
Tinderbox User committed
335
\fB+bufsize=B\fR
Automatic Updater's avatar
regen  
Automatic Updater committed
336
.RS 4
Tinderbox User's avatar
Tinderbox User committed
337 338
Set the UDP message buffer size advertised using EDNS0 to
\fIB\fR
Tinderbox User's avatar
Tinderbox User committed
339
bytes\&. The maximum and minimum sizes of this buffer are 65535 and 0 respectively\&. Values outside this range are rounded up or down appropriately\&. Values other than zero will cause a EDNS query to be sent\&.
Automatic Updater's avatar
regen  
Automatic Updater committed
340 341
.RE
.PP
342
\fB+[no]cdflag\fR
Automatic Updater's avatar
regen  
Automatic Updater committed
343
.RS 4
Tinderbox User's avatar
Tinderbox User committed
344
Set [do not set] the CD (checking disabled) bit in the query\&. This requests the server to not perform DNSSEC validation of responses\&.
Automatic Updater's avatar
regen  
Automatic Updater committed
345 346
.RE
.PP
Tinderbox User's avatar
Tinderbox User committed
347
\fB+[no]class\fR
Automatic Updater's avatar
regen  
Automatic Updater committed
348
.RS 4
Tinderbox User's avatar
Tinderbox User committed
349
Display [do not display] the CLASS when printing the record\&.
Automatic Updater's avatar
regen  
Automatic Updater committed
350 351
.RE
.PP
Tinderbox User's avatar
Tinderbox User committed
352
\fB+[no]cmd\fR
Automatic Updater's avatar
regen  
Automatic Updater committed
353
.RS 4
Tinderbox User's avatar
Tinderbox User committed
354 355
Toggles the printing of the initial comment in the output identifying the version of
\fBdig\fR
Tinderbox User's avatar
Tinderbox User committed
356
and the query options that have been applied\&. This comment is printed by default\&.
Automatic Updater's avatar
regen  
Automatic Updater committed
357 358
.RE
.PP
Tinderbox User's avatar
Tinderbox User committed
359
\fB+[no]comments\fR
Tinderbox User's avatar
Tinderbox User committed
360
.RS 4
Tinderbox User's avatar
Tinderbox User committed
361
Toggle the display of comment lines in the output\&. The default is to print comments\&.
Tinderbox User's avatar
Tinderbox User committed
362 363
.RE
.PP
Tinderbox User's avatar
Tinderbox User committed
364 365
\fB+[no]cookie\fR\fB[=####]\fR
.RS 4
Tinderbox User's avatar
Tinderbox User committed
366 367
Send a COOKIE EDNS option, with optional value\&. Replaying a COOKIE from a previous response will allow the server to identify a previous client\&. The default is
\fB+cookie\fR\&.
Tinderbox User's avatar
Tinderbox User committed
368 369
.sp
\fB+cookie\fR
Tinderbox User's avatar
Tinderbox User committed
370
is also set when +trace is set to better emulate the default queries from a nameserver\&.
Tinderbox User's avatar
Tinderbox User committed
371 372
.RE
.PP
Tinderbox User's avatar
Tinderbox User committed
373
\fB+[no]crypto\fR
Automatic Updater's avatar
regen  
Automatic Updater committed
374
.RS 4
Tinderbox User's avatar
Tinderbox User committed
375
Toggle the display of cryptographic fields in DNSSEC records\&. The contents of these field are unnecessary to debug most DNSSEC validation failures and removing them makes it easier to see the common failures\&. The default is to display the fields\&. When omitted they are replaced by the string "[omitted]" or in the DNSKEY case the key id is displayed as the replacement, e\&.g\&. "[ key id = value ]"\&.
Automatic Updater's avatar
regen  
Automatic Updater committed
376 377
.RE
.PP
Tinderbox User's avatar
Tinderbox User committed
378
\fB+[no]defname\fR
Automatic Updater's avatar
regen  
Automatic Updater committed
379
.RS 4
Tinderbox User's avatar
Tinderbox User committed
380 381
Deprecated, treated as a synonym for
\fI+[no]search\fR
Automatic Updater's avatar
regen  
Automatic Updater committed
382 383
.RE
.PP
Tinderbox User's avatar
Tinderbox User committed
384 385
\fB+[no]dnssec\fR
.RS 4
Tinderbox User's avatar
Tinderbox User committed
386
Requests DNSSEC records be sent by setting the DNSSEC OK bit (DO) in the OPT record in the additional section of the query\&.
