summaryrefslogtreecommitdiffstats
path: root/doc/man/dig.1in
diff options
context:
space:
mode:
Diffstat (limited to 'doc/man/dig.1in')
-rw-r--r--doc/man/dig.1in670
1 files changed, 670 insertions, 0 deletions
diff --git a/doc/man/dig.1in b/doc/man/dig.1in
new file mode 100644
index 0000000..fd6d6f8
--- /dev/null
+++ b/doc/man/dig.1in
@@ -0,0 +1,670 @@
+.\" Man page generated from reStructuredText.
+.
+.
+.nr rst2man-indent-level 0
+.
+.de1 rstReportMargin
+\\$1 \\n[an-margin]
+level \\n[rst2man-indent-level]
+level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
+-
+\\n[rst2man-indent0]
+\\n[rst2man-indent1]
+\\n[rst2man-indent2]
+..
+.de1 INDENT
+.\" .rstReportMargin pre:
+. RS \\$1
+. nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin]
+. nr rst2man-indent-level +1
+.\" .rstReportMargin post:
+..
+.de UNINDENT
+. RE
+.\" indent \\n[an-margin]
+.\" old: \\n[rst2man-indent\\n[rst2man-indent-level]]
+.nr rst2man-indent-level -1
+.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
+.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
+..
+.TH "DIG" "1" "@RELEASE_DATE@" "@BIND9_VERSION@" "BIND 9"
+.SH NAME
+dig \- DNS lookup utility
+.SH SYNOPSIS
+.sp
+\fBdig\fP [@server] [\fB\-b\fP address] [\fB\-c\fP class] [\fB\-f\fP filename] [\fB\-k\fP filename] [\fB\-m\fP] [\fB\-p\fP port#] [\fB\-q\fP name] [\fB\-t\fP type] [\fB\-v\fP] [\fB\-x\fP addr] [\fB\-y\fP [hmac:]name:key] [ [\fB\-4\fP] | [\fB\-6\fP] ] [name] [type] [class] [queryopt...]
+.sp
+\fBdig\fP [\fB\-h\fP]
+.sp
+\fBdig\fP [global\-queryopt...] [query...]
+.SH DESCRIPTION
+.sp
+\fBdig\fP is a flexible tool for interrogating DNS name servers. It
+performs DNS lookups and displays the answers that are returned from the
+name server(s) that were queried. Most DNS administrators use \fBdig\fP to
+troubleshoot DNS problems because of its flexibility, ease of use, and
+clarity of output. Other lookup tools tend to have less functionality
+than \fBdig\fP\&.
+.sp
+Although \fBdig\fP is normally used with command\-line arguments, it also
+has a batch mode of operation for reading lookup requests from a file. A
+brief summary of its command\-line arguments and options is printed when
+the \fB\-h\fP option is given. The BIND 9
+implementation of \fBdig\fP allows multiple lookups to be issued from the
+command line.
+.sp
+Unless it is told to query a specific name server, \fBdig\fP tries each
+of the servers listed in \fB/etc/resolv.conf\fP\&. If no usable server
+addresses are found, \fBdig\fP sends the query to the local host.
+.sp
+When no command\-line arguments or options are given, \fBdig\fP
+performs an NS query for \(dq.\(dq (the root).
+.sp
+It is possible to set per\-user defaults for \fBdig\fP via
+\fB${HOME}/.digrc\fP\&. This file is read and any options in it are applied
+before the command\-line arguments. The \fB\-r\fP option disables this
+feature, for scripts that need predictable behavior.
+.sp
+The IN and CH class names overlap with the IN and CH top\-level domain
+names. Either use the \fB\-t\fP and \fB\-c\fP options to specify the type and
+class, use the \fB\-q\fP to specify the domain name, or use \(dqIN.\(dq and
+\(dqCH.\(dq when looking up these top\-level domains.
+.SH SIMPLE USAGE
+.sp
+A typical invocation of \fBdig\fP looks like:
+.INDENT 0.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+dig @server name type
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.sp
+where:
+.INDENT 0.0
+.TP
+.B \fBserver\fP
+is the name or IP address of the name server to query. This can be an
+IPv4 address in dotted\-decimal notation or an IPv6 address in
+colon\-delimited notation. When the supplied \fBserver\fP argument is a
+hostname, \fBdig\fP resolves that name before querying that name
+server.
