1MDIG(1) BIND 9 MDIG(1)
2
6 mdig - DNS pipelined lookup utility
7
9 mdig {@server} [-f filename] [-h] [-v] [ [-4] | [-6] ] [-m] [-b ad‐
10 dress] [-p port#] [-c class] [-t type] [-i] [-x addr] [plusopt...]
11 mdig {-h}
13 mdig [@server] {global-opt...} { {local-opt...} {query} ...}
15
17 mdig is a multiple/pipelined query version of dig: instead of waiting
18 for a response after sending each query, it begins by sending all
19 queries. Responses are displayed in the order in which they are re‐
20 ceived, not in the order the corresponding queries were sent.
21 mdig options are a subset of the dig options, and are divided into
23 "anywhere options," which can occur anywhere, "global options," which
24 must occur before the query name (or they are ignored with a warning),
25 and "local options," which apply to the next query on the command line.
26 The @server option is a mandatory global option. It is the name or IP
28 address of the name server to query. (Unlike dig, this value is not re‐
29 trieved from /etc/resolv.conf.) It can be an IPv4 address in dot‐
30 ted-decimal notation, an IPv6 address in colon-delimited notation, or a
31 hostname. When the supplied server argument is a hostname, mdig re‐
32 solves that name before querying the name server.
33 mdig provides a number of query options which affect the way in which
35 lookups are made and the results displayed. Some of these set or reset
36 flag bits in the query header, some determine which sections of the an‐
37 swer get printed, and others determine the timeout and retry strate‐
38 gies.
39 Each query option is identified by a keyword preceded by a plus sign
41 (+). Some keywords set or reset an option. These may be preceded by the
42 string no to negate the meaning of that keyword. Other keywords assign
43 values to options like the timeout interval. They have the form +key‐
44 word=value.
45
47 -f This option makes mdig operate in batch mode by reading a list
48 of lookup requests to process from the file filename. The file
49 contains a number of queries, one per line. Each entry in the
50 file should be organized in the same way they would be presented
51 as queries to mdig using the command-line interface.
52 -h This option causes mdig to print detailed help information, with
54 the full list of options, and exit.
55 -v This option causes mdig to print the version number and exit.
57
59 -4 This option forces mdig to only use IPv4 query transport.
60 -6 This option forces mdig to only use IPv6 query transport.
62 -b address
64 This option sets the source IP address of the query to address.
65 This must be a valid address on one of the host's network inter‐
66 faces or "0.0.0.0" or "::". An optional port may be specified by
67 appending "#<port>"
68 -m This option enables memory usage debugging.
70 -p port#
72 This option is used when a non-standard port number is to be
73 queried. port# is the port number that mdig sends its queries
74 to, instead of the standard DNS port number 53. This option is
75 used to test a name server that has been configured to listen
76 for queries on a non-standard port number.
77 The global query options are:
79 +[no]additional
81 This option displays [or does not display] the additional sec‐
82 tion of a reply. The default is to display it.
83 +[no]all
85 This option sets or clears all display flags.
86 +[no]answer
88 This option displays [or does not display] the answer section of
89 a reply. The default is to display it.
90 +[no]authority
92 This option displays [or does not display] the authority section
93 of a reply. The default is to display it.
94 +[no]besteffort
96 This option attempts to display [or does not display] the con‐
97 tents of messages which are malformed. The default is to not
98 display malformed answers.
99 +burst This option delays queries until the start of the next second.
101 +[no]cl
103 This option displays [or does not display] the CLASS when print‐
104 ing the record.
105 +[no]comments
107 This option toggles the display of comment lines in the output.
108 The default is to print comments.
109 +[no]continue
111 This option toggles continuation on errors (e.g. timeouts).
112 +[no]crypto
114 This option toggles the display of cryptographic fields in
115 DNSSEC records. The contents of these fields are unnecessary to
116 debug most DNSSEC validation failures and removing them makes it
117 easier to see the common failures. The default is to display the
118 fields. When omitted, they are replaced by the string "[omit‐
119 ted]"; in the DNSKEY case, the key ID is displayed as the re‐
120 placement, e.g., [ key id = value ].
121 +dscp[=value]
123 This option sets the DSCP code point to be used when sending the
124 query. Valid DSCP code points are in the range [0...63]. By de‐
125 fault no code point is explicitly set.
126 +[no]multiline
128 This option toggles printing of records, like the SOA records,
129 in a verbose multi-line format with human-readable comments. The
130 default is to print each record on a single line, to facilitate
131 machine parsing of the mdig output.
132 +[no]question
134 This option prints [or does not print] the question section of a
135 query when an answer is returned. The default is to print the
136 question section as a comment.
137 +[no]rrcomments
139 This option toggles the display of per-record comments in the
140 output (for example, human-readable key information about DNSKEY
141 records). The default is not to print record comments unless
142 multiline mode is active.
143 +[no]short
145 This option provides [or does not provide] a terse answer. The
146 default is to print the answer in a verbose form.
147 +split=W
149 This option splits long hex- or base64-formatted fields in re‐
150 source records into chunks of W characters (where W is rounded
151 up to the nearest multiple of 4). +nosplit or +split=0 causes
152 fields not to be split. The default is 56 characters, or 44
153 characters when multiline mode is active.
154 +[no]tcp
156 This option uses [or does not use] TCP when querying name
157 servers. The default behavior is to use UDP.
158 +[no]ttlid
160 This option displays [or does not display] the TTL when printing
161 the record.
