1DIG(1) BIND 9 DIG(1)
2
6 dig - DNS lookup utility
7
9 dig [@server] [-b address] [-c class] [-f filename] [-k filename] [-m]
10 [-p port#] [-q name] [-t type] [-v] [-x addr] [-y [hmac:]name:key] [
11 [-4] | [-6] ] [name] [type] [class] [queryopt...]
12 dig [-h]
14 dig [global-queryopt...] [query...]
16
18 dig is a flexible tool for interrogating DNS name servers. It performs
19 DNS lookups and displays the answers that are returned from the name
20 server(s) that were queried. Most DNS administrators use dig to trou‐
21 bleshoot DNS problems because of its flexibility, ease of use, and
22 clarity of output. Other lookup tools tend to have less functionality
23 than dig.
24 Although dig is normally used with command-line arguments, it also has
26 a batch mode of operation for reading lookup requests from a file. A
27 brief summary of its command-line arguments and options is printed when
28 the -h option is given. The BIND 9 implementation of dig allows multi‐
29 ple lookups to be issued from the command line.
30 Unless it is told to query a specific name server, dig tries each of
32 the servers listed in /etc/resolv.conf. If no usable server addresses
33 are found, dig sends the query to the local host.
34 When no command-line arguments or options are given, dig performs an NS
36 query for "." (the root).
37 It is possible to set per-user defaults for dig via ${HOME}/.digrc.
39 This file is read and any options in it are applied before the com‐
40 mand-line arguments. The -r option disables this feature, for scripts
41 that need predictable behavior.
42 The IN and CH class names overlap with the IN and CH top-level domain
44 names. Either use the -t and -c options to specify the type and class,
45 use the -q to specify the domain name, or use "IN." and "CH." when
46 looking up these top-level domains.
47
49 A typical invocation of dig looks like:
50 dig @server name type
52 where:
54 server is the name or IP address of the name server to query. This can
56 be an IPv4 address in dotted-decimal notation or an IPv6 address
57 in colon-delimited notation. When the supplied server argument
58 is a hostname, dig resolves that name before querying that name
59 server.
60 If no server argument is provided, dig consults /etc/re‐
62 solv.conf; if an address is found there, it queries the name
63 server at that address. If either of the -4 or -6 options are in
64 use, then only addresses for the corresponding transport are
65 tried. If no usable addresses are found, dig sends the query to
66 the local host. The reply from the name server that responds is
67 displayed.
68 name is the name of the resource record that is to be looked up.
70 type indicates what type of query is required - ANY, A, MX, SIG, etc.
72 type can be any valid query type. If no type argument is sup‐
73 plied, dig performs a lookup for an A record.
74
76 -4 This option indicates that only IPv4 should be used.
77 -6 This option indicates that only IPv6 should be used.
79 -b address[#port]
81 This option sets the source IP address of the query. The address
82 must be a valid address on one of the host's network interfaces,
83 or "0.0.0.0" or "::". An optional port may be specified by ap‐
84 pending #port.
85 -c class
87 This option sets the query class. The default class is IN; other
88 classes are HS for Hesiod records or CH for Chaosnet records.
89 -f file
91 This option sets batch mode, in which dig reads a list of lookup
92 requests to process from the given file. Each line in the file
93 should be organized in the same way it would be presented as a
94 query to dig using the command-line interface.
95 -h Print a usage summary.
97 -k keyfile
99 This option tells dig to sign queries using TSIG or SIG(0) using
100 a key read from the given file. Key files can be generated using
101 tsig-keygen. When using TSIG authentication with dig, the name
102 server that is queried needs to know the key and algorithm that
103 is being used. In BIND, this is done by providing appropriate
104 key and server statements in named.conf for TSIG and by looking
105 up the KEY record in zone data for SIG(0).
106 -m This option enables memory usage debugging.
108 -p port
110 This option sends the query to a non-standard port on the
111 server, instead of the default port 53. This option is used to
112 test a name server that has been configured to listen for
113 queries on a non-standard port number.
114 -q name
116 This option specifies the domain name to query. This is useful
117 to distinguish the name from other arguments.
118 -r This option indicates that options from ${HOME}/.digrc should
120 not be read. This is useful for scripts that need predictable
121 behavior.