+.sp
+If no \fBserver\fP argument is provided, \fBdig\fP consults
+\fB/etc/resolv.conf\fP; if an address is found there, it queries the
+name server at that address. If either of the \fB\-4\fP or \fB\-6\fP
+options are in use, then only addresses for the corresponding
+transport are tried. If no usable addresses are found, \fBdig\fP
+sends the query to the local host. The reply from the name server
+that responds is displayed.
+.TP
+.B \fBname\fP
+is the name of the resource record that is to be looked up.
+.TP
+.B \fBtype\fP
+indicates what type of query is required \- ANY, A, MX, SIG, etc.
+\fBtype\fP can be any valid query type. If no \fBtype\fP argument is
+supplied, \fBdig\fP performs a lookup for an A record.
+.UNINDENT
+.SH OPTIONS
+.INDENT 0.0
+.TP
+.B \fB\-4\fP
+This option indicates that only IPv4 should be used.
+.TP
+.B \fB\-6\fP
+This option indicates that only IPv6 should be used.
+.TP
+.B \fB\-b address[#port]\fP
+This option sets the source IP address of the query. The \fBaddress\fP must be a
+valid address on one of the host\(aqs network interfaces, or \(dq0.0.0.0\(dq
+or \(dq::\(dq. An optional port may be specified by appending \fB#port\fP\&.
+.TP
+.B \fB\-c class\fP
+This option sets the query class. The default \fBclass\fP is IN; other classes are
+HS for Hesiod records or CH for Chaosnet records.
+.TP
+.B \fB\-f file\fP
+This option sets batch mode, in which \fBdig\fP reads a list of lookup requests to process from
+the given \fBfile\fP\&. Each line in the file should be organized in the
+same way it would be presented as a query to \fBdig\fP using the
+command\-line interface.
+.TP
+.B \fB\-k keyfile\fP
+This option tells \fBnamed\fP to sign queries using TSIG using a key read from the given file. Key
+files can be generated using \fBtsig\-keygen\fP\&. When using TSIG
+authentication with \fBdig\fP, the name server that is queried needs to
+know the key and algorithm that is being used. In BIND, this is done
+by providing appropriate \fBkey\fP and \fBserver\fP statements in
+\fBnamed.conf\fP\&.
+.TP
+.B \fB\-m\fP
+This option enables memory usage debugging.
+.TP
+.B \fB\-p port\fP
+This option sends the query to a non\-standard port on the server, instead of the
+default port 53. This option is used to test a name server that
+has been configured to listen for queries on a non\-standard port
+number.
+.TP
+.B \fB\-q name\fP
+This option specifies the domain name to query. This is useful to distinguish the \fBname\fP
+from other arguments.
+.TP
+.B \fB\-r\fP
+This option indicates that options from \fB${HOME}/.digrc\fP should not be read. This is useful for
+scripts that need predictable behavior.
+.TP
+.B \fB\-t type\fP
+This option indicates the resource record type to query, which can be any valid query type. If
+it is a resource record type supported in BIND 9, it can be given by
+the type mnemonic (such as \fBNS\fP or \fBAAAA\fP). The default query type is
+\fBA\fP, unless the \fB\-x\fP option is supplied to indicate a reverse
+lookup. A zone transfer can be requested by specifying a type of
+AXFR. When an incremental zone transfer (IXFR) is required, set the
+\fBtype\fP to \fBixfr=N\fP\&. The incremental zone transfer contains
+all changes made to the zone since the serial number in the zone\(aqs
+SOA record was \fBN\fP\&.
+.sp
+All resource record types can be expressed as \fBTYPEnn\fP, where \fBnn\fP is
+the number of the type. If the resource record type is not supported
+in BIND 9, the result is displayed as described in \fI\%RFC 3597\fP\&.
+.TP
+.B \fB\-u\fP
+This option indicates that print query times should be provided in microseconds instead of milliseconds.
+.TP
+.B \fB\-v\fP
+This option prints the version number and exits.
+.TP
+.B \fB\-x addr\fP
+This option sets simplified reverse lookups, for mapping addresses to names. The
+\fBaddr\fP is an IPv4 address in dotted\-decimal notation, or a
+colon\-delimited IPv6 address. When the \fB\-x\fP option is used, there is no
+need to provide the \fBname\fP, \fBclass\fP, and \fBtype\fP arguments.
