dig(1M)dig(1M)NAMEdig - domain information groper
SYNOPSIS
Single Query
class] filename] filename] port] type] addr] [name] [type] [class]
[queryopt]...
Help
Multiple Query
[global-queryopt]... [query]...
DESCRIPTION
the domain information groper, is a flexible tool for interrogating
Domain Name System (DNS) servers. It performs DNS lookups and displays
the answers that are returned from the name servers that were queried.
Most DNS administrators use to troubleshoot DNS problems because of its
flexibility, ease of use, and clarity of output. The command has two
modes: a simple command-line mode for single or multiple queries and a
batch mode for reading lookup requests from a file option).
Unless it is told to query a specific name server option), tries each
of the servers listed in
When no command line arguments or options are given, performs an NS
query for (the root).
A simple, typical invocation of looks like:
Options
Options can be specified in any order.
Use server as the name server to query. server can be a host
name, an IPv4 address in dotted-decimal notation, or an IPv6
address in colon-delimited notation. When server is a host
name, resolves that name before querying that name server.
If is omitted, queries the name servers listed in The reply
from the name server that responds is displayed.
Use the IPv4 query transport only.
Use the IPv6 query transport only.
Set the source IP address of the query to
address. This must be a valid address on one of the host's
network interfaces or or An optional port on the source may
be specified by appending
Set the query class.
The default is for Internet. class can also be for Hesiod
records, or for Chaosnet records.
Make operate in batch mode by reading a list of lookup requests to
process from the file filename. The file contains a number
of queries, one per line. Each entry in the file should be
organized in the same way it would be presented as a query to
using the command-line interface.
Display the annotated syntax for the command.
If other options or operands are specified, they are ignored.
Look up IPv6 addresses using the older IP6.INT domain,
described in RFC 1886. See the option.
Specify a TSIG key file in order to sign the DNS queries sent by
and their responses using transaction signatures (TSIG).
Send queries to a port number,
port, instead of to the standard DNS port number 53. Use
this option to test a name server that has been configured to
listen for queries on a nonstandard port number.
Set the query type to
type. It can be any valid query type which is supported in
BIND 9. For potential values, see the command in nslookup(1)
and the discussion in named.conf(4).
The default query type is unless the option is supplied to
indicate a reverse lookup. A zone transfer can be requested
by specifying a type of When an incremental zone transfer is
required, set type to The incremental zone transfer will con‐
tain the changes made to the zone since the serial number in
the zone's record was
Simplify reverse lookups (mapping addresses to names).
addr is an IPv4 address in dotted-decimal notation or a
colon-delimited IPv6 address. When this option is used,
there is no need to provide the name, class, or type oper‐
ands. automatically performs a lookup for a name like and
sets the query type and class to and respectively. By
default, IPv6 addresses are looked up using nibble format
under the IP6.ARPA domain. To use the older RFC 1886 method
(IP6.INT) domain, also specify the option.
Specify the TSIG key itself on the command line.
name is the name of the TSIG key and key is the actual key.
The key is a base-64 encoded string, typically generated by
(see dnssec-keygen(1)). Be cautious when using the option on
multiuser systems as the key can be visible in the output
from or in the shell's history file. When using TSIG authen‐
tication with the name server that is queried needs to know
the key and algorithm that is being used. In BIND, this is
done by providing appropriate key and server statements in
Operands
Operands are order-dependent.
class Set the query class. See the option. The class operand
overrides any preceding option.
global-queryopt
Query options (see the queryopt operand) at the beginning of
the command are "global". They affect all subsequent queries
on the command line (see the query operand).
name The name of the resource record that is to be looked up.
query A set of command-line options, operands, and query options
that form a single lookup query, as shown in the syntax in
(without the command word).
queryopt Query options at the end of a query modify the lookup for
that query only. They override any global query options.
See the subsection for details.
type Set the query type. See the option. The type operand over‐
rides any preceding option.
Query Options
uses a number of query options to modify lookups and the results that
are displayed. Some options set or clear flag bits in the query
header, some options determine which sections of the answer get dis‐
played, and other options determine the timeout and retry strategies.
There are two formats:
The prefix causes an option to be reset, negated, or
cleared. The action is described in brack‐
ets ([...]).
The keyword assigns a value to an option.
The query options are:
A synonym for
The default is
Set [do not set] the AA (authoritative answer) flag in the query.
The default is
Display [do not display] the additional section of a reply.
The default is
Set [do not set] the AD (authenticate data) bit in the query.
The AD bit currently has a standard meaning only in responses
and not in queries. The ability to set the bit in the query
is provided for completeness. The default is
Set [clear] all display flags.
The default is
Display [do not display] the answer section of a reply.
The default is
Display [do not display] the authority section of a reply.
The default is
Attempt [do not attempt] to display the contents of messages that are
malformed.
