Penguin
Recent Changes
Annotated edit history of dig(1) version 4, including all changes. View license author blame.
Rev Author # Line
1 perry 1 DIG
2 !!!DIG
3 NAME
4 SYNOPSIS
5 DESCRIPTION
6 SIMPLE USAGE
7 OPTIONS
8 QUERY OPTIONS
9 MULTIPLE QUERIES
10 FILES
11 SEE ALSO
12 BUGS
13 ----
14 !!NAME
15
16
17 dig - DNS lookup utility
18 !!SYNOPSIS
19
20
21 __dig__ [[ __@server__ ] [[ __-b__ ''address'' ] [[
22 __-c__ ''class'' ] [[ __-f__ ''filename'' ] [[
23 __-k__ ''filename'' ] [[ __-p__ ''port#'' ] [[
24 __-t__ ''type'' ] [[ __-x__ ''addr'' ] [[
25 __-y__ ''name:key'' ] [[ __name__ ] [[ __type__ ]
26 [[ __class__ ] [[ __queryopt__''...'' ]
27
28
29 __dig__ [[ __-h__ ]
30
31
32 __dig__ [[ __global-queryopt__''...'' ] [[
33 __query__''...'' ]
34 !!DESCRIPTION
35
36
37 __dig__ (domain information groper) is a flexible tool
38 for interrogating DNS name servers. It performs DNS lookups
39 and displays the answers that are returned from the name
40 server(s) that were queried. Most DNS administrators use
41 __dig__ to troubleshoot DNS problems because of its
42 flexibility, ease of use and clarity of output. Other lookup
43 tools tend to have less functionality than
44 __dig__.
45
46
47 Although __dig__ is normally used with command-line
48 arguments, it also has a batch mode of operation for reading
49 lookup requests from a file. A brief summary of its
50 command-line arguments and options is printed when the
51 __-h__ option is given. Unlike earlier versions, the
52 BIND9 implementation of __dig__ allows multiple lookups
53 to be issued from the command line.
54
55
56 Unless it is told to query a specific name server,
57 __dig__ will try each of the servers listed in
58 ''/etc/resolv.conf''.
59
60
61 When no command line arguments or options are given, will
62 perform an NS query for
63 !!SIMPLE USAGE
64
65
66 A typical invocation of __dig__ looks like:
67
68
69 dig @server name type
70 where:
71
72
73 __server__
74
75
76 is the name or IP address of the name server to query. This
77 can be an IPv4 address in dotted-decimal notation or an IPv6
78 address in colon-delimited notation. When the supplied
79 ''server'' argument is a hostname, __dig__ resolves
80 that name before querying that name server. If no
81 ''server'' argument is provided, __dig__ consults
82 ''/etc/resolv.conf'' and queries the name servers listed
83 there. The reply from the name server that responds is
84 displayed.
85
86
87 __name__
88
89
90 is the name of the resource record that is to be looked
91 up.
92
93
94 __type__
95
96
97 indicates what type of query is required -- ANY, A, MX, SIG,
98 etc. ''type'' can be any valid query type. If no
99 ''type'' argument is supplied, __dig__ will perform a
100 lookup for an A record.
101 !!OPTIONS
102
103
104 The __-b__ option sets the source IP address of the query
105 to ''address''. This must be a valid address on one of
106 the host's network interfaces.
107
108
109 The default query class (IN for internet) is overridden by
110 the __-c__ option. ''class'' is any valid class, such
111 as HS for Hesiod records or CH for CHAOSNET
112 records.
113
114
115 The __-f__ option makes __dig__ operate in batch mode
116 by reading a list of lookup requests to process from the
117 file ''filename''. The file contains a number of queries,
118 one per line. Each entry in the file should be organised in
119 the same way they would be presented as queries to
120 __dig__ using the command-line interface.
121
122
123 If a non-standard port number is to be queried, the
124 __-p__ option is used. ''port#'' is the port number
125 that __dig__ will send its queries instead of the
126 standard DNS port number 53. This option would be used to
127 test a name server that has been configured to listen for
128 queries on a non-standard port number.
129
130
131 The __-t__ option sets the query type to ''type''. It
132 can be any valid query type which is supported in BIND9. The
133 default query type ''-x__
134 option is supplied to indicate a reverse lookup. A zone
135 transfer can be requested by specifying a type of AXFR. When
136 an incremental zone transfer (IXFR) is required, ''type''
137 is set to ixfr=N. The incremental zone transfer will contain
138 the changes made to the zone since the serial number in the
139 zone's SOA record was ''N''.