+\fBdig\fP automatically performs a lookup for a name like
+\fB94.2.0.192.in\-addr.arpa\fP and sets the query type and class to PTR
+and IN respectively. IPv6 addresses are looked up using nibble format
+under the IP6.ARPA domain.
+.TP
+.B \fB\-y [hmac:]keyname:secret\fP
+This option signs queries using TSIG with the given authentication key.
+\fBkeyname\fP is the name of the key, and \fBsecret\fP is the
+base64\-encoded shared secret. \fBhmac\fP is the name of the key algorithm;
+valid choices are \fBhmac\-md5\fP, \fBhmac\-sha1\fP, \fBhmac\-sha224\fP,
+\fBhmac\-sha256\fP, \fBhmac\-sha384\fP, or \fBhmac\-sha512\fP\&. If \fBhmac\fP is
+not specified, the default is \fBhmac\-md5\fP; if MD5 was disabled, the default is
+\fBhmac\-sha256\fP\&.
+.UNINDENT
+.sp
+\fBNOTE:\fP
+.INDENT 0.0
+.INDENT 3.5
+Only the \fB\-k\fP option should be used, rather than the \fB\-y\fP option,
+because with \fB\-y\fP the shared secret is supplied as a command\-line
+argument in clear text. This may be visible in the output from \fBps1\fP or
+in a history file maintained by the user\(aqs shell.
+.UNINDENT
+.UNINDENT
+.SH QUERY OPTIONS
+.sp
+\fBdig\fP provides a number of query options which affect the way in which
+lookups are made and the results displayed. Some of these set or reset
+flag bits in the query header, some determine which sections of the
+answer get printed, and others determine the timeout and retry
+strategies.
+.sp
+Each query option is identified by a keyword preceded by a plus sign
+(\fB+\fP). Some keywords set or reset an option; these may be preceded by
+the string \fBno\fP to negate the meaning of that keyword. Other keywords
+assign values to options, like the timeout interval. They have the form
+\fB+keyword=value\fP\&. Keywords may be abbreviated, provided the
+abbreviation is unambiguous; for example, \fB+cd\fP is equivalent to
+\fB+cdflag\fP\&. The query options are:
+.INDENT 0.0
+.TP
+.B \fB+[no]aaflag\fP
+This option is a synonym for \fB+[no]aaonly\fP\&.
+.TP
+.B \fB+[no]aaonly\fP
+This option sets the \fBaa\fP flag in the query.
+.TP
+.B \fB+[no]additional\fP
+This option displays [or does not display] the additional section of a reply. The
+default is to display it.
+.TP
+.B \fB+[no]adflag\fP
+This option sets [or does not set] the AD (authentic data) bit in the query. This
+requests the server to return whether all of the answer and authority
+sections have been validated as secure, according to the security
+policy of the server. \fBAD=1\fP indicates that all records have been
+validated as secure and the answer is not from a OPT\-OUT range. \fBAD=0\fP
+indicates that some part of the answer was insecure or not validated.
+This bit is set by default.
+.TP
+.B \fB+[no]all\fP
+This option sets or clears all display flags.
+.TP
+.B \fB+[no]answer\fP
+This option displays [or does not display] the answer section of a reply. The default
+is to display it.
+.TP
+.B \fB+[no]authority\fP
+This option displays [or does not display] the authority section of a reply. The
+default is to display it.
+.TP
+.B \fB+[no]badcookie\fP
+This option retries the lookup with a new server cookie if a BADCOOKIE response is
+received.
+.TP
+.B \fB+[no]besteffort\fP
+This option attempts to display the contents of messages which are malformed. The
+default is to not display malformed answers.
+.TP
+.B \fB+bufsize[=B]\fP
+This option sets the UDP message buffer size advertised using EDNS0
+to \fBB\fP bytes. The maximum and minimum sizes of this buffer are
+65535 and 0, respectively. \fB+bufsize=0\fP disables EDNS (use
+\fB+bufsize=0 +edns\fP to send an EDNS message with an advertised size
+of 0 bytes). \fB+bufsize\fP restores the default buffer size.
+.TP
+.B \fB+[no]cdflag\fP
+This option sets [or does not set] the CD (checking disabled) bit in the query. This
+requests the server to not perform DNSSEC validation of responses.
+.TP
+.B \fB+[no]class\fP
+This option displays [or does not display] the CLASS when printing the record.