Tinderbox User's avatar
Tinderbox User committed
387 388
.RE
.PP
Tinderbox User's avatar
Tinderbox User committed
389
\fB+domain=somename\fR
Automatic Updater's avatar
regen  
Automatic Updater committed
390
.RS 4
Tinderbox User's avatar
Tinderbox User committed
391 392 393 394
Set the search list to contain the single domain
\fIsomename\fR, as if specified in a
\fBdomain\fR
directive in
Tinderbox User's avatar
Tinderbox User committed
395
/etc/resolv\&.conf, and enable search list processing as if the
Tinderbox User's avatar
Tinderbox User committed
396
\fI+search\fR
Tinderbox User's avatar
Tinderbox User committed
397
option were given\&.
Automatic Updater's avatar
regen  
Automatic Updater committed
398 399
.RE
.PP
Tinderbox User's avatar
Tinderbox User committed
400 401
\fB+dscp=value\fR
.RS 4
Tinderbox User's avatar
Tinderbox User committed
402
Set the DSCP code point to be used when sending the query\&. Valid DSCP code points are in the range [0\&.\&.63]\&. By default no code point is explicitly set\&.
Tinderbox User's avatar
Tinderbox User committed
403 404
.RE
.PP
Tinderbox User's avatar
Tinderbox User committed
405
\fB+[no]edns[=#]\fR
Automatic Updater's avatar
regen  
Automatic Updater committed
406
.RS 4
Tinderbox User's avatar
Tinderbox User committed
407
Specify the EDNS version to query with\&. Valid values are 0 to 255\&. Setting the EDNS version will cause a EDNS query to be sent\&.
Tinderbox User's avatar
Tinderbox User committed
408
\fB+noedns\fR
Tinderbox User's avatar
Tinderbox User committed
409
clears the remembered EDNS version\&. EDNS is set to 0 by default\&.
Tinderbox User's avatar
Tinderbox User committed
410 411
.RE
.PP
Tinderbox User's avatar
Tinderbox User committed
412 413
\fB+[no]ednsflags[=#]\fR
.RS 4
Tinderbox User's avatar
Tinderbox User committed
414
Set the must\-be\-zero EDNS flags bits (Z bits) to the specified value\&. Decimal, hex and octal encodings are accepted\&. Setting a named flag (e\&.g\&. DO) will silently be ignored\&. By default, no Z bits are set\&.
Tinderbox User's avatar
Tinderbox User committed
415 416
.RE
.PP
Tinderbox User's avatar
Tinderbox User committed
417 418
\fB+[no]ednsnegotiation\fR
.RS 4
Tinderbox User's avatar
Tinderbox User committed
419
Enable / disable EDNS version negotiation\&. By default EDNS version negotiation is enabled\&.
Tinderbox User's avatar
Tinderbox User committed
420 421
.RE
.PP
Tinderbox User's avatar
Tinderbox User committed
422 423 424 425 426 427
\fB+[no]ednsopt[=code[:value]]\fR
.RS 4
Specify EDNS option with code point
\fBcode\fR
and optionally payload of
\fBvalue\fR
Tinderbox User's avatar
Tinderbox User committed
428
as a hexadecimal string\&.
Tinderbox User's avatar
Tinderbox User committed
429
\fB+noednsopt\fR
Tinderbox User's avatar
Tinderbox User committed
430
clears the EDNS options to be sent\&.
Tinderbox User's avatar
Tinderbox User committed
431 432 433 434
.RE
.PP
\fB+[no]expire\fR
.RS 4
Tinderbox User's avatar
Tinderbox User committed
435
Send an EDNS Expire option\&.
Tinderbox User's avatar
Tinderbox User committed
436 437 438 439
.RE
.PP
\fB+[no]fail\fR
.RS 4
Tinderbox User's avatar
Tinderbox User committed
440
Do not try the next server if you receive a SERVFAIL\&. The default is to not try the next server which is the reverse of normal stub resolver behavior\&.