140
141
142 Reverse lookups - mapping addresses to names - are
143 simplified by the __-x__ option. ''addr'' is an IPv4
144 address in dotted-decimal notation, or a colon-delimited
145 IPv6 address. When this option is used, there is no need to
146 provide the ''name'', ''class'' and ''type''
147 arguments. __dig__ automatically performs a lookup for a
148 name like 11.12.13.10.in-addr.arpa and sets the query type
149 and class to PTR and IN respectively. By default, IPv6
150 addresses are looked up using the IP6.ARPA domain and binary
151 labels as defined in RFC2874. To use the older RFC1886
152 method using the IP6.INT domain and
153 __-n__ (nibble) option.
154
155
156 To sign the DNS queries sent by __dig__ and their
157 responses using transaction signatures (TSIG), specify a
158 TSIG key file using the __-k__ option. You can also
159 specify the TSIG key itself on the command line using the
160 __-y__ option; ''name'' is the name of the TSIG key
161 and ''key'' is the actual key. The key is a base-64
162 encoded string, typically generated by
4 perry 163 dnssec-keygen(8). Caution should be taken when using
1 perry 164 the __-y__ option on multi-user systems as the key can be
165 visible in the output from ps(1) or in the shell's
166 history file. When using TSIG authentication with
167 __dig__, the name server that is queried needs to know
168 the key and algorithm that is being used. In BIND, this is
169 done by providing appropriate __key__ and __server__
170 statements in ''named.conf''.
171 !!QUERY OPTIONS
172
173
174 __dig__ provides a number of query options which affect
175 the way in which lookups are made and the results displayed.
176 Some of these set or reset flag bits in the query header,
177 some determine which sections of the answer get printed, and
178 others determine the timeout and retry
179 strategies.
180
181
182 Each query option is identified by a keyword preceded by a
183 plus sign (+). Some keywords set or reset an option. These
184 may be preceded by the string no to negate the meaning of
185 that keyword. Other keywords assign values to options like
186 the timeout interval. They have the form
187 __+keyword=value__. The query options are:
188
189
190 __+[[no]tcp__
191
192
193 Use [[do not use] TCP when querying name servers. The default
194 behaviour is to use UDP unless an AXFR or IXFR query is
195 requested, in which case a TCP connection is
196 used.
197
198
199 __+[[no]vc__
200
201
202 Use [[do not use] TCP when querying name servers. This
203 alternate syntax to ''+[[no]tcp'' is provided for
204 backwards compatibility. The
205 ''
206
207
208 __+[[no]ignore__
209
210
211 Ignore truncation in UDP responses instead of retrying with
212 TCP. By default, TCP retries are performed.
213
214
215 __+domain=somename__
216
217
218 Set the search list to contain the single domain
219 ''somename'', as if specified in a __domain__
220 directive in ''/etc/resolv.conf'', and enable search list
221 processing as if the ''+search'' option were
222 given.
223
224
225 __+[[no]search__
226
227
228 Use [[do not use] the search list defined by the searchlist
229 or domain directive in ''resolv.conf'' (if any). The
230 search list is not used by default.
231
232
233 __+[[no]defname__
234
235
236 Deprecated, treated as a synonym for
237 ''+[[no]search''
238
239
240 __+[[no]aaonly__
241
242
243 This option does nothing. It is provided for compatibilty
244 with old versions of __dig__ where it set an
245 unimplemented resolver flag.
246
247
248 __+[[no]adflag__
249
250
251 Set [[do not set] the AD (authentic data) bit in the query.
252 The AD bit currently has a standard meaning only in
253 responses, not in queries, but the ability to set the bit in
254 the query is provided for completeness.
255
256
257 __+[[no]cdflag__
258
259
260 Set [[do not set] the CD (checking disabled) bit in the
261 query. This requests the server to not perform DNSSEC
262 validation of responses.
263
264
265 __+[[no]recursive__
266
267
268 Toggle the setting of the RD (recursion desired) bit in the
269 query. This bit is set by default, which means __dig__
270 normally sends recursive queries. Recursion is automatically
271 disabled when the ''+nssearch'' or ''+trace'' query
272 options are used.
273
274
275 __+[[no]nssearch__
276
277
278 When this option is set, __dig__ attempts to find the
279 authoritative name servers for the zone containing the name
280 being looked up and display the SOA record that each name
281 server has for the zone.
282
283
284 __+[[no]trace__
285
286
287 Toggle tracing of the delegation path from the root name
288 servers for the name being looked up. Tracing is disabled by
289 default. When tracing is enabled, __dig__ makes iterative
290 queries to resolve the name being looked up. It will follow
291 referrals from the root servers, showing the answer from
292 each server that was used to resolve the
293 lookup.
