man.dig.html 42.3 KB
Newer Older
1
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
Mark Andrews's avatar
gregen  
Mark Andrews committed
2
<!--
Tinderbox User's avatar
Tinderbox User committed
3
 - Copyright (C) 2000-2020 Internet Systems Consortium, Inc. ("ISC")
Mark Andrews's avatar
gregen  
Mark Andrews committed
4
 - 
Tinderbox User's avatar
Tinderbox User committed
5 6 7
 - This Source Code Form is subject to the terms of the Mozilla Public
 - License, v. 2.0. If a copy of the MPL was not distributed with this
 - file, You can obtain one at http://mozilla.org/MPL/2.0/.
Mark Andrews's avatar
gregen  
Mark Andrews committed
8
-->
9
<html lang="en">
Mark Andrews's avatar
gregen  
Mark Andrews committed
10 11 12
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>dig</title>
Tinderbox User's avatar
Tinderbox User committed
13
<meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
Evan Hunt's avatar
Evan Hunt committed
14
<link rel="home" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
Tinderbox User's avatar
Tinderbox User committed
15 16
<link rel="up" href="Bv9ARM.ch13.html" title="Manual pages">
<link rel="prev" href="Bv9ARM.ch13.html" title="Manual pages">
Tinderbox User's avatar
Tinderbox User committed
17
<link rel="next" href="man.mdig.html" title="mdig">
Mark Andrews's avatar
gregen  
Mark Andrews committed
18 19 20 21 22 23 24
</head>
<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
<div class="navheader">
<table width="100%" summary="Navigation header">
<tr><th colspan="3" align="center">dig</th></tr>
<tr>
<td width="20%" align="left">
Tinderbox User's avatar
Tinderbox User committed
25
<a accesskey="p" href="Bv9ARM.ch13.html">Prev</a> </td>
Mark Andrews's avatar
gregen  
Mark Andrews committed
26
<th width="60%" align="center">Manual pages</th>
Tinderbox User's avatar
Tinderbox User committed
27
<td width="20%" align="right"> <a accesskey="n" href="man.mdig.html">Next</a>
Mark Andrews's avatar
gregen  
Mark Andrews committed
28 29 30 31 32
</td>
</tr>
</table>
<hr>
</div>
Tinderbox User's avatar
Tinderbox User committed
33
<div class="refentry">
Mark Andrews's avatar
gregen  
Mark Andrews committed
34
<a name="man.dig"></a><div class="titlepage"></div>
Tinderbox User's avatar
Tinderbox User committed
35 36 37 38 39 40
  
  

  

  <div class="refnamediv">
Mark Andrews's avatar
gregen  
Mark Andrews committed
41
<h2>Name</h2>
Tinderbox User's avatar
Tinderbox User committed
42 43 44 45
<p>
    dig
     &#8212; DNS lookup utility
  </p>
Mark Andrews's avatar
gregen  
Mark Andrews committed
46
</div>
Tinderbox User's avatar
Tinderbox User committed
47 48 49 50

  

  <div class="refsynopsisdiv">
Mark Andrews's avatar
gregen  
Mark Andrews committed
51
<h2>Synopsis</h2>
Tinderbox User's avatar
Tinderbox User committed
52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88
    <div class="cmdsynopsis"><p>
      <code class="command">dig</code> 
       [@server]
       [<code class="option">-b <em class="replaceable"><code>address</code></em></code>]
       [<code class="option">-c <em class="replaceable"><code>class</code></em></code>]
       [<code class="option">-f <em class="replaceable"><code>filename</code></em></code>]
       [<code class="option">-k <em class="replaceable"><code>filename</code></em></code>]
       [<code class="option">-m</code>]
       [<code class="option">-p <em class="replaceable"><code>port#</code></em></code>]
       [<code class="option">-q <em class="replaceable"><code>name</code></em></code>]
       [<code class="option">-t <em class="replaceable"><code>type</code></em></code>]
       [<code class="option">-v</code>]
       [<code class="option">-x <em class="replaceable"><code>addr</code></em></code>]
       [<code class="option">-y <em class="replaceable"><code>[<span class="optional">hmac:</span>]name:key</code></em></code>]
       [
	[<code class="option">-4</code>]
	 |  [<code class="option">-6</code>]
      ]
       [name]
       [type]
       [class]
       [queryopt...]
    </p></div>

    <div class="cmdsynopsis"><p>
      <code class="command">dig</code> 
       [<code class="option">-h</code>]
    </p></div>

    <div class="cmdsynopsis"><p>
      <code class="command">dig</code> 
       [global-queryopt...]
       [query...]
    </p></div>
  </div>

  <div class="refsection">
Tinderbox User's avatar
Tinderbox User committed
89
<a name="id-1.14.2.7"></a><h2>DESCRIPTION</h2>
Tinderbox User's avatar
Tinderbox User committed
90 91

    <p><span class="command"><strong>dig</strong></span> is a flexible tool
Mark Andrews's avatar
gregen  
Mark Andrews committed
92 93
      for interrogating DNS name servers.  It performs DNS lookups and
      displays the answers that are returned from the name server(s) that
Evan Hunt's avatar
Evan Hunt committed
94
      were queried.  Most DNS administrators use <span class="command"><strong>dig</strong></span> to
Mark Andrews's avatar
gregen  
Mark Andrews committed
95 96
      troubleshoot DNS problems because of its flexibility, ease of use and
      clarity of output.  Other lookup tools tend to have less functionality
Evan Hunt's avatar
Evan Hunt committed
97
      than <span class="command"><strong>dig</strong></span>.
Mark Andrews's avatar
gregen  
Mark Andrews committed
98
    </p>
Tinderbox User's avatar
Tinderbox User committed
99 100

    <p>
Evan Hunt's avatar
Evan Hunt committed
101
      Although <span class="command"><strong>dig</strong></span> is normally used with
Mark Andrews's avatar
gregen  
Mark Andrews committed
102 103 104 105
      command-line
      arguments, it also has a batch mode of operation for reading lookup
      requests from a file.  A brief summary of its command-line arguments
      and options is printed when the <code class="option">-h</code> option is given.
Mark Andrews's avatar
regen  
Mark Andrews committed
106
      Unlike earlier versions, the BIND 9 implementation of
Evan Hunt's avatar
Evan Hunt committed
107
      <span class="command"><strong>dig</strong></span> allows multiple lookups to be issued
Mark Andrews's avatar
gregen  
Mark Andrews committed
108 109 110
      from the
      command line.
    </p>
Tinderbox User's avatar
Tinderbox User committed
111 112

