2
- Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
3
- Copyright (C) 2000-2003 Internet Software Consortium.
2
- Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
3
- Copyright (C) 2000-2003 Internet Software Consortium.
5
5
- Permission to use, copy, modify, and distribute this software for any
6
6
- purpose with or without fee is hereby granted, provided that the above
7
7
- copyright notice and this permission notice appear in all copies.
9
9
- THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
10
10
- REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
11
- AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
11
- AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
12
12
- INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
13
13
- LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
14
14
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
15
15
- PERFORMANCE OF THIS SOFTWARE.
18
<!-- $Id: dig.html,v 1.6.2.4.2.7 2004/08/22 23:38:57 marka Exp $ -->
20
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
27
CONTENT="Modular DocBook HTML Stylesheet Version 1.7"></HEAD
47
>dig -- DNS lookup utility</DIV
49
CLASS="REFSYNOPSISDIV"
113
>] [name] [type] [class] [queryopt...]</P
126
> [global-queryopt...] [query...]</P
139
> (domain information groper) is a flexible tool
17
<!-- $Id: dig.html,v 1.6.2.4.2.13 2005/10/13 02:33:43 marka Exp $ -->
20
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
22
<meta name="generator" content="DocBook XSL Stylesheets V1.69.1">
24
<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
25
<a name="id2463721"></a><div class="titlepage"></div>
26
<div class="refnamediv">
28
<p>dig — DNS lookup utility</p>
30
<div class="refsynopsisdiv">
32
<div class="cmdsynopsis"><p><code class="command">dig</code> [@server] [<code class="option">-b <em class="replaceable"><code>address</code></em></code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-f <em class="replaceable"><code>filename</code></em></code>] [<code class="option">-k <em class="replaceable"><code>filename</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port#</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-x <em class="replaceable"><code>addr</code></em></code>] [<code class="option">-y <em class="replaceable"><code>name:key</code></em></code>] [<code class="option">-4</code>] [<code class="option">-6</code>] [name] [type] [class] [queryopt...]</p></div>
33
<div class="cmdsynopsis"><p><code class="command">dig</code> [<code class="option">-h</code>]</p></div>
34
<div class="cmdsynopsis"><p><code class="command">dig</code> [global-queryopt...] [query...]</p></div>
36
<div class="refsect1" lang="en">
37
<a name="id2525976"></a><h2>DESCRIPTION</h2>
39
<span><strong class="command">dig</strong></span> (domain information groper) is a flexible tool
140
40
for interrogating DNS name servers. It performs DNS lookups and
141
41
displays the answers that are returned from the name server(s) that
142
were queried. Most DNS administrators use <B
42
were queried. Most DNS administrators use <span><strong class="command">dig</strong></span> to
146
43
troubleshoot DNS problems because of its flexibility, ease of use and
147
44
clarity of output. Other lookup tools tend to have less functionality
156
> is normally used with command-line
45
than <span><strong class="command">dig</strong></span>.
48
Although <span><strong class="command">dig</strong></span> is normally used with command-line
157
49
arguments, it also has a batch mode of operation for reading lookup
158
50
requests from a file. A brief summary of its command-line arguments
159
and options is printed when the <VAR
51
and options is printed when the <code class="option">-h</code> option is given.
163
52
Unlike earlier versions, the BIND9 implementation of
167
> allows multiple lookups to be issued from the
170
>Unless it is told to query a specific name server,
174
> will try each of the servers listed in
177
>/etc/resolv.conf</TT
180
>When no command line arguments or options are given, will perform an
181
NS query for "." (the root).</P
183
>It is possible to set per-user defaults for <B
190
>. This file is read and any options in it
191
are applied before the command line arguments.</P
201
>A typical invocation of <B
206
CLASS="PROGRAMLISTING"
207
> dig @server name type </PRE
53
<span><strong class="command">dig</strong></span> allows multiple lookups to be issued from the
57
Unless it is told to query a specific name server,
58
<span><strong class="command">dig</strong></span> will try each of the servers listed in
59
<code class="filename">/etc/resolv.conf</code>.
62
When no command line arguments or options are given, will perform an
63
NS query for "." (the root).