+.TP
+.B \fB+[no]cmd\fP
+This option toggles the printing of the initial comment in the output, identifying the
+version of \fBdig\fP and the query options that have been applied. This option
+always has a global effect; it cannot be set globally and then overridden on a
+per\-lookup basis. The default is to print this comment.
+.TP
+.B \fB+[no]comments\fP
+This option toggles the display of some comment lines in the output, with
+information about the packet header and OPT pseudosection, and the names of
+the response section. The default is to print these comments.
+.sp
+Other types of comments in the output are not affected by this option, but
+can be controlled using other command\-line switches. These include
+\fB+[no]cmd\fP, \fB+[no]question\fP, \fB+[no]stats\fP, and \fB+[no]rrcomments\fP\&.
+.TP
+.B \fB+[no]cookie=####\fP
+This option sends [or does not send] a COOKIE EDNS option, with an optional value. Replaying a COOKIE
+from a previous response allows the server to identify a previous
+client. The default is \fB+cookie\fP\&.
+.sp
+\fB+cookie\fP is also set when \fB+trace\fP is set to better emulate the
+default queries from a nameserver.
+.TP
+.B \fB+[no]crypto\fP
+This option toggles the display of cryptographic fields in DNSSEC records. The
+contents of these fields are unnecessary for debugging most DNSSEC
+validation failures and removing them makes it easier to see the
+common failures. The default is to display the fields. When omitted,
+they are replaced by the string \fB[omitted]\fP or, in the DNSKEY case, the
+key ID is displayed as the replacement, e.g. \fB[ key id = value ]\fP\&.
+.TP
+.B \fB+[no]defname\fP
+This option, which is deprecated, is treated as a synonym for \fB+[no]search\fP\&.
+.TP
+.B \fB+[no]dnssec\fP
+This option requests that DNSSEC records be sent by setting the DNSSEC OK (DO) bit in
+the OPT record in the additional section of the query.
+.TP
+.B \fB+domain=somename\fP
+This option sets the search list to contain the single domain \fBsomename\fP, as if
+specified in a \fBdomain\fP directive in \fB/etc/resolv.conf\fP, and
+enables search list processing as if the \fB+search\fP option were
+given.
+.TP
+.B \fB+dscp=value\fP
+This option sets the DSCP code point to be used when sending the query. Valid DSCP
+code points are in the range [0...63]. By default no code point is
+explicitly set.
+.TP
+.B \fB+[no]edns[=#]\fP
+This option specifies the EDNS version to query with. Valid values are 0 to 255.
+Setting the EDNS version causes an EDNS query to be sent.
+\fB+noedns\fP clears the remembered EDNS version. EDNS is set to 0 by
+default.
+.TP
+.B \fB+[no]ednsflags[=#]\fP
+This option sets the must\-be\-zero EDNS flags bits (Z bits) to the specified value.
+Decimal, hex, and octal encodings are accepted. Setting a named flag
+(e.g., DO) is silently ignored. By default, no Z bits are set.
+.TP
+.B \fB+[no]ednsnegotiation\fP
+This option enables/disables EDNS version negotiation. By default, EDNS version
+negotiation is enabled.
+.TP
+.B \fB+[no]ednsopt[=code[:value]]\fP
+This option specifies the EDNS option with code point \fBcode\fP and an optional payload
+of \fBvalue\fP as a hexadecimal string. \fBcode\fP can be either an EDNS
+option name (for example, \fBNSID\fP or \fBECS\fP) or an arbitrary
+numeric value. \fB+noednsopt\fP clears the EDNS options to be sent.
+.TP
+.B \fB+[no]expire\fP
+This option sends an EDNS Expire option.
+.TP
+.B \fB+[no]fail\fP
+This option indicates that \fBnamed\fP should try [or not try] the next server if a SERVFAIL is received. The default is
+to not try the next server, which is the reverse of normal stub
+resolver behavior.
+.TP
+.B \fB+[no]header\-only\fP
+This option sends a query with a DNS header without a question section. The
+default is to add a question section. The query type and query name
+are ignored when this is set.
+.TP
+.B \fB+[no]identify\fP
+This option shows [or does not show] the IP address and port number that supplied
+the answer, when the \fB+short\fP option is enabled. If short form
+answers are requested, the default is not to show the source address
+and port number of the server that provided the answer.
+.TP
+.B \fB+[no]idnin\fP
+This option processes [or does not process] IDN domain names on input. This requires
+\fBIDN SUPPORT\fP to have been enabled at compile time.
+.sp
+The default is to process IDN input when standard output is a tty.