Automatic Updater's avatar
regen  
Automatic Updater committed
441 442
.RE
.PP
Tinderbox User's avatar
Tinderbox User committed
443 444
\fB+[no]header\-only\fR
.RS 4
Tinderbox User's avatar
Tinderbox User committed
445
Send a query with a DNS header without a question section\&. The default is to add a question section\&. The query type and query name are ignored when this is set\&.
Tinderbox User's avatar
Tinderbox User committed
446 447
.RE
.PP
448
\fB+[no]identify\fR
Automatic Updater's avatar
regen  
Automatic Updater committed
449 450 451
.RS 4
Show [or do not show] the IP address and port number that supplied the answer when the
\fI+short\fR
Tinderbox User's avatar
Tinderbox User committed
452
option is enabled\&. If short form answers are requested, the default is not to show the source address and port number of the server that provided the answer\&.
Automatic Updater's avatar
regen  
Automatic Updater committed
453 454
.RE
.PP
Tinderbox User's avatar
Tinderbox User committed
455
\fB+[no]ignore\fR
Automatic Updater's avatar
regen  
Automatic Updater committed
456
.RS 4
Tinderbox User's avatar
Tinderbox User committed
457
Ignore truncation in UDP responses instead of retrying with TCP\&. By default, TCP retries are performed\&.
Automatic Updater's avatar
regen  
Automatic Updater committed
458 459
.RE
.PP
Tinderbox User's avatar
Tinderbox User committed
460
\fB+[no]keepopen\fR
Automatic Updater's avatar
Automatic Updater committed
461
.RS 4
Tinderbox User's avatar
Tinderbox User committed
462 463
Keep the TCP socket open between queries and reuse it rather than creating a new TCP socket for each lookup\&. The default is
\fB+nokeepopen\fR\&.
Automatic Updater's avatar
Automatic Updater committed
464 465
.RE
.PP
Tinderbox User's avatar
Tinderbox User committed
466 467 468 469 470 471
\fB+[no]mapped\fR
.RS 4
Allow mapped IPv4 over IPv6 addresses to be used\&. The default is
\fB+mapped\fR\&.
.RE
.PP
Tinderbox User's avatar
Tinderbox User committed
472
\fB+[no]multiline\fR
Tinderbox User's avatar
Tinderbox User committed
473
.RS 4
Tinderbox User's avatar
Tinderbox User committed
474
Print records like the SOA records in a verbose multi\-line format with human\-readable comments\&. The default is to print each record on a single line, to facilitate machine parsing of the
Tinderbox User's avatar
Tinderbox User committed
475
\fBdig\fR
Tinderbox User's avatar
Tinderbox User committed
476
output\&.
Tinderbox User's avatar
Tinderbox User committed
477 478
.RE
.PP
Tinderbox User's avatar
Tinderbox User committed
479
\fB+ndots=D\fR
Automatic Updater's avatar
Automatic Updater committed
480
.RS 4
Tinderbox User's avatar
Tinderbox User committed
481 482 483 484
Set the number of dots that have to appear in
\fIname\fR
to
\fID\fR
Tinderbox User's avatar
Tinderbox User committed
485 486
for it to be considered absolute\&. The default value is that defined using the ndots statement in
/etc/resolv\&.conf, or 1 if no ndots statement is present\&. Names with fewer dots are interpreted as relative names and will be searched for in the domains listed in the
Tinderbox User's avatar
Tinderbox User committed
487
\fBsearch\fR
Automatic Updater's avatar
Automatic Updater committed
488
or
Tinderbox User's avatar
Tinderbox User committed
489 490
\fBdomain\fR
directive in
Tinderbox User's avatar
Tinderbox User committed
491
/etc/resolv\&.conf
Tinderbox User's avatar
Tinderbox User committed
492 493
if
\fB+search\fR
Tinderbox User's avatar
Tinderbox User committed
494
is set\&.
Automatic Updater's avatar
Automatic Updater committed
495 496
.RE
.PP
Tinderbox User's avatar
Tinderbox User committed
497
\fB+[no]nsid\fR
Automatic Updater's avatar
regen  
Automatic Updater committed
498
.RS 4
Tinderbox User's avatar
Tinderbox User committed
499
Include an EDNS name server ID request when sending a query\&.
