2 - Copyright (C) 2004-2011, 2013-2015 Internet Systems Consortium, Inc. ("ISC")
3 - Copyright (C) 2000-2003 Internet Software Consortium.
5 - Permission to use, copy, modify, and/or distribute this software for any
6 - purpose with or without fee is hereby granted, provided that the above
7 - copyright notice and this permission notice appear in all copies.
9 - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
10 - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
11 - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
12 - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
13 - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
14 - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
15 - PERFORMANCE OF THIS SOFTWARE.
19 <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
21 <meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
23 <body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry">
24 <a name="man.dig"></a><div class="titlepage"></div>
25 <div class="refnamediv">
27 <p>dig — DNS lookup utility</p>
29 <div class="refsynopsisdiv">
31 <div class="cmdsynopsis"><p><code class="command">dig</code> [@server] [<code class="option">-b <em class="replaceable"><code>address</code></em></code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-f <em class="replaceable"><code>filename</code></em></code>] [<code class="option">-k <em class="replaceable"><code>filename</code></em></code>] [<code class="option">-m</code>] [<code class="option">-p <em class="replaceable"><code>port#</code></em></code>] [<code class="option">-q <em class="replaceable"><code>name</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-v</code>] [<code class="option">-x <em class="replaceable"><code>addr</code></em></code>] [<code class="option">-y <em class="replaceable"><code>[<span class="optional">hmac:</span>]name:key</code></em></code>] [<code class="option">-4</code>] [<code class="option">-6</code>] [name] [type] [class] [queryopt...]</p></div>
32 <div class="cmdsynopsis"><p><code class="command">dig</code> [<code class="option">-h</code>]</p></div>
33 <div class="cmdsynopsis"><p><code class="command">dig</code> [global-queryopt...] [query...]</p></div>
35 <div class="refsection">
36 <a name="id-1.7"></a><h2>DESCRIPTION</h2>
37 <p><span class="command"><strong>dig</strong></span>
38 (domain information groper) is a flexible tool
39 for interrogating DNS name servers. It performs DNS lookups and
40 displays the answers that are returned from the name server(s) that
41 were queried. Most DNS administrators use <span class="command"><strong>dig</strong></span> to
42 troubleshoot DNS problems because of its flexibility, ease of use and
43 clarity of output. Other lookup tools tend to have less functionality
44 than <span class="command"><strong>dig</strong></span>.
47 Although <span class="command"><strong>dig</strong></span> is normally used with
49 arguments, it also has a batch mode of operation for reading lookup
50 requests from a file. A brief summary of its command-line arguments
51 and options is printed when the <code class="option">-h</code> option is given.
52 Unlike earlier versions, the BIND 9 implementation of
53 <span class="command"><strong>dig</strong></span> allows multiple lookups to be issued
58 Unless it is told to query a specific name server,
59 <span class="command"><strong>dig</strong></span> will try each of the servers listed in
60 <code class="filename">/etc/resolv.conf</code>. If no usable server addresses
61 are found, <span class="command"><strong>dig</strong></span> will send the query to the local
65 When no command line arguments or options are given,
66 <span class="command"><strong>dig</strong></span> will perform an NS query for "." (the root).
69 It is possible to set per-user defaults for <span class="command"><strong>dig</strong></span> via
70 <code class="filename">${HOME}/.digrc</code>. This file is read and
72 are applied before the command line arguments.
75 The IN and CH class names overlap with the IN and CH top level
76 domain names. Either use the <code class="option">-t</code> and
77 <code class="option">-c</code> options to specify the type and class,
78 use the <code class="option">-q</code> the specify the domain name, or
79 use "IN." and "CH." when looking up these top level domains.
82 <div class="refsection">
83 <a name="id-1.8"></a><h2>SIMPLE USAGE</h2>
85 A typical invocation of <span class="command"><strong>dig</strong></span> looks like:
87 <pre class="programlisting"> dig @server name type </pre>
92 <div class="variablelist"><dl class="variablelist">
93 <dt><span class="term"><code class="constant">server</code></span></dt>
96 is the name or IP address of the name server to query. This
97 can be an IPv4 address in dotted-decimal notation or an IPv6
98 address in colon-delimited notation. When the supplied
99 <em class="parameter"><code>server</code></em> argument is a hostname,
100 <span class="command"><strong>dig</strong></span> resolves that name before querying
104 If no <em class="parameter"><code>server</code></em> argument is
105 provided, <span class="command"><strong>dig</strong></span> consults
106 <code class="filename">/etc/resolv.conf</code>; if an
107 address is found there, it queries the name server at
108 that address. If either of the <code class="option">-4</code> or
109 <code class="option">-6</code> options are in use, then
110 only addresses for the corresponding transport
111 will be tried. If no usable addresses are found,
112 <span class="command"><strong>dig</strong></span> will send the query to the
113 local host. The reply from the name server that
114 responds is displayed.