+The IDN processing on input is disabled when \fBdig\fP output is redirected
+to files, pipes, and other non\-tty file descriptors.
+.TP
+.B \fB+[no]idnout\fP
+This option converts [or does not convert] puny code on output. This requires
+\fBIDN SUPPORT\fP to have been enabled at compile time.
+.sp
+The default is to process puny code on output when standard output is
+a tty. The puny code processing on output is disabled when \fBdig\fP output
+is redirected to files, pipes, and other non\-tty file descriptors.
+.TP
+.B \fB+[no]ignore\fP
+This option ignores [or does not ignore] truncation in UDP responses instead of retrying with TCP. By
+default, TCP retries are performed.
+.TP
+.B \fB+[no]keepalive\fP
+This option sends [or does not send] an EDNS Keepalive option.
+.TP
+.B \fB+[no]keepopen\fP
+This option keeps [or does not keep] the TCP socket open between queries, and reuses it rather than
+creating a new TCP socket for each lookup. The default is
+\fB+nokeepopen\fP\&.
+.TP
+.B \fB+[no]mapped\fP
+This option allows [or does not allow] mapped IPv4\-over\-IPv6 addresses to be used. The default is
+\fB+mapped\fP\&.
+.TP
+.B \fB+[no]multiline\fP
+This option prints [or does not print] records, like the SOA records, in a verbose multi\-line format
+with human\-readable comments. The default is to print each record on
+a single line to facilitate machine parsing of the \fBdig\fP output.
+.TP
+.B \fB+ndots=D\fP
+This option sets the number of dots (\fBD\fP) that must appear in \fBname\fP for
+it to be considered absolute. The default value is that defined using
+the \fBndots\fP statement in \fB/etc/resolv.conf\fP, or 1 if no \fBndots\fP
+statement is present. Names with fewer dots are interpreted as
+relative names, and are searched for in the domains listed in the
+\fBsearch\fP or \fBdomain\fP directive in \fB/etc/resolv.conf\fP if
+\fB+search\fP is set.
+.TP
+.B \fB+[no]nsid\fP
+When enabled, this option includes an EDNS name server ID request when sending a query.
+.TP
+.B \fB+[no]nssearch\fP
+When this option is set, \fBdig\fP attempts to find the authoritative
+name servers for the zone containing the name being looked up, and
+display the SOA record that each name server has for the zone.
+Addresses of servers that did not respond are also printed.
+.TP
+.B \fB+[no]onesoa\fP
+When enabled, this option prints only one (starting) SOA record when performing an AXFR. The
+default is to print both the starting and ending SOA records.
+.TP
+.B \fB+[no]opcode=value\fP
+When enabled, this option sets (restores) the DNS message opcode to the specified value. The
+default value is QUERY (0).
+.TP
+.B \fB+padding=value\fP
+This option pads the size of the query packet using the EDNS Padding option to
+blocks of \fBvalue\fP bytes. For example, \fB+padding=32\fP causes a
+48\-byte query to be padded to 64 bytes. The default block size is 0,
+which disables padding; the maximum is 512. Values are ordinarily
+expected to be powers of two, such as 128; however, this is not
+mandatory. Responses to padded queries may also be padded, but only
+if the query uses TCP or DNS COOKIE.
+.TP
+.B \fB+[no]qr\fP
+This option toggles the display of the query message as it is sent. By default, the query
+is not printed.
+.TP
+.B \fB+[no]question\fP
+This option toggles the display of the question section of a query when an answer is
+returned. The default is to print the question section as a comment.
+.TP
+.B \fB+[no]raflag\fP
+This option sets [or does not set] the RA (Recursion Available) bit in the query. The
+default is \fB+noraflag\fP\&. This bit is ignored by the server for
+QUERY.
+.TP
+.B \fB+[no]rdflag\fP
+This option is a synonym for \fB+[no]recurse\fP\&.
+.TP
+.B \fB+[no]recurse\fP
+This option toggles the setting of the RD (recursion desired) bit in the query.
+This bit is set by default, which means \fBdig\fP normally sends
+recursive queries. Recursion is automatically disabled when the
+\fB+nssearch\fP or \fB+trace\fP query option is used.
+.TP
+.B \fB+retry=T\fP
+This option sets the number of times to retry UDP and TCP queries to server to \fBT\fP
+instead of the default, 2. Unlike \fB+tries\fP, this does not include
+the initial query.