66
It is possible to set per-user defaults for <span><strong class="command">dig</strong></span> via
67
<code class="filename">${HOME}/.digrc</code>. This file is read and any options in it
68
are applied before the command line arguments.
71
<div class="refsect1" lang="en">
72
<a name="id2526035"></a><h2>SIMPLE USAGE</h2>
74
A typical invocation of <span><strong class="command">dig</strong></span> looks like:
76
<pre class="programlisting"> dig @server name type </pre>
222
>is the name or IP address of the name server to query. This can be an IPv4
80
<div class="variablelist"><dl>
81
<dt><span class="term"><code class="constant">server</code></span></dt>
83
is the name or IP address of the name server to query. This can be an IPv4
223
84
address in dotted-decimal notation or an IPv6
224
85
address in colon-delimited notation. When the supplied
228
> argument is a hostname,
232
> resolves that name before querying that name
236
> argument is provided,
242
>/etc/resolv.conf</TT
86
<em class="parameter"><code>server</code></em> argument is a hostname,
87
<span><strong class="command">dig</strong></span> resolves that name before querying that name
88
server. If no <em class="parameter"><code>server</code></em> argument is provided,
89
<span><strong class="command">dig</strong></span> consults <code class="filename">/etc/resolv.conf</code>
244
90
and queries the name servers listed there. The reply from the name
245
server that responds is displayed.</P
254
>is the name of the resource record that is to be looked up.</P
263
>indicates what type of query is required —
91
server that responds is displayed.
93
<dt><span class="term"><code class="constant">name</code></span></dt>
95
is the name of the resource record that is to be looked up.
97
<dt><span class="term"><code class="constant">type</code></span></dt>
99
indicates what type of query is required —
264
100
ANY, A, MX, SIG, etc.
268
> can be any valid query type. If no
272
> argument is supplied,
276
> will perform a lookup for an A record.</P
293
> option sets the source IP address of the query
297
>. This must be a valid address on
101
<em class="parameter"><code>type</code></em> can be any valid query type. If no
102
<em class="parameter"><code>type</code></em> argument is supplied,
103
<span><strong class="command">dig</strong></span> will perform a lookup for an A record.
109
<div class="refsect1" lang="en">
110
<a name="id2526114"></a><h2>OPTIONS</h2>
112
The <code class="option">-b</code> option sets the source IP address of the query
113
to <em class="parameter"><code>address</code></em>. This must be a valid address on
298
114
one of the host's network interfaces or "0.0.0.0" or "::". An optional port
299
may be specified by appending "#<port>"</P
301
>The default query class (IN for internet) is overridden by the
309
class, such as HS for Hesiod records or CH for CHAOSNET records.</P
115
may be specified by appending "#<port>"
118
The default query class (IN for internet) is overridden by the
119
<code class="option">-c</code> option. <em class="parameter"><code>class</code></em> is any valid
120
class, such as HS for Hesiod records or CH for CHAOSNET records.
123
The <code class="option">-f</code> option makes <span><strong class="command">dig </strong></span> operate
318
124
in batch mode by reading a list of lookup requests to process from the
322
>. The file contains a number of
125
file <em class="parameter"><code>filename</code></em>. The file contains a number of
323
126
queries, one per line. Each entry in the file should be organised in
324
127
the same way they would be presented as queries to
328
> using the command-line interface.</P
330
>If a non-standard port number is to be queried, the
334
> option is used. <VAR
338
the port number that <B
341
> will send its queries
128
<span><strong class="command">dig</strong></span> using the command-line interface.
131
If a non-standard port number is to be queried, the
132
<code class="option">-p</code> option is used. <em class="parameter"><code>port#</code></em> is
133
the port number that <span><strong class="command">dig</strong></span> will send its queries
342
134
instead of the standard DNS port number 53. This option would be used
343
135
to test a name server that has been configured to listen for queries
344
on a non-standard port number.</P
353
use IPv4 query transport. The <VAR
360
> to only use IPv6 query transport.</P
365
> option sets the query type to
369
>. It can be any valid query type which is
136
on a non-standard port number.
139
The <code class="option">-4</code> option forces <span><strong class="command">dig</strong></span> to only
140
use IPv4 query transport. The <code class="option">-6</code> option forces
141
<span><strong class="command">dig</strong></span> to only use IPv6 query transport.