162 +[no]ttlunits
164 This option displays [or does not display] the TTL in friendly
165 human-readable time units of "s", "m", "h", "d", and "w", repre‐
166 senting seconds, minutes, hours, days, and weeks. This implies
167 +ttlid.
168 +[no]vc
170 This option uses [or does not use] TCP when querying name
171 servers. This alternate syntax to +[no]tcp is provided for back‐
172 wards compatibility. The vc stands for "virtual circuit".
173
175 -c class
176 This option sets the query class to class. It can be any valid
177 query class which is supported in BIND 9. The default query
178 class is "IN".
179 -t type
181 This option sets the query type to type. It can be any valid
182 query type which is supported in BIND 9. The default query type
183 is "A", unless the -x option is supplied to indicate a reverse
184 lookup with the "PTR" query type.
185 -x addr
187 Reverse lookups - mapping addresses to names - are simplified by
188 this option. addr is an IPv4 address in dotted-decimal notation,
189 or a colon-delimited IPv6 address. mdig automatically performs a
190 lookup for a query name like 11.12.13.10.in-addr.arpa and sets
191 the query type and class to PTR and IN respectively. By default,
192 IPv6 addresses are looked up using nibble format under the
193 IP6.ARPA domain.
194 The local query options are:
196 +[no]aaflag
198 This is a synonym for +[no]aaonly.
199 +[no]aaonly
201 This sets the aa flag in the query.
202 +[no]adflag
204 This sets [or does not set] the AD (authentic data) bit in the
205 query. This requests the server to return whether all of the an‐
206 swer and authority sections have all been validated as secure,
207 according to the security policy of the server. AD=1 indicates
208 that all records have been validated as secure and the answer is
209 not from a OPT-OUT range. AD=0 indicates that some part of the
210 answer was insecure or not validated. This bit is set by de‐
211 fault.
212 +bufsize=B
214 This sets the UDP message buffer size advertised using EDNS0 to
215 B bytes. The maximum and minimum sizes of this buffer are 65535
216 and 0 respectively. Values outside this range are rounded up or
217 down appropriately. Values other than zero cause a EDNS query to
218 be sent.
219 +[no]cdflag
221 This sets [or does not set] the CD (checking disabled) bit in
222 the query. This requests the server to not perform DNSSEC vali‐
223 dation of responses.
224 +[no]cookie=####
226 This sends [or does not send] a COOKIE EDNS option, with an op‐
227 tional value. Replaying a COOKIE from a previous response allows
228 the server to identify a previous client. The default is +no‐
229 cookie.
230 +[no]dnssec
232 This requests that DNSSEC records be sent by setting the DNSSEC
233 OK (DO) bit in the OPT record in the additional section of the
234 query.
235 +[no]edns[=#]
237 This specifies [or does not specify] the EDNS version to query
238 with. Valid values are 0 to 255. Setting the EDNS version
239 causes an EDNS query to be sent. +noedns clears the remembered
240 EDNS version. EDNS is set to 0 by default.
241 +[no]ednsflags[=#]
243 This sets the must-be-zero EDNS flag bits (Z bits) to the speci‐
244 fied value. Decimal, hex, and octal encodings are accepted.
245 Setting a named flag (e.g. DO) is silently ignored. By default,
246 no Z bits are set.
247 +[no]ednsopt[=code[:value]]
249 This specifies [or does not specify] an EDNS option with code
250 point code and an optional payload of value as a hexadecimal
251 string. +noednsopt clears the EDNS options to be sent.
252 +[no]expire
254 This toggles sending of an EDNS Expire option.
255 +[no]nsid
257 This toggles inclusion of an EDNS name server ID request when
258 sending a query.
259 +[no]recurse
261 This toggles the setting of the RD (recursion desired) bit in
262 the query. This bit is set by default, which means mdig nor‐
263 mally sends recursive queries.
264 +retry=T
266 This sets the number of times to retry UDP queries to server to
267 T instead of the default, 2. Unlike +tries, this does not in‐
268 clude the initial query.
269 +[no]subnet=addr[/prefix-length]
271 This sends [or does not send] an EDNS Client Subnet option with
272 the specified IP address or network prefix.
273 mdig +subnet=0.0.0.0/0, or simply mdig +subnet=0
275 This sends an EDNS client-subnet option with an empty address
276 and a source prefix-length of zero, which signals a resolver
277 that the client's address information must not be used when re‐
278 solving this query.
279 +timeout=T
281 This sets the timeout for a query to T seconds. The default
282 timeout is 5 seconds for UDP transport and 10 for TCP. An at‐
283 tempt to set T to less than 1 results in a query timeout of 1
284 second being applied.
285 +tries=T
287 This sets the number of times to try UDP queries to server to T
288 instead of the default, 3. If T is less than or equal to zero,
289 the number of tries is silently rounded up to 1.
290 +udptimeout=T
292 This sets the timeout between UDP query retries to T.
293 +[no]unknownformat
295 This prints [or does not print] all RDATA in unknown RR-type
296 presentation format (see RFC 3597). The default is to print
297 RDATA for known types in the type's presentation format.
298 +[no]yaml
300 This toggles printing of the responses in a detailed YAML for‐
301 mat.
302 +[no]zflag
304 This sets [or does not set] the last unassigned DNS header flag
305 in a DNS query. This flag is off by default.
306
308 dig(1), RFC 1035.
309
311 Internet Systems Consortium
312
314 2022, Internet Systems Consortium
3159.16.30-RH MDIG(1)