dig.1 13.4 KB
Newer Older
1
.\"
Brian Wellington's avatar
Brian Wellington committed
2
.\" Copyright (C) 2000, 2001  Internet Software Consortium.
Brian Wellington's avatar
Brian Wellington committed
3
.\"
Jim Reid's avatar
Jim Reid committed
4 5 6
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
Brian Wellington's avatar
Brian Wellington committed
7
.\"
Jim Reid's avatar
Jim Reid committed
8 9 10 11 12 13 14 15
.\" THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM
.\" DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
.\" INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT,
.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING
.\" FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
.\" NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
.\" WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16
.\"
17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44
.TH "DIG" "1" "Jun 30, 2000" "BIND9" ""
.SH NAME
dig \- DNS lookup utility
.SH SYNOPSIS
.sp
\fBdig\fR [ \fB@server\fR ]  [ \fB-b \fIaddress\fB\fR ]  [ \fB-c \fIclass\fB\fR ]  [ \fB-f \fIfilename\fB\fR ]  [ \fB-k \fIfilename\fB\fR ]  [ \fB-p \fIport#\fB\fR ]  [ \fB-t \fItype\fB\fR ]  [ \fB-x \fIaddr\fB\fR ]  [ \fB-y \fIname:key\fB\fR ]  [ \fBname\fR ]  [ \fBtype\fR ]  [ \fBclass\fR ]  [ \fBqueryopt\fR\fI...\fR ] 
.sp
\fBdig\fR [ \fB-h\fR ] 
.sp
\fBdig\fR [ \fBglobal-queryopt\fR\fI...\fR ]  [ \fBquery\fR\fI...\fR ] 
.SH "DESCRIPTION"
.PP
\fBdig\fR (domain information groper) is a flexible tool
for interrogating DNS name servers. It performs DNS lookups and
displays the answers that are returned from the name server(s) that
were queried. Most DNS administrators use \fBdig\fR to
troubleshoot DNS problems because of its flexibility, ease of use and
clarity of output. Other lookup tools tend to have less functionality
than \fBdig\fR.
.PP
Although \fBdig\fR is normally used with command-line
arguments, it also has a batch mode of operation for reading lookup
requests from a file. A brief summary of its command-line arguments
and options is printed when the \fB-h\fR option is given.
Unlike earlier versions, the BIND9 implementation of
\fBdig\fR allows multiple lookups to be issued from the
command line.
.PP
45
Unless it is told to query a specific name server,
46 47 48 49 50 51 52 53 54 55 56 57 58
\fBdig\fR will try each of the servers listed in
\fI/etc/resolv.conf\fR.
.PP
When no command line arguments or options are given, will perform an
NS query for "." (the root).
.SH "SIMPLE USAGE"
.PP
A typical invocation of \fBdig\fR looks like:
.sp
.nf
 dig @server name type 
.sp
.fi
Jim Reid's avatar
Jim Reid committed
59
where:
60 61
.TP
\fBserver\fR
Andreas Gustafsson's avatar
Andreas Gustafsson committed
62 63 64
is the name or IP address of the name server to query. This can be an IPv4
address in dotted-decimal notation or an IPv6
address in colon-delimited notation. When the supplied
65 66 67 68 69 70 71 72
\fIserver\fR argument is a hostname,
\fBdig\fR resolves that name before querying that name
server. If no \fIserver\fR argument is provided,
\fBdig\fR consults \fI/etc/resolv.conf\fR
and queries the name servers listed there. The reply from the name
server that responds is displayed.
.TP
\fBname\fR
Jim Reid's avatar
Jim Reid committed
73
is the name of the resource record that is to be looked up.
74 75 76 77 78 79 80 81 82 83 84 85 86
.TP
\fBtype\fR
indicates what type of query is required \(em
ANY, A, MX, SIG, etc.
\fItype\fR can be any valid query type. If no
\fItype\fR argument is supplied,
\fBdig\fR will perform a lookup for an A record.
