1DIG(1)                              BIND 9                              DIG(1)
2
3
4

NAME

6       dig - DNS lookup utility
7

SYNOPSIS

9       dig  [@server] [-b address] [-c class] [-f filename] [-k filename] [-m]
10       [-p port#] [-q name] [-t type] [-v] [-x addr]  [-y  [hmac:]name:key]  [
11       [-4] | [-6] ] [name] [type] [class] [queryopt...]
12
13       dig [-h]
14
15       dig [global-queryopt...] [query...]
16

DESCRIPTION

18       dig  is a flexible tool for interrogating DNS name servers. It performs
19       DNS lookups and displays the answers that are returned  from  the  name
20       server(s)  that  were queried. Most DNS administrators use dig to trou‐
21       bleshoot DNS problems because of its  flexibility,  ease  of  use,  and
22       clarity  of  output. Other lookup tools tend to have less functionality
23       than dig.
24
25       Although dig is normally used with command-line arguments, it also  has
26       a  batch  mode  of operation for reading lookup requests from a file. A
27       brief summary of its command-line arguments and options is printed when
28       the  -h option is given. The BIND 9 implementation of dig allows multi‐
29       ple lookups to be issued from the command line.
30
31       Unless it is told to query a specific name server, dig  tries  each  of
32       the  servers  listed in /etc/resolv.conf. If no usable server addresses
33       are found, dig sends the query to the local host.
34
35       When no command-line arguments or options are given, dig performs an NS
36       query for "." (the root).
37
38       It  is  possible  to  set per-user defaults for dig via ${HOME}/.digrc.
39       This file is read and any options in it are  applied  before  the  com‐
40       mand-line  arguments.  The -r option disables this feature, for scripts
41       that need predictable behavior.
42
43       The IN and CH class names overlap with the IN and CH  top-level  domain
44       names.  Either use the -t and -c options to specify the type and class,
45       use the -q to specify the domain name, or  use  "IN."  and  "CH."  when
46       looking up these top-level domains.
47

SIMPLE USAGE

49       A typical invocation of dig looks like:
50
51          dig @server name type
52
53       where:
54
55       server is  the name or IP address of the name server to query. This can
56              be an IPv4 address in dotted-decimal notation or an IPv6 address
57              in  colon-delimited  notation. When the supplied server argument
58              is a hostname, dig resolves that name before querying that  name
59              server.
60
61              If  no  server  argument  is  provided,  dig  consults  /etc/re‐
62              solv.conf; if an address is found there,  it  queries  the  name
63              server at that address. If either of the -4 or -6 options are in
64              use, then only addresses for  the  corresponding  transport  are
65              tried.  If no usable addresses are found, dig sends the query to
66              the local host. The reply from the name server that responds  is
67              displayed.
68
69       name   is the name of the resource record that is to be looked up.
70
71       type   indicates what type of query is required - ANY, A, MX, SIG, etc.
72              type can be any valid query type. If no type  argument  is  sup‐
73              plied, dig performs a lookup for an A record.
74