    <p>
Mark Andrews's avatar
gregen  
Mark Andrews committed
113
      Unless it is told to query a specific name server,
Evan Hunt's avatar
Evan Hunt committed
114
      <span class="command"><strong>dig</strong></span> will try each of the servers listed in
Tinderbox User's avatar
Tinderbox User committed
115
      <code class="filename">/etc/resolv.conf</code>. If no usable server addresses
Evan Hunt's avatar
Evan Hunt committed
116
      are found, <span class="command"><strong>dig</strong></span> will send the query to the local
Tinderbox User's avatar
Tinderbox User committed
117
      host.
Mark Andrews's avatar
gregen  
Mark Andrews committed
118
    </p>
Tinderbox User's avatar
Tinderbox User committed
119 120

    <p>
Automatic Updater's avatar
regen  
Automatic Updater committed
121
      When no command line arguments or options are given,
Evan Hunt's avatar
Evan Hunt committed
122
      <span class="command"><strong>dig</strong></span> will perform an NS query for "." (the root).
Mark Andrews's avatar
gregen  
Mark Andrews committed
123
    </p>
Tinderbox User's avatar
Tinderbox User committed
124 125

    <p>
Evan Hunt's avatar
Evan Hunt committed
126
      It is possible to set per-user defaults for <span class="command"><strong>dig</strong></span> via
Tinderbox User's avatar
Tinderbox User committed
127 128 129 130
      <code class="filename">${HOME}/.digrc</code>. This file is read and any
      options in it are applied before the command line arguments.
      The <code class="option">-r</code> option disables this feature, for
      scripts that need predictable behaviour.
Mark Andrews's avatar
gregen  
Mark Andrews committed
131
    </p>
Tinderbox User's avatar
Tinderbox User committed
132 133

    <p>
Mark Andrews's avatar
regen  
Mark Andrews committed
134
      The IN and CH class names overlap with the IN and CH top level
Tinderbox User's avatar
Tinderbox User committed
135
      domain names.  Either use the <code class="option">-t</code> and
Tinderbox User's avatar
Tinderbox User committed
136
      <code class="option">-c</code> options to specify the type and class,
Automatic Updater's avatar
regen  
Automatic Updater committed
137
      use the <code class="option">-q</code> the specify the domain name, or
Mark Andrews's avatar
regen  
Mark Andrews committed
138 139
      use "IN." and "CH." when looking up these top level domains.
    </p>
Tinderbox User's avatar
Tinderbox User committed
140 141 142 143

  </div>

  <div class="refsection">
Tinderbox User's avatar
Tinderbox User committed
144
<a name="id-1.14.2.8"></a><h2>SIMPLE USAGE</h2>
Tinderbox User's avatar
Tinderbox User committed
145 146 147


    <p>
Evan Hunt's avatar
Evan Hunt committed
148
      A typical invocation of <span class="command"><strong>dig</strong></span> looks like:
Mark Andrews's avatar
gregen  
Mark Andrews committed
149 150 151 152 153 154
      </p>
<pre class="programlisting"> dig @server name type </pre>
<p>
      where:

      </p>
Tinderbox User's avatar
Tinderbox User committed
155
<div class="variablelist"><dl class="variablelist">
Mark Andrews's avatar
gregen  
Mark Andrews committed
156
<dt><span class="term"><code class="constant">server</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
157
<dd>
Tinderbox User's avatar
Tinderbox User committed
158
	    <p>
Tinderbox User's avatar
Tinderbox User committed
159 160 161 162
	      is the name or IP address of the name server to query.  This
	      can be an IPv4 address in dotted-decimal notation or an IPv6
	      address in colon-delimited notation.  When the supplied
	      <em class="parameter"><code>server</code></em> argument is a hostname,
Evan Hunt's avatar
Evan Hunt committed
163
	      <span class="command"><strong>dig</strong></span> resolves that name before querying
Tinderbox User's avatar
Tinderbox User committed
164 165
	      that name server.
	    </p>
Tinderbox User's avatar
Tinderbox User committed
166
	    <p>
Tinderbox User's avatar
Tinderbox User committed
167
	      If no <em class="parameter"><code>server</code></em> argument is
Evan Hunt's avatar
Evan Hunt committed
168
	      provided, <span class="command"><strong>dig</strong></span> consults
Tinderbox User's avatar
Tinderbox User committed
169 170 171 172 173 174
	      <code class="filename">/etc/resolv.conf</code>; if an
	      address is found there, it queries the name server at
	      that address. If either of the <code class="option">-4</code> or
	      <code class="option">-6</code> options are in use, then
	      only addresses for the corresponding transport
	      will be tried.  If no usable addresses are found,
Evan Hunt's avatar
Evan Hunt committed
175
	      <span class="command"><strong>dig</strong></span> will send the query to the
Tinderbox User's avatar
Tinderbox User committed
176 177 178
	      local host.  The reply from the name server that
	      responds is displayed.
	    </p>
Tinderbox User's avatar
Tinderbox User committed
179
	  </dd>
Mark Andrews's avatar
gregen  
Mark Andrews committed
180
<dt><span class="term"><code class="constant">name</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
181 182
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
183
	      is the name of the resource record that is to be looked up.
Tinderbox User's avatar
Tinderbox User committed
184 185
	    </p>
	  </dd>
Mark Andrews's avatar
gregen  
Mark Andrews committed
186
<dt><span class="term"><code class="constant">type</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
187 188
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
189 190 191 192 193
	      indicates what type of query is required &#8212;
	      ANY, A, MX, SIG, etc.
	      <em class="parameter"><code>type</code></em> can be any valid query
	      type.  If no
	      <em class="parameter"><code>type</code></em> argument is supplied,
Evan Hunt's avatar
Evan Hunt committed
194
	      <span class="command"><strong>dig</strong></span> will perform a lookup for an
Tinderbox User's avatar
Tinderbox User committed
195
	      A record.
Tinderbox User's avatar
Tinderbox User committed
196 197
	    </p>
	  </dd>
Mark Andrews's avatar
gregen  
Mark Andrews committed
198 199 200
</dl></div>
<p>
    </p>
Tinderbox User's avatar
Tinderbox User committed
201 202 203 204

