version 4, including all changes.
.
Rev |
Author |
# |
Line |
1 |
perry |
1 |
DIG |
|
|
2 |
!!!DIG |
|
|
3 |
NAME |
|
|
4 |
SYNOPSIS |
|
|
5 |
DESCRIPTION |
|
|
6 |
SIMPLE USAGE |
|
|
7 |
OPTIONS |
|
|
8 |
QUERY OPTIONS |
|
|
9 |
MULTIPLE QUERIES |
|
|
10 |
FILES |
|
|
11 |
SEE ALSO |
|
|
12 |
BUGS |
|
|
13 |
---- |
|
|
14 |
!!NAME |
|
|
15 |
|
|
|
16 |
|
|
|
17 |
dig - DNS lookup utility |
|
|
18 |
!!SYNOPSIS |
|
|
19 |
|
|
|
20 |
|
|
|
21 |
__dig__ [[ __@server__ ] [[ __-b__ ''address'' ] [[ |
|
|
22 |
__-c__ ''class'' ] [[ __-f__ ''filename'' ] [[ |
|
|
23 |
__-k__ ''filename'' ] [[ __-p__ ''port#'' ] [[ |
|
|
24 |
__-t__ ''type'' ] [[ __-x__ ''addr'' ] [[ |
|
|
25 |
__-y__ ''name:key'' ] [[ __name__ ] [[ __type__ ] |
|
|
26 |
[[ __class__ ] [[ __queryopt__''...'' ] |
|
|
27 |
|
|
|
28 |
|
|
|
29 |
__dig__ [[ __-h__ ] |
|
|
30 |
|
|
|
31 |
|
|
|
32 |
__dig__ [[ __global-queryopt__''...'' ] [[ |
|
|
33 |
__query__''...'' ] |
|
|
34 |
!!DESCRIPTION |
|
|
35 |
|
|
|
36 |
|
|
|
37 |
__dig__ (domain information groper) is a flexible tool |
|
|
38 |
for interrogating DNS name servers. It performs DNS lookups |
|
|
39 |
and displays the answers that are returned from the name |
|
|
40 |
server(s) that were queried. Most DNS administrators use |
|
|
41 |
__dig__ to troubleshoot DNS problems because of its |
|
|
42 |
flexibility, ease of use and clarity of output. Other lookup |
|
|
43 |
tools tend to have less functionality than |
|
|
44 |
__dig__. |
|
|
45 |
|
|
|
46 |
|
|
|
47 |
Although __dig__ is normally used with command-line |
|
|
48 |
arguments, it also has a batch mode of operation for reading |
|
|
49 |
lookup requests from a file. A brief summary of its |
|
|
50 |
command-line arguments and options is printed when the |
|
|
51 |
__-h__ option is given. Unlike earlier versions, the |
|
|
52 |
BIND9 implementation of __dig__ allows multiple lookups |
|
|
53 |
to be issued from the command line. |
|
|
54 |
|
|
|
55 |
|
|
|
56 |
Unless it is told to query a specific name server, |
|
|
57 |
__dig__ will try each of the servers listed in |
|
|
58 |
''/etc/resolv.conf''. |
|
|
59 |
|
|
|
60 |
|
|
|
61 |
When no command line arguments or options are given, will |
|
|
62 |
perform an NS query for |
|
|
63 |
!!SIMPLE USAGE |
|
|
64 |
|
|
|
65 |
|
|
|
66 |
A typical invocation of __dig__ looks like: |
|
|
67 |
|
|
|
68 |
|
|
|
69 |
dig @server name type |
|
|
70 |
where: |
|
|
71 |
|
|
|
72 |
|
|
|
73 |
__server__ |
|
|
74 |
|
|
|
75 |
|
|
|
76 |
is the name or IP address of the name server to query. This |
|
|
77 |
can be an IPv4 address in dotted-decimal notation or an IPv6 |
|
|
78 |
address in colon-delimited notation. When the supplied |
|
|
79 |
''server'' argument is a hostname, __dig__ resolves |
|
|
80 |
that name before querying that name server. If no |
|
|
81 |
''server'' argument is provided, __dig__ consults |
|
|
82 |
''/etc/resolv.conf'' and queries the name servers listed |
|
|
83 |
there. The reply from the name server that responds is |
|
|
84 |
displayed. |
|
|
85 |
|
|
|
86 |
|
|
|
87 |
__name__ |
|
|
88 |
|
|
|
89 |
|
|
|
90 |
is the name of the resource record that is to be looked |
|
|
91 |
up. |
|
|
92 |
|
|
|
93 |
|
|
|
94 |
__type__ |
|
|
95 |
|
|
|
96 |
|
|
|
97 |
indicates what type of query is required -- ANY, A, MX, SIG, |
|
|
98 |
etc. ''type'' can be any valid query type. If no |
|
|
99 |
''type'' argument is supplied, __dig__ will perform a |
|
|
100 |
lookup for an A record. |
|
|
101 |
!!OPTIONS |
|
|
102 |
|
|
|
103 |
|
|
|
104 |
The __-b__ option sets the source IP address of the query |