+.TP
+.B \fB+[no]rrcomments\fP
+This option toggles the display of per\-record comments in the output (for example,
+human\-readable key information about DNSKEY records). The default is
+not to print record comments unless multiline mode is active.
+.TP
+.B \fB+[no]search\fP
+This option uses [or does not use] the search list defined by the searchlist or domain
+directive in \fBresolv.conf\fP, if any. The search list is not used by
+default.
+.sp
+\fBndots\fP from \fBresolv.conf\fP (default 1), which may be overridden by
+\fB+ndots\fP, determines whether the name is treated as relative
+and hence whether a search is eventually performed.
+.TP
+.B \fB+[no]short\fP
+This option toggles whether a terse answer is provided. The default is to print the answer in a verbose
+form. This option always has a global effect; it cannot be set globally and
+then overridden on a per\-lookup basis.
+.TP
+.B \fB+[no]showsearch\fP
+This option performs [or does not perform] a search showing intermediate results.
+.TP
+.B \fB+[no]sigchase\fP
+This feature is now obsolete and has been removed; use \fBdelv\fP
+instead.
+.TP
+.B \fB+split=W\fP
+This option splits long hex\- or base64\-formatted fields in resource records into
+chunks of \fBW\fP characters (where \fBW\fP is rounded up to the nearest
+multiple of 4). \fB+nosplit\fP or \fB+split=0\fP causes fields not to be
+split at all. The default is 56 characters, or 44 characters when
+multiline mode is active.
+.TP
+.B \fB+[no]stats\fP
+This option toggles the printing of statistics: when the query was made, the size of the
+reply, etc. The default behavior is to print the query statistics as a
+comment after each lookup.
+.TP
+.B \fB+[no]subnet=addr[/prefix\-length]\fP
+This option sends [or does not send] an EDNS CLIENT\-SUBNET option with the specified IP
+address or network prefix.
+.sp
+\fBdig +subnet=0.0.0.0/0\fP, or simply \fBdig +subnet=0\fP for short,
+sends an EDNS CLIENT\-SUBNET option with an empty address and a source
+prefix\-length of zero, which signals a resolver that the client\(aqs
+address information must \fInot\fP be used when resolving this query.
+.TP
+.B \fB+[no]tcflag\fP
+This option sets [or does not set] the TC (TrunCation) bit in the query. The default is
+\fB+notcflag\fP\&. This bit is ignored by the server for QUERY.
+.TP
+.B \fB+[no]tcp\fP
+This option uses [or does not use] TCP when querying name servers.
+The default behavior is to use UDP unless a type \fBany\fP or
+\fBixfr=N\fP query is requested, in which case the default is TCP.
+AXFR queries always use TCP. To prevent retry over TCP when TC=1
+is returned from a UDP query, use \fB+ignore\fP\&.
+.TP
+.B \fB+timeout=T\fP
+This option sets the timeout for a query to \fBT\fP seconds. The default timeout is
+5 seconds. An attempt to set \fBT\fP to less than 1 is silently set to 1.
+.TP
+.B \fB+[no]topdown\fP
+This feature is related to \fBdig +sigchase\fP, which is obsolete and
+has been removed. Use \fBdelv\fP instead.
+.TP
+.B \fB+[no]trace\fP
+This option toggles tracing of the delegation path from the root name servers for
+the name being looked up. Tracing is disabled by default. When
+tracing is enabled, \fBdig\fP makes iterative queries to resolve the
+name being looked up. It follows referrals from the root servers,
+showing the answer from each server that was used to resolve the
+lookup.
+.sp
+If \fB@server\fP is also specified, it affects only the initial query for
+the root zone name servers.
+.sp
+\fB+dnssec\fP is also set when \fB+trace\fP is set, to better emulate the
+default queries from a name server.
+.TP
+.B \fB+tries=T\fP
+This option sets the number of times to try UDP and TCP queries to server to \fBT\fP
+instead of the default, 3. If \fBT\fP is less than or equal to zero,
+the number of tries is silently rounded up to 1.
+.TP
+.B \fB+trusted\-key=####\fP
+This option formerly specified trusted keys for use with \fBdig +sigchase\fP\&. This
+feature is now obsolete and has been removed; use \fBdelv\fP instead.
+.TP
+.B \fB+[no]ttlid\fP
+This option displays [or does not display] the TTL when printing the record.