117 <dt><span class="term"><code class="constant">name</code></span></dt>
119 is the name of the resource record that is to be looked up.
121 <dt><span class="term"><code class="constant">type</code></span></dt>
123 indicates what type of query is required —
124 ANY, A, MX, SIG, etc.
125 <em class="parameter"><code>type</code></em> can be any valid query
127 <em class="parameter"><code>type</code></em> argument is supplied,
128 <span class="command"><strong>dig</strong></span> will perform a lookup for an
135 <div class="refsection">
136 <a name="id-1.9"></a><h2>OPTIONS</h2>
137 <div class="variablelist"><dl class="variablelist">
138 <dt><span class="term">-4</span></dt>
142 <dt><span class="term">-6</span></dt>
146 <dt><span class="term">-b <em class="replaceable"><code>address[<span class="optional">#port</span>]</code></em></span></dt>
148 Set the source IP address of the query.
149 The <em class="parameter"><code>address</code></em> must be a valid address on
150 one of the host's network interfaces, or "0.0.0.0" or "::". An
151 optional port may be specified by appending "#<port>"
153 <dt><span class="term">-c <em class="replaceable"><code>class</code></em></span></dt>
155 Set the query class. The
156 default <em class="parameter"><code>class</code></em> is IN; other classes
157 are HS for Hesiod records or CH for Chaosnet records.
159 <dt><span class="term">-f <em class="replaceable"><code>file</code></em></span></dt>
161 Batch mode: <span class="command"><strong>dig</strong></span> reads a list of lookup
162 requests to process from the
163 given <em class="parameter"><code>file</code></em>. Each line in the file
164 should be organized in the same way they would be
165 presented as queries to
166 <span class="command"><strong>dig</strong></span> using the command-line interface.
168 <dt><span class="term">-i</span></dt>
170 Do reverse IPv6 lookups using the obsolete RFC1886 IP6.INT
171 domain, which is no longer in use. Obsolete bit string
172 label queries (RFC2874) are not attempted.
174 <dt><span class="term">-k <em class="replaceable"><code>keyfile</code></em></span></dt>
176 Sign queries using TSIG using a key read from the given file.
177 Key files can be generated using
178 <span class="citerefentry"><span class="refentrytitle">tsig-keygen</span>(8)</span>.
179 When using TSIG authentication with <span class="command"><strong>dig</strong></span>,
180 the name server that is queried needs to know the key and
181 algorithm that is being used. In BIND, this is done by
182 providing appropriate <span class="command"><strong>key</strong></span>
183 and <span class="command"><strong>server</strong></span> statements in
184 <code class="filename">named.conf</code>.
186 <dt><span class="term">-m</span></dt>
188 Enable memory usage debugging.
191 <dt><span class="term">-p <em class="replaceable"><code>port</code></em></span></dt>
193 Send the query to a non-standard port on the server,
194 instead of the defaut port 53. This option would be used
195 to test a name server that has been configured to listen
196 for queries on a non-standard port number.
198 <dt><span class="term">-q <em class="replaceable"><code>name</code></em></span></dt>
200 The domain name to query. This is useful to distinguish
201 the <em class="parameter"><code>name</code></em> from other arguments.
203 <dt><span class="term">-t <em class="replaceable"><code>type</code></em></span></dt>
205 The resource record type to query. It can be any valid query type
207 supported in BIND 9. The default query type is "A", unless the
208 <code class="option">-x</code> option is supplied to indicate a reverse lookup.
209 A zone transfer can be requested by specifying a type of AXFR. When
210 an incremental zone transfer (IXFR) is required, set the
211 <em class="parameter"><code>type</code></em> to <code class="literal">ixfr=N</code>.
212 The incremental zone transfer will contain the changes
213 made to the zone since the serial number in the zone's SOA
215 <em class="parameter"><code>N</code></em>.
