1 <!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
2 "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
3 [<!ENTITY mdash "—">]>
5 - Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
6 - Copyright (C) 2000-2003 Internet Software Consortium.
8 - Permission to use, copy, modify, and/or distribute this software for any
9 - purpose with or without fee is hereby granted, provided that the above
10 - copyright notice and this permission notice appear in all copies.
12 - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
13 - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
14 - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
15 - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
16 - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
17 - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
18 - PERFORMANCE OF THIS SOFTWARE.
21 <!-- $Id: dig.docbook,v 1.17.18.21 2007/08/28 07:19:55 tbox Exp $ -->
22 <refentry id="man.dig">
25 <date>Jun 30, 2000</date>
29 <refentrytitle>dig</refentrytitle>
30 <manvolnum>1</manvolnum>
31 <refmiscinfo>BIND9</refmiscinfo>
35 <refname>dig</refname>
36 <refpurpose>DNS lookup utility</refpurpose>
45 <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
52 <holder>Internet Software Consortium.</holder>
58 <command>dig</command>
59 <arg choice="opt">@server</arg>
60 <arg><option>-b <replaceable class="parameter">address</replaceable></option></arg>
61 <arg><option>-c <replaceable class="parameter">class</replaceable></option></arg>
62 <arg><option>-f <replaceable class="parameter">filename</replaceable></option></arg>
63 <arg><option>-k <replaceable class="parameter">filename</replaceable></option></arg>
64 <arg><option>-p <replaceable class="parameter">port#</replaceable></option></arg>
65 <arg><option>-q <replaceable class="parameter">name</replaceable></option></arg>
66 <arg><option>-t <replaceable class="parameter">type</replaceable></option></arg>
67 <arg><option>-x <replaceable class="parameter">addr</replaceable></option></arg>
68 <arg><option>-y <replaceable class="parameter"><optional>hmac:</optional>name:key</replaceable></option></arg>
69 <arg><option>-4</option></arg>
70 <arg><option>-6</option></arg>
71 <arg choice="opt">name</arg>
72 <arg choice="opt">type</arg>
73 <arg choice="opt">class</arg>
74 <arg choice="opt" rep="repeat">queryopt</arg>
78 <command>dig</command>
79 <arg><option>-h</option></arg>
83 <command>dig</command>
84 <arg choice="opt" rep="repeat">global-queryopt</arg>
85 <arg choice="opt" rep="repeat">query</arg>
90 <title>DESCRIPTION</title>
91 <para><command>dig</command>
92 (domain information groper) is a flexible tool
93 for interrogating DNS name servers. It performs DNS lookups and
94 displays the answers that are returned from the name server(s) that
95 were queried. Most DNS administrators use <command>dig</command> to
96 troubleshoot DNS problems because of its flexibility, ease of use and
97 clarity of output. Other lookup tools tend to have less functionality
98 than <command>dig</command>.
102 Although <command>dig</command> is normally used with
104 arguments, it also has a batch mode of operation for reading lookup
105 requests from a file. A brief summary of its command-line arguments
106 and options is printed when the <option>-h</option> option is given.
107 Unlike earlier versions, the BIND 9 implementation of
108 <command>dig</command> allows multiple lookups to be issued
114 Unless it is told to query a specific name server,
115 <command>dig</command> will try each of the servers listed
117 <filename>/etc/resolv.conf</filename>.
121 When no command line arguments or options are given, will perform an
122 NS query for "." (the root).
126 It is possible to set per-user defaults for <command>dig</command> via
127 <filename>${HOME}/.digrc</filename>. This file is read and
129 are applied before the command line arguments.
133 The IN and CH class names overlap with the IN and CH top level
134 domains names. Either use the <option>-t</option> and
135 <option>-c</option> options to specify the type and class or
136 use the <option>-q</option> the specify the domain name or
137 use "IN." and "CH." when looking up these top level domains.