144
The <code class="option">-t</code> option sets the query type to
145
<em class="parameter"><code>type</code></em>. It can be any valid query type which is
370
146
supported in BIND9. The default query type "A", unless the
374
> option is supplied to indicate a reverse lookup.
147
<code class="option">-x</code> option is supplied to indicate a reverse lookup.
375
148
A zone transfer can be requested by specifying a type of AXFR. When
376
149
an incremental zone transfer (IXFR) is required,
150
<em class="parameter"><code>type</code></em> is set to <code class="literal">ixfr=N</code>.
384
151
The incremental zone transfer will contain the changes made to the zone
385
152
since the serial number in the zone's SOA record was
391
>Reverse lookups - mapping addresses to names - are simplified by the
153
<em class="parameter"><code>N</code></em>.
156
Reverse lookups - mapping addresses to names - are simplified by the
157
<code class="option">-x</code> option. <em class="parameter"><code>addr</code></em> is an IPv4
399
158
address in dotted-decimal notation, or a colon-delimited IPv6 address.
400
159
When this option is used, there is no need to provide the
160
<em class="parameter"><code>name</code></em>, <em class="parameter"><code>class</code></em> and
161
<em class="parameter"><code>type</code></em> arguments. <span><strong class="command">dig</strong></span>
415
162
automatically performs a lookup for a name like
418
>11.12.13.10.in-addr.arpa</VAR
419
> and sets the query type and
163
<code class="literal">11.12.13.10.in-addr.arpa</code> and sets the query type and
420
164
class to PTR and IN respectively. By default, IPv6 addresses are
421
165
looked up using nibble format under the IP6.ARPA domain.
422
166
To use the older RFC1886 method using the IP6.INT domain
426
> option. Bit string labels (RFC2874)
427
are now experimental and are not attempted.</P
429
>To sign the DNS queries sent by <B
167
specify the <code class="option">-i</code> option. Bit string labels (RFC2874)
168
are now experimental and are not attempted.
171
To sign the DNS queries sent by <span><strong class="command">dig</strong></span> and their
433
172
responses using transaction signatures (TSIG), specify a TSIG key file
437
> option. You can also specify the TSIG
438
key itself on the command line using the <VAR
445
> is the name of the TSIG key and
449
> is the actual key. The key is a base-64
450
encoded string, typically generated by <SPAN
453
CLASS="REFENTRYTITLE"
173
using the <code class="option">-k</code> option. You can also specify the TSIG
174
key itself on the command line using the <code class="option">-y</code> option;
175
<em class="parameter"><code>name</code></em> is the name of the TSIG key and
176
<em class="parameter"><code>key</code></em> is the actual key. The key is a base-64
177
encoded string, typically generated by <span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>.
458
Caution should be taken when using the <VAR
179
Caution should be taken when using the <code class="option">-y</code> option on
462
180
multi-user systems as the key can be visible in the output from
466
CLASS="REFENTRYTITLE"
469
> or in the shell's history file. When
470
using TSIG authentication with <B
181
<span class="citerefentry"><span class="refentrytitle">ps</span>(1
182
)</span> or in the shell's history file. When
183
using TSIG authentication with <span><strong class="command">dig</strong></span>, the name
474
184
server that is queried needs to know the key and algorithm that is
475
185
being used. In BIND, this is done by providing appropriate
499
> provides a number of query options which affect
186
<span><strong class="command">key</strong></span> and <span><strong class="command">server</strong></span> statements in
187
<code class="filename">named.conf</code>.
190
<div class="refsect1" lang="en">
191
<a name="id2526365"></a><h2>QUERY OPTIONS</h2>
193
<span><strong class="command">dig</strong></span> provides a number of query options which affect
500
194
the way in which lookups are made and the results displayed. Some of
501
195
these set or reset flag bits in the query header, some determine which
502
196
sections of the answer get printed, and others determine the timeout
503
and retry strategies.</P
505
>Each query option is identified by a keyword preceded by a plus sign
509
>). Some keywords set or reset an option. These may be preceded
513
> to negate the meaning of that keyword. Other
197
and retry strategies.
