dig.docbook

bind-3.2.

<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN">
<!--
 - Copyright (C) 2000, 2001, 2003  Internet Software Consortium.
 -
 - Permission to use, copy, modify, and distribute this software for any
 - purpose with or without fee is hereby granted, provided that the above
 - copyright notice and this permission notice appear in all copies.
 -
 - THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM
 - DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
 - IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
 - INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT,
 - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING
 - FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
 - NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
 - WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-->

<!-- $Id: dig.docbook,v 1.4.2.7 2003/05/12 02:50:15 marka Exp $ -->

<refentry>

<refentryinfo>
<date>Jun 30, 2000</date>
</refentryinfo>

<refmeta>
<refentrytitle>dig</refentrytitle>
<manvolnum>1</manvolnum>
<refmiscinfo>BIND9</refmiscinfo>
</refmeta>

<refnamediv>
<refname>dig</refname>
<refpurpose>DNS lookup utility</refpurpose>
</refnamediv>

<refsynopsisdiv>
<cmdsynopsis>
<command>dig</command>
<arg choice=opt>@server</arg>
<arg><option>-b <replaceable class="parameter">address</replaceable></option></arg>
<arg><option>-c <replaceable class="parameter">class</replaceable></option></arg>
<arg><option>-f <replaceable class="parameter">filename</replaceable></option></arg>
<arg><option>-k <replaceable class="parameter">filename</replaceable></option></arg>
<arg><option>-p <replaceable class="parameter">port#</replaceable></option></arg>
<arg><option>-t <replaceable class="parameter">type</replaceable></option></arg>
<arg><option>-x <replaceable class="parameter">addr</replaceable></option></arg>
<arg><option>-y <replaceable class="parameter">name:key</replaceable></option></arg>
<arg choice=opt>name</arg>
<arg choice=opt>type</arg>
<arg choice=opt>class</arg>
<arg choice=opt rep=repeat>queryopt</arg>
</cmdsynopsis>

<cmdsynopsis>
<command>dig</command>
<arg><option>-h</option></arg>
</cmdsynopsis>

<cmdsynopsis>
<command>dig</command>
<arg choice=opt rep=repeat>global-queryopt</arg>
<arg choice=opt rep=repeat>query</arg>
</cmdsynopsis>
</refsynopsisdiv>

<refsect1>
<title>DESCRIPTION</title>
<para>
<command>dig</command> (domain information groper) is a flexible tool
for interrogating DNS name servers.  It performs DNS lookups and
displays the answers that are returned from the name server(s) that
were queried.  Most DNS administrators use <command>dig</command> to
troubleshoot DNS problems because of its flexibility, ease of use and
clarity of output.  Other lookup tools tend to have less functionality
than <command>dig</command>.
</para>

<para>
Although <command>dig</command> is normally used with command-line
arguments, it also has a batch mode of operation for reading lookup
requests from a file.  A brief summary of its command-line arguments
and options is printed when the <option>-h</option> option is given.
Unlike earlier versions, the BIND9 implementation of
<command>dig</command> allows multiple lookups to be issued from the
command line.
</para>

<para>
Unless it is told to query a specific name server,
<command>dig</command> will try each of the servers listed in
<filename>/etc/resolv.conf</filename>.
</para>

<para>
When no command line arguments or options are given, will perform an
NS query for "." (the root).
</para>

<para>
It is possible to set per user defaults for <command>dig</command> via
<filename>${HOME}/.digrc</filename>.  This file is read and any options in it
are applied before the command line arguements.
</para>

</refsect1>

<refsect1>
<title>SIMPLE USAGE</title>

<para>
A typical invocation of <command>dig</command> looks like:
<programlisting> dig @server name type </programlisting> where:

<variablelist>

<varlistentry><term><constant>server</constant></term>
<listitem><para>
is the name or IP address of the name server to query.  This can be an IPv4
address in dotted-decimal notation or an IPv6
address in colon-delimited notation.  When the supplied
<parameter>server</parameter> argument is a hostname,
<command>dig</command> resolves that name before querying that name
server.  If no <parameter>server</parameter> argument is provided,
<command>dig</command> consults <filename>/etc/resolv.conf</filename>
and queries the name servers listed there.  The reply from the name
server that responds is displayed.
</para></listitem></varlistentry>

<varlistentry><term><constant>name</constant></term>
<listitem><para>
is the name of the resource record that is to be looked up.
</para></listitem></varlistentry>

<varlistentry><term><constant>type</constant></term>
<listitem><para>
indicates what type of query is required &mdash;
ANY, A, MX, SIG, etc.
<parameter>type</parameter> can be any valid query type.  If no
<parameter>type</parameter> argument is supplied,
<command>dig</command> will perform a lookup for an A record.
</para></listitem></varlistentry>

</variablelist>
</para>

</refsect1>

<refsect1>
<title>OPTIONS</title>

<para>
The <option>-b</option> option sets the source IP address of the query
to <parameter>address</parameter>.  This must be a valid address on
one of the host's network interfaces.
</para>

