dig.html 40.8 KB
Newer Older
1
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
Andreas Gustafsson's avatar
Andreas Gustafsson committed
2
<!--
Tinderbox User's avatar
Tinderbox User committed
3
 - Copyright (C) 2000-2011, 2013-2018 Internet Systems Consortium, Inc. ("ISC")
Rob Austein's avatar
regen  
Rob Austein committed
4
 - 
Tinderbox User's avatar
Tinderbox User committed
5 6 7
 - This Source Code Form is subject to the terms of the Mozilla Public
 - License, v. 2.0. If a copy of the MPL was not distributed with this
 - file, You can obtain one at http://mozilla.org/MPL/2.0/.
Andreas Gustafsson's avatar
Andreas Gustafsson committed
8
-->
9
<html lang="en">
Rob Austein's avatar
regen  
Rob Austein committed
10 11 12
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>dig</title>
Tinderbox User's avatar
Tinderbox User committed
13
<meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
Rob Austein's avatar
regen  
Rob Austein committed
14
</head>
Tinderbox User's avatar
Tinderbox User committed
15
<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry">
Mark Andrews's avatar
gregen  
Mark Andrews committed
16
<a name="man.dig"></a><div class="titlepage"></div>
Tinderbox User's avatar
Tinderbox User committed
17 18 19 20 21 22
  
  

  

  <div class="refnamediv">
Rob Austein's avatar
regen  
Rob Austein committed
23
<h2>Name</h2>
Tinderbox User's avatar
Tinderbox User committed
24 25 26 27
<p>
    dig
     &#8212; DNS lookup utility
  </p>
Rob Austein's avatar
regen  
Rob Austein committed
28
</div>
Tinderbox User's avatar
Tinderbox User committed
29 30 31 32

  

  <div class="refsynopsisdiv">
Rob Austein's avatar
regen  
Rob Austein committed
33
<h2>Synopsis</h2>
Tinderbox User's avatar
Tinderbox User committed
34 35 36 37 38 39 40 41 42 43 44 45 46 47
    <div class="cmdsynopsis"><p>
      <code class="command">dig</code> 
       [@server]
       [<code class="option">-b <em class="replaceable"><code>address</code></em></code>]
       [<code class="option">-c <em class="replaceable"><code>class</code></em></code>]
       [<code class="option">-f <em class="replaceable"><code>filename</code></em></code>]
       [<code class="option">-k <em class="replaceable"><code>filename</code></em></code>]
       [<code class="option">-m</code>]
       [<code class="option">-p <em class="replaceable"><code>port#</code></em></code>]
       [<code class="option">-q <em class="replaceable"><code>name</code></em></code>]
       [<code class="option">-t <em class="replaceable"><code>type</code></em></code>]
       [<code class="option">-v</code>]
       [<code class="option">-x <em class="replaceable"><code>addr</code></em></code>]
       [<code class="option">-y <em class="replaceable"><code>[<span class="optional">hmac:</span>]name:key</code></em></code>]
Tinderbox User's avatar
Tinderbox User committed
48 49 50 51
       [
	[<code class="option">-4</code>]
	 |  [<code class="option">-6</code>]
      ]
Tinderbox User's avatar
Tinderbox User committed
52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70
       [name]
       [type]
       [class]
       [queryopt...]
    </p></div>

    <div class="cmdsynopsis"><p>
      <code class="command">dig</code> 
       [<code class="option">-h</code>]
    </p></div>

    <div class="cmdsynopsis"><p>
      <code class="command">dig</code> 
       [global-queryopt...]
       [query...]
    </p></div>
  </div>

  <div class="refsection">
Tinderbox User's avatar
Tinderbox User committed
71
<a name="id-1.7"></a><h2>DESCRIPTION</h2>
Tinderbox User's avatar
Tinderbox User committed
72 73

    <p><span class="command"><strong>dig</strong></span> is a flexible tool
Rob Austein's avatar
regen  
Rob Austein committed
74 75
      for interrogating DNS name servers.  It performs DNS lookups and
      displays the answers that are returned from the name server(s) that
Tinderbox User's avatar
Tinderbox User committed
76
      were queried.  Most DNS administrators use <span class="command"><strong>dig</strong></span> to
Rob Austein's avatar
regen  
Rob Austein committed
77 78
      troubleshoot DNS problems because of its flexibility, ease of use and
      clarity of output.  Other lookup tools tend to have less functionality
Tinderbox User's avatar
Tinderbox User committed
79
      than <span class="command"><strong>dig</strong></span>.
Rob Austein's avatar
regen  
Rob Austein committed
80
    </p>
Tinderbox User's avatar
Tinderbox User committed
81 82

    <p>
Tinderbox User's avatar
Tinderbox User committed
83
      Although <span class="command"><strong>dig</strong></span> is normally used with
Rob Austein's avatar
regen  
Rob Austein committed
84 85 86 87
      command-line
      arguments, it also has a batch mode of operation for reading lookup
      requests from a file.  A brief summary of its command-line arguments
      and options is printed when the <code class="option">-h</code> option is given.
Mark Andrews's avatar
regen  
Mark Andrews committed
88
      Unlike earlier versions, the BIND 9 implementation of
Tinderbox User's avatar
Tinderbox User committed
89
      <span class="command"><strong>dig</strong></span> allows multiple lookups to be issued
Rob Austein's avatar
regen  
Rob Austein committed
90 91 92
      from the
      command line.
    </p>
Tinderbox User's avatar
Tinderbox User committed
93 94

    <p>
Rob Austein's avatar
regen  
Rob Austein committed
95
      Unless it is told to query a specific name server,
Tinderbox User's avatar
Tinderbox User committed
96
      <span class="command"><strong>dig</strong></span> will try each of the servers listed in
Tinderbox User's avatar
Tinderbox User committed
97
      <code class="filename">/etc/resolv.conf</code>. If no usable server addresses
Tinderbox User's avatar
Tinderbox User committed
98
      are found, <span class="command"><strong>dig</strong></span> will send the query to the local
Tinderbox User's avatar
Tinderbox User committed
99
      host.
Rob Austein's avatar
regen  
Rob Austein committed
100
    </p>
Tinderbox User's avatar
Tinderbox User committed
101 102