  </div>

  <div class="refsection">
Tinderbox User's avatar
Tinderbox User committed
205
<a name="id-1.14.2.9"></a><h2>OPTIONS</h2>
Tinderbox User's avatar
Tinderbox User committed
206 207 208


    <div class="variablelist"><dl class="variablelist">
Tinderbox User's avatar
Tinderbox User committed
209
<dt><span class="term">-4</span></dt>
Tinderbox User's avatar
Tinderbox User committed
210 211
<dd>
	  <p>
Tinderbox User's avatar
Tinderbox User committed
212
	    Use IPv4 only.
Tinderbox User's avatar
Tinderbox User committed
213 214
	  </p>
	</dd>
Tinderbox User's avatar
Tinderbox User committed
215
<dt><span class="term">-6</span></dt>
Tinderbox User's avatar
Tinderbox User committed
216 217
<dd>
	  <p>
Tinderbox User's avatar
Tinderbox User committed
218
	    Use IPv6 only.
Tinderbox User's avatar
Tinderbox User committed
219 220
	  </p>
	</dd>
Tinderbox User's avatar
Tinderbox User committed
221
<dt><span class="term">-b <em class="replaceable"><code>address[<span class="optional">#port</span>]</code></em></span></dt>
Tinderbox User's avatar
Tinderbox User committed
222 223
<dd>
	  <p>
Tinderbox User's avatar
Tinderbox User committed
224 225 226 227
	    Set the source IP address of the query.
	    The <em class="parameter"><code>address</code></em> must be a valid address on
	    one of the host's network interfaces, or "0.0.0.0" or "::". An
	    optional port may be specified by appending "#&lt;port&gt;"
Tinderbox User's avatar
Tinderbox User committed
228 229
	  </p>
	</dd>
Tinderbox User's avatar
Tinderbox User committed
230
<dt><span class="term">-c <em class="replaceable"><code>class</code></em></span></dt>
Tinderbox User's avatar
Tinderbox User committed
231 232
<dd>
	  <p>
Tinderbox User's avatar
Tinderbox User committed
233 234 235
	    Set the query class. The
	    default <em class="parameter"><code>class</code></em> is IN; other classes
	    are HS for Hesiod records or CH for Chaosnet records.
Tinderbox User's avatar
Tinderbox User committed
236 237
	  </p>
	</dd>
Tinderbox User's avatar
Tinderbox User committed
238
<dt><span class="term">-f <em class="replaceable"><code>file</code></em></span></dt>
Tinderbox User's avatar
Tinderbox User committed
239 240
<dd>
	  <p>
Evan Hunt's avatar
Evan Hunt committed
241
	    Batch mode: <span class="command"><strong>dig</strong></span> reads a list of lookup
Tinderbox User's avatar
Tinderbox User committed
242 243 244 245
	    requests to process from the
	    given <em class="parameter"><code>file</code></em>. Each line in the file
	    should be organized in the same way they would be
	    presented as queries to
Evan Hunt's avatar
Evan Hunt committed
246
	    <span class="command"><strong>dig</strong></span> using the command-line interface.
Tinderbox User's avatar
Tinderbox User committed
247 248
	  </p>
	</dd>
Tinderbox User's avatar
Tinderbox User committed
249
<dt><span class="term">-i</span></dt>
Tinderbox User's avatar
Tinderbox User committed
250 251
<dd>
	  <p>
Evan Hunt's avatar
Evan Hunt committed
252
	    Do reverse IPv6 lookups using the obsolete RFC 1886 IP6.INT
Tinderbox User's avatar
Tinderbox User committed
253
	    domain, which is no longer in use. Obsolete bit string
Evan Hunt's avatar
Evan Hunt committed
254
	    label queries (RFC 2874) are not attempted.
Tinderbox User's avatar
Tinderbox User committed
255 256
	  </p>
	</dd>
Tinderbox User's avatar
Tinderbox User committed
257
<dt><span class="term">-k <em class="replaceable"><code>keyfile</code></em></span></dt>
Tinderbox User's avatar
Tinderbox User committed
258 259
<dd>
	  <p>
Tinderbox User's avatar
Tinderbox User committed
260 261
	    Sign queries using TSIG using a key read from the given file.
	    Key files can be generated using
Tinderbox User's avatar
Tinderbox User committed
262 263 264
	    <span class="citerefentry">
	      <span class="refentrytitle">tsig-keygen</span>(8)
	    </span>.
Evan Hunt's avatar
Evan Hunt committed
265
	    When using TSIG authentication with <span class="command"><strong>dig</strong></span>,
Tinderbox User's avatar
Tinderbox User committed
266 267
	    the name server that is queried needs to know the key and
	    algorithm that is being used. In BIND, this is done by
Evan Hunt's avatar
Evan Hunt committed
268 269
	    providing appropriate <span class="command"><strong>key</strong></span>
	    and <span class="command"><strong>server</strong></span> statements in
Tinderbox User's avatar
Tinderbox User committed
270
	    <code class="filename">named.conf</code>.
Tinderbox User's avatar
Tinderbox User committed
271 272
	  </p>
	</dd>
Tinderbox User's avatar
Tinderbox User committed
273
<dt><span class="term">-m</span></dt>
Tinderbox User's avatar
Tinderbox User committed
274 275
<dd>
	  <p>
Tinderbox User's avatar
Tinderbox User committed
276 277
	    Enable memory usage debugging.
	    