143 <title>SIMPLE USAGE</title>
146 A typical invocation of <command>dig</command> looks like:
147 <programlisting> dig @server name type </programlisting>
153 <term><constant>server</constant></term>
156 is the name or IP address of the name server to query. This can
158 address in dotted-decimal notation or an IPv6
159 address in colon-delimited notation. When the supplied
160 <parameter>server</parameter> argument is a
162 <command>dig</command> resolves that name before
164 server. If no <parameter>server</parameter>
165 argument is provided,
166 <command>dig</command> consults <filename>/etc/resolv.conf</filename>
167 and queries the name servers listed there. The reply from the
169 server that responds is displayed.
175 <term><constant>name</constant></term>
178 is the name of the resource record that is to be looked up.
184 <term><constant>type</constant></term>
187 indicates what type of query is required —
188 ANY, A, MX, SIG, etc.
189 <parameter>type</parameter> can be any valid query
191 <parameter>type</parameter> argument is supplied,
192 <command>dig</command> will perform a lookup for an
204 <title>OPTIONS</title>
207 The <option>-b</option> option sets the source IP address of the query
208 to <parameter>address</parameter>. This must be a valid
210 one of the host's network interfaces or "0.0.0.0" or "::". An optional
212 may be specified by appending "#<port>"
216 The default query class (IN for internet) is overridden by the
217 <option>-c</option> option. <parameter>class</parameter> is
219 class, such as HS for Hesiod records or CH for Chaosnet records.
223 The <option>-f</option> option makes <command>dig </command>
225 in batch mode by reading a list of lookup requests to process from the
226 file <parameter>filename</parameter>. The file contains a
228 queries, one per line. Each entry in the file should be organized in
229 the same way they would be presented as queries to
230 <command>dig</command> using the command-line interface.
234 If a non-standard port number is to be queried, the
235 <option>-p</option> option is used. <parameter>port#</parameter> is
236 the port number that <command>dig</command> will send its
238 instead of the standard DNS port number 53. This option would be used
239 to test a name server that has been configured to listen for queries
240 on a non-standard port number.
244 The <option>-4</option> option forces <command>dig</command>
246 use IPv4 query transport. The <option>-6</option> option forces
247 <command>dig</command> to only use IPv6 query transport.
251 The <option>-t</option> option sets the query type to
252 <parameter>type</parameter>. It can be any valid query type
254 supported in BIND 9. The default query type is "A", unless the
255 <option>-x</option> option is supplied to indicate a reverse lookup.
256 A zone transfer can be requested by specifying a type of AXFR. When
257 an incremental zone transfer (IXFR) is required,
258 <parameter>type</parameter> is set to <literal>ixfr=N</literal>.
259 The incremental zone transfer will contain the changes made to the zone
260 since the serial number in the zone's SOA record was
261 <parameter>N</parameter>.
265 The <option>-q</option> option sets the query name to
266 <parameter>name</parameter>. This useful do distinguish the
267 <parameter>name</parameter> from other arguments.
271 Reverse lookups — mapping addresses to names — are simplified by the
272 <option>-x</option> option. <parameter>addr</parameter> is
274 address in dotted-decimal notation, or a colon-delimited IPv6 address.
275 When this option is used, there is no need to provide the
276 <parameter>name</parameter>, <parameter>class</parameter> and
277 <parameter>type</parameter> arguments. <command>dig</command>
278 automatically performs a lookup for a name like
279 <literal>11.12.13.10.in-addr.arpa</literal> and sets the
281 class to PTR and IN respectively. By default, IPv6 addresses are
282 looked up using nibble format under the IP6.ARPA domain.
283 To use the older RFC1886 method using the IP6.INT domain
284 specify the <option>-i</option> option. Bit string labels (RFC2874)
285 are now experimental and are not attempted.