    <p>
Automatic Updater's avatar
regen  
Automatic Updater committed
103
      When no command line arguments or options are given,
Tinderbox User's avatar
Tinderbox User committed
104
      <span class="command"><strong>dig</strong></span> will perform an NS query for "." (the root).
Rob Austein's avatar
regen  
Rob Austein committed
105
    </p>
Tinderbox User's avatar
Tinderbox User committed
106 107

    <p>
Tinderbox User's avatar
Tinderbox User committed
108
      It is possible to set per-user defaults for <span class="command"><strong>dig</strong></span> via
Tinderbox User's avatar
Tinderbox User committed
109 110 111 112
      <code class="filename">${HOME}/.digrc</code>. This file is read and any
      options in it are applied before the command line arguments.
      The <code class="option">-r</code> option disables this feature, for
      scripts that need predictable behaviour.
Rob Austein's avatar
regen  
Rob Austein committed
113
    </p>
Tinderbox User's avatar
Tinderbox User committed
114 115

    <p>
Mark Andrews's avatar
regen  
Mark Andrews committed
116
      The IN and CH class names overlap with the IN and CH top level
Tinderbox User's avatar
Tinderbox User committed
117
      domain names.  Either use the <code class="option">-t</code> and
Tinderbox User's avatar
Tinderbox User committed
118
      <code class="option">-c</code> options to specify the type and class,
Automatic Updater's avatar
regen  
Automatic Updater committed
119
      use the <code class="option">-q</code> the specify the domain name, or
Mark Andrews's avatar
regen  
Mark Andrews committed
120 121
      use "IN." and "CH." when looking up these top level domains.
    </p>
Tinderbox User's avatar
Tinderbox User committed
122 123 124 125

  </div>

  <div class="refsection">
Tinderbox User's avatar
Tinderbox User committed
126
<a name="id-1.8"></a><h2>SIMPLE USAGE</h2>
Tinderbox User's avatar
Tinderbox User committed
127 128 129


    <p>
Tinderbox User's avatar
Tinderbox User committed
130
      A typical invocation of <span class="command"><strong>dig</strong></span> looks like:
Rob Austein's avatar
regen  
Rob Austein committed
131 132 133 134
      </p>
<pre class="programlisting"> dig @server name type </pre>
<p>
      where:
Mark Andrews's avatar
regen  
Mark Andrews committed
135

Rob Austein's avatar
regen  
Rob Austein committed
136
      </p>
Tinderbox User's avatar
Tinderbox User committed
137
<div class="variablelist"><dl class="variablelist">
Rob Austein's avatar
regen  
Rob Austein committed
138
<dt><span class="term"><code class="constant">server</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
139
<dd>
Tinderbox User's avatar
Tinderbox User committed
140
	    <p>
Tinderbox User's avatar
Tinderbox User committed
141 142 143 144
	      is the name or IP address of the name server to query.  This
	      can be an IPv4 address in dotted-decimal notation or an IPv6
	      address in colon-delimited notation.  When the supplied
	      <em class="parameter"><code>server</code></em> argument is a hostname,
Tinderbox User's avatar
Tinderbox User committed
145
	      <span class="command"><strong>dig</strong></span> resolves that name before querying
Tinderbox User's avatar
Tinderbox User committed
146 147
	      that name server.
	    </p>
Tinderbox User's avatar
Tinderbox User committed
148
	    <p>
Tinderbox User's avatar
Tinderbox User committed
149
	      If no <em class="parameter"><code>server</code></em> argument is
Tinderbox User's avatar
Tinderbox User committed
150
	      provided, <span class="command"><strong>dig</strong></span> consults
Tinderbox User's avatar
Tinderbox User committed
151 152 153 154 155 156
	      <code class="filename">/etc/resolv.conf</code>; if an
	      address is found there, it queries the name server at
	      that address. If either of the <code class="option">-4</code> or
	      <code class="option">-6</code> options are in use, then
	      only addresses for the corresponding transport
	      will be tried.  If no usable addresses are found,
Tinderbox User's avatar
Tinderbox User committed
157
	      <span class="command"><strong>dig</strong></span> will send the query to the
Tinderbox User's avatar
Tinderbox User committed
158 159 160
	      local host.  The reply from the name server that
	      responds is displayed.
	    </p>
Tinderbox User's avatar
Tinderbox User committed
161
	  </dd>
Rob Austein's avatar
regen  
Rob Austein committed
162
<dt><span class="term"><code class="constant">name</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
163 164
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
165
	      is the name of the resource record that is to be looked up.
Tinderbox User's avatar
Tinderbox User committed
166 167
	    </p>
	  </dd>
Rob Austein's avatar
regen  
Rob Austein committed
168
<dt><span class="term"><code class="constant">type</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
169 170
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
171 172 173 174 175
	      indicates what type of query is required &#8212;
	      ANY, A, MX, SIG, etc.
	      <em class="parameter"><code>type</code></em> can be any valid query
	      type.  If no
	      <em class="parameter"><code>type</code></em> argument is supplied,
Tinderbox User's avatar
Tinderbox User committed
176
	      <span class="command"><strong>dig</strong></span> will perform a lookup for an
Tinderbox User's avatar
Tinderbox User committed
177
	      A record.
Tinderbox User's avatar
Tinderbox User committed
178 179
	    </p>
	  </dd>
Rob Austein's avatar
regen  
Rob Austein committed
180 181 182
</dl></div>
<p>
    </p>
Tinderbox User's avatar
Tinderbox User committed
183 184 185 186

  </div>

  <div class="refsection">
Tinderbox User's avatar
Tinderbox User committed
187
<a name="id-1.9"></a><h2>OPTIONS</h2>
Tinderbox User's avatar
Tinderbox User committed
188 189 190