122 -t type
124 This option indicates the resource record type to query, which
125 can be any valid query type. If it is a resource record type
126 supported in BIND 9, it can be given by the type mnemonic (such
127 as NS or AAAA). The default query type is A, unless the -x op‐
128 tion is supplied to indicate a reverse lookup. A zone transfer
129 can be requested by specifying a type of AXFR. When an incremen‐
130 tal zone transfer (IXFR) is required, set the type to ixfr=N.
131 The incremental zone transfer contains all changes made to the
132 zone since the serial number in the zone's SOA record was N.
133 All resource record types can be expressed as TYPEnn, where nn
135 is the number of the type. If the resource record type is not
136 supported in BIND 9, the result is displayed as described in RFC
137 3597.
138 -u This option indicates that print query times should be provided
140 in microseconds instead of milliseconds.
141 -v This option prints the version number and exits.
143 -x addr
145 This option sets simplified reverse lookups, for mapping ad‐
146 dresses to names. The addr is an IPv4 address in dotted-decimal
147 notation, or a colon-delimited IPv6 address. When the -x option
148 is used, there is no need to provide the name, class, and type
149 arguments. dig automatically performs a lookup for a name like
150 94.2.0.192.in-addr.arpa and sets the query type and class to PTR
151 and IN respectively. IPv6 addresses are looked up using nibble
152 format under the IP6.ARPA domain.
153 -y [hmac:]keyname:secret
155 This option signs queries using TSIG with the given authentica‐
156 tion key. keyname is the name of the key, and secret is the
157 base64-encoded shared secret. hmac is the name of the key algo‐
158 rithm; valid choices are hmac-md5, hmac-sha1, hmac-sha224,
159 hmac-sha256, hmac-sha384, or hmac-sha512. If hmac is not speci‐
160 fied, the default is hmac-md5; if MD5 was disabled, the default
161 is hmac-sha256.
162 NOTE:
164 Only the -k option should be used, rather than the -y option, be‐
165 cause with -y the shared secret is supplied as a command-line argu‐
166 ment in clear text. This may be visible in the output from ps1 or in
167 a history file maintained by the user's shell.
168
170 dig provides a number of query options which affect the way in which
171 lookups are made and the results displayed. Some of these set or reset
172 flag bits in the query header, some determine which sections of the an‐
173 swer get printed, and others determine the timeout and retry strate‐
174 gies.
175 Each query option is identified by a keyword preceded by a plus sign
177 (+). Some keywords set or reset an option; these may be preceded by the
178 string no to negate the meaning of that keyword. Other keywords assign
179 values to options, like the timeout interval. They have the form +key‐
180 word=value. Keywords may be abbreviated, provided the abbreviation is
181 unambiguous; for example, +cd is equivalent to +cdflag. The query op‐
182 tions are:
183 +aaflag, +noaaflag
185 This option is a synonym for +aaonly, +noaaonly.
186 +aaonly, +noaaonly
188 This option sets the aa flag in the query.
189 +additional, +noadditional
191 This option displays [or does not display] the additional sec‐
192 tion of a reply. The default is to display it.
193 +adflag, +noadflag
195 This option sets [or does not set] the AD (authentic data) bit
196 in the query. This requests the server to return whether all of
197 the answer and authority sections have been validated as secure,
198 according to the security policy of the server. AD=1 indicates
199 that all records have been validated as secure and the answer is
200 not from a OPT-OUT range. AD=0 indicates that some part of the
201 answer was insecure or not validated. This bit is set by de‐
202 fault.
203 +all, +noall
205 This option sets or clears all display flags.
206 +answer, +noanswer
208 This option displays [or does not display] the answer section of
209 a reply. The default is to display it.
210 +authority, +noauthority
212 This option displays [or does not display] the authority section
213 of a reply. The default is to display it.
214 +badcookie, +nobadcookie
216 This option retries the lookup with a new server cookie if a
217 BADCOOKIE response is received.
218 +besteffort, +nobesteffort
220 This option attempts to display the contents of messages which
221 are malformed. The default is to not display malformed answers.
222 +bufsize[=B]
224 This option sets the UDP message buffer size advertised using
225 EDNS0 to B bytes. The maximum and minimum sizes of this buffer
226 are 65535 and 0, respectively. +bufsize restores the default
227 buffer size.
228 +cd, +cdflag, +nocdflag
230 This option sets [or does not set] the CD (checking disabled)
231 bit in the query. This requests the server to not perform DNSSEC
232 validation of responses.