Tinderbox User's avatar
Tinderbox User committed
278 279
	  </p>
	</dd>
Tinderbox User's avatar
Tinderbox User committed
280
<dt><span class="term">-p <em class="replaceable"><code>port</code></em></span></dt>
Tinderbox User's avatar
Tinderbox User committed
281 282
<dd>
	  <p>
Tinderbox User's avatar
Tinderbox User committed
283
	    Send the query to a non-standard port on the server,
Tinderbox User's avatar
Tinderbox User committed
284
	    instead of the default port 53. This option would be used
Tinderbox User's avatar
Tinderbox User committed
285 286
	    to test a name server that has been configured to listen
	    for queries on a non-standard port number.
Tinderbox User's avatar
Tinderbox User committed
287 288
	  </p>
	</dd>
Tinderbox User's avatar
Tinderbox User committed
289
<dt><span class="term">-q <em class="replaceable"><code>name</code></em></span></dt>
Tinderbox User's avatar
Tinderbox User committed
290 291
<dd>
	  <p>
Tinderbox User's avatar
Tinderbox User committed
292 293
	    The domain name to query. This is useful to distinguish
	    the <em class="parameter"><code>name</code></em> from other arguments.
Tinderbox User's avatar
Tinderbox User committed
294 295
	  </p>
	</dd>
Tinderbox User's avatar
Tinderbox User committed
296
<dt><span class="term">-r</span></dt>
Tinderbox User's avatar
Tinderbox User committed
297 298
<dd>
	  <p>
Tinderbox User's avatar
Tinderbox User committed
299 300
	    Do not read options from <code class="filename">${HOME}/.digrc</code>.
	    This is useful for scripts that need predictable behaviour.
Tinderbox User's avatar
Tinderbox User committed
301 302
	  </p>
	</dd>
Tinderbox User's avatar
Tinderbox User committed
303
<dt><span class="term">-t <em class="replaceable"><code>type</code></em></span></dt>
Tinderbox User's avatar
Tinderbox User committed
304
<dd>
Tinderbox User's avatar
Tinderbox User committed
305
	  <p>
Evan Hunt's avatar
Evan Hunt committed
306 307 308 309 310 311
	    The resource record type to query. It can be any valid query
	    type.  If it is a resource record type supported in BIND 9, it
	    can be given by the type mnemonic (such as "NS" or "AAAA").
	    The default query type is "A", unless the <code class="option">-x</code>
	    option is supplied to indicate a reverse lookup.  A zone
	    transfer can be requested by specifying a type of AXFR.  When
Tinderbox User's avatar
Tinderbox User committed
312 313 314 315 316 317
	    an incremental zone transfer (IXFR) is required, set the
	    <em class="parameter"><code>type</code></em> to <code class="literal">ixfr=N</code>.
	    The incremental zone transfer will contain the changes
	    made to the zone since the serial number in the zone's SOA
	    record was
	    <em class="parameter"><code>N</code></em>.
Tinderbox User's avatar
Tinderbox User committed
318
	  </p>
Tinderbox User's avatar
Tinderbox User committed
319
	  <p>
Evan Hunt's avatar
Evan Hunt committed
320 321 322 323 324
	    All resource record types can be expressed as "TYPEnn", where
	    "nn" is the number of the type. If the resource record type is
	    not supported in BIND 9, the result will be displayed as
	    described in RFC 3597.
	  </p>
Tinderbox User's avatar
Tinderbox User committed
325
	</dd>
Tinderbox User's avatar
Tinderbox User committed
326
<dt><span class="term">-u</span></dt>
Tinderbox User's avatar
Tinderbox User committed
327 328
<dd>
	  <p>
Tinderbox User's avatar
Tinderbox User committed
329
	    Print query times in microseconds instead of milliseconds.
Tinderbox User's avatar
Tinderbox User committed
330 331
	  </p>
	</dd>
Tinderbox User's avatar
Tinderbox User committed
332
<dt><span class="term">-v</span></dt>
Tinderbox User's avatar
Tinderbox User committed
333 334
<dd>
	  <p>
Tinderbox User's avatar
Tinderbox User committed
335
	    Print the version number and exit.
Tinderbox User's avatar
Tinderbox User committed
336 337
	  </p>
	</dd>
Tinderbox User's avatar
Tinderbox User committed
338
<dt><span class="term">-x <em class="replaceable"><code>addr</code></em></span></dt>
Tinderbox User's avatar
Tinderbox User committed
339 340
<dd>
	  <p>
Tinderbox User's avatar
Tinderbox User committed
341 342 343 344 345 346 347
	    Simplified reverse lookups, for mapping addresses to
	    names. The <em class="parameter"><code>addr</code></em> is an IPv4 address
	    in dotted-decimal notation, or a colon-delimited IPv6
	    address. When the <code class="option">-x</code> is used, there is no
	    need to provide
	    the <em class="parameter"><code>name</code></em>, <em class="parameter"><code>class</code></em>
	    and <em class="parameter"><code>type</code></em>
Evan Hunt's avatar
Evan Hunt committed
348
	    arguments. <span class="command"><strong>dig</strong></span> automatically performs a
Tinderbox User's avatar
Tinderbox User committed
349 350 351 352 353 354
	    lookup for a name like
	    <code class="literal">94.2.0.192.in-addr.arpa</code> and sets the
	    query type and class to PTR and IN respectively. IPv6
	    addresses are looked up using nibble format under the
	    IP6.ARPA domain (but see also the <code class="option">-i</code>
	    option).
Tinderbox User's avatar
Tinderbox User committed
355 356
	  </p>
	</dd>
Tinderbox User's avatar
Tinderbox User committed
357 358
<dt><span class="term">-y <em class="replaceable"><code>[<span class="optional">hmac:</span>]keyname:secret</code></em></span></dt>
<dd>
Tinderbox User's avatar
Tinderbox User committed
359
	  <p>
Tinderbox User's avatar
Tinderbox User committed
360 361 362 363 364 365 366 367
	    Sign queries using TSIG with the given authentication key.
	    <em class="parameter"><code>keyname</code></em> is the name of the key, and
	    <em class="parameter"><code>secret</code></em> is the base64 encoded shared secret.
	    <em class="parameter"><code>hmac</code></em> is the name of the key algorithm;
	    valid choices are <code class="literal">hmac-md5</code>,
	    <code class="literal">hmac-sha1</code>, <code class="literal">hmac-sha224</code>,
	    <code class="literal">hmac-sha256</code>, <code class="literal">hmac-sha384</code>, or
	    <code class="literal">hmac-sha512</code>.  If <em class="parameter"><code>hmac</code></em>
Tinderbox User's avatar
Tinderbox User committed
368 369
	    is not specified, the default is <code class="literal">hmac-md5</code>
	    or if MD5 was disabled <code class="literal">hmac-sha256</code>.
Tinderbox User's avatar
Tinderbox User committed
370
	  </p>
Tinderbox User's avatar
Tinderbox User committed
371
	  <p>
Tinderbox User's avatar
Tinderbox User committed
372 373 374 375 376
	    NOTE: You should use the <code class="option">-k</code> option and
	    avoid the <code class="option">-y</code> option, because
	    with <code class="option">-y</code> the shared secret is supplied as
	    a command line argument in clear text. This may be visible
	    in the output from
Tinderbox User's avatar
Tinderbox User committed
377 378 379
	    <span class="citerefentry">
	      <span class="refentrytitle">ps</span>(1)
	    </span>
Tinderbox User's avatar
Tinderbox User committed
380 381
	    or in a history file maintained by the user's shell.
	  </p>
Tinderbox User's avatar
Tinderbox User committed
382
	</dd>
Tinderbox User's avatar
Tinderbox User committed
383
</dl></div>
Tinderbox User's avatar
Tinderbox User committed
384 385 386
  </div>

