diff options
Diffstat (limited to 'doc/man/dig.1in')
-rw-r--r-- | doc/man/dig.1in | 670 |
1 files changed, 670 insertions, 0 deletions
diff --git a/doc/man/dig.1in b/doc/man/dig.1in new file mode 100644 index 0000000..fd6d6f8 --- /dev/null +++ b/doc/man/dig.1in @@ -0,0 +1,670 @@ +.\" Man page generated from reStructuredText. +. +. +.nr rst2man-indent-level 0 +. +.de1 rstReportMargin +\\$1 \\n[an-margin] +level \\n[rst2man-indent-level] +level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] +- +\\n[rst2man-indent0] +\\n[rst2man-indent1] +\\n[rst2man-indent2] +.. +.de1 INDENT +.\" .rstReportMargin pre: +. RS \\$1 +. nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin] +. nr rst2man-indent-level +1 +.\" .rstReportMargin post: +.. +.de UNINDENT +. RE +.\" indent \\n[an-margin] +.\" old: \\n[rst2man-indent\\n[rst2man-indent-level]] +.nr rst2man-indent-level -1 +.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] +.in \\n[rst2man-indent\\n[rst2man-indent-level]]u +.. +.TH "DIG" "1" "@RELEASE_DATE@" "@BIND9_VERSION@" "BIND 9" +.SH NAME +dig \- DNS lookup utility +.SH SYNOPSIS +.sp +\fBdig\fP [@server] [\fB\-b\fP address] [\fB\-c\fP class] [\fB\-f\fP filename] [\fB\-k\fP filename] [\fB\-m\fP] [\fB\-p\fP port#] [\fB\-q\fP name] [\fB\-t\fP type] [\fB\-v\fP] [\fB\-x\fP addr] [\fB\-y\fP [hmac:]name:key] [ [\fB\-4\fP] | [\fB\-6\fP] ] [name] [type] [class] [queryopt...] +.sp +\fBdig\fP [\fB\-h\fP] +.sp +\fBdig\fP [global\-queryopt...] [query...] +.SH DESCRIPTION +.sp +\fBdig\fP is a flexible tool for interrogating DNS name servers. It +performs DNS lookups and displays the answers that are returned from the +name server(s) that were queried. Most DNS administrators use \fBdig\fP to +troubleshoot DNS problems because of its flexibility, ease of use, and +clarity of output. Other lookup tools tend to have less functionality +than \fBdig\fP\&. +.sp +Although \fBdig\fP is normally used with command\-line arguments, it also +has a batch mode of operation for reading lookup requests from a file. A +brief summary of its command\-line arguments and options is printed when +the \fB\-h\fP option is given. The BIND 9 +implementation of \fBdig\fP allows multiple lookups to be issued from the +command line. +.sp +Unless it is told to query a specific name server, \fBdig\fP tries each +of the servers listed in \fB/etc/resolv.conf\fP\&. If no usable server +addresses are found, \fBdig\fP sends the query to the local host. +.sp +When no command\-line arguments or options are given, \fBdig\fP +performs an NS query for \(dq.\(dq (the root). +.sp +It is possible to set per\-user defaults for \fBdig\fP via +\fB${HOME}/.digrc\fP\&. This file is read and any options in it are applied +before the command\-line arguments. The \fB\-r\fP option disables this +feature, for scripts that need predictable behavior. +.sp +The IN and CH class names overlap with the IN and CH top\-level domain +names. Either use the \fB\-t\fP and \fB\-c\fP options to specify the type and +class, use the \fB\-q\fP to specify the domain name, or use \(dqIN.\(dq and +\(dqCH.\(dq when looking up these top\-level domains. +.SH SIMPLE USAGE +.sp +A typical invocation of \fBdig\fP looks like: +.INDENT 0.0 +.INDENT 3.5 +.sp +.nf +.ft C +dig @server name type +.ft P +.fi +.UNINDENT +.UNINDENT +.sp +where: +.INDENT 0.0 +.TP +.B \fBserver\fP +is the name or IP address of the name server to query. This can be an +IPv4 address in dotted\-decimal notation or an IPv6 address in +colon\-delimited notation. When the supplied \fBserver\fP argument is a +hostname, \fBdig\fP resolves that name before querying that name +server. +.sp +If no \fBserver\fP argument is provided, \fBdig\fP consults +\fB/etc/resolv.conf\fP; if an address is found there, it queries the +name server at that address. If either of the \fB\-4\fP or \fB\-6\fP +options are in use, then only addresses for the corresponding +transport are tried. If no usable addresses are found, \fBdig\fP +sends the query to the local host. The reply from the name server +that responds is