2 - Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
3 - Copyright (C) 2000-2003 Internet Software Consortium.
5 - Permission to use, copy, modify, and distribute this software for any
6 - purpose with or without fee is hereby granted, provided that the above
7 - copyright notice and this permission notice appear in all copies.
9 - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
10 - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
11 - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
12 - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
13 - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
14 - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
15 - PERFORMANCE OF THIS SOFTWARE.
18 <!-- $Id: dig.html,v 1.6.2.4.2.7 2004/08/22 23:38:57 marka Exp $ -->
20 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
27 CONTENT="Modular DocBook HTML Stylesheet Version 1.7"></HEAD
47 >dig -- DNS lookup utility</DIV
49 CLASS="REFSYNOPSISDIV"
113 >] [name] [type] [class] [queryopt...]</P
126 > [global-queryopt...] [query...]</P
139 > (domain information groper) is a flexible tool
140 for interrogating DNS name servers. It performs DNS lookups and
141 displays the answers that are returned from the name server(s) that
142 were queried. Most DNS administrators use <B
146 troubleshoot DNS problems because of its flexibility, ease of use and
147 clarity of output. Other lookup tools tend to have less functionality
156 > is normally used with command-line
157 arguments, it also has a batch mode of operation for reading lookup
158 requests from a file. A brief summary of its command-line arguments
159 and options is printed when the <VAR
163 Unlike earlier versions, the BIND9 implementation of
167 > allows multiple lookups to be issued from the
170 >Unless it is told to query a specific name server,
174 > will try each of the servers listed in
177 >/etc/resolv.conf</TT
180 >When no command line arguments or options are given, will perform an
181 NS query for "." (the root).</P
183 >It is possible to set per-user defaults for <B
190 >. This file is read and any options in it
191 are applied before the command line arguments.</P
201 >A typical invocation of <B
206 CLASS="PROGRAMLISTING"
207 > dig @server name type </PRE
222 >is the name or IP address of the name server to query. This can be an IPv4
223 address in dotted-decimal notation or an IPv6
224 address in colon-delimited notation. When the supplied
228 > argument is a hostname,
232 > resolves that name before querying that name
236 > argument is provided,
242 >/etc/resolv.conf</TT
244 and queries the name servers listed there. The reply from the name
245 server that responds is displayed.</P
254 >is the name of the resource record that is to be looked up.</P
263 >indicates what type of query is required —
264 ANY, A, MX, SIG, etc.
268 > can be any valid query type. If no
272 > argument is supplied,
276 > will perform a lookup for an A record.</P
293 > option sets the source IP address of the query
297 >. This must be a valid address on
298 one of the host's network interfaces or "0.0.0.0" or "::". An optional port
299 may be specified by appending "#<port>"</P
301 >The default query class (IN for internet) is overridden by the
309 class, such as HS for Hesiod records or CH for CHAOSNET records.</P
318 in batch mode by reading a list of lookup requests to process from the
322 >. The file contains a number of
323 queries, one per line. Each entry in the file should be organised in
324 the same way they would be presented as queries to
328 > using the command-line interface.</P
330 >If a non-standard port number is to be queried, the
334 > option is used. <VAR
338 the port number that <B
341 > will send its queries
342 instead of the standard DNS port number 53. This option would be used
343 to test a name server that has been configured to listen for queries
344 on a non-standard port number.</P
353 use IPv4 query transport. The <VAR
360 > to only use IPv6 query transport.</P
365 > option sets the query type to
369 >. It can be any valid query type which is
370 supported in BIND9. The default query type "A", unless the
374 > option is supplied to indicate a reverse lookup.
375 A zone transfer can be requested by specifying a type of AXFR. When
376 an incremental zone transfer (IXFR) is required,
384 The incremental zone transfer will contain the changes made to the zone
385 since the serial number in the zone's SOA record was
391 >Reverse lookups - mapping addresses to names - are simplified by the
399 address in dotted-decimal notation, or a colon-delimited IPv6 address.