Tinderbox User's avatar
Tinderbox User committed
500 501 502 503 504 505
.RE
.PP
\fB+[no]nssearch\fR
.RS 4
When this option is set,
\fBdig\fR
Tinderbox User's avatar
Tinderbox User committed
506
attempts to find the authoritative name servers for the zone containing the name being looked up and display the SOA record that each name server has for the zone\&.
Tinderbox User's avatar
Tinderbox User committed
507 508 509 510
.RE
.PP
\fB+[no]onesoa\fR
.RS 4
Tinderbox User's avatar
Tinderbox User committed
511
Print only one (starting) SOA record when performing an AXFR\&. The default is to print both the starting and ending SOA records\&.
Automatic Updater's avatar
regen  
Automatic Updater committed
512 513
.RE
.PP
Tinderbox User's avatar
Tinderbox User committed
514 515
\fB+[no]opcode=value\fR
.RS 4
Tinderbox User's avatar
Tinderbox User committed
516
Set [restore] the DNS message opcode to the specified value\&. The default value is QUERY (0)\&.
Tinderbox User's avatar
Tinderbox User committed
517 518
.RE
.PP
519
\fB+[no]qr\fR
Automatic Updater's avatar
regen  
Automatic Updater committed
520
.RS 4
Tinderbox User's avatar
Tinderbox User committed
521
Print [do not print] the query as it is sent\&. By default, the query is not printed\&.
Automatic Updater's avatar
regen  
Automatic Updater committed
522 523
.RE
.PP
524
\fB+[no]question\fR
Automatic Updater's avatar
regen  
Automatic Updater committed
525
.RS 4
Tinderbox User's avatar
Tinderbox User committed
526
Print [do not print] the question section of a query when an answer is returned\&. The default is to print the question section as a comment\&.
Automatic Updater's avatar
regen  
Automatic Updater committed
527 528
.RE
.PP
Tinderbox User's avatar
Tinderbox User committed
529 530 531
\fB+[no]rdflag\fR
.RS 4
A synonym for
Tinderbox User's avatar
Tinderbox User committed
532
\fI+[no]recurse\fR\&.
Tinderbox User's avatar
Tinderbox User committed
533 534
.RE
.PP
Tinderbox User's avatar
Tinderbox User committed
535
\fB+[no]recurse\fR
Automatic Updater's avatar
regen  
Automatic Updater committed
536
.RS 4
Tinderbox User's avatar
Tinderbox User committed
537
Toggle the setting of the RD (recursion desired) bit in the query\&. This bit is set by default, which means
Tinderbox User's avatar
Tinderbox User committed
538
\fBdig\fR
Tinderbox User's avatar
Tinderbox User committed
539
normally sends recursive queries\&. Recursion is automatically disabled when the
Tinderbox User's avatar
Tinderbox User committed
540 541 542
\fI+nssearch\fR
or
\fI+trace\fR
Tinderbox User's avatar
Tinderbox User committed
543
query options are used\&.
Automatic Updater's avatar
regen  
Automatic Updater committed
544 545
.RE
.PP
Tinderbox User's avatar
Tinderbox User committed
546
\fB+retry=T\fR
Automatic Updater's avatar
regen  
Automatic Updater committed
547
.RS 4
Tinderbox User's avatar
Tinderbox User committed
548 549
Sets the number of times to retry UDP queries to server to
\fIT\fR
Tinderbox User's avatar
Tinderbox User committed
550 551
instead of the default, 2\&. Unlike
\fI+tries\fR, this does not include the initial query\&.
Automatic Updater's avatar
regen  
Automatic Updater committed
552 553
.RE
.PP
Tinderbox User's avatar
Tinderbox User committed
554
\fB+[no]rrcomments\fR
Automatic Updater's avatar
regen  
Automatic Updater committed
555
.RS 4
Tinderbox User's avatar
Tinderbox User committed
556
Toggle the display of per\-record comments in the output (for example, human\-readable key information about DNSKEY records)\&. The default is not to print record comments unless multiline mode is active\&.