displayed. +.TP +.B \fBname\fP +is the name of the resource record that is to be looked up. +.TP +.B \fBtype\fP +indicates what type of query is required \- ANY, A, MX, SIG, etc. +\fBtype\fP can be any valid query type. If no \fBtype\fP argument is +supplied, \fBdig\fP performs a lookup for an A record. +.UNINDENT +.SH OPTIONS +.INDENT 0.0 +.TP +.B \fB\-4\fP +This option indicates that only IPv4 should be used. +.TP +.B \fB\-6\fP +This option indicates that only IPv6 should be used. +.TP +.B \fB\-b address[#port]\fP +This option sets the source IP address of the query. The \fBaddress\fP must be a +valid address on one of the host\(aqs network interfaces, or \(dq0.0.0.0\(dq +or \(dq::\(dq. An optional port may be specified by appending \fB#port\fP\&. +.TP +.B \fB\-c class\fP +This option sets the query class. The default \fBclass\fP is IN; other classes are +HS for Hesiod records or CH for Chaosnet records. +.TP +.B \fB\-f file\fP +This option sets batch mode, in which \fBdig\fP reads a list of lookup requests to process from +the given \fBfile\fP\&. Each line in the file should be organized in the +same way it would be presented as a query to \fBdig\fP using the +command\-line interface. +.TP +.B \fB\-k keyfile\fP +This option tells \fBnamed\fP to sign queries using TSIG using a key read from the given file. Key +files can be generated using \fBtsig\-keygen\fP\&. When using TSIG +authentication with \fBdig\fP, the name server that is queried needs to +know the key and algorithm that is being used. In BIND, this is done +by providing appropriate \fBkey\fP and \fBserver\fP statements in +\fBnamed.conf\fP\&. +.TP +.B \fB\-m\fP +This option enables memory usage debugging. +.TP +.B \fB\-p port\fP +This option sends the query to a non\-standard port on the server, instead of the +default port 53. This option is used to test a name server that +has been configured to listen for queries on a non\-standard port +number. +.TP +.B \fB\-q name\fP +This option specifies the domain name to query. This is useful to distinguish the \fBname\fP +from other arguments. +.TP +.B \fB\-r\fP +This option indicates that options from \fB${HOME}/.digrc\fP should not be read. This is useful for +scripts that need predictable behavior. +.TP +.B \fB\-t type\fP +This option indicates the resource record type to query, which can be any valid query type. If +it is a resource record type supported in BIND 9, it can be given by +the type mnemonic (such as \fBNS\fP or \fBAAAA\fP). The default query type is +\fBA\fP, unless the \fB\-x\fP option is supplied to indicate a reverse +lookup. A zone transfer can be requested by specifying a type of +AXFR. When an incremental zone transfer (IXFR) is required, set the +\fBtype\fP to \fBixfr=N\fP\&. The incremental zone transfer contains +all changes made to the zone since the serial number in the zone\(aqs +SOA record was \fBN\fP\&. +.sp +All resource record types can be expressed as \fBTYPEnn\fP, where \fBnn\fP is +the number of the type. If the resource record type is not supported +in BIND 9, the result is displayed as described in \fI\%RFC 3597\fP\&. +.TP +.B \fB\-u\fP +This option indicates that print query times should be provided in microseconds instead of milliseconds. +.TP +.B \fB\-v\fP +This option prints the version number and exits. +.TP +.B \fB\-x addr\fP +This option sets simplified reverse lookups, for mapping addresses to names. The +\fBaddr\fP is an IPv4 address in dotted\-decimal notation, or a +colon\-delimited IPv6 address. When the \fB\-x\fP option is used, there is no +need to provide the \fBname\fP, \fBclass\fP, and \fBtype\fP arguments. +\fBdig\fP automatically performs a lookup for a name like +\fB94.2.0.192.in\-addr.arpa\fP and sets the query type and class to PTR +and IN respectively. IPv6 addresses are looked up using nibble format +under the IP6.ARPA domain. +.TP +.B \fB\-y [hmac:]keyname:secret\fP +This option signs queries using TSIG with the given authentication key. +\fBkeyname\fP is the name of the key, and \fBsecret\fP is the +base64\-encoded