|
|
105 |
to ''address''. This must be a valid address on one of |
|
|
106 |
the host's network interfaces. |
|
|
107 |
|
|
|
108 |
|
|
|
109 |
The default query class (IN for internet) is overridden by |
|
|
110 |
the __-c__ option. ''class'' is any valid class, such |
|
|
111 |
as HS for Hesiod records or CH for CHAOSNET |
|
|
112 |
records. |
|
|
113 |
|
|
|
114 |
|
|
|
115 |
The __-f__ option makes __dig__ operate in batch mode |
|
|
116 |
by reading a list of lookup requests to process from the |
|
|
117 |
file ''filename''. The file contains a number of queries, |
|
|
118 |
one per line. Each entry in the file should be organised in |
|
|
119 |
the same way they would be presented as queries to |
|
|
120 |
__dig__ using the command-line interface. |
|
|
121 |
|
|
|
122 |
|
|
|
123 |
If a non-standard port number is to be queried, the |
|
|
124 |
__-p__ option is used. ''port#'' is the port number |
|
|
125 |
that __dig__ will send its queries instead of the |
|
|
126 |
standard DNS port number 53. This option would be used to |
|
|
127 |
test a name server that has been configured to listen for |
|
|
128 |
queries on a non-standard port number. |
|
|
129 |
|
|
|
130 |
|
|
|
131 |
The __-t__ option sets the query type to ''type''. It |
|
|
132 |
can be any valid query type which is supported in BIND9. The |
|
|
133 |
default query type ''-x__ |
|
|
134 |
option is supplied to indicate a reverse lookup. A zone |
|
|
135 |
transfer can be requested by specifying a type of AXFR. When |
|
|
136 |
an incremental zone transfer (IXFR) is required, ''type'' |
|
|
137 |
is set to ixfr=N. The incremental zone transfer will contain |
|
|
138 |
the changes made to the zone since the serial number in the |
|
|
139 |
zone's SOA record was ''N''. |
|
|
140 |
|
|
|
141 |
|
|
|
142 |
Reverse lookups - mapping addresses to names - are |
|
|
143 |
simplified by the __-x__ option. ''addr'' is an IPv4 |
|
|
144 |
address in dotted-decimal notation, or a colon-delimited |
|
|
145 |
IPv6 address. When this option is used, there is no need to |
|
|
146 |
provide the ''name'', ''class'' and ''type'' |
|
|
147 |
arguments. __dig__ automatically performs a lookup for a |
|
|
148 |
name like 11.12.13.10.in-addr.arpa and sets the query type |
|
|
149 |
and class to PTR and IN respectively. By default, IPv6 |
|
|
150 |
addresses are looked up using the IP6.ARPA domain and binary |
|
|
151 |
labels as defined in RFC2874. To use the older RFC1886 |
|
|
152 |
method using the IP6.INT domain and |
|
|
153 |
__-n__ (nibble) option. |
|
|
154 |
|
|
|
155 |
|
|
|
156 |
To sign the DNS queries sent by __dig__ and their |
|
|
157 |
responses using transaction signatures (TSIG), specify a |
|
|
158 |
TSIG key file using the __-k__ option. You can also |
|
|
159 |
specify the TSIG key itself on the command line using the |
|
|
160 |
__-y__ option; ''name'' is the name of the TSIG key |
|
|
161 |
and ''key'' is the actual key. The key is a base-64 |
|
|
162 |
encoded string, typically generated by |
4 |
perry |
163 |
dnssec-keygen(8). Caution should be taken when using |
1 |
perry |
164 |
the __-y__ option on multi-user systems as the key can be |
|
|
165 |
visible in the output from ps(1) or in the shell's |
|
|
166 |
history file. When using TSIG authentication with |
|
|
167 |
__dig__, the name server that is queried needs to know |
|
|
168 |
the key and algorithm that is being used. In BIND, this is |
|
|
169 |
done by providing appropriate __key__ and __server__ |
|
|
170 |
statements in ''named.conf''. |
|
|
171 |
!!QUERY OPTIONS |
|
|
172 |
|
|
|