OPTIONS

76       -4     This option indicates that only IPv4 should be used.
77
78       -6     This option indicates that only IPv6 should be used.
79
80       -b address[#port]
81              This option sets the source IP address of the query. The address
82              must be a valid address on one of the host's network interfaces,
83              or  "0.0.0.0"  or "::". An optional port may be specified by ap‐
84              pending #port.
85
86       -c class
87              This option sets the query class. The default class is IN; other
88              classes are HS for Hesiod records or CH for Chaosnet records.
89
90       -f file
91              This option sets batch mode, in which dig reads a list of lookup
92              requests to process from the given file. Each line in  the  file
93              should  be  organized in the same way it would be presented as a
94              query to dig using the command-line interface.
95
96       -h     Print a usage summary.
97
98       -k keyfile
99              This option tells dig to sign queries using TSIG or SIG(0) using
100              a key read from the given file. Key files can be generated using
101              tsig-keygen. When using TSIG authentication with dig,  the  name
102              server  that is queried needs to know the key and algorithm that
103              is being used. In BIND, this is done  by  providing  appropriate
104              key  and server statements in named.conf for TSIG and by looking
105              up the KEY record in zone data for SIG(0).
106
107       -m     This option enables memory usage debugging.
108
109       -p port
110              This option sends the  query  to  a  non-standard  port  on  the
111              server,  instead  of the default port 53. This option is used to
112              test a name server  that  has  been  configured  to  listen  for
113              queries on a non-standard port number.
114
115       -q name
116              This  option  specifies the domain name to query. This is useful
117              to distinguish the name from other arguments.
118
119       -r     This option indicates that options  from  ${HOME}/.digrc  should
120              not  be  read.  This is useful for scripts that need predictable
121              behavior.
122
123       -t type
124              This option indicates the resource record type to  query,  which
125              can  be  any  valid  query type. If it is a resource record type
126              supported in BIND 9, it can be given by the type mnemonic  (such
127              as  NS  or AAAA). The default query type is A, unless the -x op‐
128              tion is supplied to indicate a reverse lookup. A  zone  transfer
129              can be requested by specifying a type of AXFR. When an incremen‐
130              tal zone transfer (IXFR) is required, set the  type  to  ixfr=N.
131              The  incremental  zone transfer contains all changes made to the
132              zone since the serial number in the zone's SOA record was N.
133
134              All resource record types can be expressed as TYPEnn,  where  nn
135              is  the  number  of the type. If the resource record type is not
136              supported in BIND 9, the result is displayed as described in RFC
137              3597.
138
139       -u     This  option indicates that print query times should be provided
140              in microseconds instead of milliseconds.
141
142       -v     This option prints the version number and exits.
143
144       -x addr
145              This option sets simplified reverse  lookups,  for  mapping  ad‐
146              dresses  to names. The addr is an IPv4 address in dotted-decimal
147              notation, or a colon-delimited IPv6 address. When the -x  option
148              is  used,  there is no need to provide the name, class, and type
149              arguments.  dig automatically performs a lookup for a name  like
150              94.2.0.192.in-addr.arpa and sets the query type and class to PTR
151              and IN respectively. IPv6 addresses are looked up  using  nibble
152              format under the IP6.ARPA domain.
153
154       -y [hmac:]keyname:secret
155              This  option signs queries using TSIG with the given authentica‐
156              tion key.  keyname is the name of the key,  and  secret  is  the
157              base64-encoded  shared secret. hmac is the name of the key algo‐
158              rithm;  valid  choices  are  hmac-md5,  hmac-sha1,  hmac-sha224,
159              hmac-sha256,  hmac-sha384, or hmac-sha512. If hmac is not speci‐
160              fied, the default is hmac-md5; if MD5 was disabled, the  default
161              is hmac-sha256.
162
163       NOTE:
164          Only  the  -k  option should be used, rather than the -y option, be‐
165          cause with -y the shared secret is supplied as a command-line  argu‐
166          ment in clear text. This may be visible in the output from ps1 or in
167          a history file maintained by the user's shell.
168