<para>
The default query class (IN for internet) is overridden by the
<option>-c</option> option.  <parameter>class</parameter> is any valid
class, such as HS for Hesiod records or CH for CHAOSNET records.
</para>

<para>
The <option>-f</option> option makes <command>dig </command> operate
in batch mode by reading a list of lookup requests to process from the
file <parameter>filename</parameter>.  The file contains a number of
queries, one per line.  Each entry in the file should be organised in
the same way they would be presented as queries to
<command>dig</command> using the command-line interface.
</para>

<para>
If a non-standard port number is to be queried, the
<option>-p</option> option is used.  <parameter>port#</parameter> is
the port number that <command>dig</command> will send its queries
instead of the standard DNS port number 53.  This option would be used
to test a name server that has been configured to listen for queries
on a non-standard port number.
</para>

<para>
The <option>-t</option> option sets the query type to
<parameter>type</parameter>.  It can be any valid query type which is
supported in BIND9.  The default query type "A", unless the
<option>-x</option> option is supplied to indicate a reverse lookup.
A zone transfer can be requested by specifying a type of AXFR.  When
an incremental zone transfer (IXFR) is required,
<parameter>type</parameter> is set to <literal>ixfr=N</literal>.
The incremental zone transfer will contain the changes made to the zone
since the serial number in the zone's SOA record was
<parameter>N</parameter>.
</para>

<para>
Reverse lookups - mapping addresses to names - are simplified by the
<option>-x</option> option.  <parameter>addr</parameter> is an IPv4
address in dotted-decimal notation, or a colon-delimited IPv6 address.
When this option is used, there is no need to provide the
<parameter>name</parameter>, <parameter>class</parameter> and
<parameter>type</parameter> arguments.  <command>dig</command>
automatically performs a lookup for a name like
<literal>11.12.13.10.in-addr.arpa</literal> and sets the query type and
class to PTR and IN respectively.  By default, IPv6 addresses are
looked up using the IP6.ARPA domain and binary labels as defined in
RFC2874.  To use the older RFC1886 method using the IP6.INT domain and
"nibble" labels, specify the <option>-n</option> (nibble) option.
</para>

<para>
To sign the DNS queries sent by <command>dig</command> and their
responses using transaction signatures (TSIG), specify a TSIG key file
using the <option>-k</option> option.  You can also specify the TSIG
key itself on the command line using the <option>-y</option> option;
<parameter>name</parameter> is the name of the TSIG key and
<parameter>key</parameter> is the actual key.  The key is a base-64
encoded string, typically generated by <citerefentry>
<refentrytitle>dnssec-keygen</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>.

Caution should be taken when using the <option>-y</option> option on
multi-user systems as the key can be visible in the output from
<citerefentry> <refentrytitle>ps</refentrytitle><manvolnum>1
</manvolnum> </citerefentry> or in the shell's history file.  When
using TSIG authentication with <command>dig</command>, the name
server that is queried needs to know the key and algorithm that is
being used.  In BIND, this is done by providing appropriate
<command>key</command> and <command>server</command> statements in
<filename>named.conf</filename>.
</para>

</refsect1>

<refsect1>
<title>QUERY OPTIONS</title>

<para>
<command>dig</command> provides a number of query options which affect
the way in which lookups are made and the results displayed.  Some of
these set or reset flag bits in the query header, some determine which
sections of the answer get printed, and others determine the timeout
and retry strategies.
</para>

<para>
Each query option is identified by a keyword preceded by a plus sign
(<literal>+</literal>).  Some keywords set or reset an option.  These may be preceded
by the string <literal>no</literal> to negate the meaning of that keyword.  Other
keywords assign values to options like the timeout interval.  They
have the form <option>+keyword=value</option>.
The query options are:

<variablelist>

<varlistentry><term><option>+[no]tcp</option></term>
<listitem><para>
Use [do not use] TCP when querying name servers.  The default
behaviour is to use UDP unless an AXFR or IXFR query is requested, in
which case a TCP connection is used.
</para></listitem></varlistentry>

<varlistentry><term><option>+[no]vc</option></term>
<listitem><para>
Use [do not use] TCP when querying name servers.  This alternate
syntax to <parameter>+[no]tcp</parameter> is provided for backwards
compatibility.  The "vc" stands for "virtual circuit".
</para></listitem></varlistentry>

<varlistentry><term><option>+[no]ignore</option></term>
<listitem><para>
Ignore truncation in UDP responses instead of retrying with TCP.  By
default, TCP retries are performed.
</para></listitem></varlistentry>

<varlistentry><term><option>+domain=somename</option></term>
<listitem><para>
Set the search list to contain the single domain
<parameter>somename</parameter>, as if specified in a
<command>domain</command> directive in
<filename>/etc/resolv.conf</filename>, and enable search list
processing as if the <parameter>+search</parameter> option were given.