173 |
|
|
|
174 |
__dig__ provides a number of query options which affect |
|
|
175 |
the way in which lookups are made and the results displayed. |
|
|
176 |
Some of these set or reset flag bits in the query header, |
|
|
177 |
some determine which sections of the answer get printed, and |
|
|
178 |
others determine the timeout and retry |
|
|
179 |
strategies. |
|
|
180 |
|
|
|
181 |
|
|
|
182 |
Each query option is identified by a keyword preceded by a |
|
|
183 |
plus sign (+). Some keywords set or reset an option. These |
|
|
184 |
may be preceded by the string no to negate the meaning of |
|
|
185 |
that keyword. Other keywords assign values to options like |
|
|
186 |
the timeout interval. They have the form |
|
|
187 |
__+keyword=value__. The query options are: |
|
|
188 |
|
|
|
189 |
|
|
|
190 |
__+[[no]tcp__ |
|
|
191 |
|
|
|
192 |
|
|
|
193 |
Use [[do not use] TCP when querying name servers. The default |
|
|
194 |
behaviour is to use UDP unless an AXFR or IXFR query is |
|
|
195 |
requested, in which case a TCP connection is |
|
|
196 |
used. |
|
|
197 |
|
|
|
198 |
|
|
|
199 |
__+[[no]vc__ |
|
|
200 |
|
|
|
201 |
|
|
|
202 |
Use [[do not use] TCP when querying name servers. This |
|
|
203 |
alternate syntax to ''+[[no]tcp'' is provided for |
|
|
204 |
backwards compatibility. The |
|
|
205 |
'' |
|
|
206 |
|
|
|
207 |
|
|
|
208 |
__+[[no]ignore__ |
|
|
209 |
|
|
|
210 |
|
|
|
211 |
Ignore truncation in UDP responses instead of retrying with |
|
|
212 |
TCP. By default, TCP retries are performed. |
|
|
213 |
|
|
|
214 |
|
|
|
215 |
__+domain=somename__ |
|
|
216 |
|
|
|
217 |
|
|
|
218 |
Set the search list to contain the single domain |
|
|
219 |
''somename'', as if specified in a __domain__ |
|
|
220 |
directive in ''/etc/resolv.conf'', and enable search list |
|
|
221 |
processing as if the ''+search'' option were |
|
|
222 |
given. |
|
|
223 |
|
|
|
224 |
|
|
|
225 |
__+[[no]search__ |
|
|
226 |
|
|
|
227 |
|
|
|
228 |
Use [[do not use] the search list defined by the searchlist |
|
|
229 |
or domain directive in ''resolv.conf'' (if any). The |
|
|
230 |
search list is not used by default. |
|
|
231 |
|
|
|
232 |
|
|
|
233 |
__+[[no]defname__ |
|
|
234 |
|
|
|
235 |
|
|
|
236 |
Deprecated, treated as a synonym for |
|
|
237 |
''+[[no]search'' |
|
|
238 |
|
|
|
239 |
|
|
|
240 |
__+[[no]aaonly__ |
|
|
241 |
|
|
|
242 |
|
|
|
243 |
This option does nothing. It is provided for compatibilty |
|
|
244 |
with old versions of __dig__ where it set an |
|
|
245 |
unimplemented resolver flag. |
|
|
246 |
|
|
|
247 |
|
|
|
248 |
__+[[no]adflag__ |
|
|
249 |
|
|
|
250 |
|
|
|
251 |
Set [[do not set] the AD (authentic data) bit in the query. |
|
|
252 |
The AD bit currently has a standard meaning only in |
|
|
253 |
responses, not in queries, but the ability to set the bit in |
|
|
254 |
the query is provided for completeness. |
|
|
255 |
|
|
|
256 |
|
|
|
257 |
__+[[no]cdflag__ |
|
|
258 |
|
|
|
259 |
|
|
|
260 |
Set [[do not set] the CD (checking disabled) bit in the |
|
|
261 |
query. This requests the server to not perform DNSSEC |
|
|
262 |
validation of responses. |
|
|
263 |
|
|
|
264 |
|
|
|
265 |
__+[[no]recursive__ |
|
|
266 |
|
|
|
267 |
|
|
|
268 |
Toggle the setting of the RD (recursion desired) bit in the |
|
|
269 |
query. This bit is set by default, which means __dig__ |
|
|
270 |
normally sends recursive queries. Recursion is automatically |
|
|
271 |
disabled when the ''+nssearch'' or ''+trace'' query |
|
|
272 |
options are used. |
|
|
273 |
|
|
|
274 |
|
|
|
275 |
__+[[no]nssearch__ |
|
|
276 |
|