289 To sign the DNS queries sent by <command>dig</command> and
291 responses using transaction signatures (TSIG), specify a TSIG key file
292 using the <option>-k</option> option. You can also specify the TSIG
293 key itself on the command line using the <option>-y</option> option;
294 <parameter>hmac</parameter> is the type of the TSIG, default HMAC-MD5,
295 <parameter>name</parameter> is the name of the TSIG key and
296 <parameter>key</parameter> is the actual key. The key is a
298 encoded string, typically generated by
300 <refentrytitle>dnssec-keygen</refentrytitle><manvolnum>8</manvolnum>
303 Caution should be taken when using the <option>-y</option> option on
304 multi-user systems as the key can be visible in the output from
306 <refentrytitle>ps</refentrytitle><manvolnum>1</manvolnum>
308 or in the shell's history file. When
309 using TSIG authentication with <command>dig</command>, the name
310 server that is queried needs to know the key and algorithm that is
311 being used. In BIND, this is done by providing appropriate
312 <command>key</command> and <command>server</command> statements in
313 <filename>named.conf</filename>.
319 <title>QUERY OPTIONS</title>
321 <para><command>dig</command>
322 provides a number of query options which affect
323 the way in which lookups are made and the results displayed. Some of
324 these set or reset flag bits in the query header, some determine which
325 sections of the answer get printed, and others determine the timeout
326 and retry strategies.
330 Each query option is identified by a keyword preceded by a plus sign
331 (<literal>+</literal>). Some keywords set or reset an
332 option. These may be preceded
333 by the string <literal>no</literal> to negate the meaning of
335 keywords assign values to options like the timeout interval. They
336 have the form <option>+keyword=value</option>.
337 The query options are:
342 <term><option>+[no]tcp</option></term>
345 Use [do not use] TCP when querying name servers. The default
346 behavior is to use UDP unless an AXFR or IXFR query is
348 which case a TCP connection is used.
354 <term><option>+[no]vc</option></term>
357 Use [do not use] TCP when querying name servers. This alternate
358 syntax to <parameter>+[no]tcp</parameter> is
359 provided for backwards
360 compatibility. The "vc" stands for "virtual circuit".
366 <term><option>+[no]ignore</option></term>
369 Ignore truncation in UDP responses instead of retrying with TCP.
371 default, TCP retries are performed.