294
295
296 __+[[no]cmd__
297
298
299 toggles the printing of the initial comment in the output
300 identifying the version of __dig__ and the query options
301 that have been applied. This comment is printed by
302 default.
303
304
305 __+[[no]short__
306
307
308 Provide a terse answer. The default is to print the answer
309 in a verbose form.
310
311
312 __+[[no]identify__
313
314
315 Show [[or do not show] the IP address and port number that
316 supplied the answer when the ''+short'' option is
317 enabled. If short form answers are requested, the default is
318 not to show the source address and port number of the server
319 that provided the answer.
320
321
322 __+[[no]comments__
323
324
325 Toggle the display of comment lines in the output. The
326 default is to print comments.
327
328
329 __+[[no]stats__
330
331
332 This query option toggles the printing of statistics: when
333 the query was made, the size of the reply and so on. The
334 default behaviour is to print the query
335 statistics.
336
337
338 __+[[no]qr__
339
340
341 Print [[do not print] the query as it is sent. By default,
342 the query is not printed.
343
344
345 __+[[no]question__
346
347
348 Print [[do not print] the question section of a query when an
349 answer is returned. The default is to print the question
350 section as a comment.
351
352
353 __+[[no]answer__
354
355
356 Display [[do not display] the answer section of a reply. The
357 default is to display it.
358
359
360 __+[[no]authority__
361
362
363 Display [[do not display] the authority section of a reply.
364 The default is to display it.
365
366
367 __+[[no]additional__
368
369
370 Display [[do not display] the additional section of a reply.
371 The default is to display it.
372
373
374 __+[[no]all__
375
376
377 Set or clear all display flags.
378
379
380 __+time=T__
381
382
383 Sets the timeout for a query to ''T'' seconds. The
384 default time out is 5 seconds. An attempt to set ''T'' to
385 less than 1 will result in a query timeout of 1 second being
386 applied.
387
388
389 __+tries=A__
390
391
392 Sets the number of times to retry UDP queries to server to
393 ''T'' instead of the default, 3. If ''T'' is less than
394 or equal to zero, the number of retries is silently rounded
395 up to 1.
396
397
398 __+ndots=D__
399
400
401 Set the number of dots that have to appear in ''name'' to
402 ''D'' for it to be considered absolute. The default value
403 is that defined using the ndots statement in
404 ''/etc/resolv.conf'', or 1 if no ndots statement is
405 present. Names with fewer dots are interpreted as relative
406 names and will be searched for in the domains listed in the
407 __search__ or __domain__ directive in
408 ''/etc/resolv.conf''.
409
410
411 __+bufsize=B__
412
413
414 Set the UDP message buffer size advertised using EDNS0 to
415 ''B'' bytes. The maximum and minimum sizes of this buffer
416 are 65535 and 0 respectively. Values outside this range are
417 rounded up or down appropriately.
418
419
420 __+[[no]multiline__
421
422
423 Print records like the SOA records in a verbose multi-line
424 format with human-readable comments. The default is to print
425 each record on a single line, to facilitate machine parsing
426 of the __dig__ output.
427 !!MULTIPLE QUERIES
428
429
430 The BIND 9 implementation of __dig__ supports specifying
431 multiple queries on the command line (in addition to
432 supporting the __-f__ batch file option). Each of those
433 queries can be supplied with its own set of flags, options
434 and query options.
435
436
437 In this case, each ''query'' argument represent an
438 individual query in the command-line syntax described above.
439 Each consists of any of the standard options and flags, the
440 name to be looked up, an optional query type and class and
441 any query options that should be applied to that
442 query.
443
444
445 A global set of query options, which should be applied to
446 all queries, can also be supplied. These global query
447 options must precede the first tuple of name, class, type,
448 options, flags, and query options supplied on the command
449 line. Any global query options (except the __+[[no]cmd__
450 option) can be overridden by a query-specific set of query
451 options. For example:
452
453
454 dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
455 shows how __dig__ could be used from the command line to make three lookups: an ANY query for www.isc.org, a reverse lookup of 127.0.0.1 and a query for the NS records of isc.org. A global query option of ''+qr'' is applied, so that __dig__ shows the initial query it made for each lookup. The final query has a local query option of ''+noqr'' which means that __dig__ will not print the initial query when it looks up the NS records for isc.org.
456 !!FILES
457
458
459 ''/etc/resolv.conf''
460 !!SEE ALSO
461
462
4 perry 463 host(1), named(8), dnssec-keygen(8),
1 perry 464 ''RFC1035''.
465 !!BUGS
466
467
468 There are probably too many query options.
469 ----
This page is a man page (or other imported legacy content). We are unable to automatically determine the license status of this page.