shared secret. \fBhmac\fP is the name of the key algorithm; +valid choices are \fBhmac\-md5\fP, \fBhmac\-sha1\fP, \fBhmac\-sha224\fP, +\fBhmac\-sha256\fP, \fBhmac\-sha384\fP, or \fBhmac\-sha512\fP\&. If \fBhmac\fP is +not specified, the default is \fBhmac\-md5\fP; if MD5 was disabled, the default is +\fBhmac\-sha256\fP\&. +.UNINDENT +.sp +\fBNOTE:\fP +.INDENT 0.0 +.INDENT 3.5 +Only the \fB\-k\fP option should be used, rather than the \fB\-y\fP option, +because with \fB\-y\fP the shared secret is supplied as a command\-line +argument in clear text. This may be visible in the output from \fBps1\fP or +in a history file maintained by the user\(aqs shell. +.UNINDENT +.UNINDENT +.SH QUERY OPTIONS +.sp +\fBdig\fP provides a number of query options which affect the way in which +lookups are made and the results displayed. Some of these set or reset +flag bits in the query header, some determine which sections of the +answer get printed, and others determine the timeout and retry +strategies. +.sp +Each query option is identified by a keyword preceded by a plus sign +(\fB+\fP). Some keywords set or reset an option; these may be preceded by +the string \fBno\fP to negate the meaning of that keyword. Other keywords +assign values to options, like the timeout interval. They have the form +\fB+keyword=value\fP\&. Keywords may be abbreviated, provided the +abbreviation is unambiguous; for example, \fB+cd\fP is equivalent to +\fB+cdflag\fP\&. The query options are: +.INDENT 0.0 +.TP +.B \fB+[no]aaflag\fP +This option is a synonym for \fB+[no]aaonly\fP\&. +.TP +.B \fB+[no]aaonly\fP +This option sets the \fBaa\fP flag in the query. +.TP +.B \fB+[no]additional\fP +This option displays [or does not display] the additional section of a reply. The +default is to display it. +.TP +.B \fB+[no]adflag\fP +This option sets [or does not set] the AD (authentic data) bit in the query. This +requests the server to return whether all of the answer and authority +sections have been validated as secure, according to the security +policy of the server. \fBAD=1\fP indicates that all records have been +validated as secure and the answer is not from a OPT\-OUT range. \fBAD=0\fP +indicates that some part of the answer was insecure or not validated. +This bit is set by default. +.TP +.B \fB+[no]all\fP +This option sets or clears all display flags. +.TP +.B \fB+[no]answer\fP +This option displays [or does not display] the answer section of a reply. The default +is to display it. +.TP +.B \fB+[no]authority\fP +This option displays [or does not display] the authority section of a reply. The +default is to display it. +.TP +.B \fB+[no]badcookie\fP +This option retries the lookup with a new server cookie if a BADCOOKIE response is +received. +.TP +.B \fB+[no]besteffort\fP +This option attempts to display the contents of messages which are malformed. The +default is to not display malformed answers. +.TP +.B \fB+bufsize[=B]\fP +This option sets the UDP message buffer size advertised using EDNS0 +to \fBB\fP bytes. The maximum and minimum sizes of this buffer are +65535 and 0, respectively. \fB+bufsize=0\fP disables EDNS (use +\fB+bufsize=0 +edns\fP to send an EDNS message with an advertised size +of 0 bytes). \fB+bufsize\fP restores the default buffer size. +.TP +.B \fB+[no]cdflag\fP +This option sets [or does not set] the CD (checking disabled) bit in the query. This +requests the server to not perform DNSSEC validation of responses. +.TP +.B \fB+[no]class\fP +This option displays [or does not display] the CLASS when printing the record. +.TP +.B \fB+[no]cmd\fP +This option toggles the printing of the initial comment in the output, identifying the +version of \fBdig\fP and the query options that have been applied. This option +always has a global effect; it cannot be set globally and then overridden on a +per\-lookup basis. The default is to print this comment. +.TP +.B \fB+[no]comments\fP +This option toggles the display of some comment lines in the output, with +information about the packet header and OPT