QUERY OPTIONS

170       dig provides a number of query options which affect the  way  in  which
171       lookups  are made and the results displayed. Some of these set or reset
172       flag bits in the query header, some determine which sections of the an‐
173       swer  get  printed,  and others determine the timeout and retry strate‐
174       gies.
175
176       Each query option is identified by a keyword preceded by  a  plus  sign
177       (+). Some keywords set or reset an option; these may be preceded by the
178       string no to negate the meaning of that keyword. Other keywords  assign
179       values  to options, like the timeout interval. They have the form +key‐
180       word=value. Keywords may be abbreviated, provided the  abbreviation  is
181       unambiguous;  for  example, +cd is equivalent to +cdflag. The query op‐
182       tions are:
183
184       +aaflag, +noaaflag
185              This option is a synonym for +aaonly, +noaaonly.
186
187       +aaonly, +noaaonly
188              This option sets the aa flag in the query.
189
190       +additional, +noadditional
191              This option displays [or does not display] the  additional  sec‐
192              tion of a reply. The default is to display it.
193
194       +adflag, +noadflag
195              This  option  sets [or does not set] the AD (authentic data) bit
196              in the query. This requests the server to return whether all  of
197              the answer and authority sections have been validated as secure,
198              according to the security policy of the server.  AD=1  indicates
199              that all records have been validated as secure and the answer is
200              not from a OPT-OUT range. AD=0 indicates that some part  of  the
201              answer  was  insecure  or not validated.  This bit is set by de‐
202              fault.
203
204       +all, +noall
205              This option sets or clears all display flags.
206
207       +answer, +noanswer
208              This option displays [or does not display] the answer section of
209              a reply. The default is to display it.
210
211       +authority, +noauthority
212              This option displays [or does not display] the authority section
213              of a reply. The default is to display it.
214
215       +badcookie, +nobadcookie
216              This option retries the lookup with a new  server  cookie  if  a
217              BADCOOKIE response is received.
218
219       +besteffort, +nobesteffort
220              This  option  attempts to display the contents of messages which
221              are malformed. The default is to not display malformed answers.
222
223       +bufsize[=B]
224              This option sets the UDP message buffer  size  advertised  using
225              EDNS0  to B bytes.  The maximum and minimum sizes of this buffer
226              are 65535 and 0, respectively.  +bufsize  restores  the  default
227              buffer size.
228
229       +cd, +cdflag, +nocdflag
230              This  option  sets  [or does not set] the CD (checking disabled)
231              bit in the query. This requests the server to not perform DNSSEC
232              validation of responses.
233
234       +class, +noclass
235              This option displays [or does not display] the CLASS when print‐
236              ing the record.
237
238       +cmd, +nocmd
239              This option toggles the printing of the initial comment  in  the
240              output,  identifying  the  version  of dig and the query options
241              that have been applied. This option always has a global  effect;
242              it  cannot  be  set globally and then overridden on a per-lookup
243              basis. The default is to print this comment.
244
245       +comments, +nocomments
246              This option toggles the display of some  comment  lines  in  the
247              output, with information about the packet header and OPT pseudo‐
248              section, and the names of the response section. The  default  is
249              to print these comments.
250
251              Other  types  of comments in the output are not affected by this
252              option, but can be controlled using other command-line switches.
253              These include +cmd, +question, +stats, and +rrcomments.
254
255       +cookie=####, +nocookie
256              This  option sends [or does not send] a COOKIE EDNS option, with
257              an optional value. Replaying a COOKIE from a  previous  response
258              allows  the server to identify a previous client. The default is
259              +cookie.
260
261              +cookie is also set when +trace is set to better emulate the de‐
262              fault queries from a nameserver.
263
264       +crypto, +nocrypto
265              This  option  toggles  the  display  of  cryptographic fields in
266              DNSSEC records. The contents of these fields are unnecessary for
267              debugging  most  DNSSEC  validation  failures  and removing them
268              makes it easier to see the common failures. The  default  is  to
269              display  the  fields.  When  omitted,  they  are replaced by the
270              string [omitted] or, in the DNSKEY case, the key ID is displayed
271              as the replacement, e.g. [ key id = value ].
272
273       +defname, +nodefname
274              This  option,  which  is deprecated, is treated as a synonym for
275              +search, +nosearch.
276
277       +dns64prefix, +nodns64prefix
278              Lookup IPV4ONLY.ARPA AAAA and print any DNS64 prefixes found.
279
280       +dnssec, +do, +nodnssec, +nodo
281              This option requests that DNSSEC records be sent by setting  the
282              DNSSEC  OK  (DO) bit in the OPT record in the additional section
283              of the query.
284
285       +domain=somename
286              This option sets the search list to contain  the  single  domain