217 <dt><span class="term">-v</span></dt>
219 Print the version number and exit.
221 <dt><span class="term">-x <em class="replaceable"><code>addr</code></em></span></dt>
223 Simplified reverse lookups, for mapping addresses to
224 names. The <em class="parameter"><code>addr</code></em> is an IPv4 address
225 in dotted-decimal notation, or a colon-delimited IPv6
226 address. When the <code class="option">-x</code> is used, there is no
228 the <em class="parameter"><code>name</code></em>, <em class="parameter"><code>class</code></em>
229 and <em class="parameter"><code>type</code></em>
230 arguments. <span class="command"><strong>dig</strong></span> automatically performs a
231 lookup for a name like
232 <code class="literal">94.2.0.192.in-addr.arpa</code> and sets the
233 query type and class to PTR and IN respectively. IPv6
234 addresses are looked up using nibble format under the
235 IP6.ARPA domain (but see also the <code class="option">-i</code>
238 <dt><span class="term">-y <em class="replaceable"><code>[<span class="optional">hmac:</span>]keyname:secret</code></em></span></dt>
241 Sign queries using TSIG with the given authentication key.
242 <em class="parameter"><code>keyname</code></em> is the name of the key, and
243 <em class="parameter"><code>secret</code></em> is the base64 encoded shared secret.
244 <em class="parameter"><code>hmac</code></em> is the name of the key algorithm;
245 valid choices are <code class="literal">hmac-md5</code>,
246 <code class="literal">hmac-sha1</code>, <code class="literal">hmac-sha224</code>,
247 <code class="literal">hmac-sha256</code>, <code class="literal">hmac-sha384</code>, or
248 <code class="literal">hmac-sha512</code>. If <em class="parameter"><code>hmac</code></em>
249 is not specified, the default is <code class="literal">hmac-md5</code>.
252 NOTE: You should use the <code class="option">-k</code> option and
253 avoid the <code class="option">-y</code> option, because
254 with <code class="option">-y</code> the shared secret is supplied as
255 a command line argument in clear text. This may be visible
257 <span class="citerefentry"><span class="refentrytitle">ps</span>(1)</span>
258 or in a history file maintained by the user's shell.
263 <div class="refsection">
264 <a name="id-1.10"></a><h2>QUERY OPTIONS</h2>
265 <p><span class="command"><strong>dig</strong></span>
266 provides a number of query options which affect
267 the way in which lookups are made and the results displayed. Some of
268 these set or reset flag bits in the query header, some determine which
269 sections of the answer get printed, and others determine the timeout
270 and retry strategies.
273 Each query option is identified by a keyword preceded by a plus sign
274 (<code class="literal">+</code>). Some keywords set or reset an
275 option. These may be preceded
276 by the string <code class="literal">no</code> to negate the meaning of
278 keywords assign values to options like the timeout interval. They
279 have the form <code class="option">+keyword=value</code>.
280 Keywords may be abbreviated, provided the abbreviation is
281 unambiguous; for example, <code class="literal">+cd</code> is equivalent
282 to <code class="literal">+cdflag</code>.
283 The query options are:
286 <div class="variablelist"><dl class="variablelist">
287 <dt><span class="term"><code class="option">+[no]aaflag</code></span></dt>
289 A synonym for <em class="parameter"><code>+[no]aaonly</code></em>.
291 <dt><span class="term"><code class="option">+[no]aaonly</code></span></dt>
293 Sets the "aa" flag in the query.
295 <dt><span class="term"><code class="option">+[no]additional</code></span></dt>
297 Display [do not display] the additional section of a
298 reply. The default is to display it.
300 <dt><span class="term"><code class="option">+[no]adflag</code></span></dt>
302 Set [do not set] the AD (authentic data) bit in the
303 query. This requests the server to return whether
304 all of the answer and authority sections have all
305 been validated as secure according to the security
306 policy of the server. AD=1 indicates that all records
307 have been validated as secure and the answer is not
308 from a OPT-OUT range. AD=0 indicate that some part
309 of the answer was insecure or not validated. This
310 bit is set by default.
312 <dt><span class="term"><code class="option">+[no]all</code></span></dt>
314 Set or clear all display flags.
316 <dt><span class="term"><code class="option">+[no]answer</code></span></dt>
318 Display [do not display] the answer section of a
319 reply. The default is to display it.
321 <dt><span class="term"><code class="option">+[no]authority</code></span></dt>
323 Display [do not display] the authority section of a
324 reply. The default is to display it.
326 <dt><span class="term"><code class="option">+[no]besteffort</code></span></dt>
328 Attempt to display the contents of messages which are
329 malformed. The default is to not display malformed
332 <dt><span class="term"><code class="option">+bufsize=B</code></span></dt>
334 Set the UDP message buffer size advertised using EDNS0
335 to <em class="parameter"><code>B</code></em> bytes. The maximum and
336 minimum sizes of this buffer are 65535 and 0 respectively.