233 +class, +noclass
235 This option displays [or does not display] the CLASS when print‐
236 ing the record.
237 +cmd, +nocmd
239 This option toggles the printing of the initial comment in the
240 output, identifying the version of dig and the query options
241 that have been applied. This option always has a global effect;
242 it cannot be set globally and then overridden on a per-lookup
243 basis. The default is to print this comment.
244 +comments, +nocomments
246 This option toggles the display of some comment lines in the
247 output, with information about the packet header and OPT pseudo‐
248 section, and the names of the response section. The default is
249 to print these comments.
250 Other types of comments in the output are not affected by this
252 option, but can be controlled using other command-line switches.
253 These include +cmd, +question, +stats, and +rrcomments.
254 +cookie=####, +nocookie
256 This option sends [or does not send] a COOKIE EDNS option, with
257 an optional value. Replaying a COOKIE from a previous response
258 allows the server to identify a previous client. The default is
259 +cookie.
260 +cookie is also set when +trace is set to better emulate the de‐
262 fault queries from a nameserver.
263 +crypto, +nocrypto
265 This option toggles the display of cryptographic fields in
266 DNSSEC records. The contents of these fields are unnecessary for
267 debugging most DNSSEC validation failures and removing them
268 makes it easier to see the common failures. The default is to
269 display the fields. When omitted, they are replaced by the
270 string [omitted] or, in the DNSKEY case, the key ID is displayed
271 as the replacement, e.g. [ key id = value ].
272 +defname, +nodefname
274 This option, which is deprecated, is treated as a synonym for
275 +search, +nosearch.
276 +dns64prefix, +nodns64prefix
278 Lookup IPV4ONLY.ARPA AAAA and print any DNS64 prefixes found.
279 +dnssec, +do, +nodnssec, +nodo
281 This option requests that DNSSEC records be sent by setting the
282 DNSSEC OK (DO) bit in the OPT record in the additional section
283 of the query.
284 +domain=somename
286 This option sets the search list to contain the single domain
287 somename, as if specified in a domain directive in /etc/re‐
288 solv.conf, and enables search list processing as if the +search
289 option were given.
290 +dscp=value
292 This option formerly set the DSCP value used when sending a
293 query. It is now obsolete, and has no effect.
294 +edns[=#], +noedns
296 This option specifies the EDNS version to query with. Valid val‐
297 ues are 0 to 255. Setting the EDNS version causes an EDNS query
298 to be sent. +noedns clears the remembered EDNS version. EDNS is
299 set to 0 by default.
300 +ednsflags[=#], +noednsflags
302 This option sets the must-be-zero EDNS flags bits (Z bits) to
303 the specified value. Decimal, hex, and octal encodings are ac‐
304 cepted. Setting a named flag (e.g., DO) is silently ignored. By
305 default, no Z bits are set.
306 +ednsnegotiation, +noednsnegotiation
308 This option enables/disables EDNS version negotiation. By de‐
309 fault, EDNS version negotiation is enabled.
310 +ednsopt[=code[:value]], +noednsopt
312 This option specifies the EDNS option with code point code and
313 an optional payload of value as a hexadecimal string. code can
314 be either an EDNS option name (for example, NSID or ECS) or an
315 arbitrary numeric value. +noednsopt clears the EDNS options to
316 be sent.
317 +expire, +noexpire
319 This option sends an EDNS Expire option.
320 +fail, +nofail
322 This option indicates that named should try [or not try] the
323 next server if a SERVFAIL is received. The default is to not try
324 the next server, which is the reverse of normal stub resolver
325 behavior.
326 +fuzztime[=value], +nofuzztime
328 This option allows the signing time to be specified when gener‐
329 ating signed messages. If a value is specified it is the sec‐
330 onds since 00:00:00 January 1, 1970 UTC ignoring leap seconds.
331 If no value is specified 1646972129 (Fri 11 Mar 2022 04:15:29
332 UTC) is used. The default is +nofuzztime and the current time
333 is used.
334 +header-only, +noheader-only
336 This option sends a query with a DNS header without a question
337 section. The default is to add a question section. The query
338 type and query name are ignored when this is set.
339 +https[=value], +nohttps
341 This option indicates whether to use DNS over HTTPS (DoH) when
342 querying name servers. When this option is in use, the port
343 number defaults to 443. The HTTP POST request mode is used when
344 sending the query.