287              somename,  as  if  specified  in  a domain directive in /etc/re‐
288              solv.conf, and enables search list processing as if the  +search
289              option were given.
290
291       +dscp=value
292              This  option  formerly  set  the  DSCP value used when sending a
293              query.  It is now obsolete, and has no effect.
294
295       +edns[=#], +noedns
296              This option specifies the EDNS version to query with. Valid val‐
297              ues are 0 to 255.  Setting the EDNS version causes an EDNS query
298              to be sent.  +noedns clears the remembered EDNS version. EDNS is
299              set to 0 by default.
300
301       +ednsflags[=#], +noednsflags
302              This  option  sets  the must-be-zero EDNS flags bits (Z bits) to
303              the specified value.  Decimal, hex, and octal encodings are  ac‐
304              cepted.  Setting a named flag (e.g., DO) is silently ignored. By
305              default, no Z bits are set.
306
307       +ednsnegotiation, +noednsnegotiation
308              This option enables/disables EDNS version  negotiation.  By  de‐
309              fault, EDNS version negotiation is enabled.
310
311       +ednsopt[=code[:value]], +noednsopt
312              This  option  specifies the EDNS option with code point code and
313              an optional payload of value as a hexadecimal string.  code  can
314              be  either  an EDNS option name (for example, NSID or ECS) or an
315              arbitrary numeric value. +noednsopt clears the EDNS  options  to
316              be sent.
317
318       +expire, +noexpire
319              This option sends an EDNS Expire option.
320
321       +fail, +nofail
322              This  option  indicates  that  named should try [or not try] the
323              next server if a SERVFAIL is received. The default is to not try
324              the  next  server,  which is the reverse of normal stub resolver
325              behavior.
326
327       +fuzztime[=value], +nofuzztime
328              This option allows the signing time to be specified when  gener‐
329              ating  signed  messages.  If a value is specified it is the sec‐
330              onds since 00:00:00 January 1, 1970 UTC ignoring  leap  seconds.
331              If  no  value  is specified 1646972129 (Fri 11 Mar 2022 04:15:29
332              UTC) is used.  The default is +nofuzztime and the  current  time
333              is used.
334
335       +header-only, +noheader-only
336              This  option  sends a query with a DNS header without a question
337              section. The default is to add a  question  section.  The  query
338              type and query name are ignored when this is set.
339
340       +https[=value], +nohttps
341              This  option  indicates whether to use DNS over HTTPS (DoH) when
342              querying name servers.  When this option is  in  use,  the  port
343              number defaults to 443.  The HTTP POST request mode is used when
344              sending the query.
345
346              If value is specified, it will be used as the HTTP  endpoint  in
347              the  query  URI; the default is /dns-query. So, for example, dig
348              @example.com   +https   will   use   the    URI    https://exam
349              ple.com/dns-query.
350
351       +https-get[=value], +nohttps-get
352              Similar to +https, except that the HTTP GET request mode is used
353              when sending the query.
354
355       +https-post[=value], +nohttps-post
356              Same as +https.
357
358       +http-plain[=value], +nohttp-plain
359              Similar to +https, except that HTTP queries will be sent over  a
360              non-encrypted channel. When this option is in use, the port num‐
361              ber defaults to 80 and the HTTP request mode is POST.
362
363       +http-plain-get[=value], +nohttp-plain-get
364              Similar to +http-plain, except that the  HTTP  request  mode  is
365              GET.
366
367       +http-plain-post[=value], +nohttp-plain-post
368              Same as +http-plain.
369
370       +identify, +noidentify
371              This  option  shows  [or  does not show] the IP address and port
372              number that supplied the answer, when the +short option  is  en‐
373              abled.  If  short form answers are requested, the default is not
374              to show the source address and port number of  the  server  that
375              provided the answer.
376
377       +idnin, +noidnin
378              This  option processes [or does not process] IDN domain names on
379              input. This requires IDN SUPPORT to have been enabled at compile
380              time.
381
382              The  default  is  to process IDN input when standard output is a
383              tty.  The IDN processing on input is disabled when dig output is
384              redirected to files, pipes, and other non-tty file descriptors.
385
386       +idnout, +noidnout
387              This  option converts [or does not convert] puny code on output.
388              This requires IDN SUPPORT to have been enabled at compile time.
389
390              The default is to process puny code on output when standard out‐
391              put  is  a  tty.  The puny code processing on output is disabled
392              when dig output is redirected to files, pipes, and other non-tty
393              file descriptors.
394
395       +ignore, +noignore
396              This  option  ignores [or does not ignore] truncation in UDP re‐
397              sponses instead of retrying with TCP. By  default,  TCP  retries
398              are performed.
399
400       +keepalive, +nokeepalive
401              This option sends [or does not send] an EDNS Keepalive option.
402
403       +keepopen, +nokeepopen
404              This option keeps [or does not keep] the TCP socket open between
405              queries, and reuses it rather than creating a new TCP socket for