  <div class="refsection">
Tinderbox User's avatar
Tinderbox User committed
387
<a name="id-1.14.2.10"></a><h2>QUERY OPTIONS</h2>
Tinderbox User's avatar
Tinderbox User committed
388 389 390


    <p><span class="command"><strong>dig</strong></span>
Mark Andrews's avatar
gregen  
Mark Andrews committed
391 392 393 394 395 396
      provides a number of query options which affect
      the way in which lookups are made and the results displayed.  Some of
      these set or reset flag bits in the query header, some determine which
      sections of the answer get printed, and others determine the timeout
      and retry strategies.
    </p>
Tinderbox User's avatar
Tinderbox User committed
397 398

    <p>
Mark Andrews's avatar
gregen  
Mark Andrews committed
399 400 401 402 403 404 405
      Each query option is identified by a keyword preceded by a plus sign
      (<code class="literal">+</code>).  Some keywords set or reset an
      option.  These may be preceded
      by the string <code class="literal">no</code> to negate the meaning of
      that keyword.  Other
      keywords assign values to options like the timeout interval.  They
      have the form <code class="option">+keyword=value</code>.
Tinderbox User's avatar
Tinderbox User committed
406 407 408
      Keywords may be abbreviated, provided the abbreviation is
      unambiguous; for example, <code class="literal">+cd</code> is equivalent
      to <code class="literal">+cdflag</code>.
Mark Andrews's avatar
gregen  
Mark Andrews committed
409 410 411
      The query options are:

      </p>
Tinderbox User's avatar
Tinderbox User committed
412
<div class="variablelist"><dl class="variablelist">
Tinderbox User's avatar
Tinderbox User committed
413
<dt><span class="term"><code class="option">+[no]aaflag</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
414 415
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
416
	      A synonym for <em class="parameter"><code>+[no]aaonly</code></em>.
Tinderbox User's avatar
Tinderbox User committed
417 418
	    </p>
	  </dd>
Mark Andrews's avatar
gregen  
Mark Andrews committed
419
<dt><span class="term"><code class="option">+[no]aaonly</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
420 421
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
422
	      Sets the "aa" flag in the query.
Tinderbox User's avatar
Tinderbox User committed
423 424
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
425
<dt><span class="term"><code class="option">+[no]additional</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
426 427
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
428 429
	      Display [do not display] the additional section of a
	      reply.  The default is to display it.
Tinderbox User's avatar
Tinderbox User committed
430 431
	    </p>
	  </dd>
Mark Andrews's avatar
gregen  
Mark Andrews committed
432
<dt><span class="term"><code class="option">+[no]adflag</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
433 434
<dd>
	    <p>
Automatic Updater's avatar
regen  
Automatic Updater committed
435 436 437 438 439 440 441
	      Set [do not set] the AD (authentic data) bit in the
	      query.  This requests the server to return whether
	      all of the answer and authority sections have all
	      been validated as secure according to the security
	      policy of the server.  AD=1 indicates that all records
	      have been validated as secure and the answer is not
	      from a OPT-OUT range.  AD=0 indicate that some part
Automatic Updater's avatar
Automatic Updater committed
442 443
	      of the answer was insecure or not validated.  This
	      bit is set by default.
Tinderbox User's avatar
Tinderbox User committed
444 445
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
446
<dt><span class="term"><code class="option">+[no]all</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
447 448
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
449
	      Set or clear all display flags.
Tinderbox User's avatar
Tinderbox User committed
450 451
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
452
<dt><span class="term"><code class="option">+[no]answer</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
453 454
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
455 456
	      Display [do not display] the answer section of a
	      reply.  The default is to display it.
Tinderbox User's avatar
Tinderbox User committed
457 458
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
459
<dt><span class="term"><code class="option">+[no]authority</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
460 461
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
462 463
	      Display [do not display] the authority section of a
	      reply.  The default is to display it.
Tinderbox User's avatar
Tinderbox User committed
464 465
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
466
<dt><span class="term"><code class="option">+[no]badcookie</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
467 468
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
469 470
	      Retry lookup with the new server cookie if a
	      BADCOOKIE response is received.
Tinderbox User's avatar
Tinderbox User committed
471 472
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
473
<dt><span class="term"><code class="option">+[no]besteffort</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
474 475
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
476 477 478
	      Attempt to display the contents of messages which are
	      malformed.  The default is to not display malformed
	      answers.
Tinderbox User's avatar
Tinderbox User committed
479 480
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
481
<dt><span class="term"><code class="option">+bufsize=B</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
482 483
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
484 485 486 487 488 489
	      Set the UDP message buffer size advertised using EDNS0
	      to <em class="parameter"><code>B</code></em> bytes.  The maximum and
	      minimum sizes of this buffer are 65535 and 0 respectively.
	      Values outside this range are rounded up or down
	      appropriately.  Values other than zero will cause a
	      EDNS query to be sent.
Tinderbox User's avatar
Tinderbox User committed
490 491
	    </p>
	  </dd>
Mark Andrews's avatar
gregen  
Mark Andrews committed
492
<dt><span class="term"><code class="option">+[no]cdflag</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
493 494
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
495 496 497
	      Set [do not set] the CD (checking disabled) bit in
	      the query.  This requests the server to not perform
	      DNSSEC validation of responses.
Tinderbox User's avatar
Tinderbox User committed
498 499
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
500
<dt><span class="term"><code class="option">+[no]class</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
501 502
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
503 504
	      Display [do not display] the CLASS when printing the
	      record.
Tinderbox User's avatar
Tinderbox User committed
505 506
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
507
<dt><span class="term"><code class="option">+[no]cmd</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
508 509
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
510
	      Toggles the printing of the initial comment in the
Tinderbox User's avatar
Tinderbox User committed
511 512 513 514 515
	      output, identifying the version of <span class="command"><strong>dig</strong></span>
	      and the query options that have been applied.  This option
	      always has global effect; it cannot be set globally
	      and then overridden on a per-lookup basis.  The default
	      is to print this comment.
Tinderbox User's avatar
Tinderbox User committed
516 517
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
518
<dt><span class="term"><code class="option">+[no]comments</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
519
<dd>
Tinderbox User's avatar
Tinderbox User committed
520
	    <p>
Tinderbox User's avatar
Tinderbox User committed
521 522 523 524 525
	      Toggles the display of some comment lines in the output,
	      containing information about the packet header and
	      OPT pseudosection, and the names of the response
	      section.  The default is to print these comments.
	    </p>
Tinderbox User's avatar
Tinderbox User committed
526
	    <p>
Tinderbox User's avatar
Tinderbox User committed
527 528 529 530 531 532
	      Other types of comments in the output are not affected by
	      this option, but can be controlled using other command
	      line switches. These include <span class="command"><strong>+[no]cmd</strong></span>,
	      <span class="command"><strong>+[no]question</strong></span>,
	      <span class="command"><strong>+[no]stats</strong></span>, and
	      <span class="command"><strong>+[no]rrcomments</strong></span>.
Tinderbox User's avatar
Tinderbox User committed
533
	    </p>
Tinderbox User's avatar
Tinderbox User committed
534
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
535 536
<dt><span class="term"><code class="option">+[no]cookie[<span class="optional">=####</span>]</code></span></dt>
<dd>
Tinderbox User's avatar
Tinderbox User committed
537
	    <p>
Tinderbox User's avatar
Tinderbox User committed
538 539 540 541 542
	      Send a COOKIE EDNS option, with optional
	      value.  Replaying a COOKIE from a previous response will
	      allow the server to identify a previous client.  The
	      default is <code class="option">+cookie</code>.
	    </p>
Tinderbox User's avatar
Tinderbox User committed
543
	    <p>
Evan Hunt's avatar
Evan Hunt committed
544
	      <span class="command"><strong>+cookie</strong></span> is also set when +trace
Tinderbox User's avatar
Tinderbox User committed
545 546 547
	      is set to better emulate the default queries from a
	      nameserver.
	    </p>
Tinderbox User's avatar
Tinderbox User committed
548
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
549
<dt><span class="term"><code class="option">+[no]crypto</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
550 551
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
552 553 554 555 556 557 558 559
	      Toggle the display of cryptographic fields in DNSSEC
	      records.  The contents of these field are unnecessary
	      to debug most DNSSEC validation failures and removing
	      them makes it easier to see the common failures.  The
	      default is to display the fields.  When omitted they
	      are replaced by the string "[omitted]" or in the
	      DNSKEY case the key id is displayed as the replacement,
	      e.g. "[ key id = value ]".
Tinderbox User's avatar
Tinderbox User committed
560 561
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
562
<dt><span class="term"><code class="option">+[no]defname</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
563 564
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
565 566
	      Deprecated, treated as a synonym for