345 If value is specified, it will be used as the HTTP endpoint in
347 the query URI; the default is /dns-query. So, for example, dig
348 @example.com +https will use the URI https://exam‐
349 ple.com/dns-query.
350 +https-get[=value], +nohttps-get
352 Similar to +https, except that the HTTP GET request mode is used
353 when sending the query.
354 +https-post[=value], +nohttps-post
356 Same as +https.
357 +http-plain[=value], +nohttp-plain
359 Similar to +https, except that HTTP queries will be sent over a
360 non-encrypted channel. When this option is in use, the port num‐
361 ber defaults to 80 and the HTTP request mode is POST.
362 +http-plain-get[=value], +nohttp-plain-get
364 Similar to +http-plain, except that the HTTP request mode is
365 GET.
366 +http-plain-post[=value], +nohttp-plain-post
368 Same as +http-plain.
369 +identify, +noidentify
371 This option shows [or does not show] the IP address and port
372 number that supplied the answer, when the +short option is en‐
373 abled. If short form answers are requested, the default is not
374 to show the source address and port number of the server that
375 provided the answer.
376 +idnin, +noidnin
378 This option processes [or does not process] IDN domain names on
379 input. This requires IDN SUPPORT to have been enabled at compile
380 time.
381 The default is to process IDN input when standard output is a
383 tty. The IDN processing on input is disabled when dig output is
384 redirected to files, pipes, and other non-tty file descriptors.
385 +idnout, +noidnout
387 This option converts [or does not convert] puny code on output.
388 This requires IDN SUPPORT to have been enabled at compile time.
389 The default is to process puny code on output when standard out‐
391 put is a tty. The puny code processing on output is disabled
392 when dig output is redirected to files, pipes, and other non-tty
393 file descriptors.
394 +ignore, +noignore
396 This option ignores [or does not ignore] truncation in UDP re‐
397 sponses instead of retrying with TCP. By default, TCP retries
398 are performed.
399 +keepalive, +nokeepalive
401 This option sends [or does not send] an EDNS Keepalive option.
402 +keepopen, +nokeepopen
404 This option keeps [or does not keep] the TCP socket open between
405 queries, and reuses it rather than creating a new TCP socket for
406 each lookup. The default is +nokeepopen.
407 +multiline, +nomultiline
409 This option prints [or does not print] records, like the SOA
410 records, in a verbose multi-line format with human-readable com‐
411 ments. The default is to print each record on a single line to
412 facilitate machine parsing of the dig output.
413 +ndots=D
415 This option sets the number of dots (D) that must appear in name
416 for it to be considered absolute. The default value is that de‐
417 fined using the ndots statement in /etc/resolv.conf, or 1 if no
418 ndots statement is present. Names with fewer dots are inter‐
419 preted as relative names, and are searched for in the domains
420 listed in the search or domain directive in /etc/resolv.conf if
421 +search is set.
422 +nsid, +nonsid
424 When enabled, this option includes an EDNS name server ID re‐
425 quest when sending a query.
426 +nssearch, +nonssearch
428 When this option is set, dig attempts to find the authoritative
429 name servers for the zone containing the name being looked up,
430 and display the SOA record that each name server has for the
431 zone. Addresses of servers that did not respond are also
432 printed.
433 +onesoa, +noonesoa
435 When enabled, this option prints only one (starting) SOA record
436 when performing an AXFR. The default is to print both the start‐
437 ing and ending SOA records.
438 +opcode=value, +noopcode
440 When enabled, this option sets (restores) the DNS message opcode
441 to the specified value. The default value is QUERY (0).
442 +padding=value
444 This option pads the size of the query packet using the EDNS
445 Padding option to blocks of value bytes. For example, +pad‐
446 ding=32 causes a 48-byte query to be padded to 64 bytes. The de‐
447 fault block size is 0, which disables padding; the maximum is
448 512. Values are ordinarily expected to be powers of two, such as
449 128; however, this is not mandatory. Responses to padded queries
450 may also be padded, but only if the query uses TCP or DNS
451 COOKIE.
452 +qid=value
454 This option specifies the query ID to use when sending queries.
455 +qr, +noqr
457 This option toggles the display of the query message as it is
458 sent. By default, the query is not printed.