406              each lookup. The default is +nokeepopen.
407
408       +multiline, +nomultiline
409              This  option  prints  [or  does not print] records, like the SOA
410              records, in a verbose multi-line format with human-readable com‐
411              ments.  The  default is to print each record on a single line to
412              facilitate machine parsing of the dig output.
413
414       +ndots=D
415              This option sets the number of dots (D) that must appear in name
416              for  it to be considered absolute. The default value is that de‐
417              fined using the ndots statement in /etc/resolv.conf, or 1 if  no
418              ndots  statement  is  present.  Names with fewer dots are inter‐
419              preted as relative names, and are searched for  in  the  domains
420              listed  in the search or domain directive in /etc/resolv.conf if
421              +search is set.
422
423       +nsid, +nonsid
424              When enabled, this option includes an EDNS name  server  ID  re‐
425              quest when sending a query.
426
427       +nssearch, +nonssearch
428              When  this option is set, dig attempts to find the authoritative
429              name servers for the zone containing the name being  looked  up,
430              and  display  the  SOA  record that each name server has for the
431              zone.  Addresses of  servers  that  did  not  respond  are  also
432              printed.
433
434       +onesoa, +noonesoa
435              When  enabled, this option prints only one (starting) SOA record
436              when performing an AXFR. The default is to print both the start‐
437              ing and ending SOA records.
438
439       +opcode=value, +noopcode
440              When enabled, this option sets (restores) the DNS message opcode
441              to the specified value. The default value is QUERY (0).
442
443       +padding=value
444              This option pads the size of the query  packet  using  the  EDNS
445              Padding  option  to  blocks  of  value bytes. For example, +pad‐
446              ding=32 causes a 48-byte query to be padded to 64 bytes. The de‐
447              fault  block  size  is 0, which disables padding; the maximum is
448              512. Values are ordinarily expected to be powers of two, such as
449              128; however, this is not mandatory. Responses to padded queries
450              may also be padded, but only  if  the  query  uses  TCP  or  DNS
451              COOKIE.
452
453       +qid=value
454              This option specifies the query ID to use when sending queries.
455
456       +qr, +noqr
457              This  option  toggles  the display of the query message as it is
458              sent. By default, the query is not printed.
459
460       +question, +noquestion
461              This option toggles the display of the  question  section  of  a
462              query  when  an  answer is returned. The default is to print the
463              question section as a comment.
464
465       +raflag, +noraflag
466              This option sets [or does not set] the RA (Recursion  Available)
467              bit  in the query. The default is +noraflag. This bit is ignored
468              by the server for QUERY.
469
470       +rdflag, +nordflag
471              This option is a synonym for +recurse, +norecurse.
472
473       +recurse, +norecurse
474              This option toggles the setting of the  RD  (recursion  desired)
475              bit  in  the query.  This bit is set by default, which means dig
476              normally sends recursive  queries.  Recursion  is  automatically
477              disabled when the +nssearch or +trace query option is used.
478
479       +retry=T
480              This  option  sets  the  number  of  times  to retry UDP and TCP
481              queries to server to  T  instead  of  the  default,  2.   Unlike
482              +tries, this does not include the initial query.
483
484       +rrcomments, +norrcomments
485              This  option  toggles  the display of per-record comments in the
486              output (for example, human-readable key information about DNSKEY
487              records).  The  default  is  not to print record comments unless
488              multiline mode is active.
489
490       +search, +nosearch
491              This option uses [or does not use] the search  list  defined  by
492              the  searchlist  or domain directive in resolv.conf, if any. The
493              search list is not used by default.
494
495              ndots from resolv.conf (default 1), which may be  overridden  by
496              +ndots,  determines  whether the name is treated as relative and
497              hence whether a search is eventually performed.
498
499       +short, +noshort
500              This option toggles whether a terse answer is provided. The  de‐
501              fault  is to print the answer in a verbose form. This option al‐
502              ways has a global effect; it cannot be  set  globally  and  then
503              overridden on a per-lookup basis.
504
505       +showbadcookie, +noshowbadcookie
506              This  option  toggles whether to show the message containing the
507              BADCOOKIE rcode before retrying the request or not. The  default
508              is to not show the messages.
509
510       +showsearch, +noshowsearch
511              This  option performs [or does not perform] a search showing in‐
512              termediate results.
513
514       +sigchase, +nosigchase
515              This feature is now obsolete and has been removed; use delv  in‐
516              stead.
517
518       +split=W
519              This  option  splits long hex- or base64-formatted fields in re‐
520              source records into chunks of W characters (where W  is  rounded
521              up  to  the  nearest multiple of 4). +nosplit or +split=0 causes