Automatic Updater's avatar
regen  
Automatic Updater committed
557 558
.RE
.PP
Tinderbox User's avatar
Tinderbox User committed
559
\fB+[no]search\fR
Automatic Updater's avatar
regen  
Automatic Updater committed
560
.RS 4
Tinderbox User's avatar
Tinderbox User committed
561
Use [do not use] the search list defined by the searchlist or domain directive in
Tinderbox User's avatar
Tinderbox User committed
562 563
resolv\&.conf
(if any)\&. The search list is not used by default\&.
Tinderbox User's avatar
Tinderbox User committed
564
.sp
Tinderbox User's avatar
Tinderbox User committed
565 566
\*(Aqndots\*(Aq from
resolv\&.conf
Tinderbox User's avatar
Tinderbox User committed
567 568
(default 1) which may be overridden by
\fI+ndots\fR
Tinderbox User's avatar
Tinderbox User committed
569
determines if the name will be treated as relative or not and hence whether a search is eventually performed or not\&.
Automatic Updater's avatar
regen  
Automatic Updater committed
570 571
.RE
.PP
Tinderbox User's avatar
Tinderbox User committed
572
\fB+[no]short\fR
Automatic Updater's avatar
regen  
Automatic Updater committed
573
.RS 4
Tinderbox User's avatar
Tinderbox User committed
574
Provide a terse answer\&. The default is to print the answer in a verbose form\&.
Automatic Updater's avatar
regen  
Automatic Updater committed
575 576
.RE
.PP
Tinderbox User's avatar
Tinderbox User committed
577
\fB+[no]showsearch\fR
Automatic Updater's avatar
regen  
Automatic Updater committed
578
.RS 4
Tinderbox User's avatar
Tinderbox User committed
579
Perform [do not perform] a search showing intermediate results\&.
Automatic Updater's avatar
regen  
Automatic Updater committed
580 581
.RE
.PP
Tinderbox User's avatar
Tinderbox User committed
582
\fB+[no]sigchase\fR
Automatic Updater's avatar
regen  
Automatic Updater committed
583
.RS 4
Tinderbox User's avatar
Tinderbox User committed
584
Chase DNSSEC signature chains\&. Requires dig be compiled with \-DDIG_SIGCHASE\&.
Automatic Updater's avatar
regen  
Automatic Updater committed
585 586
.RE
.PP
Tinderbox User's avatar
Tinderbox User committed
587
\fB+split=W\fR
Automatic Updater's avatar
regen  
Automatic Updater committed
588
.RS 4
Tinderbox User's avatar
Tinderbox User committed
589 590 591 592
Split long hex\- or base64\-formatted fields in resource records into chunks of
\fIW\fR
characters (where
\fIW\fR
Tinderbox User's avatar
Tinderbox User committed
593
is rounded up to the nearest multiple of 4)\&.
Tinderbox User's avatar
Tinderbox User committed
594 595 596
\fI+nosplit\fR
or
\fI+split=0\fR
Tinderbox User's avatar
Tinderbox User committed
597
causes fields not to be split at all\&. The default is 56 characters, or 44 characters when multiline mode is active\&.
Automatic Updater's avatar
regen  
Automatic Updater committed
598 599
.RE
.PP
Tinderbox User's avatar
Tinderbox User committed
600
\fB+[no]stats\fR
Tinderbox User's avatar
Tinderbox User committed
601
.RS 4
Tinderbox User's avatar
Tinderbox User committed
602
This query option toggles the printing of statistics: when the query was made, the size of the reply and so on\&. The default behavior is to print the query statistics\&.
Tinderbox User's avatar
Tinderbox User committed
603 604
.RE
.PP
Tinderbox User's avatar
Tinderbox User committed
605
\fB+[no]subnet=addr[/prefix\-length]\fR
Automatic Updater's avatar
regen  
Automatic Updater committed
606
.RS 4
Tinderbox User's avatar
Tinderbox User committed
607 608 609 610
Send (don\*(Aqt send) an EDNS Client Subnet option with the specified IP address or network prefix\&.
.sp
\fBdig +subnet=0\&.0\&.0\&.0/0\fR, or simply
\fBdig +subnet=0\fR
Tinderbox User's avatar
Tinderbox User committed
611 612 613
for short, sends an EDNS client\-subnet option with an empty address and a source prefix\-length of zero, which signals a resolver that the client\*(Aqs address information must
\fInot\fR
be used when resolving this query\&.