	      <em class="parameter"><code>+[no]search</code></em>
Tinderbox User's avatar
Tinderbox User committed
567 568
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
569
<dt><span class="term"><code class="option">+[no]dnssec</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
570 571
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
572 573 574
	      Requests DNSSEC records be sent by setting the DNSSEC
	      OK bit (DO) in the OPT record in the additional section
	      of the query.
Tinderbox User's avatar
Tinderbox User committed
575 576
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
577
<dt><span class="term"><code class="option">+domain=somename</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
578 579
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
580 581
	      Set the search list to contain the single domain
	      <em class="parameter"><code>somename</code></em>, as if specified in
Evan Hunt's avatar
Evan Hunt committed
582
	      a <span class="command"><strong>domain</strong></span> directive in
Tinderbox User's avatar
Tinderbox User committed
583 584 585
	      <code class="filename">/etc/resolv.conf</code>, and enable
	      search list processing as if the
	      <em class="parameter"><code>+search</code></em> option were given.
Tinderbox User's avatar
Tinderbox User committed
586 587
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
588
<dt><span class="term"><code class="option">+dscp=value</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
589 590
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
591 592
	      Set the DSCP code point to be used when sending the
	      query.  Valid DSCP code points are in the range
Tinderbox User's avatar
Tinderbox User committed
593
	      [0..63].  By default no code point is explicitly set.
Tinderbox User's avatar
Tinderbox User committed
594 595
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
596
<dt><span class="term"><code class="option">+[no]edns[=#]</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
597 598
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
599 600 601 602 603
	       Specify the EDNS version to query with.  Valid values
	       are 0 to 255.  Setting the EDNS version will cause
	       a EDNS query to be sent.  <code class="option">+noedns</code>
	       clears the remembered EDNS version.  EDNS is set to
	       0 by default.
Tinderbox User's avatar
Tinderbox User committed
604 605
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
606
<dt><span class="term"><code class="option">+[no]ednsflags[=#]</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
607 608
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
609 610 611 612
	      Set the must-be-zero EDNS flags bits (Z bits) to the
	      specified value. Decimal, hex and octal encodings are
	      accepted. Setting a named flag (e.g. DO) will silently be
	      ignored. By default, no Z bits are set.
Tinderbox User's avatar
Tinderbox User committed
613 614
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
615
<dt><span class="term"><code class="option">+[no]ednsnegotiation</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
616 617
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
618 619
	      Enable / disable EDNS version negotiation. By default
	      EDNS version negotiation is enabled.
Tinderbox User's avatar
Tinderbox User committed
620 621
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
622
<dt><span class="term"><code class="option">+[no]ednsopt[=code[:value]]</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
623 624
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
625 626
	      Specify EDNS option with code point <code class="option">code</code>
	      and optionally payload of <code class="option">value</code> as a
Tinderbox User's avatar
Tinderbox User committed
627 628 629 630
	      hexadecimal string.  <code class="option">code</code> can be
	      either an EDNS option name (for example,
	      <code class="literal">NSID</code> or <code class="literal">ECS</code>),
	      or an arbitrary numeric value.  <code class="option">+noednsopt</code>
Tinderbox User's avatar
Tinderbox User committed
631
	      clears the EDNS options to be sent.
Tinderbox User's avatar
Tinderbox User committed
632 633
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
634
<dt><span class="term"><code class="option">+[no]expire</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
635 636
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
637
	      Send an EDNS Expire option.
Tinderbox User's avatar
Tinderbox User committed
638 639
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
640
<dt><span class="term"><code class="option">+[no]fail</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
641 642
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
643 644 645
	      Do not try the next server if you receive a SERVFAIL.
	      The default is to not try the next server which is
	      the reverse of normal stub resolver behavior.
Tinderbox User's avatar
Tinderbox User committed
646 647
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
648
<dt><span class="term"><code class="option">+[no]header-only</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
649 650
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
651 652 653
	      Send a query with a DNS header without a question section.
	      The default is to add a question section.  The query type
	      and query name are ignored when this is set.
Tinderbox User's avatar
Tinderbox User committed
654 655
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
656
<dt><span class="term"><code class="option">+[no]identify</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
657 658
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
659 660 661 662 663 664
	      Show [or do not show] the IP address and port number
	      that supplied the answer when the
	      <em class="parameter"><code>+short</code></em> option is enabled.  If
	      short form answers are requested, the default is not
	      to show the source address and port number of the
	      server that provided the answer.
Tinderbox User's avatar
Tinderbox User committed
665 666
	    </p>
	  </dd>
Evan Hunt's avatar
Evan Hunt committed
667 668
<dt><span class="term"><code class="option">+[no]idnin</code></span></dt>
<dd>
Tinderbox User's avatar
Tinderbox User committed
669
	    <p>
Evan Hunt's avatar
Evan Hunt committed
670 671
	      Process [do not process] IDN domain names on input.
	      This requires IDN SUPPORT to have been enabled at
Tinderbox User's avatar
Tinderbox User committed
672 673
	      compile time.
	    </p>
Tinderbox User's avatar
Tinderbox User committed
674
	    <p>
Tinderbox User's avatar
Tinderbox User committed
675 676 677 678
	      The default is to process IDN input when standard output
	      is a tty.  The IDN processing on input is disabled when
	      dig output is redirected to files, pipes, and other
	      non-tty file descriptors.
Evan Hunt's avatar
Evan Hunt committed
679
	    </p>
Tinderbox User's avatar
Tinderbox User committed
680
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
681
<dt><span class="term"><code class="option">+[no]idnout</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
682
<dd>
Tinderbox User's avatar
Tinderbox User committed
683
	    <p>
Tinderbox User's avatar
Tinderbox User committed
684 685
	      Convert [do not convert] puny code on output.
	      This requires IDN SUPPORT to have been enabled at
Tinderbox User's avatar
Tinderbox User committed
686 687
	      compile time.
	    </p>
Tinderbox User's avatar
Tinderbox User committed
688
	    <p>
Tinderbox User's avatar
Tinderbox User committed
689 690 691 692
	      The default is to process puny code on output when
	      standard output is a tty.  The puny code processing on
	      output is disabled when dig output is redirected to
	      files, pipes, and other non-tty file descriptors.
Tinderbox User's avatar
Tinderbox User committed
693
	    </p>
Tinderbox User's avatar
Tinderbox User committed
694
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
695
<dt><span class="term"><code class="option">+[no]ignore</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
696 697
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
698 699
	      Ignore truncation in UDP responses instead of retrying
	      with TCP.  By default, TCP retries are performed.
Tinderbox User's avatar
Tinderbox User committed
700 701
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
702
<dt><span class="term"><code class="option">+[no]keepopen</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
703 704
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
705 706 707
	      Keep the TCP socket open between queries and reuse
	      it rather than creating a new TCP socket for each
	      lookup.  The default is <code class="option">+nokeepopen</code>.
Tinderbox User's avatar
Tinderbox User committed
708 709
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
710
<dt><span class="term"><code class="option">+[no]mapped</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
711 712
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
713 714
	      Allow mapped IPv4 over IPv6 addresses to be used.  The
	      default is <code class="option">+mapped</code>.
Tinderbox User's avatar
Tinderbox User committed
715 716
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
717
<dt><span class="term"><code class="option">+[no]multiline</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