377 <term><option>+domain=somename</option></term>
380 Set the search list to contain the single domain
381 <parameter>somename</parameter>, as if specified in
383 <command>domain</command> directive in
384 <filename>/etc/resolv.conf</filename>, and enable
386 processing as if the <parameter>+search</parameter>
393 <term><option>+[no]search</option></term>
396 Use [do not use] the search list defined by the searchlist or
398 directive in <filename>resolv.conf</filename> (if
400 The search list is not used by default.
406 <term><option>+[no]showsearch</option></term>
409 Perform [do not perform] a search showing intermediate
416 <term><option>+[no]defname</option></term>
419 Deprecated, treated as a synonym for <parameter>+[no]search</parameter>
425 <term><option>+[no]aaonly</option></term>
428 Sets the "aa" flag in the query.
434 <term><option>+[no]aaflag</option></term>
437 A synonym for <parameter>+[no]aaonly</parameter>.
443 <term><option>+[no]adflag</option></term>
446 Set [do not set] the AD (authentic data) bit in the query. The
448 currently has a standard meaning only in responses, not in
450 but the ability to set the bit in the query is provided for
457 <term><option>+[no]cdflag</option></term>
460 Set [do not set] the CD (checking disabled) bit in the query.
462 requests the server to not perform DNSSEC validation of
469 <term><option>+[no]cl</option></term>
472 Display [do not display] the CLASS when printing the record.
478 <term><option>+[no]ttlid</option></term>
481 Display [do not display] the TTL when printing the record.
487 <term><option>+[no]recurse</option></term>
490 Toggle the setting of the RD (recursion desired) bit in the
492 This bit is set by default, which means <command>dig</command>
493 normally sends recursive queries. Recursion is automatically
495 when the <parameter>+nssearch</parameter> or
496 <parameter>+trace</parameter> query options are
503 <term><option>+[no]nssearch</option></term>
506 When this option is set, <command>dig</command>
508 authoritative name servers for the zone containing the name
510 looked up and display the SOA record that each name server has
518 <term><option>+[no]trace</option></term>
521 Toggle tracing of the delegation path from the root name servers
523 the name being looked up. Tracing is disabled by default. When
524 tracing is enabled, <command>dig</command> makes
526 resolve the name being looked up. It will follow referrals from
528 root servers, showing the answer from each server that was used
536 <term><option>+[no]cmd</option></term>
539 Toggles the printing of the initial comment in the output
541 the version of <command>dig</command> and the query
543 been applied. This comment is printed by default.
549 <term><option>+[no]short</option></term>
552 Provide a terse answer. The default is to print the answer in a
559 <term><option>+[no]identify</option></term>
562 Show [or do not show] the IP address and port number that
564 answer when the <parameter>+short</parameter> option
566 short form answers are requested, the default is not to show the
567 source address and port number of the server that provided the
574 <term><option>+[no]comments</option></term>
577 Toggle the display of comment lines in the output. The default
585 <term><option>+[no]stats</option></term>
588 This query option toggles the printing of statistics: when the
590 was made, the size of the reply and so on. The default
592 to print the query statistics.
598 <term><option>+[no]qr</option></term>
601 Print [do not print] the query as it is sent.
602 By default, the query is not printed.
608 <term><option>+[no]question</option></term>
611 Print [do not print] the question section of a query when an
613 returned. The default is to print the question section as a
620 <term><option>+[no]answer</option></term>
623 Display [do not display] the answer section of a reply. The
631 <term><option>+[no]authority</option></term>
634 Display [do not display] the authority section of a reply. The
635 default is to display it.
641 <term><option>+[no]additional</option></term>
644 Display [do not display] the additional section of a reply.
645 The default is to display it.
651 <term><option>+[no]all</option></term>
654 Set or clear all display flags.
660 <term><option>+time=T</option></term>
664 Sets the timeout for a query to
665 <parameter>T</parameter> seconds. The default
666 timeout is 5 seconds.
667 An attempt to set <parameter>T</parameter> to less
669 in a query timeout of 1 second being applied.
675 <term><option>+tries=T</option></term>
678 Sets the number of times to try UDP queries to server to
679 <parameter>T</parameter> instead of the default, 3.
681 <parameter>T</parameter> is less than or equal to
683 tries is silently rounded up to 1.
689 <term><option>+retry=T</option></term>
692 Sets the number of times to retry UDP queries to server to
693 <parameter>T</parameter> instead of the default, 2.
695 <parameter>+tries</parameter>, this does not include
703 <term><option>+ndots=D</option></term>
706 Set the number of dots that have to appear in
707 <parameter>name</parameter> to <parameter>D</parameter> for it to be
708 considered absolute. The default value is that defined using
710 ndots statement in <filename>/etc/resolv.conf</filename>, or 1 if no
711 ndots statement is present. Names with fewer dots are
713 relative names and will be searched for in the domains listed in
715 <option>search</option> or <option>domain</option> directive in
716 <filename>/etc/resolv.conf</filename>.
722 <term><option>+bufsize=B</option></term>
725 Set the UDP message buffer size advertised using EDNS0 to
726 <parameter>B</parameter> bytes. The maximum and minimum sizes
727 of this buffer are 65535 and 0 respectively. Values outside
728 this range are rounded up or down appropriately.
729 Values other than zero will cause a EDNS query to be sent.
735 <term><option>+edns=#</option></term>
738 Specify the EDNS version to query with. Valid values
739 are 0 to 255. Setting the EDNS version will cause a
740 EDNS query to be sent. <option>+noedns</option> clears the
741 remembered EDNS version.