337 Values outside this range are rounded up or down
338 appropriately. Values other than zero will cause a
339 EDNS query to be sent.
341 <dt><span class="term"><code class="option">+[no]cdflag</code></span></dt>
343 Set [do not set] the CD (checking disabled) bit in
344 the query. This requests the server to not perform
345 DNSSEC validation of responses.
347 <dt><span class="term"><code class="option">+[no]class</code></span></dt>
349 Display [do not display] the CLASS when printing the
352 <dt><span class="term"><code class="option">+[no]cmd</code></span></dt>
354 Toggles the printing of the initial comment in the
355 output identifying the version of <span class="command"><strong>dig</strong></span>
356 and the query options that have been applied. This
357 comment is printed by default.
359 <dt><span class="term"><code class="option">+[no]comments</code></span></dt>
361 Toggle the display of comment lines in the output.
362 The default is to print comments.
364 <dt><span class="term"><code class="option">+[no]defname</code></span></dt>
366 Deprecated, treated as a synonym for
367 <em class="parameter"><code>+[no]search</code></em>
369 <dt><span class="term"><code class="option">+[no]dnssec</code></span></dt>
371 Requests DNSSEC records be sent by setting the DNSSEC
372 OK bit (DO) in the OPT record in the additional section
375 <dt><span class="term"><code class="option">+domain=somename</code></span></dt>
377 Set the search list to contain the single domain
378 <em class="parameter"><code>somename</code></em>, as if specified in
379 a <span class="command"><strong>domain</strong></span> directive in
380 <code class="filename">/etc/resolv.conf</code>, and enable
381 search list processing as if the
382 <em class="parameter"><code>+search</code></em> option were given.
384 <dt><span class="term"><code class="option">+[no]edns[=#]</code></span></dt>
386 Specify the EDNS version to query with. Valid values
387 are 0 to 255. Setting the EDNS version will cause
388 a EDNS query to be sent. <code class="option">+noedns</code>
389 clears the remembered EDNS version. EDNS is set to
392 <dt><span class="term"><code class="option">+[no]fail</code></span></dt>
394 Do not try the next server if you receive a SERVFAIL.
395 The default is to not try the next server which is
396 the reverse of normal stub resolver behavior.
398 <dt><span class="term"><code class="option">+[no]identify</code></span></dt>
400 Show [or do not show] the IP address and port number
401 that supplied the answer when the
402 <em class="parameter"><code>+short</code></em> option is enabled. If
403 short form answers are requested, the default is not
404 to show the source address and port number of the
405 server that provided the answer.
407 <dt><span class="term"><code class="option">+[no]ignore</code></span></dt>
409 Ignore truncation in UDP responses instead of retrying
410 with TCP. By default, TCP retries are performed.
412 <dt><span class="term"><code class="option">+[no]keepopen</code></span></dt>
414 Keep the TCP socket open between queries and reuse
415 it rather than creating a new TCP socket for each
416 lookup. The default is <code class="option">+nokeepopen</code>.
418 <dt><span class="term"><code class="option">+[no]multiline</code></span></dt>
420 Print records like the SOA records in a verbose
421 multi-line format with human-readable comments. The
422 default is to print each record on a single line, to
423 facilitate machine parsing of the <span class="command"><strong>dig</strong></span>
426 <dt><span class="term"><code class="option">+ndots=D</code></span></dt>
428 Set the number of dots that have to appear in
429 <em class="parameter"><code>name</code></em> to <em class="parameter"><code>D</code></em>
430 for it to be considered absolute. The default value
431 is that defined using the ndots statement in
432 <code class="filename">/etc/resolv.conf</code>, or 1 if no
433 ndots statement is present. Names with fewer dots
434 are interpreted as relative names and will be searched
435 for in the domains listed in the <code class="option">search</code>
436 or <code class="option">domain</code> directive in
437 <code class="filename">/etc/resolv.conf</code> if
438 <code class="option">+search</code> is set.
440 <dt><span class="term"><code class="option">+[no]nsid</code></span></dt>
442 Include an EDNS name server ID request when sending
445 <dt><span class="term"><code class="option">+[no]nssearch</code></span></dt>
447 When this option is set, <span class="command"><strong>dig</strong></span>
448 attempts to find the authoritative name servers for
449 the zone containing the name being looked up and
450 display the SOA record that each name server has for
453 <dt><span class="term"><code class="option">+[no]onesoa</code></span></dt>
455 Print only one (starting) SOA record when performing
456 an AXFR. The default is to print both the starting
457 and ending SOA records.