    <div class="variablelist"><dl class="variablelist">
Tinderbox User's avatar
Tinderbox User committed
191
<dt><span class="term">-4</span></dt>
Tinderbox User's avatar
Tinderbox User committed
192 193
<dd>
	  <p>
Tinderbox User's avatar
Tinderbox User committed
194
	    Use IPv4 only.
Tinderbox User's avatar
Tinderbox User committed
195 196
	  </p>
	</dd>
Tinderbox User's avatar
Tinderbox User committed
197
<dt><span class="term">-6</span></dt>
Tinderbox User's avatar
Tinderbox User committed
198 199
<dd>
	  <p>
Tinderbox User's avatar
Tinderbox User committed
200
	    Use IPv6 only.
Tinderbox User's avatar
Tinderbox User committed
201 202
	  </p>
	</dd>
Tinderbox User's avatar
Tinderbox User committed
203
<dt><span class="term">-b <em class="replaceable"><code>address[<span class="optional">#port</span>]</code></em></span></dt>
Tinderbox User's avatar
Tinderbox User committed
204 205
<dd>
	  <p>
Tinderbox User's avatar
Tinderbox User committed
206 207 208 209
	    Set the source IP address of the query.
	    The <em class="parameter"><code>address</code></em> must be a valid address on
	    one of the host's network interfaces, or "0.0.0.0" or "::". An
	    optional port may be specified by appending "#&lt;port&gt;"
Tinderbox User's avatar
Tinderbox User committed
210 211
	  </p>
	</dd>
Tinderbox User's avatar
Tinderbox User committed
212
<dt><span class="term">-c <em class="replaceable"><code>class</code></em></span></dt>
Tinderbox User's avatar
Tinderbox User committed
213 214
<dd>
	  <p>
Tinderbox User's avatar
Tinderbox User committed
215 216 217
	    Set the query class. The
	    default <em class="parameter"><code>class</code></em> is IN; other classes
	    are HS for Hesiod records or CH for Chaosnet records.
Tinderbox User's avatar
Tinderbox User committed
218 219
	  </p>
	</dd>
Tinderbox User's avatar
Tinderbox User committed
220
<dt><span class="term">-f <em class="replaceable"><code>file</code></em></span></dt>
Tinderbox User's avatar
Tinderbox User committed
221 222
<dd>
	  <p>
Tinderbox User's avatar
Tinderbox User committed
223
	    Batch mode: <span class="command"><strong>dig</strong></span> reads a list of lookup
Tinderbox User's avatar
Tinderbox User committed
224 225 226 227
	    requests to process from the
	    given <em class="parameter"><code>file</code></em>. Each line in the file
	    should be organized in the same way they would be
	    presented as queries to
Tinderbox User's avatar
Tinderbox User committed
228
	    <span class="command"><strong>dig</strong></span> using the command-line interface.
Tinderbox User's avatar
Tinderbox User committed
229 230
	  </p>
	</dd>
Tinderbox User's avatar
Tinderbox User committed
231
<dt><span class="term">-k <em class="replaceable"><code>keyfile</code></em></span></dt>
Tinderbox User's avatar
Tinderbox User committed
232 233
<dd>
	  <p>
Tinderbox User's avatar
Tinderbox User committed
234 235
	    Sign queries using TSIG using a key read from the given file.
	    Key files can be generated using
Tinderbox User's avatar
Tinderbox User committed
236 237 238
	    <span class="citerefentry">
	      <span class="refentrytitle">tsig-keygen</span>(8)
	    </span>.
Tinderbox User's avatar
Tinderbox User committed
239
	    When using TSIG authentication with <span class="command"><strong>dig</strong></span>,
Tinderbox User's avatar
Tinderbox User committed
240 241
	    the name server that is queried needs to know the key and
	    algorithm that is being used. In BIND, this is done by
Tinderbox User's avatar
Tinderbox User committed
242 243
	    providing appropriate <span class="command"><strong>key</strong></span>
	    and <span class="command"><strong>server</strong></span> statements in
Tinderbox User's avatar
Tinderbox User committed
244
	    <code class="filename">named.conf</code>.
Tinderbox User's avatar
Tinderbox User committed
245 246
	  </p>
	</dd>
Tinderbox User's avatar
Tinderbox User committed
247
<dt><span class="term">-m</span></dt>
Tinderbox User's avatar
Tinderbox User committed
248 249
<dd>
	  <p>
Tinderbox User's avatar
Tinderbox User committed
250 251
	    Enable memory usage debugging.
	    