Automatic Updater's avatar
regen  
Automatic Updater committed
614 615
.RE
.PP
Tinderbox User's avatar
Tinderbox User committed
616
\fB+[no]tcp\fR
Automatic Updater's avatar
Automatic Updater committed
617
.RS 4
Tinderbox User's avatar
Tinderbox User committed
618
Use [do not use] TCP when querying name servers\&. The default behavior is to use UDP unless an
Tinderbox User's avatar
Tinderbox User committed
619
ixfr=N
Tinderbox User's avatar
Tinderbox User committed
620
query is requested, in which case the default is TCP\&. AXFR queries always use TCP\&.
Automatic Updater's avatar
Automatic Updater committed
621 622
.RE
.PP
Francis Dupont's avatar
Francis Dupont committed
623
\fB+timeout=T\fR
Automatic Updater's avatar
regen  
Automatic Updater committed
624
.RS 4
Tinderbox User's avatar
Tinderbox User committed
625 626
Sets the timeout for a query to
\fIT\fR
Tinderbox User's avatar
Tinderbox User committed
627
seconds\&. The default timeout is 5 seconds\&. An attempt to set
Tinderbox User's avatar
Tinderbox User committed
628
\fIT\fR
Tinderbox User's avatar
Tinderbox User committed
629
to less than 1 will result in a query timeout of 1 second being applied\&.
Automatic Updater's avatar
regen  
Automatic Updater committed
630 631
.RE
.PP
Tinderbox User's avatar
Tinderbox User committed
632
\fB+[no]topdown\fR
Automatic Updater's avatar
regen  
Automatic Updater committed
633
.RS 4
Tinderbox User's avatar
Tinderbox User committed
634
When chasing DNSSEC signature chains perform a top\-down validation\&. Requires dig be compiled with \-DDIG_SIGCHASE\&.
Automatic Updater's avatar
regen  
Automatic Updater committed
635 636
.RE
.PP
Tinderbox User's avatar
Tinderbox User committed
637
\fB+[no]trace\fR
Automatic Updater's avatar
regen  
Automatic Updater committed
638
.RS 4
Tinderbox User's avatar
Tinderbox User committed
639
Toggle tracing of the delegation path from the root name servers for the name being looked up\&. Tracing is disabled by default\&. When tracing is enabled,
Tinderbox User's avatar
Tinderbox User committed
640
\fBdig\fR
Tinderbox User's avatar
Tinderbox User committed
641
makes iterative queries to resolve the name being looked up\&. It will follow referrals from the root servers, showing the answer from each server that was used to resolve the lookup\&.
Tinderbox User's avatar
Tinderbox User committed
642
.sp
Tinderbox User's avatar
Tinderbox User committed
643
If @server is also specified, it affects only the initial query for the root zone name servers\&.
Tinderbox User's avatar
Tinderbox User committed
644
.sp
Tinderbox User's avatar
Tinderbox User committed
645
\fB+dnssec\fR
Tinderbox User's avatar
Tinderbox User committed
646
is also set when +trace is set to better emulate the default queries from a nameserver\&.
Automatic Updater's avatar
regen  
Automatic Updater committed
647 648
.RE
.PP
Tinderbox User's avatar
Tinderbox User committed
649
\fB+tries=T\fR
Automatic Updater's avatar
regen  
Automatic Updater committed
650
.RS 4
Tinderbox User's avatar
Tinderbox User committed
651 652
Sets the number of times to try UDP queries to server to
\fIT\fR
Tinderbox User's avatar
Tinderbox User committed
653
instead of the default, 3\&. If
Tinderbox User's avatar
Tinderbox User committed
654
\fIT\fR
Tinderbox User's avatar
Tinderbox User committed
655
is less than or equal to zero, the number of tries is silently rounded up to 1\&.
Automatic Updater's avatar
regen  
Automatic Updater committed
656 657
.RE
.PP
Rob Austein's avatar
regen  
Rob Austein committed
658
\fB+trusted\-key=####\fR
Automatic Updater's avatar
regen  
Automatic Updater committed
659 660
.RS 4
Specifies a file containing trusted keys to be used with
Tinderbox User's avatar
Tinderbox User committed
661
\fB+sigchase\fR\&. Each DNSKEY record must be on its own line\&.