200
Each query option is identified by a keyword preceded by a plus sign
201
(<code class="literal">+</code>). Some keywords set or reset an option. These may be preceded
202
by the string <code class="literal">no</code> to negate the meaning of that keyword. Other
514
203
keywords assign values to options like the timeout interval. They
204
have the form <code class="option">+keyword=value</code>.
519
205
The query options are:
533
>Use [do not use] TCP when querying name servers. The default
208
<div class="variablelist"><dl>
209
<dt><span class="term"><code class="option">+[no]tcp</code></span></dt>
211
Use [do not use] TCP when querying name servers. The default
534
212
behaviour is to use UDP unless an AXFR or IXFR query is requested, in
535
which case a TCP connection is used.</P
544
>Use [do not use] TCP when querying name servers. This alternate
548
> is provided for backwards
549
compatibility. The "vc" stands for "virtual circuit".</P
558
>Ignore truncation in UDP responses instead of retrying with TCP. By
559
default, TCP retries are performed.</P
564
>+domain=somename</VAR
568
>Set the search list to contain the single domain
572
>, as if specified in a
579
>/etc/resolv.conf</TT
580
>, and enable search list
581
processing as if the <VAR
584
> option were given.</P
593
>Use [do not use] the search list defined by the searchlist or domain
598
The search list is not used by default.</P
607
>Deprecated, treated as a synonym for <VAR
619
>Sets the "aa" flag in the query.</P
640
>Set [do not set] the AD (authentic data) bit in the query. The AD bit
213
which case a TCP connection is used.
215
<dt><span class="term"><code class="option">+[no]vc</code></span></dt>
217
Use [do not use] TCP when querying name servers. This alternate
218
syntax to <em class="parameter"><code>+[no]tcp</code></em> is provided for backwards
219
compatibility. The "vc" stands for "virtual circuit".
221
<dt><span class="term"><code class="option">+[no]ignore</code></span></dt>
223
Ignore truncation in UDP responses instead of retrying with TCP. By
224
default, TCP retries are performed.
226
<dt><span class="term"><code class="option">+domain=somename</code></span></dt>
228
Set the search list to contain the single domain
229
<em class="parameter"><code>somename</code></em>, as if specified in a
230
<span><strong class="command">domain</strong></span> directive in
231
<code class="filename">/etc/resolv.conf</code>, and enable search list
232
processing as if the <em class="parameter"><code>+search</code></em> option were given.
234
<dt><span class="term"><code class="option">+[no]search</code></span></dt>
236
Use [do not use] the search list defined by the searchlist or domain
237
directive in <code class="filename">resolv.conf</code> (if any).
238
The search list is not used by default.
240
<dt><span class="term"><code class="option">+[no]defname</code></span></dt>
242
Deprecated, treated as a synonym for <em class="parameter"><code>+[no]search</code></em>
244
<dt><span class="term"><code class="option">+[no]aaonly</code></span></dt>
246
Sets the "aa" flag in the query.
248
<dt><span class="term"><code class="option">+[no]aaflag</code></span></dt>
250
A synonym for <em class="parameter"><code>+[no]aaonly</code></em>.
252
<dt><span class="term"><code class="option">+[no]adflag</code></span></dt>
254
Set [do not set] the AD (authentic data) bit in the query. The AD bit
641
255
currently has a standard meaning only in responses, not in queries,
642
256
but the ability to set the bit in the query is provided for
652
>Set [do not set] the CD (checking disabled) bit in the query. This
653
requests the server to not perform DNSSEC validation of responses.</P
662
>Display [do not display] the CLASS when printing the record.</P
671
>Display [do not display] the TTL when printing the record.</P
680
>Toggle the setting of the RD (recursion desired) bit in the query.
681
This bit is set by default, which means <B
259
<dt><span class="term"><code class="option">+[no]cdflag</code></span></dt>
261
Set [do not set] the CD (checking disabled) bit in the query. This
262
requests the server to not perform DNSSEC validation of responses.
264
<dt><span class="term"><code class="option">+[no]cl</code></span></dt>
266
Display [do not display] the CLASS when printing the record.
268
<dt><span class="term"><code class="option">+[no]ttlid</code></span></dt>
270
Display [do not display] the TTL when printing the record.
272
<dt><span class="term"><code class="option">+[no]recurse</code></span></dt>
274
Toggle the setting of the RD (recursion desired) bit in the query.