Tinderbox User's avatar
Tinderbox User committed
252 253
	  </p>
	</dd>
Tinderbox User's avatar
Tinderbox User committed
254
<dt><span class="term">-p <em class="replaceable"><code>port</code></em></span></dt>
Tinderbox User's avatar
Tinderbox User committed
255 256
<dd>
	  <p>
Tinderbox User's avatar
Tinderbox User committed
257
	    Send the query to a non-standard port on the server,
Tinderbox User's avatar
Tinderbox User committed
258
	    instead of the default port 53. This option would be used
Tinderbox User's avatar
Tinderbox User committed
259 260
	    to test a name server that has been configured to listen
	    for queries on a non-standard port number.
Tinderbox User's avatar
Tinderbox User committed
261 262
	  </p>
	</dd>
Tinderbox User's avatar
Tinderbox User committed
263
<dt><span class="term">-q <em class="replaceable"><code>name</code></em></span></dt>
Tinderbox User's avatar
Tinderbox User committed
264 265
<dd>
	  <p>
Tinderbox User's avatar
Tinderbox User committed
266 267
	    The domain name to query. This is useful to distinguish
	    the <em class="parameter"><code>name</code></em> from other arguments.
Tinderbox User's avatar
Tinderbox User committed
268 269
	  </p>
	</dd>
Tinderbox User's avatar
Tinderbox User committed
270 271 272 273 274 275 276
<dt><span class="term">-r</span></dt>
<dd>
	  <p>
	    Do not read options from <code class="filename">${HOME}/.digrc</code>.
	    This is useful for scripts that need predictable behaviour.
	  </p>
	</dd>
Tinderbox User's avatar
Tinderbox User committed
277
<dt><span class="term">-t <em class="replaceable"><code>type</code></em></span></dt>
Tinderbox User's avatar
Tinderbox User committed
278 279
<dd>
	  <p>
Tinderbox User's avatar
Tinderbox User committed
280 281 282 283 284 285
	    The resource record type to query. It can be any valid query
	    type.  If it is a resource record type supported in BIND 9, it
	    can be given by the type mnemonic (such as "NS" or "AAAA").
	    The default query type is "A", unless the <code class="option">-x</code>
	    option is supplied to indicate a reverse lookup.  A zone
	    transfer can be requested by specifying a type of AXFR.  When
Tinderbox User's avatar
Tinderbox User committed
286 287 288 289 290 291
	    an incremental zone transfer (IXFR) is required, set the
	    <em class="parameter"><code>type</code></em> to <code class="literal">ixfr=N</code>.
	    The incremental zone transfer will contain the changes
	    made to the zone since the serial number in the zone's SOA
	    record was
	    <em class="parameter"><code>N</code></em>.
Tinderbox User's avatar
Tinderbox User committed
292
	  </p>
Tinderbox User's avatar
Tinderbox User committed
293 294 295 296 297 298
	  <p>
	    All resource record types can be expressed as "TYPEnn", where
	    "nn" is the number of the type. If the resource record type is
	    not supported in BIND 9, the result will be displayed as
	    described in RFC 3597.
	  </p>
Tinderbox User's avatar
Tinderbox User committed
299
	</dd>
Tinderbox User's avatar
Tinderbox User committed
300 301 302 303 304 305
<dt><span class="term">-u</span></dt>
<dd>
	  <p>
	    Print query times in microseconds instead of milliseconds.
	  </p>
	</dd>
Tinderbox User's avatar
Tinderbox User committed
306
<dt><span class="term">-v</span></dt>
Tinderbox User's avatar
Tinderbox User committed
307 308
<dd>
	  <p>
Tinderbox User's avatar
Tinderbox User committed
309
	    Print the version number and exit.
Tinderbox User's avatar
Tinderbox User committed
310 311
	  </p>
	</dd>
Tinderbox User's avatar
Tinderbox User committed
312
<dt><span class="term">-x <em class="replaceable"><code>addr</code></em></span></dt>
Tinderbox User's avatar
Tinderbox User committed
313 314
<dd>
	  <p>
Tinderbox User's avatar
Tinderbox User committed
315 316 317 318 319 320 321
	    Simplified reverse lookups, for mapping addresses to
	    names. The <em class="parameter"><code>addr</code></em> is an IPv4 address
	    in dotted-decimal notation, or a colon-delimited IPv6
	    address. When the <code class="option">-x</code> is used, there is no
	    need to provide
	    the <em class="parameter"><code>name</code></em>, <em class="parameter"><code>class</code></em>
	    and <em class="parameter"><code>type</code></em>
Tinderbox User's avatar
Tinderbox User committed
322
	    arguments. <span class="command"><strong>dig</strong></span> automatically performs a
Tinderbox User's avatar
Tinderbox User committed
323 324 325 326
	    lookup for a name like
	    <code class="literal">94.2.0.192.in-addr.arpa</code> and sets the
	    query type and class to PTR and IN respectively. IPv6
	    addresses are looked up using nibble format under the
Tinderbox User's avatar
Tinderbox User committed
327
	    IP6.ARPA domain.
Tinderbox User's avatar
Tinderbox User committed
328 329
	  </p>
	</dd>
Tinderbox User's avatar
Tinderbox User committed
330 331
<dt><span class="term">-y <em class="replaceable"><code>[<span class="optional">hmac:</span>]keyname:secret</code></em></span></dt>
<dd>
Tinderbox User's avatar
Tinderbox User committed
332
	  <p>
Tinderbox User's avatar
Tinderbox User committed
333 334 335 336 337 338 339 340
	    Sign queries using TSIG with the given authentication key.
	    <em class="parameter"><code>keyname</code></em> is the name of the key, and
	    <em class="parameter"><code>secret</code></em> is the base64 encoded shared secret.
	    <em class="parameter"><code>hmac</code></em> is the name of the key algorithm;
	    valid choices are <code class="literal">hmac-md5</code>,
	    <code class="literal">hmac-sha1</code>, <code class="literal">hmac-sha224</code>,
	    <code class="literal">hmac-sha256</code>, <code class="literal">hmac-sha384</code>, or
	    <code class="literal">hmac-sha512</code>.  If <em class="parameter"><code>hmac</code></em>
Tinderbox User's avatar
Tinderbox User committed
341 342
	    is not specified, the default is <code class="literal">hmac-md5</code>
	    or if MD5 was disabled <code class="literal">hmac-sha256</code>.
Tinderbox User's avatar
Tinderbox User committed
343
	  </p>
Tinderbox User's avatar
Tinderbox User committed
344
	  <p>
Tinderbox User's avatar
Tinderbox User committed
345 346 347 348 349
	    NOTE: You should use the <code class="option">-k</code> option and
	    avoid the <code class="option">-y</code> option, because
	    with <code class="option">-y</code> the shared secret is supplied as
	    a command line argument in clear text. This may be visible
	    in the output from
Tinderbox User's avatar
Tinderbox User committed
350 351 352
	    <span class="citerefentry">
	      <span class="refentrytitle">ps</span>(1)
	    </span>
Tinderbox User's avatar
Tinderbox User committed
353 354
	    or in a history file maintained by the user's shell.
	  </p>
Tinderbox User's avatar
Tinderbox User committed
355
	</dd>
Tinderbox User's avatar
Tinderbox User committed
356
</dl></div>
Tinderbox User's avatar
Tinderbox User committed
357 358 359
  </div>

  <div class="refsection">
Tinderbox User's avatar
Tinderbox User committed
360
<a name="id-1.10"></a><h2>QUERY OPTIONS</h2>
Tinderbox User's avatar
Tinderbox User committed
361 362 363


    <p><span class="command"><strong>dig</strong></span>
Rob Austein's avatar
regen  
Rob Austein committed
364 365 366 367 368 369
      provides a number of query options which affect
      the way in which lookups are made and the results displayed.  Some of
      these set or reset flag bits in the query header, some determine which
      sections of the answer get printed, and others determine the timeout
      and retry strategies.
    </p>
Tinderbox User's avatar
Tinderbox User committed
370 371