Automatic Updater's avatar
regen  
Automatic Updater committed
662
.sp
Automatic Updater's avatar
regen  
Automatic Updater committed
663
If not specified,
Automatic Updater's avatar
regen  
Automatic Updater committed
664 665
\fBdig\fR
will look for
Tinderbox User's avatar
Tinderbox User committed
666
/etc/trusted\-key\&.key
Automatic Updater's avatar
regen  
Automatic Updater committed
667
then
Tinderbox User's avatar
Tinderbox User committed
668 669
trusted\-key\&.key
in the current directory\&.
Automatic Updater's avatar
regen  
Automatic Updater committed
670
.sp
Tinderbox User's avatar
Tinderbox User committed
671
Requires dig be compiled with \-DDIG_SIGCHASE\&.
Automatic Updater's avatar
regen  
Automatic Updater committed
672 673
.RE
.PP
Tinderbox User's avatar
Tinderbox User committed
674
\fB+[no]ttlid\fR
Tinderbox User's avatar
Tinderbox User committed
675
.RS 4
Tinderbox User's avatar
Tinderbox User committed
676
Display [do not display] the TTL when printing the record\&.
Tinderbox User's avatar
Tinderbox User committed
677 678
.RE
.PP
Tinderbox User's avatar
Tinderbox User committed
679
\fB+[no]ttlunits\fR
Tinderbox User's avatar
Tinderbox User committed
680
.RS 4
Tinderbox User's avatar
Tinderbox User committed
681
Display [do not display] the TTL in friendly human\-readable time units of "s", "m", "h", "d", and "w", representing seconds, minutes, hours, days and weeks\&. Implies +ttlid\&.
Tinderbox User's avatar
Tinderbox User committed
682 683
.RE
.PP
Tinderbox User's avatar
Tinderbox User committed
684 685 686 687 688
\fB+[no]unknownformat\fR
.RS 4
Print all RDATA in unknown RR type presentation format (RFC 3597)\&. The default is to print RDATA for known types in the type\*(Aqs presentation format\&.
.RE
.PP
Tinderbox User's avatar
Tinderbox User committed
689
\fB+[no]vc\fR
Tinderbox User's avatar
Tinderbox User committed
690
.RS 4
Tinderbox User's avatar
Tinderbox User committed
691
Use [do not use] TCP when querying name servers\&. This alternate syntax to
Tinderbox User's avatar
Tinderbox User committed
692
\fI+[no]tcp\fR
Tinderbox User's avatar
Tinderbox User committed
693
is provided for backwards compatibility\&. The "vc" stands for "virtual circuit"\&.
Tinderbox User's avatar
Tinderbox User committed
694
.RE
Tinderbox User's avatar
Tinderbox User committed
695 696 697
.PP
\fB+[no]zflag\fR
.RS 4
Tinderbox User's avatar
Tinderbox User committed
698
Set [do not set] the last unassigned DNS header flag in a DNS query\&. This flag is off by default\&.
Tinderbox User's avatar
Tinderbox User committed
699
.RE
700 701
.SH "MULTIPLE QUERIES"
.PP
Automatic Updater's avatar
regen  
Automatic Updater committed
702 703 704 705
The BIND 9 implementation of
\fBdig \fR
supports specifying multiple queries on the command line (in addition to supporting the
\fB\-f\fR
Tinderbox User's avatar
Tinderbox User committed
706
batch file option)\&. Each of those queries can be supplied with its own set of flags, options and query options\&.
707
.PP
Automatic Updater's avatar
regen  
Automatic Updater committed
708 709
In this case, each
\fIquery\fR
Tinderbox User's avatar
Tinderbox User committed
710
argument represent an individual query in the command\-line syntax described above\&. Each consists of any of the standard options and flags, the name to be looked up, an optional query type and class and any query options that should be applied to that query\&.