459 <dt><span class="term"><code class="option">+[no]qr</code></span></dt>
461 Print [do not print] the query as it is sent. By
462 default, the query is not printed.
464 <dt><span class="term"><code class="option">+[no]question</code></span></dt>
466 Print [do not print] the question section of a query
467 when an answer is returned. The default is to print
468 the question section as a comment.
470 <dt><span class="term"><code class="option">+[no]rdflag</code></span></dt>
472 A synonym for <em class="parameter"><code>+[no]recurse</code></em>.
474 <dt><span class="term"><code class="option">+[no]recurse</code></span></dt>
476 Toggle the setting of the RD (recursion desired) bit
477 in the query. This bit is set by default, which means
478 <span class="command"><strong>dig</strong></span> normally sends recursive
479 queries. Recursion is automatically disabled when
480 the <em class="parameter"><code>+nssearch</code></em> or
481 <em class="parameter"><code>+trace</code></em> query options are used.
483 <dt><span class="term"><code class="option">+retry=T</code></span></dt>
485 Sets the number of times to retry UDP queries to
486 server to <em class="parameter"><code>T</code></em> instead of the
487 default, 2. Unlike <em class="parameter"><code>+tries</code></em>,
488 this does not include the initial query.
490 <dt><span class="term"><code class="option">+[no]rrcomments</code></span></dt>
492 Toggle the display of per-record comments in the
493 output (for example, human-readable key information
494 about DNSKEY records). The default is not to print
495 record comments unless multiline mode is active.
497 <dt><span class="term"><code class="option">+[no]search</code></span></dt>
500 Use [do not use] the search list defined by the
501 searchlist or domain directive in
502 <code class="filename">resolv.conf</code> (if any). The search
503 list is not used by default.
506 'ndots' from <code class="filename">resolv.conf</code> (default 1)
507 which may be overridden by <em class="parameter"><code>+ndots</code></em>
508 determines if the name will be treated as relative
509 or not and hence whether a search is eventually
513 <dt><span class="term"><code class="option">+[no]short</code></span></dt>
515 Provide a terse answer. The default is to print the
516 answer in a verbose form.
518 <dt><span class="term"><code class="option">+[no]showsearch</code></span></dt>
520 Perform [do not perform] a search showing intermediate
523 <dt><span class="term"><code class="option">+[no]sigchase</code></span></dt>
525 Chase DNSSEC signature chains. Requires dig be
526 compiled with -DDIG_SIGCHASE.
528 <dt><span class="term"><code class="option">+split=W</code></span></dt>
530 Split long hex- or base64-formatted fields in resource
531 records into chunks of <em class="parameter"><code>W</code></em>
532 characters (where <em class="parameter"><code>W</code></em> is rounded
533 up to the nearest multiple of 4).
534 <em class="parameter"><code>+nosplit</code></em> or
535 <em class="parameter"><code>+split=0</code></em> causes fields not to
536 be split at all. The default is 56 characters, or
537 44 characters when multiline mode is active.
539 <dt><span class="term"><code class="option">+[no]stats</code></span></dt>
541 This query option toggles the printing of statistics:
542 when the query was made, the size of the reply and
543 so on. The default behavior is to print the query
546 <dt><span class="term"><code class="option">+[no]tcp</code></span></dt>
548 Use [do not use] TCP when querying name servers. The
549 default behavior is to use UDP unless an
550 <code class="literal">ixfr=N</code> query is requested, in which
551 case the default is TCP. AXFR queries always use
554 <dt><span class="term"><code class="option">+time=T</code></span></dt>
557 Sets the timeout for a query to
558 <em class="parameter"><code>T</code></em> seconds. The default
559 timeout is 5 seconds.
560 An attempt to set <em class="parameter"><code>T</code></em> to less
562 in a query timeout of 1 second being applied.
564 <dt><span class="term"><code class="option">+[no]topdown</code></span></dt>
566 When chasing DNSSEC signature chains perform a top-down
567 validation. Requires dig be compiled with -DDIG_SIGCHASE.
569 <dt><span class="term"><code class="option">+[no]trace</code></span></dt>
572 Toggle tracing of the delegation path from the root
573 name servers for the name being looked up. Tracing
574 is disabled by default. When tracing is enabled,
575 <span class="command"><strong>dig</strong></span> makes iterative queries to
576 resolve the name being looked up. It will follow
577 referrals from the root servers, showing the answer
578 from each server that was used to resolve the lookup.