    <p>
Rob Austein's avatar
regen  
Rob Austein committed
372 373 374 375 376 377 378
      Each query option is identified by a keyword preceded by a plus sign
      (<code class="literal">+</code>).  Some keywords set or reset an
      option.  These may be preceded
      by the string <code class="literal">no</code> to negate the meaning of
      that keyword.  Other
      keywords assign values to options like the timeout interval.  They
      have the form <code class="option">+keyword=value</code>.
Tinderbox User's avatar
Tinderbox User committed
379 380 381
      Keywords may be abbreviated, provided the abbreviation is
      unambiguous; for example, <code class="literal">+cd</code> is equivalent
      to <code class="literal">+cdflag</code>.
Rob Austein's avatar
regen  
Rob Austein committed
382
      The query options are:
Andreas Gustafsson's avatar
Andreas Gustafsson committed
383

Rob Austein's avatar
regen  
Rob Austein committed
384
      </p>
Tinderbox User's avatar
Tinderbox User committed
385
<div class="variablelist"><dl class="variablelist">
Tinderbox User's avatar
Tinderbox User committed
386
<dt><span class="term"><code class="option">+[no]aaflag</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
387 388
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
389
	      A synonym for <em class="parameter"><code>+[no]aaonly</code></em>.
Tinderbox User's avatar
Tinderbox User committed
390 391
	    </p>
	  </dd>
Rob Austein's avatar
regen  
Rob Austein committed
392
<dt><span class="term"><code class="option">+[no]aaonly</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
393 394
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
395
	      Sets the "aa" flag in the query.
Tinderbox User's avatar
Tinderbox User committed
396 397
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
398
<dt><span class="term"><code class="option">+[no]additional</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
399 400
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
401 402
	      Display [do not display] the additional section of a
	      reply.  The default is to display it.
Tinderbox User's avatar
Tinderbox User committed
403 404
	    </p>
	  </dd>
Rob Austein's avatar
regen  
Rob Austein committed
405
<dt><span class="term"><code class="option">+[no]adflag</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
406 407
<dd>
	    <p>
Automatic Updater's avatar
regen  
Automatic Updater committed
408 409 410 411 412 413 414
	      Set [do not set] the AD (authentic data) bit in the
	      query.  This requests the server to return whether
	      all of the answer and authority sections have all
	      been validated as secure according to the security
	      policy of the server.  AD=1 indicates that all records
	      have been validated as secure and the answer is not
	      from a OPT-OUT range.  AD=0 indicate that some part
Automatic Updater's avatar
Automatic Updater committed
415 416
	      of the answer was insecure or not validated.  This
	      bit is set by default.
Tinderbox User's avatar
Tinderbox User committed
417 418
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
419
<dt><span class="term"><code class="option">+[no]all</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
420 421
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
422
	      Set or clear all display flags.
Tinderbox User's avatar
Tinderbox User committed
423 424
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
425
<dt><span class="term"><code class="option">+[no]answer</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
426 427
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
428 429
	      Display [do not display] the answer section of a
	      reply.  The default is to display it.
Tinderbox User's avatar
Tinderbox User committed
430 431
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
432
<dt><span class="term"><code class="option">+[no]authority</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
433 434
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
435 436
	      Display [do not display] the authority section of a
	      reply.  The default is to display it.
Tinderbox User's avatar
Tinderbox User committed
437 438
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
439
<dt><span class="term"><code class="option">+[no]badcookie</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
440 441
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
442 443
	      Retry lookup with the new server cookie if a
	      BADCOOKIE response is received.
Tinderbox User's avatar
Tinderbox User committed
444 445
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
446
<dt><span class="term"><code class="option">+[no]besteffort</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
447 448
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
449 450 451
	      Attempt to display the contents of messages which are
	      malformed.  The default is to not display malformed
	      answers.
Tinderbox User's avatar
Tinderbox User committed
452 453
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
454
<dt><span class="term"><code class="option">+bufsize=B</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
455 456
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
457 458 459 460 461 462
	      Set the UDP message buffer size advertised using EDNS0
	      to <em class="parameter"><code>B</code></em> bytes.  The maximum and
	      minimum sizes of this buffer are 65535 and 0 respectively.
	      Values outside this range are rounded up or down
	      appropriately.  Values other than zero will cause a
	      EDNS query to be sent.
Tinderbox User's avatar
Tinderbox User committed
463 464
	    </p>
	  </dd>
Rob Austein's avatar
regen  
Rob Austein committed
465
<dt><span class="term"><code class="option">+[no]cdflag</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
466 467
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
468 469 470
	      Set [do not set] the CD (checking disabled) bit in
	      the query.  This requests the server to not perform
	      DNSSEC validation of responses.
Tinderbox User's avatar
Tinderbox User committed
471 472
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
473
<dt><span class="term"><code class="option">+[no]class</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
474 475
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
476 477
	      Display [do not display] the CLASS when printing the
	      record.
Tinderbox User's avatar
Tinderbox User committed
478 479
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
480
<dt><span class="term"><code class="option">+[no]cmd</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
481 482
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
483
	      Toggles the printing of the initial comment in the
Tinderbox User's avatar
Tinderbox User committed
484
	      output identifying the version of <span class="command"><strong>dig</strong></span>
Tinderbox User's avatar
Tinderbox User committed
485 486
	      and the query options that have been applied.  This
	      comment is printed by default.
Tinderbox User's avatar
Tinderbox User committed
487 488
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
489
<dt><span class="term"><code class="option">+[no]comments</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
490 491
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
492 493
	      Toggle the display of comment lines in the output.
	      The default is to print comments.
Tinderbox User's avatar
Tinderbox User committed
494 495
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
496 497
<dt><span class="term"><code class="option">+[no]cookie[<span class="optional">=####</span>]</code></span></dt>
<dd>
Tinderbox User's avatar
Tinderbox User committed
498
	    <p>
Tinderbox User's avatar
Tinderbox User committed
499 500 501 502 503
	      Send a COOKIE EDNS option, with optional
	      value.  Replaying a COOKIE from a previous response will
	      allow the server to identify a previous client.  The