.SH "OPTIONS"
.PP
The \fB-b\fR option sets the source IP address of the query
to \fIaddress\fR. This must be a valid address on
one of the host's network interfaces.
.PP
Jim Reid's avatar
Jim Reid committed
87
The default query class (IN for internet) is overridden by the
88 89 90 91 92 93 94 95 96 97
\fB-c\fR option. \fIclass\fR is any valid
class, such as HS for Hesiod records or CH for CHAOSNET records.
.PP
The \fB-f\fR option makes \fBdig \fR operate
in batch mode by reading a list of lookup requests to process from the
file \fIfilename\fR. The file contains a number of
queries, one per line. Each entry in the file should be organised in
the same way they would be presented as queries to
\fBdig\fR using the command-line interface.
.PP
Jim Reid's avatar
Jim Reid committed
98
If a non-standard port number is to be queried, the
99 100 101 102 103 104 105 106 107 108 109 110 111
\fB-p\fR option is used. \fIport#\fR is
the port number that \fBdig\fR will send its queries
instead of the standard DNS port number 53. This option would be used
to test a name server that has been configured to listen for queries
on a non-standard port number.
.PP
The \fB-t\fR option sets the query type to
\fItype\fR. It can be any valid query type which is
supported in BIND9. The default query type "A", unless the
\fB-x\fR option is supplied to indicate a reverse lookup.
A zone transfer can be requested by specifying a type of AXFR. When
an incremental zone transfer (IXFR) is required,
\fItype\fR is set to ixfr=N.
Jim Reid's avatar
Jim Reid committed
112 113
The incremental zone transfer will contain the changes made to the zone
since the serial number in the zone's SOA record was
114 115 116 117 118
\fIN\fR.
.PP
Reverse lookups - mapping addresses to names - are simplified by the
\fB-x\fR option. \fIaddr\fR is an IPv4
address in dotted-decimal notation, or a colon-delimited IPv6 address.
Jim Reid's avatar
Jim Reid committed
119
When this option is used, there is no need to provide the
120 121
\fIname\fR, \fIclass\fR and
\fItype\fR arguments. \fBdig\fR
Jim Reid's avatar
Jim Reid committed
122
automatically performs a lookup for a name like
123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156
11.12.13.10.in-addr.arpa and sets the query type and
class to PTR and IN respectively. By default, IPv6 addresses are
looked up using the IP6.ARPA domain and binary labels as defined in
RFC2874. To use the older RFC1886 method using the IP6.INT domain and
"nibble" labels, specify the \fB-n\fR (nibble) option.
.PP
To sign the DNS queries sent by \fBdig\fR and their
responses using transaction signatures (TSIG), specify a TSIG key file
using the \fB-k\fR option. You can also specify the TSIG
key itself on the command line using the \fB-y\fR option;
\fIname\fR is the name of the TSIG key and
\fIkey\fR is the actual key. The key is a base-64
encoded string, typically generated by \fBdnssec-keygen\fR(8).
Caution should be taken when using the \fB-y\fR option on
multi-user systems as the key can be visible in the output from
\fBps\fR(1) or in the shell's history file. When
using TSIG authentication with \fBdig\fR, the name
server that is queried needs to know the key and algorithm that is
being used. In BIND, this is done by providing appropriate
\fBkey\fR and \fBserver\fR statements in
\fInamed.conf\fR.
.SH "QUERY OPTIONS"
.PP
\fBdig\fR provides a number of query options which affect
the way in which lookups are made and the results displayed. Some of
these set or reset flag bits in the query header, some determine which
sections of the answer get printed, and others determine the timeout
and retry strategies.
.PP
Each query option is identified by a keyword preceded by a plus sign
(+). Some keywords set or reset an option. These may be preceded
by the string no to negate the meaning of that keyword. Other
keywords assign values to options like the timeout interval. They
have the form \fB+keyword=value\fR.
