dig.docbook

非常好的dns解析软件

<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
               "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
	       [<!ENTITY mdash "&#8212;">]>
<!--
 - Copyright (C) 2004-2007  Internet Systems Consortium, Inc. ("ISC")
 - Copyright (C) 2000-2003  Internet Software Consortium.
 -
 - Permission to use, copy, modify, and distribute this software for any
 - purpose with or without fee is hereby granted, provided that the above
 - copyright notice and this permission notice appear in all copies.
 -
 - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
 - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
 - AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
 - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
 - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
 - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 - PERFORMANCE OF THIS SOFTWARE.
-->

<!-- $Id: dig.docbook,v 1.17.18.17 2007/01/29 23:57:20 marka Exp $ -->
<refentry id="man.dig">

  <refentryinfo>
    <date>Jun 30, 2000</date>
  </refentryinfo>

  <refmeta>
    <refentrytitle>dig</refentrytitle>
    <manvolnum>1</manvolnum>
    <refmiscinfo>BIND9</refmiscinfo>
  </refmeta>

  <refnamediv>
    <refname>dig</refname>
    <refpurpose>DNS lookup utility</refpurpose>
  </refnamediv>

  <docinfo>
    <copyright>
      <year>2004</year>
      <year>2005</year>
      <year>2006</year>
      <year>2007</year>
      <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
    </copyright>
    <copyright>
      <year>2000</year>
      <year>2001</year>
      <year>2002</year>
      <year>2003</year>
      <holder>Internet Software Consortium.</holder>
    </copyright>
  </docinfo>

  <refsynopsisdiv>
    <cmdsynopsis>
      <command>dig</command>
      <arg choice="opt">@server</arg>
      <arg><option>-b <replaceable class="parameter">address</replaceable></option></arg>
      <arg><option>-c <replaceable class="parameter">class</replaceable></option></arg>
      <arg><option>-f <replaceable class="parameter">filename</replaceable></option></arg>
      <arg><option>-k <replaceable class="parameter">filename</replaceable></option></arg>
      <arg><option>-p <replaceable class="parameter">port#</replaceable></option></arg>
      <arg><option>-q <replaceable class="parameter">name</replaceable></option></arg>
      <arg><option>-t <replaceable class="parameter">type</replaceable></option></arg>
      <arg><option>-x <replaceable class="parameter">addr</replaceable></option></arg>
      <arg><option>-y <replaceable class="parameter"><optional>hmac:</optional>name:key</replaceable></option></arg>
      <arg><option>-4</option></arg>
      <arg><option>-6</option></arg>
      <arg choice="opt">name</arg>
      <arg choice="opt">type</arg>
      <arg choice="opt">class</arg>
      <arg choice="opt" rep="repeat">queryopt</arg>
    </cmdsynopsis>

    <cmdsynopsis>
      <command>dig</command>
      <arg><option>-h</option></arg>
    </cmdsynopsis>

    <cmdsynopsis>
      <command>dig</command>
      <arg choice="opt" rep="repeat">global-queryopt</arg>
      <arg choice="opt" rep="repeat">query</arg>
    </cmdsynopsis>
  </refsynopsisdiv>

  <refsect1>
    <title>DESCRIPTION</title>
    <para><command>dig</command>
      (domain information groper) is a flexible tool
      for interrogating DNS name servers.  It performs DNS lookups and
      displays the answers that are returned from the name server(s) that
      were queried.  Most DNS administrators use <command>dig</command> to
      troubleshoot DNS problems because of its flexibility, ease of use and
      clarity of output.  Other lookup tools tend to have less functionality
      than <command>dig</command>.
    </para>

    <para>
      Although <command>dig</command> is normally used with
      command-line
      arguments, it also has a batch mode of operation for reading lookup
      requests from a file.  A brief summary of its command-line arguments
      and options is printed when the <option>-h</option> option is given.
      Unlike earlier versions, the BIND9 implementation of
      <command>dig</command> allows multiple lookups to be issued
      from the
      command line.
    </para>

    <para>
      Unless it is told to query a specific name server,
      <command>dig</command> will try each of the servers listed
      in
      <filename>/etc/resolv.conf</filename>.
    </para>

    <para>
      When no command line arguments or options are given, will perform an
      NS query for "." (the root).
    </para>

    <para>
      It is possible to set per-user defaults for <command>dig</command> via
      <filename>${HOME}/.digrc</filename>.  This file is read and
      any options in it
      are applied before the command line arguments.
    </para>

    <para>
      The IN and CH class names overlap with the IN and CH top level
      domains names.  Either use the <option>-t</option> and
      <option>-c</option> options to specify the type and class or
      use the <option>-q</option> the specify the domain name or
      use "IN." and "CH." when looking up these top level domains.
    </para>

  </refsect1>

  <refsect1>
    <title>SIMPLE USAGE</title>

    <para>
      A typical invocation of <command>dig</command> looks like:
      <programlisting> dig @server name type </programlisting>
      where:

      <variablelist>

        <varlistentry>
          <term><constant>server</constant></term>
          <listitem>
            <para>
              is the name or IP address of the name server to query.  This can
              be an IPv4
              address in dotted-decimal notation or an IPv6
              address in colon-delimited notation.  When the supplied
              <parameter>server</parameter> argument is a
              hostname,
              <command>dig</command> resolves that name before
              querying that name
              server.  If no <parameter>server</parameter>
              argument is provided,
              <command>dig</command> consults <filename>/etc/resolv.conf</filename>
              and queries the name servers listed there.  The reply from the
              name
              server that responds is displayed.
            </para>
          </listitem>
        </varlistentry>

        <varlistentry>
          <term><constant>name</constant></term>
          <listitem>
            <para>
              is the name of the resource record that is to be looked up.
            </para>
          </listitem>
        </varlistentry>

        <varlistentry>
          <term><constant>type</constant></term>
          <listitem>
            <para>
              indicates what type of query is required &mdash;
              ANY, A, MX, SIG, etc.
              <parameter>type</parameter> can be any valid query
              type.  If no
              <parameter>type</parameter> argument is supplied,
              <command>dig</command> will perform a lookup for an
              A record.
            </para>
          </listitem>
        </varlistentry>

      </variablelist>
    </para>

  </refsect1>

  <refsect1>
    <title>OPTIONS</title>

    <para>
      The <option>-b</option> option sets the source IP address of the query
      to <parameter>address</parameter>.  This must be a valid
      address on
      one of the host's network interfaces or "0.0.0.0" or "::".  An optional
      port
      may be specified by appending "#&lt;port&gt;"
    </para>

    <para>
      The default query class (IN for internet) is overridden by the
      <option>-c</option> option.  <parameter>class</parameter> is
      any valid
      class, such as HS for Hesiod records or CH for CHAOSNET records.
    </para>

    <para>
      The <option>-f</option> option makes <command>dig </command>
      operate
      in batch mode by reading a list of lookup requests to process from the
      file <parameter>filename</parameter>.  The file contains a
      number of
      queries, one per line.  Each entry in the file should be organised in
      the same way they would be presented as queries to
      <command>dig</command> using the command-line interface.
    </para>

    <para>
      If a non-standard port number is to be queried, the
      <option>-p</option> option is used.  <parameter>port#</parameter> is
      the port number that <command>dig</command> will send its
      queries
      instead of the standard DNS port number 53.  This option would be used
      to test a name server that has been configured to listen for queries
      on a non-standard port number.
    </para>

    <para>
      The <option>-4</option> option forces <command>dig</command>
      to only
      use IPv4 query transport.  The <option>-6</option> option forces
      <command>dig</command> to only use IPv6 query transport.
    </para>

    <para>
      The <option>-t</option> option sets the query type to
      <parameter>type</parameter>.  It can be any valid query type
      which is
      supported in BIND9.  The default query type "A", unless the
      <option>-x</option> option is supplied to indicate a reverse lookup.
      A zone transfer can be requested by specifying a type of AXFR.  When
      an incremental zone transfer (IXFR) is required,
      <parameter>type</parameter> is set to <literal>ixfr=N</literal>.
      The incremental zone transfer will contain the changes made to the zone
      since the serial number in the zone's SOA record was
      <parameter>N</parameter>.
    </para>

    <para>
      The <option>-q</option> option sets the query name to 
      <parameter>name</parameter>.  This useful do distingish the
      <parameter>name</parameter> from other arguments.
    </para>

    <para>
      Reverse lookups - mapping addresses to names - are simplified by the
      <option>-x</option> option.  <parameter>addr</parameter> is
      an IPv4
      address in dotted-decimal notation, or a colon-delimited IPv6 address.
      When this option is used, there is no need to provide the
      <parameter>name</parameter>, <parameter>class</parameter> and
      <parameter>type</parameter> arguments.  <command>dig</command>
      automatically performs a lookup for a name like
      <literal>11.12.13.10.in-addr.arpa</literal> and sets the
      query type and
      class to PTR and IN respectively.  By default, IPv6 addresses are
      looked up using nibble format under the IP6.ARPA domain.
      To use the older RFC1886 method using the IP6.INT domain
      specify the <option>-i</option> option.  Bit string labels (RFC2874)
      are now experimental and are not attempted.
    </para>

    <para>
      To sign the DNS queries sent by <command>dig</command> and
      their
      responses using transaction signatures (TSIG), specify a TSIG key file
      using the <option>-k</option> option.  You can also specify the TSIG
      key itself on the command line using the <option>-y</option> option;
      <parameter>hmac</parameter> is the type of the TSIG, default HMAC-MD5,
      <parameter>name</parameter> is the name of the TSIG key and
      <parameter>key</parameter> is the actual key.  The key is a
      base-64
      encoded string, typically generated by
      <citerefentry>
        <refentrytitle>dnssec-keygen</refentrytitle><manvolnum>8</manvolnum>
      </citerefentry>.

      Caution should be taken when using the <option>-y</option> option on
      multi-user systems as the key can be visible in the output from
      <citerefentry>
        <refentrytitle>ps</refentrytitle><manvolnum>1</manvolnum>
      </citerefentry>
      or in the shell's history file.  When
      using TSIG authentication with <command>dig</command>, the name
      server that is queried needs to know the key and algorithm that is
      being used.  In BIND, this is done by providing appropriate
      <command>key</command> and <command>server</command> statements in
      <filename>named.conf</filename>.