+.TP
+.B \fB+[no]ttlunits\fP
+This option displays [or does not display] the TTL in friendly human\-readable time
+units of \fBs\fP, \fBm\fP, \fBh\fP, \fBd\fP, and \fBw\fP, representing seconds, minutes,
+hours, days, and weeks. This implies \fB+ttlid\fP\&.
+.TP
+.B \fB+[no]unexpected\fP
+This option accepts [or does not accept] answers from unexpected sources. By default, \fBdig\fP
+will not accept a reply from a source other than the one to which it sent the
+query.
+.TP
+.B \fB+[no]unknownformat\fP
+This option prints all RDATA in unknown RR type presentation format (\fI\%RFC 3597\fP).
+The default is to print RDATA for known types in the type\(aqs
+presentation format.
+.TP
+.B \fB+[no]vc\fP
+This option uses [or does not use] TCP when querying name servers. This alternate
+syntax to \fB+[no]tcp\fP is provided for backwards compatibility. The
+\fBvc\fP stands for \(dqvirtual circuit.\(dq
+.TP
+.B \fB+[no]yaml\fP
+When enabled, this option prints the responses (and, if \fB+qr\fP is in use, also the
+outgoing queries) in a detailed YAML format.
+.TP
+.B \fB+[no]zflag\fP
+This option sets [or does not set] the last unassigned DNS header flag in a DNS query.
+This flag is off by default.
+.UNINDENT
+.SH MULTIPLE QUERIES
+.sp
+The BIND 9 implementation of \fBdig\fP supports specifying multiple
+queries on the command line (in addition to supporting the \fB\-f\fP batch
+file option). Each of those queries can be supplied with its own set of
+flags, options, and query options.
+.sp
+In this case, each \fBquery\fP argument represents an individual query in
+the command\-line syntax described above. Each consists of any of the
+standard options and flags, the name to be looked up, an optional query
+type and class, and any query options that should be applied to that
+query.
+.sp
+A global set of query options, which should be applied to all queries,
+can also be supplied. These global query options must precede the first
+tuple of name, class, type, options, flags, and query options supplied
+on the command line. Any global query options (except \fB+[no]cmd\fP and
+\fB+[no]short\fP options) can be overridden by a query\-specific set of
+query options. For example:
+.INDENT 0.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+dig +qr www.isc.org any \-x 127.0.0.1 isc.org ns +noqr
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.sp
+shows how \fBdig\fP can be used from the command line to make three
+lookups: an ANY query for \fBwww.isc.org\fP, a reverse lookup of 127.0.0.1,
+and a query for the NS records of \fBisc.org\fP\&. A global query option of
+\fB+qr\fP is applied, so that \fBdig\fP shows the initial query it made for
+each lookup. The final query has a local query option of \fB+noqr\fP which
+means that \fBdig\fP does not print the initial query when it looks up the
+NS records for \fBisc.org\fP\&.
+.SH IDN SUPPORT
+.sp
+If \fBdig\fP has been built with IDN (internationalized domain name)
+support, it can accept and display non\-ASCII domain names. \fBdig\fP
+appropriately converts character encoding of a domain name before sending
+a request to a DNS server or displaying a reply from the server.
+To turn off IDN support, use the parameters
+\fB+noidnin\fP and \fB+noidnout\fP, or define the \fBIDN_DISABLE\fP environment
+variable.
+.SH RETURN CODES
+.sp
+\fBdig\fP return codes are:
+.INDENT 0.0
+.TP
+.B \fB0\fP
+DNS response received, including NXDOMAIN status
+.TP
+.B \fB1\fP
+Usage error
+.TP
+.B \fB8\fP
+Couldn\(aqt open batch file
+.TP
+.B \fB9\fP
+No reply from server
+.TP
+.B \fB10\fP
+Internal error
+.UNINDENT
+.SH FILES
+.sp
+\fB/etc/resolv.conf\fP
+.sp
+\fB${HOME}/.digrc\fP
+.SH SEE ALSO
+.sp
+\fBdelv(1)\fP, \fBhost(1)\fP, \fBnamed(8)\fP, \fBdnssec\-keygen(8)\fP, \fI\%RFC 1035\fP\&.
+.SH BUGS
+.sp
+There are probably too many query options.
+.SH AUTHOR
+Internet Systems Consortium
+.SH COPYRIGHT
+2023, Internet Systems Consortium
+.\" Generated by docutils manpage writer.
+.