	      default is <code class="option">+cookie</code>.
	    </p>
Tinderbox User's avatar
Tinderbox User committed
504
	    <p>
Tinderbox User's avatar
Tinderbox User committed
505
	      <span class="command"><strong>+cookie</strong></span> is also set when +trace
Tinderbox User's avatar
Tinderbox User committed
506 507 508
	      is set to better emulate the default queries from a
	      nameserver.
	    </p>
Tinderbox User's avatar
Tinderbox User committed
509
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
510
<dt><span class="term"><code class="option">+[no]crypto</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
511 512
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
513 514 515 516 517 518 519 520
	      Toggle the display of cryptographic fields in DNSSEC
	      records.  The contents of these field are unnecessary
	      to debug most DNSSEC validation failures and removing
	      them makes it easier to see the common failures.  The
	      default is to display the fields.  When omitted they
	      are replaced by the string "[omitted]" or in the
	      DNSKEY case the key id is displayed as the replacement,
	      e.g. "[ key id = value ]".
Tinderbox User's avatar
Tinderbox User committed
521 522
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
523
<dt><span class="term"><code class="option">+[no]defname</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
524 525
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
526 527
	      Deprecated, treated as a synonym for
	      <em class="parameter"><code>+[no]search</code></em>
Tinderbox User's avatar
Tinderbox User committed
528 529
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
530
<dt><span class="term"><code class="option">+[no]dnssec</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
531 532
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
533 534 535
	      Requests DNSSEC records be sent by setting the DNSSEC
	      OK bit (DO) in the OPT record in the additional section
	      of the query.
Tinderbox User's avatar
Tinderbox User committed
536 537
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
538
<dt><span class="term"><code class="option">+domain=somename</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
539 540
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
541 542
	      Set the search list to contain the single domain
	      <em class="parameter"><code>somename</code></em>, as if specified in
Tinderbox User's avatar
Tinderbox User committed
543
	      a <span class="command"><strong>domain</strong></span> directive in
Tinderbox User's avatar
Tinderbox User committed
544 545 546
	      <code class="filename">/etc/resolv.conf</code>, and enable
	      search list processing as if the
	      <em class="parameter"><code>+search</code></em> option were given.
Tinderbox User's avatar
Tinderbox User committed
547 548
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
549
<dt><span class="term"><code class="option">+dscp=value</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
550 551
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
552 553
	      Set the DSCP code point to be used when sending the
	      query.  Valid DSCP code points are in the range
Tinderbox User's avatar
Tinderbox User committed
554
	      [0..63].  By default no code point is explicitly set.
Tinderbox User's avatar
Tinderbox User committed
555 556
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
557
<dt><span class="term"><code class="option">+[no]edns[=#]</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
558 559
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
560 561 562 563 564
	       Specify the EDNS version to query with.  Valid values
	       are 0 to 255.  Setting the EDNS version will cause
	       a EDNS query to be sent.  <code class="option">+noedns</code>
	       clears the remembered EDNS version.  EDNS is set to
	       0 by default.
Tinderbox User's avatar
Tinderbox User committed
565 566
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
567
<dt><span class="term"><code class="option">+[no]ednsflags[=#]</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
568 569
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
570 571 572 573
	      Set the must-be-zero EDNS flags bits (Z bits) to the
	      specified value. Decimal, hex and octal encodings are
	      accepted. Setting a named flag (e.g. DO) will silently be
	      ignored. By default, no Z bits are set.
Tinderbox User's avatar
Tinderbox User committed
574 575
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
576
<dt><span class="term"><code class="option">+[no]ednsnegotiation</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
577 578
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
579 580
	      Enable / disable EDNS version negotiation. By default
	      EDNS version negotiation is enabled.
Tinderbox User's avatar
Tinderbox User committed
581 582
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
583
<dt><span class="term"><code class="option">+[no]ednsopt[=code[:value]]</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
584 585
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
586 587
	      Specify EDNS option with code point <code class="option">code</code>
	      and optionally payload of <code class="option">value</code> as a
Tinderbox User's avatar
Tinderbox User committed
588 589 590 591
	      hexadecimal string.  <code class="option">code</code> can be
	      either an EDNS option name (for example,
	      <code class="literal">NSID</code> or <code class="literal">ECS</code>),
	      or an arbitrary numeric value.  <code class="option">+noednsopt</code>
Tinderbox User's avatar
Tinderbox User committed
592
	      clears the EDNS options to be sent.
Tinderbox User's avatar
Tinderbox User committed
593 594
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
595
<dt><span class="term"><code class="option">+[no]expire</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
596 597
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
598
	      Send an EDNS Expire option.
Tinderbox User's avatar
Tinderbox User committed
599 600
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
601
<dt><span class="term"><code class="option">+[no]fail</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
602 603
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
604 605 606
	      Do not try the next server if you receive a SERVFAIL.
	      The default is to not try the next server which is
	      the reverse of normal stub resolver behavior.
Tinderbox User's avatar
Tinderbox User committed
607 608
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
609
<dt><span class="term"><code class="option">+[no]header-only</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
610 611
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
612 613 614
	      Send a query with a DNS header without a question section.
	      The default is to add a question section.  The query type
	      and query name are ignored when this is set.
Tinderbox User's avatar
Tinderbox User committed
615 616
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
617
<dt><span class="term"><code class="option">+[no]identify</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
618 619
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
620 621 622 623 624 625
	      Show [or do not show] the IP address and port number
	      that supplied the answer when the
	      <em class="parameter"><code>+short</code></em> option is enabled.  If
	      short form answers are requested, the default is not
	      to show the source address and port number of the
	      server that provided the answer.
Tinderbox User's avatar
Tinderbox User committed
626 627
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
628 629 630 631 632
<dt><span class="term"><code class="option">+[no]idnin</code></span></dt>
<dd>
	    <p>
	      Process [do not process] IDN domain names on input.
	      This requires IDN SUPPORT to have been enabled at
Tinderbox User's avatar
Tinderbox User committed