|
|
277 |
|
|
|
278 |
When this option is set, __dig__ attempts to find the |
|
|
279 |
authoritative name servers for the zone containing the name |
|
|
280 |
being looked up and display the SOA record that each name |
|
|
281 |
server has for the zone. |
|
|
282 |
|
|
|
283 |
|
|
|
284 |
__+[[no]trace__ |
|
|
285 |
|
|
|
286 |
|
|
|
287 |
Toggle tracing of the delegation path from the root name |
|
|
288 |
servers for the name being looked up. Tracing is disabled by |
|
|
289 |
default. When tracing is enabled, __dig__ makes iterative |
|
|
290 |
queries to resolve the name being looked up. It will follow |
|
|
291 |
referrals from the root servers, showing the answer from |
|
|
292 |
each server that was used to resolve the |
|
|
293 |
lookup. |
|
|
294 |
|
|
|
295 |
|
|
|
296 |
__+[[no]cmd__ |
|
|
297 |
|
|
|
298 |
|
|
|
299 |
toggles the printing of the initial comment in the output |
|
|
300 |
identifying the version of __dig__ and the query options |
|
|
301 |
that have been applied. This comment is printed by |
|
|
302 |
default. |
|
|
303 |
|
|
|
304 |
|
|
|
305 |
__+[[no]short__ |
|
|
306 |
|
|
|
307 |
|
|
|
308 |
Provide a terse answer. The default is to print the answer |
|
|
309 |
in a verbose form. |
|
|
310 |
|
|
|
311 |
|
|
|
312 |
__+[[no]identify__ |
|
|
313 |
|
|
|
314 |
|
|
|
315 |
Show [[or do not show] the IP address and port number that |
|
|
316 |
supplied the answer when the ''+short'' option is |
|
|
317 |
enabled. If short form answers are requested, the default is |
|
|
318 |
not to show the source address and port number of the server |
|
|
319 |
that provided the answer. |
|
|
320 |
|
|
|
321 |
|
|
|
322 |
__+[[no]comments__ |
|
|
323 |
|
|
|
324 |
|
|
|
325 |
Toggle the display of comment lines in the output. The |
|
|
326 |
default is to print comments. |
|
|
327 |
|
|
|
328 |
|
|
|
329 |
__+[[no]stats__ |
|
|
330 |
|
|
|
331 |
|
|
|
332 |
This query option toggles the printing of statistics: when |
|
|
333 |
the query was made, the size of the reply and so on. The |
|
|
334 |
default behaviour is to print the query |
|
|
335 |
statistics. |
|
|
336 |
|
|
|
337 |
|
|
|
338 |
__+[[no]qr__ |
|
|
339 |
|
|
|
340 |
|
|
|
341 |
Print [[do not print] the query as it is sent. By default, |
|
|
342 |
the query is not printed. |
|
|
343 |
|
|
|
344 |
|
|
|
345 |
__+[[no]question__ |
|
|
346 |
|
|
|
347 |
|
|
|
348 |
Print [[do not print] the question section of a query when an |
|
|
349 |
answer is returned. The default is to print the question |
|
|
350 |
section as a comment. |
|
|
351 |
|
|
|
352 |
|
|
|
353 |
__+[[no]answer__ |
|
|
354 |
|
|
|
355 |
|
|
|
356 |
Display [[do not display] the answer section of a reply. The |
|
|
357 |
default is to display it. |
|
|
358 |
|
|
|
359 |
|
|
|
360 |
__+[[no]authority__ |
|
|
361 |
|
|
|
362 |
|
|
|
363 |
Display [[do not display] the authority section of a reply. |
|
|
364 |
The default is to display it. |
|
|
365 |
|
|
|
366 |
|
|
|
367 |
__+[[no]additional__ |
|
|
368 |
|
|
|
369 |
|
|
|
370 |
Display [[do not display] the additional section of a reply. |
|
|
371 |
The default is to display it. |
|
|
372 |
|
|
|
373 |
|
|
|
374 |
__+[[no]all__ |
|
|
375 |
|
|
|
376 |
|
|
|
377 |
Set or clear all display flags. |
|
|
378 |
|
|
|
379 |
|
|
|
380 |
__+time=T__ |
|
|
381 |
|
|
|
382 |
|
|
|
383 |
Sets the timeout for a query to ''T'' seconds. The |
|
|
384 |
default time out is 5 seconds. An attempt to set ''T'' to |
|
|
385 |
less than 1 will result in a query timeout of 1 second being |
|
|
386 |
applied. |
|
|
387 |
|
|
|
388 |
|
|
|
389 |