747 <term><option>+[no]multiline</option></term>
750 Print records like the SOA records in a verbose multi-line
751 format with human-readable comments. The default is to print
752 each record on a single line, to facilitate machine parsing
753 of the <command>dig</command> output.
759 <term><option>+[no]fail</option></term>
762 Do not try the next server if you receive a SERVFAIL. The
764 to not try the next server which is the reverse of normal stub
772 <term><option>+[no]besteffort</option></term>
775 Attempt to display the contents of messages which are malformed.
776 The default is to not display malformed answers.
782 <term><option>+[no]dnssec</option></term>
785 Requests DNSSEC records be sent by setting the DNSSEC OK bit
787 in the OPT record in the additional section of the query.
793 <term><option>+[no]sigchase</option></term>
796 Chase DNSSEC signature chains. Requires dig be compiled with
803 <term><option>+trusted-key=####</option></term>
806 Specifies a file containing trusted keys to be used with
807 <option>+sigchase</option>. Each DNSKEY record must be
811 If not specified <command>dig</command> will look for
812 <filename>/etc/trusted-key.key</filename> then
813 <filename>trusted-key.key</filename> in the current directory.
816 Requires dig be compiled with -DDIG_SIGCHASE.
822 <term><option>+[no]topdown</option></term>
825 When chasing DNSSEC signature chains perform a top-down
827 Requires dig be compiled with -DDIG_SIGCHASE.
840 <title>MULTIPLE QUERIES</title>
843 The BIND 9 implementation of <command>dig </command>
845 specifying multiple queries on the command line (in addition to
846 supporting the <option>-f</option> batch file option). Each of those
847 queries can be supplied with its own set of flags, options and query
852 In this case, each <parameter>query</parameter> argument
854 individual query in the command-line syntax described above. Each
855 consists of any of the standard options and flags, the name to be
856 looked up, an optional query type and class and any query options that
857 should be applied to that query.
861 A global set of query options, which should be applied to all queries,
862 can also be supplied. These global query options must precede the
863 first tuple of name, class, type, options, flags, and query options
864 supplied on the command line. Any global query options (except
865 the <option>+[no]cmd</option> option) can be
866 overridden by a query-specific set of query options. For example:
868 dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
870 shows how <command>dig</command> could be used from the
872 to make three lookups: an ANY query for <literal>www.isc.org</literal>, a
873 reverse lookup of 127.0.0.1 and a query for the NS records of
874 <literal>isc.org</literal>.
876 A global query option of <parameter>+qr</parameter> is
878 that <command>dig</command> shows the initial query it made
880 lookup. The final query has a local query option of
881 <parameter>+noqr</parameter> which means that <command>dig</command>
882 will not print the initial query when it looks up the NS records for
883 <literal>isc.org</literal>.
889 <title>IDN SUPPORT</title>
891 If <command>dig</command> has been built with IDN (internationalized
892 domain name) support, it can accept and display non-ASCII domain names.
893 <command>dig</command> appropriately converts character encoding of
894 domain name before sending a request to DNS server or displaying a
895 reply from the server.
896 If you'd like to turn off the IDN support for some reason, defines
897 the <envar>IDN_DISABLE</envar> environment variable.
898 The IDN support is disabled if the variable is set when
899 <command>dig</command> runs.
905 <para><filename>/etc/resolv.conf</filename>
907 <para><filename>${HOME}/.digrc</filename>
912 <title>SEE ALSO</title>
914 <refentrytitle>host</refentrytitle><manvolnum>1</manvolnum>
917 <refentrytitle>named</refentrytitle><manvolnum>8</manvolnum>
920 <refentrytitle>dnssec-keygen</refentrytitle><manvolnum>8</manvolnum>
922 <citetitle>RFC1035</citetitle>.
929 There are probably too many query options.
projects / FreeBSD / FreeBSD.git / blob