581 If @server is also specified, it affects only the
582 initial query for the root zone name servers.
585 <span class="command"><strong>+dnssec</strong></span> is also set when +trace
586 is set to better emulate the default queries from a
590 <dt><span class="term"><code class="option">+tries=T</code></span></dt>
592 Sets the number of times to try UDP queries to server
593 to <em class="parameter"><code>T</code></em> instead of the default,
594 3. If <em class="parameter"><code>T</code></em> is less than or equal
595 to zero, the number of tries is silently rounded up
598 <dt><span class="term"><code class="option">+trusted-key=####</code></span></dt>
601 Specifies a file containing trusted keys to be used
602 with <code class="option">+sigchase</code>. Each DNSKEY record
603 must be on its own line.
606 If not specified, <span class="command"><strong>dig</strong></span> will look
607 for <code class="filename">/etc/trusted-key.key</code> then
608 <code class="filename">trusted-key.key</code> in the current
612 Requires dig be compiled with -DDIG_SIGCHASE.
615 <dt><span class="term"><code class="option">+[no]ttlid</code></span></dt>
617 Display [do not display] the TTL when printing the
620 <dt><span class="term"><code class="option">+[no]vc</code></span></dt>
622 Use [do not use] TCP when querying name servers. This
623 alternate syntax to <em class="parameter"><code>+[no]tcp</code></em>
624 is provided for backwards compatibility. The "vc"
625 stands for "virtual circuit".
632 <div class="refsection">
633 <a name="id-1.11"></a><h2>MULTIPLE QUERIES</h2>
635 The BIND 9 implementation of <span class="command"><strong>dig </strong></span>
637 specifying multiple queries on the command line (in addition to
638 supporting the <code class="option">-f</code> batch file option). Each of those
639 queries can be supplied with its own set of flags, options and query
643 In this case, each <em class="parameter"><code>query</code></em> argument
645 individual query in the command-line syntax described above. Each
646 consists of any of the standard options and flags, the name to be
647 looked up, an optional query type and class and any query options that
648 should be applied to that query.
651 A global set of query options, which should be applied to all queries,
652 can also be supplied. These global query options must precede the
653 first tuple of name, class, type, options, flags, and query options
654 supplied on the command line. Any global query options (except
655 the <code class="option">+[no]cmd</code> option) can be
656 overridden by a query-specific set of query options. For example:
658 <pre class="programlisting">
659 dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
662 shows how <span class="command"><strong>dig</strong></span> could be used from the
664 to make three lookups: an ANY query for <code class="literal">www.isc.org</code>, a
665 reverse lookup of 127.0.0.1 and a query for the NS records of
666 <code class="literal">isc.org</code>.
668 A global query option of <em class="parameter"><code>+qr</code></em> is
670 that <span class="command"><strong>dig</strong></span> shows the initial query it made
672 lookup. The final query has a local query option of
673 <em class="parameter"><code>+noqr</code></em> which means that <span class="command"><strong>dig</strong></span>
674 will not print the initial query when it looks up the NS records for
675 <code class="literal">isc.org</code>.
678 <div class="refsection">
679 <a name="id-1.12"></a><h2>IDN SUPPORT</h2>
681 If <span class="command"><strong>dig</strong></span> has been built with IDN (internationalized
682 domain name) support, it can accept and display non-ASCII domain names.
683 <span class="command"><strong>dig</strong></span> appropriately converts character encoding of
684 domain name before sending a request to DNS server or displaying a
685 reply from the server.
686 If you'd like to turn off the IDN support for some reason, defines
687 the <code class="envar">IDN_DISABLE</code> environment variable.
688 The IDN support is disabled if the variable is set when
689 <span class="command"><strong>dig</strong></span> runs.
692 <div class="refsection">
693 <a name="id-1.13"></a><h2>FILES</h2>
694 <p><code class="filename">/etc/resolv.conf</code>
696 <p><code class="filename">${HOME}/.digrc</code>
699 <div class="refsection">
700 <a name="id-1.14"></a><h2>SEE ALSO</h2>
701 <p><span class="citerefentry"><span class="refentrytitle">host</span>(1)</span>,
702 <span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
703 <span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
704 <em class="citetitle">RFC1035</em>.
707 <div class="refsection">
708 <a name="id-1.15"></a><h2>BUGS</h2>
710 There are probably too many query options.