pseudosection, and the names of +the response section. The default is to print these comments. +.sp +Other types of comments in the output are not affected by this option, but +can be controlled using other command\-line switches. These include +\fB+[no]cmd\fP, \fB+[no]question\fP, \fB+[no]stats\fP, and \fB+[no]rrcomments\fP\&. +.TP +.B \fB+[no]cookie=####\fP +This option sends [or does not send] a COOKIE EDNS option, with an optional value. Replaying a COOKIE +from a previous response allows the server to identify a previous +client. The default is \fB+cookie\fP\&. +.sp +\fB+cookie\fP is also set when \fB+trace\fP is set to better emulate the +default queries from a nameserver. +.TP +.B \fB+[no]crypto\fP +This option toggles the display of cryptographic fields in DNSSEC records. The +contents of these fields are unnecessary for debugging most DNSSEC +validation failures and removing them makes it easier to see the +common failures. The default is to display the fields. When omitted, +they are replaced by the string \fB[omitted]\fP or, in the DNSKEY case, the +key ID is displayed as the replacement, e.g. \fB[ key id = value ]\fP\&. +.TP +.B \fB+[no]defname\fP +This option, which is deprecated, is treated as a synonym for \fB+[no]search\fP\&. +.TP +.B \fB+[no]dnssec\fP +This option requests that DNSSEC records be sent by setting the DNSSEC OK (DO) bit in +the OPT record in the additional section of the query. +.TP +.B \fB+domain=somename\fP +This option sets the search list to contain the single domain \fBsomename\fP, as if +specified in a \fBdomain\fP directive in \fB/etc/resolv.conf\fP, and +enables search list processing as if the \fB+search\fP option were +given. +.TP +.B \fB+dscp=value\fP +This option sets the DSCP code point to be used when sending the query. Valid DSCP +code points are in the range [0...63]. By default no code point is +explicitly set. +.TP +.B \fB+[no]edns[=#]\fP +This option specifies the EDNS version to query with. Valid values are 0 to 255. +Setting the EDNS version causes an EDNS query to be sent. +\fB+noedns\fP clears the remembered EDNS version. EDNS is set to 0 by +default. +.TP +.B \fB+[no]ednsflags[=#]\fP +This option sets the must\-be\-zero EDNS flags bits (Z bits) to the specified value. +Decimal, hex, and octal encodings are accepted. Setting a named flag +(e.g., DO) is silently ignored. By default, no Z bits are set. +.TP +.B \fB+[no]ednsnegotiation\fP +This option enables/disables EDNS version negotiation. By default, EDNS version +negotiation is enabled. +.TP +.B \fB+[no]ednsopt[=code[:value]]\fP +This option specifies the EDNS option with code point \fBcode\fP and an optional payload +of \fBvalue\fP as a hexadecimal string. \fBcode\fP can be either an EDNS +option name (for example, \fBNSID\fP or \fBECS\fP) or an arbitrary +numeric value. \fB+noednsopt\fP clears the EDNS options to be sent. +.TP +.B \fB+[no]expire\fP +This option sends an EDNS Expire option. +.TP +.B \fB+[no]fail\fP +This option indicates that \fBnamed\fP should try [or not try] the next server if a SERVFAIL is received. The default is +to not try the next server, which is the reverse of normal stub +resolver behavior. +.TP +.B \fB+[no]header\-only\fP +This option sends a query with a DNS header without a question section. The +default is to add a question section. The query type and query name +are ignored when this is set. +.TP +.B \fB+[no]identify\fP +This option shows [or does not show] the IP address and port number that supplied +the answer, when the \fB+short\fP option is enabled. If short form +answers are requested, the default is not to show the source address +and port number of the server that provided the answer. +.TP +.B \fB+[no]idnin\fP +This option processes [or does not process] IDN domain names on input. This requires +\fBIDN SUPPORT\fP to have been enabled at compile time. +.sp +The default is to process IDN input when standard output is a tty. +The IDN processing on input is disabled when \fBdig\fP output is redirected +to files, pipes, and other non\-tty