__+tries=A__ |
|
|
390 |
|
|
|
391 |
|
|
|
392 |
Sets the number of times to retry UDP queries to server to |
|
|
393 |
''T'' instead of the default, 3. If ''T'' is less than |
|
|
394 |
or equal to zero, the number of retries is silently rounded |
|
|
395 |
up to 1. |
|
|
396 |
|
|
|
397 |
|
|
|
398 |
__+ndots=D__ |
|
|
399 |
|
|
|
400 |
|
|
|
401 |
Set the number of dots that have to appear in ''name'' to |
|
|
402 |
''D'' for it to be considered absolute. The default value |
|
|
403 |
is that defined using the ndots statement in |
|
|
404 |
''/etc/resolv.conf'', or 1 if no ndots statement is |
|
|
405 |
present. Names with fewer dots are interpreted as relative |
|
|
406 |
names and will be searched for in the domains listed in the |
|
|
407 |
__search__ or __domain__ directive in |
|
|
408 |
''/etc/resolv.conf''. |
|
|
409 |
|
|
|
410 |
|
|
|
411 |
__+bufsize=B__ |
|
|
412 |
|
|
|
413 |
|
|
|
414 |
Set the UDP message buffer size advertised using EDNS0 to |
|
|
415 |
''B'' bytes. The maximum and minimum sizes of this buffer |
|
|
416 |
are 65535 and 0 respectively. Values outside this range are |
|
|
417 |
rounded up or down appropriately. |
|
|
418 |
|
|
|
419 |
|
|
|
420 |
__+[[no]multiline__ |
|
|
421 |
|
|
|
422 |
|
|
|
423 |
Print records like the SOA records in a verbose multi-line |
|
|
424 |
format with human-readable comments. The default is to print |
|
|
425 |
each record on a single line, to facilitate machine parsing |
|
|
426 |
of the __dig__ output. |
|
|
427 |
!!MULTIPLE QUERIES |
|
|
428 |
|
|
|
429 |
|
|
|
430 |
The BIND 9 implementation of __dig__ supports specifying |
|
|
431 |
multiple queries on the command line (in addition to |
|
|
432 |
supporting the __-f__ batch file option). Each of those |
|
|
433 |
queries can be supplied with its own set of flags, options |
|
|
434 |
and query options. |
|
|
435 |
|
|
|
436 |
|
|
|
437 |
In this case, each ''query'' argument represent an |
|
|
438 |
individual query in the command-line syntax described above. |
|
|
439 |
Each consists of any of the standard options and flags, the |
|
|
440 |
name to be looked up, an optional query type and class and |
|
|
441 |
any query options that should be applied to that |
|
|
442 |
query. |
|
|
443 |
|
|
|
444 |
|
|
|
445 |
A global set of query options, which should be applied to |
|
|
446 |
all queries, can also be supplied. These global query |
|
|
447 |
options must precede the first tuple of name, class, type, |
|
|
448 |
options, flags, and query options supplied on the command |
|
|
449 |
line. Any global query options (except the __+[[no]cmd__ |
|
|
450 |
option) can be overridden by a query-specific set of query |
|
|
451 |
options. For example: |
|
|
452 |
|
|
|
453 |
|
|
|
454 |
dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr |
|
|
455 |
shows how __dig__ could be used from the command line to make three lookups: an ANY query for www.isc.org, a reverse lookup of 127.0.0.1 and a query for the NS records of isc.org. A global query option of ''+qr'' is applied, so that __dig__ shows the initial query it made for each lookup. The final query has a local query option of ''+noqr'' which means that __dig__ will not print the initial query when it looks up the NS records for isc.org. |
|
|
456 |
!!FILES |
|
|
457 |
|
|
|
458 |
|
|
|
459 |
''/etc/resolv.conf'' |
|
|
460 |
!!SEE ALSO |
|
|
461 |
|
|
|
462 |
|
4 |
perry |
463 |
host(1), named(8), dnssec-keygen(8), |
1 |
perry |
464 |
''RFC1035''. |
|
|
465 |
!!BUGS |
|
|
466 |
|
|
|
467 |
|
|
|
468 |
There are probably too many query options. |
|
|
469 |
---- |