Jim Reid's avatar
Jim Reid committed
157
The query options are:
158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173
.TP
\fB+[no]tcp\fR
Use [do not use] TCP when querying name servers. The default
behaviour is to use UDP unless an AXFR or IXFR query is requested, in
which case a TCP connection is used.
.TP
\fB+[no]vc\fR
Use [do not use] TCP when querying name servers. This alternate
syntax to \fI+[no]tcp\fR is provided for backwards
compatibility. The "vc" stands for "virtual circuit".
.TP
\fB+[no]ignore\fR
Ignore truncation in UDP responses instead of retrying with TCP. By
default, TCP retries are performed.
.TP
\fB+domain=somename\fR
174
Set the search list to contain the single domain
175 176 177 178 179 180 181 182
\fIsomename\fR, as if specified in a
\fBdomain\fR directive in
\fI/etc/resolv.conf\fR, and enable search list
processing as if the \fI+search\fR option were given.
.TP
\fB+[no]search\fR
Use [do not use] the search list defined by the searchlist or domain
directive in \fIresolv.conf\fR (if any).
Jim Reid's avatar
Jim Reid committed
183
The search list is not used by default.
184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203
.TP
\fB+[no]defname\fR
Deprecated, treated as a synonym for \fI+[no]search\fR
.TP
\fB+[no]aaonly\fR
This option does nothing. It is provided for compatibilty with old
versions of \fBdig\fR where it set an unimplemented
resolver flag.
.TP
\fB+[no]adflag\fR
Set [do not set] the AD (authentic data) bit in the query. The AD bit
currently has a standard meaning only in responses, not in queries,
but the ability to set the bit in the query is provided for
completeness.
.TP
\fB+[no]cdflag\fR
Set [do not set] the CD (checking disabled) bit in the query. This
requests the server to not perform DNSSEC validation of responses.
.TP
\fB+[no]recursive\fR
Jim Reid's avatar
Jim Reid committed
204
Toggle the setting of the RD (recursion desired) bit in the query.
205 206 207 208 209 210 211 212 213 214 215 216
This bit is set by default, which means \fBdig\fR
normally sends recursive queries. Recursion is automatically disabled
when the \fI+nssearch\fR or
\fI+trace\fR query options are used.
.TP
\fB+[no]nssearch\fR
When this option is set, \fBdig\fR attempts to find the
authoritative name servers for the zone containing the name being
looked up and display the SOA record that each name server has for the
zone.
.TP
\fB+[no]trace\fR
Jim Reid's avatar
Jim Reid committed
217
Toggle tracing of the delegation path from the root name servers for
218 219 220 221 222 223 224
the name being looked up. Tracing is disabled by default. When
tracing is enabled, \fBdig\fR makes iterative queries to
resolve the name being looked up. It will follow referrals from the
root servers, showing the answer from each server that was used to
resolve the lookup.
.TP
\fB+[no]cmd\fR
Jim Reid's avatar
Jim Reid committed
225
toggles the printing of the initial comment in the output identifying
226 227 228 229 230 231 232 233
the version of \fBdig\fR and the query options that have
been applied. This comment is printed by default.
.TP
\fB+[no]short\fR
Provide a terse answer. The default is to print the answer in a
verbose form.
.TP
\fB+[no]identify\fR
Jim Reid's avatar
Jim Reid committed
234
Show [or do not show] the IP address and port number that supplied the
235 236 237 238 239 240 241 242 243 244 245 246 247 248
answer when the \fI+short\fR option is enabled. If
short form answers are requested, the default is not to show the
source address and port number of the server that provided the answer.
.TP
\fB+[no]comments\fR
Toggle the display of comment lines in the output. The default is to
print comments.
.TP
\fB+[no]stats\fR
This query option toggles the printing of statistics: when the query
was made, the size of the reply and so on. The default behaviour is
to print the query statistics.
.TP
\fB+[no]qr\fR
249
Print [do not print] the query as it is sent.
250 251 252
By default, the query is not printed.