file descriptors. +.TP +.B \fB+[no]idnout\fP +This option converts [or does not convert] puny code on output. This requires +\fBIDN SUPPORT\fP to have been enabled at compile time. +.sp +The default is to process puny code on output when standard output is +a tty. The puny code processing on output is disabled when \fBdig\fP output +is redirected to files, pipes, and other non\-tty file descriptors. +.TP +.B \fB+[no]ignore\fP +This option ignores [or does not ignore] truncation in UDP responses instead of retrying with TCP. By +default, TCP retries are performed. +.TP +.B \fB+[no]keepalive\fP +This option sends [or does not send] an EDNS Keepalive option. +.TP +.B \fB+[no]keepopen\fP +This option keeps [or does not keep] the TCP socket open between queries, and reuses it rather than +creating a new TCP socket for each lookup. The default is +\fB+nokeepopen\fP\&. +.TP +.B \fB+[no]mapped\fP +This option allows [or does not allow] mapped IPv4\-over\-IPv6 addresses to be used. The default is +\fB+mapped\fP\&. +.TP +.B \fB+[no]multiline\fP +This option prints [or does not print] records, like the SOA records, in a verbose multi\-line format +with human\-readable comments. The default is to print each record on +a single line to facilitate machine parsing of the \fBdig\fP output. +.TP +.B \fB+ndots=D\fP +This option sets the number of dots (\fBD\fP) that must appear in \fBname\fP for +it to be considered absolute. The default value is that defined using +the \fBndots\fP statement in \fB/etc/resolv.conf\fP, or 1 if no \fBndots\fP +statement is present. Names with fewer dots are interpreted as +relative names, and are searched for in the domains listed in the +\fBsearch\fP or \fBdomain\fP directive in \fB/etc/resolv.conf\fP if +\fB+search\fP is set. +.TP +.B \fB+[no]nsid\fP +When enabled, this option includes an EDNS name server ID request when sending a query. +.TP +.B \fB+[no]nssearch\fP +When this option is set, \fBdig\fP attempts to find the authoritative +name servers for the zone containing the name being looked up, and +display the SOA record that each name server has for the zone. +Addresses of servers that did not respond are also printed. +.TP +.B \fB+[no]onesoa\fP +When enabled, this option prints only one (starting) SOA record when performing an AXFR. The +default is to print both the starting and ending SOA records. +.TP +.B \fB+[no]opcode=value\fP +When enabled, this option sets (restores) the DNS message opcode to the specified value. The +default value is QUERY (0). +.TP +.B \fB+padding=value\fP +This option pads the size of the query packet using the EDNS Padding option to +blocks of \fBvalue\fP bytes. For example, \fB+padding=32\fP causes a +48\-byte query to be padded to 64 bytes. The default block size is 0, +which disables padding; the maximum is 512. Values are ordinarily +expected to be powers of two, such as 128; however, this is not +mandatory. Responses to padded queries may also be padded, but only +if the query uses TCP or DNS COOKIE. +.TP +.B \fB+[no]qr\fP +This option toggles the display of the query message as it is sent. By default, the query +is not printed. +.TP +.B \fB+[no]question\fP +This option toggles the display of the question section of a query when an answer is +returned. The default is to print the question section as a comment. +.TP +.B \fB+[no]raflag\fP +This option sets [or does not set] the RA (Recursion Available) bit in the query. The +default is \fB+noraflag\fP\&. This bit is ignored by the server for +QUERY. +.TP +.B \fB+[no]rdflag\fP +This option is a synonym for \fB+[no]recurse\fP\&. +.TP +.B \fB+[no]recurse\fP +This option toggles the setting of the RD (recursion desired) bit in the query. +This bit is set by default, which means \fBdig\fP normally sends +recursive queries. Recursion is automatically disabled when the +\fB+nssearch\fP or \fB+trace\fP query option is used. +.TP +.B \fB+retry=T\fP +This option sets the number of times to retry UDP and TCP queries to server to \fBT\fP +instead of the default, 2. Unlike \fB+tries\fP, this