633 634 635 636 637 638 639
	      compile time.
	    </p>
	    <p>
	      The default is to process IDN input when standard output
	      is a tty.  The IDN processing on input is disabled when
	      dig output is redirected to files, pipes, and other
	      non-tty file descriptors.
Tinderbox User's avatar
Tinderbox User committed
640 641
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
642
<dt><span class="term"><code class="option">+[no]idnout</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
643 644
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
645 646
	      Convert [do not convert] puny code on output.
	      This requires IDN SUPPORT to have been enabled at
Tinderbox User's avatar
Tinderbox User committed
647 648 649 650 651 652 653
	      compile time.
	    </p>
	    <p>
	      The default is to process puny code on output when
	      standard output is a tty.  The puny code processing on
	      output is disabled when dig output is redirected to
	      files, pipes, and other non-tty file descriptors.
Tinderbox User's avatar
Tinderbox User committed
654 655
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
656
<dt><span class="term"><code class="option">+[no]ignore</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
657 658
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
659 660
	      Ignore truncation in UDP responses instead of retrying
	      with TCP.  By default, TCP retries are performed.
Tinderbox User's avatar
Tinderbox User committed
661 662
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
663 664 665 666 667 668
<dt><span class="term"><code class="option">+[no]keepalive</code></span></dt>
<dd>
	    <p>
	      Send [or do not send] an EDNS Keepalive option.
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
669
<dt><span class="term"><code class="option">+[no]keepopen</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
670 671
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
672 673 674
	      Keep the TCP socket open between queries and reuse
	      it rather than creating a new TCP socket for each
	      lookup.  The default is <code class="option">+nokeepopen</code>.
Tinderbox User's avatar
Tinderbox User committed
675 676
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
677
<dt><span class="term"><code class="option">+[no]mapped</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
678 679
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
680 681
	      Allow mapped IPv4 over IPv6 addresses to be used.  The
	      default is <code class="option">+mapped</code>.
Tinderbox User's avatar
Tinderbox User committed
682 683
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
684
<dt><span class="term"><code class="option">+[no]multiline</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
685 686
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
687 688 689
	      Print records like the SOA records in a verbose
	      multi-line format with human-readable comments.  The
	      default is to print each record on a single line, to
Tinderbox User's avatar
Tinderbox User committed
690
	      facilitate machine parsing of the <span class="command"><strong>dig</strong></span>
Tinderbox User's avatar
Tinderbox User committed
691
	      output.
Tinderbox User's avatar
Tinderbox User committed
692 693
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
694
<dt><span class="term"><code class="option">+ndots=D</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
695 696
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
697 698 699 700 701 702 703 704 705
	      Set the number of dots that have to appear in
	      <em class="parameter"><code>name</code></em> to <em class="parameter"><code>D</code></em>
	      for it to be considered absolute.  The default value
	      is that defined using the ndots statement in
	      <code class="filename">/etc/resolv.conf</code>, or 1 if no
	      ndots statement is present.  Names with fewer dots
	      are interpreted as relative names and will be searched
	      for in the domains listed in the <code class="option">search</code>
	      or <code class="option">domain</code> directive in
Tinderbox User's avatar
Tinderbox User committed
706 707
	      <code class="filename">/etc/resolv.conf</code> if
	      <code class="option">+search</code> is set.
Tinderbox User's avatar
Tinderbox User committed
708 709
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
710
<dt><span class="term"><code class="option">+[no]nsid</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
711 712
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
713 714
	      Include an EDNS name server ID request when sending
	      a query.
Tinderbox User's avatar
Tinderbox User committed
715 716
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
717
<dt><span class="term"><code class="option">+[no]nssearch</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
718 719
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
720
	      When this option is set, <span class="command"><strong>dig</strong></span>
Tinderbox User's avatar
Tinderbox User committed
721 722 723
	      attempts to find the authoritative name servers for
	      the zone containing the name being looked up and
	      display the SOA record that each name server has for
Tinderbox User's avatar
Tinderbox User committed
724 725
	      the zone. Addresses of servers that that did not
	      respond are also printed.
Tinderbox User's avatar
Tinderbox User committed
726 727
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
728
<dt><span class="term"><code class="option">+[no]onesoa</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
729 730
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
731 732 733
	      Print only one (starting) SOA record when performing
	      an AXFR. The default is to print both the starting
	      and ending SOA records.
Tinderbox User's avatar
Tinderbox User committed
734 735
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
736
<dt><span class="term"><code class="option">+[no]opcode=value</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
737 738
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
739 740
	      Set [restore] the DNS message opcode to the specified
	      value.  The default value is QUERY (0).
Tinderbox User's avatar
Tinderbox User committed
741 742
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
743
<dt><span class="term"><code class="option">+padding=value</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
744 745
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
746 747 748 749 750 751 752 753 754
	      Pad the size of the query packet using the EDNS Padding option
	      to blocks of <em class="parameter"><code>value</code></em> bytes. For example,
	      <code class="option">+padding=32</code> would cause a 48-byte query to
	      be padded to 64 bytes.  The default block size is 0, which
	      disables padding. The maximum is 512. Values are
	      ordinarily expected to be powers of two, such as 128;
	      however, this is not mandatory.  Responses to
	      padded queries may also be padded, but only if the query
	      uses TCP or DNS COOKIE.
Tinderbox User's avatar
Tinderbox User committed
755 756
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
757
<dt><span class="term"><code class="option">+[no]qr</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
758 759
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
760 761
	      Print [do not print] the query as it is sent.  By
	      default, the query is not printed.
Tinderbox User's avatar
Tinderbox User committed
762 763
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
764
<dt><span class="term"><code class="option">+[no]question</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
765 766
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
767 768 769
	      Print [do not print] the question section of a query
	      when an answer is returned.  The default is to print
	      the question section as a comment.
Tinderbox User's avatar
Tinderbox User committed