459 +question, +noquestion
461 This option toggles the display of the question section of a
462 query when an answer is returned. The default is to print the
463 question section as a comment.
464 +raflag, +noraflag
466 This option sets [or does not set] the RA (Recursion Available)
467 bit in the query. The default is +noraflag. This bit is ignored
468 by the server for QUERY.
469 +rdflag, +nordflag
471 This option is a synonym for +recurse, +norecurse.
472 +recurse, +norecurse
474 This option toggles the setting of the RD (recursion desired)
475 bit in the query. This bit is set by default, which means dig
476 normally sends recursive queries. Recursion is automatically
477 disabled when the +nssearch or +trace query option is used.
478 +retry=T
480 This option sets the number of times to retry UDP and TCP
481 queries to server to T instead of the default, 2. Unlike
482 +tries, this does not include the initial query.
483 +rrcomments, +norrcomments
485 This option toggles the display of per-record comments in the
486 output (for example, human-readable key information about DNSKEY
487 records). The default is not to print record comments unless
488 multiline mode is active.
489 +search, +nosearch
491 This option uses [or does not use] the search list defined by
492 the searchlist or domain directive in resolv.conf, if any. The
493 search list is not used by default.
494 ndots from resolv.conf (default 1), which may be overridden by
496 +ndots, determines whether the name is treated as relative and
497 hence whether a search is eventually performed.
498 +short, +noshort
500 This option toggles whether a terse answer is provided. The de‐
501 fault is to print the answer in a verbose form. This option al‐
502 ways has a global effect; it cannot be set globally and then
503 overridden on a per-lookup basis.
504 +showbadcookie, +noshowbadcookie
506 This option toggles whether to show the message containing the
507 BADCOOKIE rcode before retrying the request or not. The default
508 is to not show the messages.
509 +showsearch, +noshowsearch
511 This option performs [or does not perform] a search showing in‐
512 termediate results.
513 +sigchase, +nosigchase
515 This feature is now obsolete and has been removed; use delv in‐
516 stead.
517 +split=W
519 This option splits long hex- or base64-formatted fields in re‐
520 source records into chunks of W characters (where W is rounded
521 up to the nearest multiple of 4). +nosplit or +split=0 causes
522 fields not to be split at all. The default is 56 characters, or
523 44 characters when multiline mode is active.
524 +stats, +nostats
526 This option toggles the printing of statistics: when the query
527 was made, the size of the reply, etc. The default behavior is to
528 print the query statistics as a comment after each lookup.
529 +subnet=addr[/prefix-length], +nosubnet
531 This option sends [or does not send] an EDNS CLIENT-SUBNET op‐
532 tion with the specified IP address or network prefix.
533 dig +subnet=0.0.0.0/0, or simply dig +subnet=0 for short, sends
535 an EDNS CLIENT-SUBNET option with an empty address and a source
536 prefix-length of zero, which signals a resolver that the
537 client's address information must not be used when resolving
538 this query.
539 +tcflag, +notcflag
541 This option sets [or does not set] the TC (TrunCation) bit in
542 the query. The default is +notcflag. This bit is ignored by the
543 server for QUERY.
544 +tcp, +notcp
546 This option indicates whether to use TCP when querying name
547 servers. The default behavior is to use UDP unless a type any
548 or ixfr=N query is requested, in which case the default is TCP.
549 AXFR queries always use TCP. To prevent retry over TCP when TC=1
550 is returned from a UDP query, use +ignore.
551 +timeout=T
553 This option sets the timeout for a query to T seconds. The de‐
554 fault timeout is 5 seconds. An attempt to set T to less than 1
555 is silently set to 1.
556 +tls, +notls
558 This option indicates whether to use DNS over TLS (DoT) when
559 querying name servers. When this option is in use, the port num‐
560 ber defaults to 853.
561 +tls-ca[=file-name], +notls-ca
563 This option enables remote server TLS certificate validation for
564 DNS transports, relying on TLS. Certificate authorities certifi‐
565 cates are loaded from the specified PEM file (file-name). If the
566 file is not specified, the default certificates from the global
567 certificates store are used.
568 +tls-certfile=file-name, +tls-keyfile=file-name, +notls-certfile,
570 +notls-keyfile
571 These options set the state of certificate-based client authen‐
572 tication for DNS transports, relying on TLS. Both certificate
573 chain file and private key file are expected to be in PEM for‐
574 mat. Both options must be specified at the same time.