does not include +the initial query. +.TP +.B \fB+[no]rrcomments\fP +This option toggles the display of per\-record comments in the output (for example, +human\-readable key information about DNSKEY records). The default is +not to print record comments unless multiline mode is active. +.TP +.B \fB+[no]search\fP +This option uses [or does not use] the search list defined by the searchlist or domain +directive in \fBresolv.conf\fP, if any. The search list is not used by +default. +.sp +\fBndots\fP from \fBresolv.conf\fP (default 1), which may be overridden by +\fB+ndots\fP, determines whether the name is treated as relative +and hence whether a search is eventually performed. +.TP +.B \fB+[no]short\fP +This option toggles whether a terse answer is provided. The default is to print the answer in a verbose +form. This option always has a global effect; it cannot be set globally and +then overridden on a per\-lookup basis. +.TP +.B \fB+[no]showsearch\fP +This option performs [or does not perform] a search showing intermediate results. +.TP +.B \fB+[no]sigchase\fP +This feature is now obsolete and has been removed; use \fBdelv\fP +instead. +.TP +.B \fB+split=W\fP +This option splits long hex\- or base64\-formatted fields in resource records into +chunks of \fBW\fP characters (where \fBW\fP is rounded up to the nearest +multiple of 4). \fB+nosplit\fP or \fB+split=0\fP causes fields not to be +split at all. The default is 56 characters, or 44 characters when +multiline mode is active. +.TP +.B \fB+[no]stats\fP +This option toggles the printing of statistics: when the query was made, the size of the +reply, etc. The default behavior is to print the query statistics as a +comment after each lookup. +.TP +.B \fB+[no]subnet=addr[/prefix\-length]\fP +This option sends [or does not send] an EDNS CLIENT\-SUBNET option with the specified IP +address or network prefix. +.sp +\fBdig +subnet=0.0.0.0/0\fP, or simply \fBdig +subnet=0\fP for short, +sends an EDNS CLIENT\-SUBNET option with an empty address and a source +prefix\-length of zero, which signals a resolver that the client\(aqs +address information must \fInot\fP be used when resolving this query. +.TP +.B \fB+[no]tcflag\fP +This option sets [or does not set] the TC (TrunCation) bit in the query. The default is +\fB+notcflag\fP\&. This bit is ignored by the server for QUERY. +.TP +.B \fB+[no]tcp\fP +This option uses [or does not use] TCP when querying name servers. +The default behavior is to use UDP unless a type \fBany\fP or +\fBixfr=N\fP query is requested, in which case the default is TCP. +AXFR queries always use TCP. To prevent retry over TCP when TC=1 +is returned from a UDP query, use \fB+ignore\fP\&. +.TP +.B \fB+timeout=T\fP +This option sets the timeout for a query to \fBT\fP seconds. The default timeout is +5 seconds. An attempt to set \fBT\fP to less than 1 is silently set to 1. +.TP +.B \fB+[no]topdown\fP +This feature is related to \fBdig +sigchase\fP, which is obsolete and +has been removed. Use \fBdelv\fP instead. +.TP +.B \fB+[no]trace\fP +This option toggles tracing of the delegation path from the root name servers for +the name being looked up. Tracing is disabled by default. When +tracing is enabled, \fBdig\fP makes iterative queries to resolve the +name being looked up. It follows referrals from the root servers, +showing the answer from each server that was used to resolve the +lookup. +.sp +If \fB@server\fP is also specified, it affects only the initial query for +the root zone name servers. +.sp +\fB+dnssec\fP is also set when \fB+trace\fP is set, to better emulate the +default queries from a name server. +.TP +.B \fB+tries=T\fP +This option sets the number of times to try UDP and TCP queries to server to \fBT\fP +instead of the default, 3. If \fBT\fP is less than or equal to zero, +the number of tries is silently rounded up to 1. +.TP +.B \fB+trusted\-key=####\fP +This option formerly specified trusted keys for use with \fBdig +sigchase\fP\&. This +feature is now obsolete and has been removed; use \fBdelv\fP instead. +.TP +.B \fB+[no]ttlid\fP +This option displays [or does not display] the TTL when printing the record. +.TP +.B \fB+[no]ttlunits\fP +This option displays [or does not display] the TTL in friendly human\-readable time +units of \fBs\fP, \fBm\fP, \fBh\fP, \fBd\fP, and \fBw\fP, representing seconds, minutes, +hours, days, and weeks. This implies \fB+ttlid\fP\&. +.TP +.B \fB+[no]unexpected\fP +This option accepts [or does not accept] answers from unexpected sources. By default, \fBdig\fP +will not accept a reply from a source other than the one to which it sent the +query. +.TP +.B \fB+[no]unknownformat\fP +This option prints all RDATA in unknown RR type presentation format (\fI\%RFC 3597\fP). +The default is to print RDATA for known types in the type\(aqs +presentation format. +.TP +.B \fB+[no]vc\fP +This option uses [or does not use] TCP when querying name servers. This alternate +syntax to \fB+[no]tcp\fP is provided for backwards compatibility. The +\fBvc\fP stands for \(dqvirtual circuit.\(dq +.TP +.B \fB+[no]yaml\fP +When enabled, this option prints the responses (and, if \fB+qr\fP is in use, also the +outgoing queries) in a detailed YAML format. +.TP +.B \fB+[no]zflag\fP +This option sets [or does not set] the last unassigned DNS header flag in a DNS query. +This flag is off by default. +.UNINDENT +.SH MULTIPLE QUERIES +.sp +The BIND 9 implementation of \fBdig\fP supports specifying multiple +queries on the command line (in addition to supporting the \fB\-f\fP batch +file option). Each of those queries can be supplied with its own set of +flags, options, and query options. +.sp +In this case, each \fBquery\fP argument represents an individual query in +the command\-line syntax described above. Each consists of any of the +standard options and flags, the name to be looked up, an optional query +type and class, and any query options that should be applied to that +query. +.sp +A global set of query options, which should be applied to all queries, +can also be supplied. These global query options must precede the first +tuple of name, class, type, options, flags, and query options supplied +on the command line. Any global query options (except \fB+[no]cmd\fP and +\fB+[no]short\fP options) can be overridden by a query\-specific set of +query options. For example: +.INDENT 0.0 +.INDENT 3.5 +.sp +.nf +.ft C +dig +qr www.isc.org any \-x 127.0.0.1 isc.org ns +noqr +.ft P +.fi +.UNINDENT +.UNINDENT +.sp +shows how \fBdig\fP can be used from the command line to make three +lookups: an ANY query for \fBwww.isc.org\fP, a reverse lookup of 127.0.0.1, +and a query for the NS records of \fBisc.org\fP\&. A global query option of +\fB+qr\fP is applied, so that \fBdig\fP shows the initial query it made for +each lookup. The final query has a local query option of \fB+noqr\fP which +means that \fBdig\fP does not print the initial query when it looks up the +NS records for \fBisc.org\fP\&. +.SH IDN SUPPORT +.sp +If \fBdig\fP has been built with IDN (internationalized domain name) +support, it can accept and display non\-ASCII domain names. \fBdig\fP +appropriately converts character encoding of a domain name before sending +a request to a DNS server or displaying a reply from the server. +To turn off IDN support, use the parameters +\fB+noidnin\fP and \fB+noidnout\fP, or define the \fBIDN_DISABLE\fP environment +variable. +.SH RETURN CODES +.sp +\fBdig\fP return codes are: +.INDENT 0.0 +.TP +.B \fB0\fP +DNS response received, including NXDOMAIN status +.TP +.B \fB1\fP +Usage error +.TP +.B \fB8\fP +Couldn\(aqt open batch file +.TP +.B \fB9\fP +No reply from server +.TP +.B \fB10\fP +Internal error +.UNINDENT +.SH FILES +.sp +\fB/etc/resolv.conf\fP +.sp +\fB${HOME}/.digrc\fP +.SH SEE ALSO +.sp +\fBdelv(1)\fP, \fBhost(1)\fP, \fBnamed(8)\fP, \fBdnssec\-keygen(8)\fP, \fI\%RFC 1035\fP\&. +.SH BUGS +.sp +There are probably too many query options. +.SH AUTHOR +Internet Systems Consortium +.SH COPYRIGHT +2023, Internet Systems Consortium +.\" Generated by docutils manpage writer. +. |