522              fields not to be split at all. The default is 56 characters,  or
523              44 characters when multiline mode is active.
524
525       +stats, +nostats
526              This  option  toggles the printing of statistics: when the query
527              was made, the size of the reply, etc. The default behavior is to
528              print the query statistics as a comment after each lookup.
529
530       +subnet=addr[/prefix-length], +nosubnet
531              This  option  sends [or does not send] an EDNS CLIENT-SUBNET op‐
532              tion with the specified IP address or network prefix.
533
534              dig +subnet=0.0.0.0/0, or simply dig +subnet=0 for short,  sends
535              an  EDNS CLIENT-SUBNET option with an empty address and a source
536              prefix-length  of  zero,  which  signals  a  resolver  that  the
537              client's  address  information  must  not be used when resolving
538              this query.
539
540       +tcflag, +notcflag
541              This option sets [or does not set] the TC  (TrunCation)  bit  in
542              the  query. The default is +notcflag. This bit is ignored by the
543              server for QUERY.
544
545       +tcp, +notcp
546              This option indicates whether to  use  TCP  when  querying  name
547              servers.   The  default behavior is to use UDP unless a type any
548              or ixfr=N query is requested, in which case the default is  TCP.
549              AXFR queries always use TCP. To prevent retry over TCP when TC=1
550              is returned from a UDP query, use +ignore.
551
552       +timeout=T
553              This option sets the timeout for a query to T seconds.  The  de‐
554              fault  timeout  is 5 seconds. An attempt to set T to less than 1
555              is silently set to 1.
556
557       +tls, +notls
558              This option indicates whether to use DNS  over  TLS  (DoT)  when
559              querying name servers. When this option is in use, the port num‐
560              ber defaults to 853.
561
562       +tls-ca[=file-name], +notls-ca
563              This option enables remote server TLS certificate validation for
564              DNS transports, relying on TLS. Certificate authorities certifi‐
565              cates are loaded from the specified PEM file (file-name). If the
566              file  is not specified, the default certificates from the global
567              certificates store are used.
568
569       +tls-certfile=file-name,    +tls-keyfile=file-name,    +notls-certfile,
570       +notls-keyfile
571              These  options set the state of certificate-based client authen‐
572              tication for DNS transports, relying on  TLS.  Both  certificate
573              chain  file  and private key file are expected to be in PEM for‐
574              mat.  Both options must be specified at the same time.
575
576       +tls-hostname=hostname, +notls-hostname
577              This option makes dig use the provided  hostname  during  remote
578              server  TLS  certificate verification. Otherwise, the DNS server
579              name is used. This option has no effect if +tls-ca is not speci‐
580              fied.
581
582       +topdown, +notopdown
583              This  feature is related to dig +sigchase, which is obsolete and
584              has been removed. Use delv instead.
585
586       +trace, +notrace
587              This option toggles tracing of the delegation path from the root
588              name  servers  for the name being looked up. Tracing is disabled
589              by default. When tracing is enabled, dig makes iterative queries
590              to  resolve  the name being looked up. It follows referrals from
591              the root servers, showing the answer from each server  that  was
592              used to resolve the lookup.
593
594              If  @server is also specified, it affects only the initial query
595              for the root zone name servers.
596
597              +dnssec is also set when +trace is set, to  better  emulate  the
598              default queries from a name server.
599
600       +tries=T
601              This  option sets the number of times to try UDP and TCP queries
602              to server to T instead of the default, 3. If T is less  than  or
603              equal to zero, the number of tries is silently rounded up to 1.
604
605       +trusted-key=####
606              This  option  formerly  specified  trusted keys for use with dig
607              +sigchase. This feature is now obsolete and  has  been  removed;
608              use delv instead.
609
610       +ttlid, +nottlid
611              This option displays [or does not display] the TTL when printing
612              the record.
613
614       +ttlunits, +nottlunits
615              This option displays [or does not display] the TTL  in  friendly
616              human-readable  time  units  of  s, m, h, d, and w, representing
617              seconds, minutes, hours, days, and weeks. This implies +ttlid.
618
619       +unknownformat, +nounknownformat
620              This option prints all RDATA in  unknown  RR  type  presentation
621              format  (RFC  3597).   The  default  is to print RDATA for known
622              types in the type's presentation format.
623
624       +vc, +novc
625              This option uses [or  does  not  use]  TCP  when  querying  name
626              servers. This alternate syntax to +tcp is provided for backwards
627              compatibility. The vc stands for "virtual circuit."
628
629       +yaml, +noyaml
630              When enabled, this option prints the responses (and, if  +qr  is
631              in use, also the outgoing queries) in a detailed YAML format.
632
633       +zflag, +nozflag
634              This  option  sets  [or  does  not  set] the last unassigned DNS
635              header flag in a DNS query.  This flag is off by default.
636