275
This bit is set by default, which means <span><strong class="command">dig</strong></span>
685
276
normally sends recursive queries. Recursion is automatically disabled
693
> query options are used.</P
702
>When this option is set, <B
705
> attempts to find the
277
when the <em class="parameter"><code>+nssearch</code></em> or
278
<em class="parameter"><code>+trace</code></em> query options are used.
280
<dt><span class="term"><code class="option">+[no]nssearch</code></span></dt>
282
When this option is set, <span><strong class="command">dig</strong></span> attempts to find the
706
283
authoritative name servers for the zone containing the name being
707
284
looked up and display the SOA record that each name server has for the
717
>Toggle tracing of the delegation path from the root name servers for
287
<dt><span class="term"><code class="option">+[no]trace</code></span></dt>
289
Toggle tracing of the delegation path from the root name servers for
718
290
the name being looked up. Tracing is disabled by default. When
719
tracing is enabled, <B
722
> makes iterative queries to
291
tracing is enabled, <span><strong class="command">dig</strong></span> makes iterative queries to
723
292
resolve the name being looked up. It will follow referrals from the
724
293
root servers, showing the answer from each server that was used to
725
resolve the lookup.</P
734
>toggles the printing of the initial comment in the output identifying
738
> and the query options that have
739
been applied. This comment is printed by default.</P
748
>Provide a terse answer. The default is to print the answer in a
758
>Show [or do not show] the IP address and port number that supplied the
762
> option is enabled. If
296
<dt><span class="term"><code class="option">+[no]cmd</code></span></dt>
298
toggles the printing of the initial comment in the output identifying
299
the version of <span><strong class="command">dig</strong></span> and the query options that have
300
been applied. This comment is printed by default.
302
<dt><span class="term"><code class="option">+[no]short</code></span></dt>
304
Provide a terse answer. The default is to print the answer in a
307
<dt><span class="term"><code class="option">+[no]identify</code></span></dt>
309
Show [or do not show] the IP address and port number that supplied the
310
answer when the <em class="parameter"><code>+short</code></em> option is enabled. If
763
311
short form answers are requested, the default is not to show the
764
source address and port number of the server that provided the answer.</P
773
>Toggle the display of comment lines in the output. The default is to
783
>This query option toggles the printing of statistics: when the query
312
source address and port number of the server that provided the answer.
314
<dt><span class="term"><code class="option">+[no]comments</code></span></dt>
316
Toggle the display of comment lines in the output. The default is to
319
<dt><span class="term"><code class="option">+[no]stats</code></span></dt>
321
This query option toggles the printing of statistics: when the query
784
322
was made, the size of the reply and so on. The default behaviour is
785
to print the query statistics.</P
794
>Print [do not print] the query as it is sent.
795
By default, the query is not printed.</P
804
>Print [do not print] the question section of a query when an answer is
805
returned. The default is to print the question section as a comment.</P
814
>Display [do not display] the answer section of a reply. The default
824
>Display [do not display] the authority section of a reply. The
825
default is to display it.</P
830
>+[no]additional</VAR
834
>Display [do not display] the additional section of a reply.
835
The default is to display it.</P
844
>Set or clear all display flags.</P
853
> Sets the timeout for a query to
857
> seconds. The default time out is 5 seconds.
858
An attempt to set <VAR
861
> to less than 1 will result
862
in a query timeout of 1 second being applied.</P
871
>Sets the number of times to try UDP queries to server to
875
> instead of the default, 3. If
879
> is less than or equal to zero, the number of
880
tries is silently rounded up to 1.</P
889
>Sets the number of times to retry UDP queries to server to
893
> instead of the default, 2. Unlike
897
>, this does not include the initial
907
>Set the number of dots that have to appear in
323
to print the query statistics.
325
<dt><span class="term"><code class="option">+[no]qr</code></span></dt>
327
Print [do not print] the query as it is sent.
328
By default, the query is not printed.
330
<dt><span class="term"><code class="option">+[no]question</code></span></dt>
332
Print [do not print] the question section of a query when an answer is
333
returned. The default is to print the question section as a comment.
335
<dt><span class="term"><code class="option">+[no]answer</code></span></dt>
337
Display [do not display] the answer section of a reply. The default
340
<dt><span class="term"><code class="option">+[no]authority</code></span></dt>
342
Display [do not display] the authority section of a reply. The
343
default is to display it.