The default is
Set the UDP message buffer size advertised using Extended DNS ( EDNS)
to
B bytes. The maximum and minimum sizes of this buffer are
65535 and 0, respectively. If the B size is specified out‐
side of this range, then the size is adjusted appropriately.
The default is 2048.
Set [do not set] the CD (checking disabled) bit in the query,
which requests the server not to perform DNSSEC validation of
responses. The default is
Display [do not display] the CLASS when printing the record.
The default is
Display [do not display] an initial comment in the output
identifying the version of and the command-line arguments
that were specified. The default is
Display [do not display] comment lines in the output.
The default is
Deprecated; treated as a synonym for
The default is
Request DNSSEC records be sent by setting the DNSSEC OK bit (DO)
in the OPT record in the additional section of the query.
The default is
Set the default domain to
somename as if specified in a directive in the file, and
enable search list processing as if the option were given.
If this is not used, the query has to contain a fully quali‐
fied domain name (FQDN) for forward lookup.
Do not try [try] the next server if you receive a SERVFAIL.
The default is which is the reverse of normal stub resolver
behavior.
Show [do not show]
the IP address and port number that supplied the answer when
short form answers are requested with the query option. The
default is
Ignore [do not ignore] truncation in UDP responses instead
of retrying with TCP. The default is (perform TCP retries).
Print [do not print] records like the
records in a verbose multiline format with human-readable
comments. The default is print each record on a single line,
thereby facilitating machine parsing of the output.
Set the number of dots (periods) that appear in
hostname to D. The default for D is the value given in the
statement in or if there is no statement. Names with fewer
dots are interpreted as relative names and will be searched
for in the domains listed in the search or the domain direc‐
tive in the file.
Attempt [do not attempt] to find the authoritative
name servers for the zone containing the name being looked up
and display the record that each name server has for the
zone. also sets the query option. The default is
Print [do not print] the query before actually sending the query.
The default is
Print [do not print] the question section of a query when an
answer is returned. The default is print the question sec‐
tion as a comment.
Set [do not set] the RD (recursion desired) bit in the query,
to have send recursive queries. The default is except that
recursion is automatically disabled when the or query option
is used.
Set the number of times to retry UDP queries to server to
A. Unlike this count does not include the initial query.
The default is 2.
Use [do not use] the search list in
(if any). The default is
Display [do not display] a short answer.
The query results can be displayed in two forms: Complete and
Short answers. In the short form, only the result is dis‐
played. In the complete form, additional information (for
example, about other servers that might answer your query) is
also included. The default is
Print [do not print] statistics such as the size of the reply
when the query was made. The default is
Use [do not use] TCP when querying name servers.
The default is use TCP if an or query is requested, and use
UDP otherwise.
Set the timeout for a query to
T seconds. The minimum value of T is 1 second. If T is
less than 1, it is set to 1 second. The default timeout is 5
seconds.
Trace [do not trace] the delegation path from the root name
servers for the name being looked up. When tracing is
enabled, makes iterative queries to resolve the name that is
being looked up. It will follow referrals from the root
servers, showing the answer from each server that was used to
resolve the lookup. also sets the query option. The default
is
Set the number of times to retry UDP queries to server to
A. If A is less than 1, it is set to 1. The default is 3.
Display [do not display] the TTL when printing the record.
The default is
Use [do not use] virtual circuit when querying name servers.
This alternate syntax to is provided for backward compatibil‐
ity. The default is
Multiple Queries
The BIND 9 implementation of allows multiple queries on the command
line (in addition to supporting the batch file option). Each of those
queries can be supplied with its own set of options, query type, query
class, and query options. See in
Global Query Options
A global set of query options, which is applied to all queries, can
precede the first set of options, name, query type, query class, and
query options supplied on the command line. Any global query options
(except the query option) can be overridden by a query-specific set of
query options. See in
EXAMPLES
Example 1
To look up information about domain using DNS-Server asking for host
address records:
Example 2
To query using DNS-Server without authentication, asking for records:
Example 3
To request a transfer:
Example 4
To request a transfer with Transaction Signature (TSIG):
The key is
To secure server-to-server communication, BIND 9 primarily uses TSIG
for zone transfer, notify, and recursive query messages. TSIG is very
useful for dynamic updates.
Example 5
To make three lookups from the command line:
The three queries are:
An query for domain name
A reverse lookup of 127.0.0.1
A name server lookup for domain
suppressing the query display for this
query only
AUTHOR
was developed by the Internet Systems Consortium (ISC).
SEE ALSOdnssec-keygen(1), dnssec-signzone(1), host(1), nsupdate(1),
hosts_to_named(1M), named(1M), gethostent(3N), hostname(5).
Requests for Comments (RFC): 1886, available online at
available online at
available from the Internet Systems Consortium at
BIND 9.3 dig(1M)