MULTIPLE QUERIES

638       The BIND 9 implementation of dig supports specifying  multiple  queries
639       on  the  command  line (in addition to supporting the -f batch file op‐
640       tion). Each of those queries can be supplied with its own set of flags,
641       options, and query options.
642
643       In this case, each query argument represents an individual query in the
644       command-line syntax described above. Each consists of any of the  stan‐
645       dard  options  and  flags,  the name to be looked up, an optional query
646       type and class, and any query options that should be  applied  to  that
647       query.
648
649       A  global set of query options, which should be applied to all queries,
650       can also be supplied. These global query options must precede the first
651       tuple  of name, class, type, options, flags, and query options supplied
652       on the command line. Any global query options (except +cmd  and  +short
653       options)  can  be  overridden by a query-specific set of query options.
654       For example:
655
656          dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
657
658       shows how dig can be used from the command line to make three  lookups:
659       an  ANY  query  for  www.isc.org,  a reverse lookup of 127.0.0.1, and a
660       query for the NS records of isc.org. A global query option  of  +qr  is
661       applied,  so  that dig shows the initial query it made for each lookup.
662       The final query has a local query option of +noqr which means that  dig
663       does  not  print  the initial query when it looks up the NS records for
664       isc.org.
665

IDN SUPPORT

667       If dig has been built with IDN (internationalized domain name) support,
668       it  can  accept  and  display non-ASCII domain names. dig appropriately
669       converts character encoding of a domain name before sending  a  request
670       to a DNS server or displaying a reply from the server.  To turn off IDN
671       support, use the parameters +idnin and +idnout, or define the  IDN_DIS‐
672       ABLE environment variable.
673

RETURN CODES

675       dig return codes are:
676
677       0      DNS response received, including NXDOMAIN status
678
679       1      Usage error
680
681       8      Couldn't open batch file
682
683       9      No reply from server
684
685       10     Internal error
686

FILES

688       /etc/resolv.conf
689
690       ${HOME}/.digrc
691

SEE ALSO

693       delv(1), host(1), named(8), dnssec-keygen(8), RFC 1035.
694

BUGS

696       There are probably too many query options.
697

AUTHOR

699       Internet Systems Consortium
700
702       2023, Internet Systems Consortium
703
704
705
706
7079.18.11                                                                 DIG(1)
Impressum