345
<dt><span class="term"><code class="option">+[no]additional</code></span></dt>
347
Display [do not display] the additional section of a reply.
348
The default is to display it.
350
<dt><span class="term"><code class="option">+[no]all</code></span></dt>
352
Set or clear all display flags.
354
<dt><span class="term"><code class="option">+time=T</code></span></dt>
357
Sets the timeout for a query to
358
<em class="parameter"><code>T</code></em> seconds. The default time out is 5 seconds.
359
An attempt to set <em class="parameter"><code>T</code></em> to less than 1 will result
360
in a query timeout of 1 second being applied.
362
<dt><span class="term"><code class="option">+tries=T</code></span></dt>
364
Sets the number of times to try UDP queries to server to
365
<em class="parameter"><code>T</code></em> instead of the default, 3. If
366
<em class="parameter"><code>T</code></em> is less than or equal to zero, the number of
367
tries is silently rounded up to 1.
369
<dt><span class="term"><code class="option">+retry=T</code></span></dt>
371
Sets the number of times to retry UDP queries to server to
372
<em class="parameter"><code>T</code></em> instead of the default, 2. Unlike
373
<em class="parameter"><code>+tries</code></em>, this does not include the initial
376
<dt><span class="term"><code class="option">+ndots=D</code></span></dt>
378
Set the number of dots that have to appear in
379
<em class="parameter"><code>name</code></em> to <em class="parameter"><code>D</code></em> for it to be
915
380
considered absolute. The default value is that defined using the
916
ndots statement in <TT
918
>/etc/resolv.conf</TT
381
ndots statement in <code class="filename">/etc/resolv.conf</code>, or 1 if no
920
382
ndots statement is present. Names with fewer dots are interpreted as
921
383
relative names and will be searched for in the domains listed in the
931
>/etc/resolv.conf</TT
941
>Set the UDP message buffer size advertised using EDNS0 to
945
> bytes. The maximum and minimum sizes of this
384
<code class="option">search</code> or <code class="option">domain</code> directive in
385
<code class="filename">/etc/resolv.conf</code>.
387
<dt><span class="term"><code class="option">+bufsize=B</code></span></dt>
389
Set the UDP message buffer size advertised using EDNS0 to
390
<em class="parameter"><code>B</code></em> bytes. The maximum and minimum sizes of this
946
391
buffer are 65535 and 0 respectively. Values outside this range are
947
rounded up or down appropriately.</P
956
>Print records like the SOA records in a verbose multi-line
392
rounded up or down appropriately.
394
<dt><span class="term"><code class="option">+[no]multiline</code></span></dt>
396
Print records like the SOA records in a verbose multi-line
957
397
format with human-readable comments. The default is to print
958
398
each record on a single line, to facilitate machine parsing
971
>Do not try the next server if you receive a SERVFAIL. The default is
399
of the <span><strong class="command">dig</strong></span> output.
401
<dt><span class="term"><code class="option">+[no]fail</code></span></dt>
403
Do not try the next server if you receive a SERVFAIL. The default is
972
404
to not try the next server which is the reverse of normal stub resolver
978
>+[no]besteffort</VAR
982
>Attempt to display the contents of messages which are malformed.
983
The default is to not display malformed answers.</P
992
>Requests DNSSEC records be sent by setting the DNSSEC OK bit (DO)
993
in the OPT record in the additional section of the query.</P
1002
>Chase DNSSEC signature chains. Requires dig be compiled with
1008
>+trusted-key=####</VAR
1012
>Specify a trusted key to be used with <VAR
1016
Requires dig be compiled with -DDIG_SIGCHASE.</P
1025
>When chasing DNSSEC signature chains perform a top down validation.
1026
Requires dig be compiled with -DDIG_SIGCHASE.</P
1038
>MULTIPLE QUERIES</H2
1040
>The BIND 9 implementation of <B
407
<dt><span class="term"><code class="option">+[no]besteffort</code></span></dt>
409
Attempt to display the contents of messages which are malformed.
410
The default is to not display malformed answers.