711
.PP
Tinderbox User's avatar
Tinderbox User committed
712
A global set of query options, which should be applied to all queries, can also be supplied\&. These global query options must precede the first tuple of name, class, type, options, flags, and query options supplied on the command line\&. Any global query options (except the
Automatic Updater's avatar
regen  
Automatic Updater committed
713
\fB+[no]cmd\fR
Tinderbox User's avatar
Tinderbox User committed
714
option) can be overridden by a query\-specific set of query options\&. For example:
Automatic Updater's avatar
regen  
Automatic Updater committed
715
.sp
Tinderbox User's avatar
Tinderbox User committed
716
.if n \{\
Automatic Updater's avatar
regen  
Automatic Updater committed
717
.RS 4
Tinderbox User's avatar
Tinderbox User committed
718
.\}
719
.nf
Tinderbox User's avatar
Tinderbox User committed
720
dig +qr www\&.isc\&.org any \-x 127\&.0\&.0\&.1 isc\&.org ns +noqr
721
.fi
Tinderbox User's avatar
Tinderbox User committed
722
.if n \{\
Automatic Updater's avatar
regen  
Automatic Updater committed
723
.RE
Tinderbox User's avatar
Tinderbox User committed
724
.\}
Automatic Updater's avatar
regen  
Automatic Updater committed
725 726 727 728
.sp
shows how
\fBdig\fR
could be used from the command line to make three lookups: an ANY query for
Tinderbox User's avatar
Tinderbox User committed
729 730
www\&.isc\&.org, a reverse lookup of 127\&.0\&.0\&.1 and a query for the NS records of
isc\&.org\&. A global query option of
Automatic Updater's avatar
regen  
Automatic Updater committed
731 732 733
\fI+qr\fR
is applied, so that
\fBdig\fR
Tinderbox User's avatar
Tinderbox User committed
734
shows the initial query it made for each lookup\&. The final query has a local query option of
Automatic Updater's avatar
regen  
Automatic Updater committed
735 736 737 738
\fI+noqr\fR
which means that
\fBdig\fR
will not print the initial query when it looks up the NS records for
Tinderbox User's avatar
Tinderbox User committed
739
isc\&.org\&.
Mark Andrews's avatar
regen  
Mark Andrews committed
740 741
.SH "IDN SUPPORT"
.PP
Automatic Updater's avatar
regen  
Automatic Updater committed
742 743
If
\fBdig\fR
Tinderbox User's avatar
Tinderbox User committed
744
has been built with IDN (internationalized domain name) support, it can accept and display non\-ASCII domain names\&.
Automatic Updater's avatar
regen  
Automatic Updater committed
745
\fBdig\fR
Tinderbox User's avatar
Tinderbox User committed
746
appropriately converts character encoding of domain name before sending a request to DNS server or displaying a reply from the server\&. If you\*(Aqd like to turn off the IDN support for some reason, defines the
Automatic Updater's avatar
regen  
Automatic Updater committed
747
\fBIDN_DISABLE\fR
Tinderbox User's avatar
Tinderbox User committed
748
environment variable\&. The IDN support is disabled if the variable is set when
Automatic Updater's avatar
regen  
Automatic Updater committed
749
\fBdig\fR
Tinderbox User's avatar
Tinderbox User committed
750
runs\&.
751 752
.SH "FILES"
.PP
Tinderbox User's avatar
Tinderbox User committed
753
/etc/resolv\&.conf
Andreas Gustafsson's avatar
Andreas Gustafsson committed
754
.PP
Tinderbox User's avatar
Tinderbox User committed
755
${HOME}/\&.digrc
756 757
.SH "SEE ALSO"
.PP
Automatic Updater's avatar
regen  
Automatic Updater committed
758 759
\fBhost\fR(1),
\fBnamed\fR(8),
Tinderbox User's avatar
Tinderbox User committed
760 761
\fBdnssec-keygen\fR(8),
RFC1035\&.
762 763
.SH "BUGS"
.PP
Tinderbox User's avatar
Tinderbox User committed
764 765 766 767
There are probably too many query options\&.
.SH "AUTHOR"
.PP
\fBInternet Systems Consortium, Inc\&.\fR
Automatic Updater's avatar
regen  
Automatic Updater committed
768 769
.SH "COPYRIGHT"
.br
Tinderbox User's avatar
Tinderbox User committed
770
Copyright \(co 2000-2011, 2013-2016 Internet Systems Consortium, Inc. ("ISC")
Automatic Updater's avatar
regen