400 When this option is used, there is no need to provide the
415 automatically performs a lookup for a name like
418 >11.12.13.10.in-addr.arpa</VAR
419 > and sets the query type and
420 class to PTR and IN respectively. By default, IPv6 addresses are
421 looked up using nibble format under the IP6.ARPA domain.
422 To use the older RFC1886 method using the IP6.INT domain
426 > option. Bit string labels (RFC2874)
427 are now experimental and are not attempted.</P
429 >To sign the DNS queries sent by <B
433 responses using transaction signatures (TSIG), specify a TSIG key file
437 > option. You can also specify the TSIG
438 key itself on the command line using the <VAR
445 > is the name of the TSIG key and
449 > is the actual key. The key is a base-64
450 encoded string, typically generated by <SPAN
453 CLASS="REFENTRYTITLE"
458 Caution should be taken when using the <VAR
462 multi-user systems as the key can be visible in the output from
466 CLASS="REFENTRYTITLE"
469 > or in the shell's history file. When
470 using TSIG authentication with <B
474 server that is queried needs to know the key and algorithm that is
475 being used. In BIND, this is done by providing appropriate
499 > provides a number of query options which affect
500 the way in which lookups are made and the results displayed. Some of
501 these set or reset flag bits in the query header, some determine which
502 sections of the answer get printed, and others determine the timeout
503 and retry strategies.</P
505 >Each query option is identified by a keyword preceded by a plus sign
509 >). Some keywords set or reset an option. These may be preceded
513 > to negate the meaning of that keyword. Other
514 keywords assign values to options like the timeout interval. They
519 The query options are:
533 >Use [do not use] TCP when querying name servers. The default
534 behaviour is to use UDP unless an AXFR or IXFR query is requested, in
535 which case a TCP connection is used.</P
544 >Use [do not use] TCP when querying name servers. This alternate
548 > is provided for backwards
549 compatibility. The "vc" stands for "virtual circuit".</P
558 >Ignore truncation in UDP responses instead of retrying with TCP. By
559 default, TCP retries are performed.</P
564 >+domain=somename</VAR
568 >Set the search list to contain the single domain
572 >, as if specified in a
579 >/etc/resolv.conf</TT
580 >, and enable search list
581 processing as if the <VAR
584 > option were given.</P
593 >Use [do not use] the search list defined by the searchlist or domain
598 The search list is not used by default.</P
607 >Deprecated, treated as a synonym for <VAR
619 >Sets the "aa" flag in the query.</P
640 >Set [do not set] the AD (authentic data) bit in the query. The AD bit
641 currently has a standard meaning only in responses, not in queries,
642 but the ability to set the bit in the query is provided for
652 >Set [do not set] the CD (checking disabled) bit in the query. This
653 requests the server to not perform DNSSEC validation of responses.</P
662 >Display [do not display] the CLASS when printing the record.</P
671 >Display [do not display] the TTL when printing the record.</P
680 >Toggle the setting of the RD (recursion desired) bit in the query.
681 This bit is set by default, which means <B
685 normally sends recursive queries. Recursion is automatically disabled
693 > query options are used.</P
702 >When this option is set, <B
705 > attempts to find the
706 authoritative name servers for the zone containing the name being
707 looked up and display the SOA record that each name server has for the
717 >Toggle tracing of the delegation path from the root name servers for
718 the name being looked up. Tracing is disabled by default. When
719 tracing is enabled, <B
722 > makes iterative queries to
723 resolve the name being looked up. It will follow referrals from the
724 root servers, showing the answer from each server that was used to
725 resolve the lookup.</P
734 >toggles the printing of the initial comment in the output identifying
738 > and the query options that have
739 been applied. This comment is printed by default.</P
748 >Provide a terse answer. The default is to print the answer in a
758 >Show [or do not show] the IP address and port number that supplied the
762 > option is enabled. If
763 short form answers are requested, the default is not to show the
764 source address and port number of the server that provided the answer.</P
773 >Toggle the display of comment lines in the output. The default is to
783 >This query option toggles the printing of statistics: when the query
784 was made, the size of the reply and so on. The default behaviour is
785 to print the query statistics.</P
794 >Print [do not print] the query as it is sent.