770 771
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
772 773 774 775 776 777 778 779
<dt><span class="term"><code class="option">+[no]raflag</code></span></dt>
<dd>
	    <p>
	      Set [do not set] the RA (Recursion Available) bit in
	      the query. The default is +noraflag. This bit should
	      be ignored by the server for QUERY.
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
780
<dt><span class="term"><code class="option">+[no]rdflag</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
781 782
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
783
	      A synonym for <em class="parameter"><code>+[no]recurse</code></em>.
Tinderbox User's avatar
Tinderbox User committed
784 785
	    </p>
	  </dd>
Rob Austein's avatar
regen  
Rob Austein committed
786
<dt><span class="term"><code class="option">+[no]recurse</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
787 788
<dd>
	    <p>
Automatic Updater's avatar
Automatic Updater committed
789 790
	      Toggle the setting of the RD (recursion desired) bit
	      in the query.  This bit is set by default, which means
Tinderbox User's avatar
Tinderbox User committed
791
	      <span class="command"><strong>dig</strong></span> normally sends recursive
Automatic Updater's avatar
Automatic Updater committed
792 793 794
	      queries.  Recursion is automatically disabled when
	      the <em class="parameter"><code>+nssearch</code></em> or
	      <em class="parameter"><code>+trace</code></em> query options are used.
Tinderbox User's avatar
Tinderbox User committed
795 796
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
797
<dt><span class="term"><code class="option">+retry=T</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
798 799
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
800 801 802 803
	      Sets the number of times to retry UDP queries to
	      server to <em class="parameter"><code>T</code></em> instead of the
	      default, 2.  Unlike <em class="parameter"><code>+tries</code></em>,
	      this does not include the initial query.
Tinderbox User's avatar
Tinderbox User committed
804 805
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
806
<dt><span class="term"><code class="option">+[no]rrcomments</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
807 808
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
809 810 811 812
	      Toggle the display of per-record comments in the
	      output (for example, human-readable key information
	      about DNSKEY records).  The default is not to print
	      record comments unless multiline mode is active.
Tinderbox User's avatar
Tinderbox User committed
813 814
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
815
<dt><span class="term"><code class="option">+[no]search</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
816
<dd>
Tinderbox User's avatar
Tinderbox User committed
817
	    <p>
Tinderbox User's avatar
Tinderbox User committed
818 819 820 821
	      Use [do not use] the search list defined by the
	      searchlist or domain directive in
	      <code class="filename">resolv.conf</code> (if any).  The search
	      list is not used by default.
Tinderbox User's avatar
Tinderbox User committed
822
	    </p>
Tinderbox User's avatar
Tinderbox User committed
823
	    <p>
Tinderbox User's avatar
Tinderbox User committed
824 825 826 827 828 829
	      'ndots' from <code class="filename">resolv.conf</code> (default 1)
	       which may be overridden by <em class="parameter"><code>+ndots</code></em>
	      determines if the name will be treated as relative
	      or not and hence whether a search is eventually
	      performed or not.
	    </p>
Tinderbox User's avatar
Tinderbox User committed
830
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
831
<dt><span class="term"><code class="option">+[no]short</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
832 833
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
834 835
	      Provide a terse answer.  The default is to print the
	      answer in a verbose form.
Tinderbox User's avatar
Tinderbox User committed
836 837
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
838
<dt><span class="term"><code class="option">+[no]showsearch</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
839 840
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
841 842
	      Perform [do not perform] a search showing intermediate
	      results.
Tinderbox User's avatar
Tinderbox User committed
843 844
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
845
<dt><span class="term"><code class="option">+[no]sigchase</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
846 847
<dd>
	    <p>
Evan Hunt's avatar
Evan Hunt committed
848
	      This feature is now obsolete and has been removed;
Tinderbox User's avatar
Tinderbox User committed
849
	      use <span class="command"><strong>delv</strong></span> instead.
Tinderbox User's avatar
Tinderbox User committed
850 851
	    </p>
	  </dd>
Automatic Updater's avatar
Automatic Updater committed
852
<dt><span class="term"><code class="option">+split=W</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
853 854
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
855 856 857 858 859 860 861 862
	      Split long hex- or base64-formatted fields in resource
	      records into chunks of <em class="parameter"><code>W</code></em>
	      characters (where <em class="parameter"><code>W</code></em> is rounded
	      up to the nearest multiple of 4).
	      <em class="parameter"><code>+nosplit</code></em> or
	      <em class="parameter"><code>+split=0</code></em> causes fields not to
	      be split at all.  The default is 56 characters, or
	      44 characters when multiline mode is active.
Tinderbox User's avatar
Tinderbox User committed
863 864
	    </p>
	  </dd>
Rob Austein's avatar
regen  
Rob Austein committed
865
<dt><span class="term"><code class="option">+[no]stats</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
866 867
<dd>
	    <p>
Tinderbox User's avatar
Tinderbox User committed
868 869 870 871
	      This query option toggles the printing of statistics:
	      when the query was made, the size of the reply and
	      so on.  The default behavior is to print the query
	      statistics.
Tinderbox User's avatar
Tinderbox User committed
872 873
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
874
<dt><span class="term"><code class="option">+[no]subnet=addr[/prefix-length]</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
875
<dd>
Tinderbox User's avatar
Tinderbox User committed
876
	    <p>
Tinderbox User's avatar
Tinderbox User committed
877
	      Send (don't send) an EDNS Client Subnet option with the
Tinderbox User's avatar
Tinderbox User committed
878
	      specified IP address or network prefix.
Tinderbox User's avatar
Tinderbox User committed
879
	    </p>
Tinderbox User's avatar
Tinderbox User committed
880
	    <p>
Tinderbox User's avatar
Tinderbox User committed
881 882 883 884 885 886 887
	      <span class="command"><strong>dig +subnet=0.0.0.0/0</strong></span>, or simply
	      <span class="command"><strong>dig +subnet=0</strong></span> for short, sends an EDNS
	      CLIENT-SUBNET option with an empty address and a source
	      prefix-length of zero, which signals a resolver that
	      the client's address information must
	      <span class="emphasis"><em>not</em></span> be used when resolving
	      this query.
Tinderbox User's avatar
Tinderbox User committed
888
	    </p>
Tinderbox User's avatar
Tinderbox User committed
889
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
890 891 892 893 894 895 896 897
<dt><span class="term"><code class="option">+[no]tcflag</code></span></dt>
<dd>
	    <p>
	      Set [do not set] the TC (TrunCation) bit in the query.
	      The default is +notcflag.  This bit should be ignored
	      by the server for QUERY.
	    </p>
	  </dd>
Tinderbox User's avatar
Tinderbox User committed
898
<dt><span class="term"><code class="option">+[no]tcp</code></span></dt>
Tinderbox User's avatar
Tinderbox User committed
899 900
<dd>
	    <p>