575 +tls-hostname=hostname, +notls-hostname
577 This option makes dig use the provided hostname during remote
578 server TLS certificate verification. Otherwise, the DNS server
579 name is used. This option has no effect if +tls-ca is not speci‐
580 fied.
581 +topdown, +notopdown
583 This feature is related to dig +sigchase, which is obsolete and
584 has been removed. Use delv instead.
585 +trace, +notrace
587 This option toggles tracing of the delegation path from the root
588 name servers for the name being looked up. Tracing is disabled
589 by default. When tracing is enabled, dig makes iterative queries
590 to resolve the name being looked up. It follows referrals from
591 the root servers, showing the answer from each server that was
592 used to resolve the lookup.
593 If @server is also specified, it affects only the initial query
595 for the root zone name servers.
596 +dnssec is also set when +trace is set, to better emulate the
598 default queries from a name server.
599 +tries=T
601 This option sets the number of times to try UDP and TCP queries
602 to server to T instead of the default, 3. If T is less than or
603 equal to zero, the number of tries is silently rounded up to 1.
604 +trusted-key=####
606 This option formerly specified trusted keys for use with dig
607 +sigchase. This feature is now obsolete and has been removed;
608 use delv instead.
609 +ttlid, +nottlid
611 This option displays [or does not display] the TTL when printing
612 the record.
613 +ttlunits, +nottlunits
615 This option displays [or does not display] the TTL in friendly
616 human-readable time units of s, m, h, d, and w, representing
617 seconds, minutes, hours, days, and weeks. This implies +ttlid.
618 +unknownformat, +nounknownformat
620 This option prints all RDATA in unknown RR type presentation
621 format (RFC 3597). The default is to print RDATA for known
622 types in the type's presentation format.
623 +vc, +novc
625 This option uses [or does not use] TCP when querying name
626 servers. This alternate syntax to +tcp is provided for backwards
627 compatibility. The vc stands for "virtual circuit."
628 +yaml, +noyaml
630 When enabled, this option prints the responses (and, if +qr is
631 in use, also the outgoing queries) in a detailed YAML format.
632 +zflag, +nozflag
634 This option sets [or does not set] the last unassigned DNS
635 header flag in a DNS query. This flag is off by default.
636
638 The BIND 9 implementation of dig supports specifying multiple queries
639 on the command line (in addition to supporting the -f batch file op‐
640 tion). Each of those queries can be supplied with its own set of flags,
641 options, and query options.
642 In this case, each query argument represents an individual query in the
644 command-line syntax described above. Each consists of any of the stan‐
645 dard options and flags, the name to be looked up, an optional query
646 type and class, and any query options that should be applied to that
647 query.
648 A global set of query options, which should be applied to all queries,
650 can also be supplied. These global query options must precede the first
651 tuple of name, class, type, options, flags, and query options supplied
652 on the command line. Any global query options (except +cmd and +short
653 options) can be overridden by a query-specific set of query options.
654 For example:
655 dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
657 shows how dig can be used from the command line to make three lookups:
659 an ANY query for www.isc.org, a reverse lookup of 127.0.0.1, and a
660 query for the NS records of isc.org. A global query option of +qr is
661 applied, so that dig shows the initial query it made for each lookup.
662 The final query has a local query option of +noqr which means that dig
663 does not print the initial query when it looks up the NS records for
664 isc.org.
665
667 If dig has been built with IDN (internationalized domain name) support,
668 it can accept and display non-ASCII domain names. dig appropriately
669 converts character encoding of a domain name before sending a request
670 to a DNS server or displaying a reply from the server. To turn off IDN
671 support, use the parameters +idnin and +idnout, or define the IDN_DIS‐
672 ABLE environment variable.
673
675 dig return codes are:
676 0 DNS response received, including NXDOMAIN status
678 1 Usage error
680 8 Couldn't open batch file
682 9 No reply from server
684 10 Internal error
686
688 /etc/resolv.conf
689 ${HOME}/.digrc
691
693 delv(1), host(1), named(8), dnssec-keygen(8), RFC 1035.
694
696 There are probably too many query options.
697
699 Internet Systems Consortium
700
702 2023, Internet Systems Consortium
7039.18.11 DIG(1)