412
<dt><span class="term"><code class="option">+[no]dnssec</code></span></dt>
414
Requests DNSSEC records be sent by setting the DNSSEC OK bit (DO)
415
in the OPT record in the additional section of the query.
417
<dt><span class="term"><code class="option">+[no]sigchase</code></span></dt>
419
Chase DNSSEC signature chains. Requires dig be compiled with
422
<dt><span class="term"><code class="option">+trusted-key=####</code></span></dt>
425
Specifies a file containing trusted keys to be used with
426
<code class="option">+sigchase</code>. Each DNSKEY record must be
430
If not specified <span><strong class="command">dig</strong></span> will look for
431
<code class="filename">/etc/trusted-key.key</code> then
432
<code class="filename">trusted-key.key</code> in the current directory.
435
Requires dig be compiled with -DDIG_SIGCHASE.
438
<dt><span class="term"><code class="option">+[no]topdown</code></span></dt>
440
When chasing DNSSEC signature chains perform a top down validation.
441
Requires dig be compiled with -DDIG_SIGCHASE.
448
<div class="refsect1" lang="en">
449
<a name="id2527033"></a><h2>MULTIPLE QUERIES</h2>
451
The BIND 9 implementation of <span><strong class="command">dig </strong></span> supports
1044
452
specifying multiple queries on the command line (in addition to
1048
> batch file option). Each of those
453
supporting the <code class="option">-f</code> batch file option). Each of those
1049
454
queries can be supplied with its own set of flags, options and query
1052
>In this case, each <VAR
1055
> argument represent an
458
In this case, each <em class="parameter"><code>query</code></em> argument represent an
1056
459
individual query in the command-line syntax described above. Each
1057
460
consists of any of the standard options and flags, the name to be
1058
461
looked up, an optional query type and class and any query options that
1059
should be applied to that query.</P
1061
>A global set of query options, which should be applied to all queries,
462
should be applied to that query.
465
A global set of query options, which should be applied to all queries,
1062
466
can also be supplied. These global query options must precede the
1063
467
first tuple of name, class, type, options, flags, and query options
1064
468
supplied on the command line. Any global query options (except
469
the <code class="option">+[no]cmd</code> option) can be
1069
470
overridden by a query-specific set of query options. For example:
1071
CLASS="PROGRAMLISTING"
1072
>dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr</PRE
1077
> could be used from the command line
1078
to make three lookups: an ANY query for <VAR
472
<pre class="programlisting">
473
dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
476
shows how <span><strong class="command">dig</strong></span> could be used from the command line
477
to make three lookups: an ANY query for <code class="literal">www.isc.org</code>, a
1082
478
reverse lookup of 127.0.0.1 and a query for the NS records of
479
<code class="literal">isc.org</code>.
1088
A global query option of <VAR
1095
> shows the initial query it made for each
481
A global query option of <em class="parameter"><code>+qr</code></em> is applied, so
482
that <span><strong class="command">dig</strong></span> shows the initial query it made for each
1096
483
lookup. The final query has a local query option of
1100
> which means that <B
484
<em class="parameter"><code>+noqr</code></em> which means that <span><strong class="command">dig</strong></span>
1104
485
will not print the initial query when it looks up the NS records for
1120
>/etc/resolv.conf</TT
1137
CLASS="CITEREFENTRY"
1139
CLASS="REFENTRYTITLE"
1144
CLASS="CITEREFENTRY"
1146
CLASS="REFENTRYTITLE"
1151
CLASS="CITEREFENTRY"
1153
CLASS="REFENTRYTITLE"
1154
>dnssec-keygen</SPAN
1170
>There are probably too many query options. </P
486
<code class="literal">isc.org</code>.
489
<div class="refsect1" lang="en">
490
<a name="id2527092"></a><h2>FILES</h2>
492
<code class="filename">/etc/resolv.conf</code>
495
<code class="filename">${HOME}/.digrc</code>
498
<div class="refsect1" lang="en">
499
<a name="id2527111"></a><h2>SEE ALSO</h2>
501
<span class="citerefentry"><span class="refentrytitle">host</span>(1)</span>,
502
<span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
503
<span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
504
<em class="citetitle">RFC1035</em>.
507
<div class="refsect1" lang="en">
508
<a name="id2527149"></a><h2>BUGS </h2>
510
There are probably too many query options.