718 719
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
720 721 722
	      Print records like the SOA records in a verbose
	      multi-line format with human-readable comments.  The
	      default is to print each record on a single line, to
Evan Hunt's avatar
Evan Hunt committed
723
	      facilitate machine parsing of the <span class="command"><strong>dig</strong></span>
Tinderbox User's avatar
Tinderbox User committed
724
	      output.
Tinderbox User's avatar
Tinderbox User committed
725 726
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
727
<dt><span class="term"><code class="option">+ndots=D</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
728 729
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
730 731 732 733 734 735 736 737 738
	      Set the number of dots that have to appear in
	      <em class="parameter"><code>name</code></em> to <em class="parameter"><code>D</code></em>
	      for it to be considered absolute.  The default value
	      is that defined using the ndots statement in
	      <code class="filename">/etc/resolv.conf</code>, or 1 if no
	      ndots statement is present.  Names with fewer dots
	      are interpreted as relative names and will be searched
	      for in the domains listed in the <code class="option">search</code>
	      or <code class="option">domain</code> directive in
Tinderbox User's avatar
Tinderbox User committed
739 740
	      <code class="filename">/etc/resolv.conf</code> if
	      <code class="option">+search</code> is set.
Tinderbox User's avatar
Tinderbox User committed
741 742
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
743
<dt><span class="term"><code class="option">+[no]nsid</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
744 745
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
746 747
	      Include an EDNS name server ID request when sending
	      a query.
Tinderbox User's avatar
Tinderbox User committed
748 749
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
750
<dt><span class="term"><code class="option">+[no]nssearch</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
751 752
<dd>
	    <p>
Evan Hunt's avatar
Evan Hunt committed
753
	      When this option is set, <span class="command"><strong>dig</strong></span>
Tinderbox User's avatar
Tinderbox User committed
754 755 756 757
	      attempts to find the authoritative name servers for
	      the zone containing the name being looked up and
	      display the SOA record that each name server has for
	      the zone.
Tinderbox User's avatar
Tinderbox User committed
758 759
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
760
<dt><span class="term"><code class="option">+[no]onesoa</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
761 762
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
763 764 765
	      Print only one (starting) SOA record when performing
	      an AXFR. The default is to print both the starting
	      and ending SOA records.
Tinderbox User's avatar
Tinderbox User committed
766 767
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
768
<dt><span class="term"><code class="option">+[no]opcode=value</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
769 770
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
771 772
	      Set [restore] the DNS message opcode to the specified
	      value.  The default value is QUERY (0).
Tinderbox User's avatar
Tinderbox User committed
773 774
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
775
<dt><span class="term"><code class="option">+[no]qr</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
776 777
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
778 779
	      Toggles the display of the query message as it is sent.
	      By default, the query is not printed.
Tinderbox User's avatar
Tinderbox User committed
780 781
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
782
<dt><span class="term"><code class="option">+[no]question</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
783 784
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
785
	      Toggles the display of the question section of a query
Tinderbox User's avatar
Tinderbox User committed
786 787
	      when an answer is returned.  The default is to print
	      the question section as a comment.
Tinderbox User's avatar
Tinderbox User committed
788 789
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
790
<dt><span class="term"><code class="option">+[no]rdflag</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
791 792
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
793
	      A synonym for <em class="parameter"><code>+[no]recurse</code></em>.
Tinderbox User's avatar
Tinderbox User committed
794 795
	    </p>
	  </dd>
Mark Andrews's avatar
gregen  
Mark Andrews committed
796
<dt><span class="term"><code class="option">+[no]recurse</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
797 798
<dd>
	    <p>
Automatic Updater's avatar
Automatic Updater committed
799 800
	      Toggle the setting of the RD (recursion desired) bit
	      in the query.  This bit is set by default, which means
Evan Hunt's avatar
Evan Hunt committed
801
	      <span class="command"><strong>dig</strong></span> normally sends recursive
Automatic Updater's avatar
Automatic Updater committed
802
	      queries.  Recursion is automatically disabled when
Tinderbox User's avatar
Tinderbox User committed
803 804 805 806
	      using the <em class="parameter"><code>+nssearch</code></em> option, and
	      when using <em class="parameter"><code>+trace</code></em> except for
	      an initial recursive query to get the list of root
	      servers.
Tinderbox User's avatar
Tinderbox User committed
807 808
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
809
<dt><span class="term"><code class="option">+retry=T</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
810 811
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
812 813 814 815
	      Sets the number of times to retry UDP queries to
	      server to <em class="parameter"><code>T</code></em> instead of the
	      default, 2.  Unlike <em class="parameter"><code>+tries</code></em>,
	      this does not include the initial query.
Tinderbox User's avatar
Tinderbox User committed
816 817
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
818
<dt><span class="term"><code class="option">+[no]rrcomments</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
819 820
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
821 822 823 824
	      Toggle the display of per-record comments in the
	      output (for example, human-readable key information
	      about DNSKEY records).  The default is not to print
	      record comments unless multiline mode is active.
Tinderbox User's avatar
Tinderbox User committed
825 826
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
827
<dt><span class="term"><code class="option">+[no]search</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
828
<dd>
Tinderbox User's avatar
Tinderbox User committed
829
	    <p>
Tinderbox User's avatar
Tinderbox User committed
830 831 832 833
	      Use [do not use] the search list defined by the
	      searchlist or domain directive in
	      <code class="filename">resolv.conf</code> (if any).  The search
	      list is not used by default.
Tinderbox User's avatar
Tinderbox User committed
834
	    </p>
Tinderbox User's avatar
Tinderbox User committed
835
	    <p>
Tinderbox User's avatar
Tinderbox User committed
836 837 838 839 840 841
	      'ndots' from <code class="filename">resolv.conf</code> (default 1)
	       which may be overridden by <em class="parameter"><code>+ndots</code></em>
	      determines if the name will be treated as relative
	      or not and hence whether a search is eventually
	      performed or not.
	    </p>
Tinderbox User's avatar
Tinderbox User committed
842
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
843
<dt><span class="term"><code class="option">+[no]short</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
844 845
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
846
	      Provide a terse answer.  The default is to print the
Tinderbox User's avatar
Tinderbox User committed
847 848 849
	      answer in a verbose form.  This option always has global
	      effect; it cannot be set globally and then overridden on
	      a per-lookup basis.
Tinderbox User's avatar
Tinderbox User committed
850 851
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
852
<dt><span class="term"><code class="option">+[no]showsearch</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
853 854
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
855 856
	      Perform [do not perform] a search showing intermediate
	      results.
Tinderbox User's avatar
Tinderbox User committed
857 858
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
859
<dt><span class="term"><code class="option">+[no]sigchase</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
860 861
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
862 863 864
	      Chase DNSSEC signature chains. Requires dig be compiled
	      with -DDIG_SIGCHASE. This feature is deprecated.
	      Use <span class="command"><strong>delv</strong></span> instead.
Tinderbox User's avatar
Tinderbox User committed
865 866
	    </p>
	  </dd>
Automatic Updater's avatar
Automatic Updater committed
867
<dt><span class="term"><code class="option">+split=W</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
868 869
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
870 871 872