.TP
\fB+[no]question\fR
Jim Reid's avatar
Jim Reid committed
253
Print [do not print] the question section of a query when an answer is
254 255 256 257 258 259 260 261 262 263 264
returned. The default is to print the question section as a comment.
.TP
\fB+[no]answer\fR
Display [do not display] the answer section of a reply. The default
is to display it.
.TP
\fB+[no]authority\fR
Display [do not display] the authority section of a reply. The
default is to display it.
.TP
\fB+[no]additional\fR
Jim Reid's avatar
Jim Reid committed
265
Display [do not display] the additional section of a reply.
266
The default is to display it.
267 268 269 270 271
.TP
\fB+[no]all\fR
Set or clear all display flags.
.TP
\fB+time=T\fR
Jim Reid's avatar
Jim Reid committed
272
Sets the timeout for a query to
273 274 275 276 277
\fIT\fR seconds. The default time out is 5 seconds.
An attempt to set \fIT\fR to less than 1 will result
in a query timeout of 1 second being applied.
.TP
\fB+tries=A\fR
Jim Reid's avatar
Jim Reid committed
278
Sets the number of times to retry UDP queries to server to
279 280 281 282 283
\fIT\fR instead of the default, 3. If
\fIT\fR is less than or equal to zero, the number of
retries is silently rounded up to 1.
.TP
\fB+ndots=D\fR
Jim Reid's avatar
Jim Reid committed
284
Set the number of dots that have to appear in
285 286 287 288 289 290 291 292 293
\fIname\fR to \fID\fR for it to be
considered absolute. The default value is that defined using the
ndots statement in \fI/etc/resolv.conf\fR, or 1 if no
ndots statement is present. Names with fewer dots are interpreted as
relative names and will be searched for in the domains listed in the
\fBsearch\fR or \fBdomain\fR directive in
\fI/etc/resolv.conf\fR.
.TP
\fB+bufsize=B\fR
294
Set the UDP message buffer size advertised using EDNS0 to
295 296 297
\fIB\fR bytes. The maximum and minimum sizes of this
buffer are 65535 and 0 respectively. Values outside this range are
rounded up or down appropriately.
298 299 300 301 302 303
.TP
\fB+[no]multiline\fR
Print records like the SOA records in a verbose multi-line
format with human-readable comments. The default is to print
each record on a single line, to facilitate machine parsing 
of the \fBdig\fR output.
304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324
.SH "MULTIPLE QUERIES"
.PP
The BIND 9 implementation of \fBdig \fR supports
specifying multiple queries on the command line (in addition to
supporting the \fB-f\fR batch file option). Each of those
queries can be supplied with its own set of flags, options and query
options.
.PP
In this case, each \fIquery\fR argument represent an
individual query in the command-line syntax described above. Each
consists of any of the standard options and flags, the name to be
looked up, an optional query type and class and any query options that
should be applied to that query.
.PP
A global set of query options, which should be applied to all queries,
can also be supplied. These global query options must precede the
first tuple of name, class, type, options, flags, and query options
supplied on the command line. Any global query options can be
overridden by a query-specific set of query options. For example:
.sp
.nf
Jim Reid's avatar
Jim Reid committed
325
dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348
.sp
.fi
shows how \fBdig\fR could be used from the command line
to make three lookups: an ANY query for www.isc.org, a
reverse lookup of 127.0.0.1 and a query for the NS records of
isc.org.
A global query option of \fI+qr\fR is applied, so
that \fBdig\fR shows the initial query it made for each
lookup. The final query has a local query option of
\fI+noqr\fR which means that \fBdig\fR
will not print the initial query when it looks up the NS records for
isc.org.
.SH "FILES"
.PP
\fI/etc/resolv.conf\fR
.SH "SEE ALSO"
.PP
\fBhost\fR(1),
\fBnamed\fR(8),
\fBdnssec-keygen\fR(8),
\fIRFC1035\fR.
.SH "BUGS"
.PP
Jim Reid's avatar
Jim Reid committed
349
There are probably too many query options.