795 By default, the query is not printed.</P
804 >Print [do not print] the question section of a query when an answer is
805 returned. The default is to print the question section as a comment.</P
814 >Display [do not display] the answer section of a reply. The default
824 >Display [do not display] the authority section of a reply. The
825 default is to display it.</P
830 >+[no]additional</VAR
834 >Display [do not display] the additional section of a reply.
835 The default is to display it.</P
844 >Set or clear all display flags.</P
853 > Sets the timeout for a query to
857 > seconds. The default time out is 5 seconds.
858 An attempt to set <VAR
861 > to less than 1 will result
862 in a query timeout of 1 second being applied.</P
871 >Sets the number of times to try UDP queries to server to
875 > instead of the default, 3. If
879 > is less than or equal to zero, the number of
880 tries is silently rounded up to 1.</P
889 >Sets the number of times to retry UDP queries to server to
893 > instead of the default, 2. Unlike
897 >, this does not include the initial
907 >Set the number of dots that have to appear in
915 considered absolute. The default value is that defined using the
916 ndots statement in <TT
918 >/etc/resolv.conf</TT
920 ndots statement is present. Names with fewer dots are interpreted as
921 relative names and will be searched for in the domains listed in the
931 >/etc/resolv.conf</TT
941 >Set the UDP message buffer size advertised using EDNS0 to
945 > bytes. The maximum and minimum sizes of this
946 buffer are 65535 and 0 respectively. Values outside this range are
947 rounded up or down appropriately.</P
956 >Print records like the SOA records in a verbose multi-line
957 format with human-readable comments. The default is to print
958 each record on a single line, to facilitate machine parsing
971 >Do not try the next server if you receive a SERVFAIL. The default is
972 to not try the next server which is the reverse of normal stub resolver
978 >+[no]besteffort</VAR
982 >Attempt to display the contents of messages which are malformed.
983 The default is to not display malformed answers.</P
992 >Requests DNSSEC records be sent by setting the DNSSEC OK bit (DO)
993 in the OPT record in the additional section of the query.</P
1002 >Chase DNSSEC signature chains. Requires dig be compiled with
1008 >+trusted-key=####</VAR
1012 >Specify a trusted key to be used with <VAR
1016 Requires dig be compiled with -DDIG_SIGCHASE.</P
1025 >When chasing DNSSEC signature chains perform a top down validation.
1026 Requires dig be compiled with -DDIG_SIGCHASE.</P
1038 >MULTIPLE QUERIES</H2
1040 >The BIND 9 implementation of <B
1044 specifying multiple queries on the command line (in addition to
1048 > batch file option). Each of those
1049 queries can be supplied with its own set of flags, options and query
1052 >In this case, each <VAR
1055 > argument represent an
1056 individual query in the command-line syntax described above. Each
1057 consists of any of the standard options and flags, the name to be
1058 looked up, an optional query type and class and any query options that
1059 should be applied to that query.</P
1061 >A global set of query options, which should be applied to all queries,
1062 can also be supplied. These global query options must precede the
1063 first tuple of name, class, type, options, flags, and query options
1064 supplied on the command line. Any global query options (except
1069 overridden by a query-specific set of query options. For example:
1071 CLASS="PROGRAMLISTING"
1072 >dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr</PRE
1077 > could be used from the command line
1078 to make three lookups: an ANY query for <VAR
1082 reverse lookup of 127.0.0.1 and a query for the NS records of
1088 A global query option of <VAR
1095 > shows the initial query it made for each
1096 lookup. The final query has a local query option of
1100 > which means that <B
1104 will not print the initial query when it looks up the NS records for
1120 >/etc/resolv.conf</TT
1137 CLASS="CITEREFENTRY"
1139 CLASS="REFENTRYTITLE"
1144 CLASS="CITEREFENTRY"
1146 CLASS="REFENTRYTITLE"
1151 CLASS="CITEREFENTRY"
1153 CLASS="REFENTRYTITLE"
1154 >dnssec-keygen</SPAN
1170 >There are probably too many query options. </P
projects / FreeBSD / FreeBSD.git / blob