1MDIG(1) BIND 9 MDIG(1)
2
3
4
6 mdig - DNS pipelined lookup utility
7
9 mdig {@server} [-f filename] [-h] [-v] [ [-4] | [-6] ] [-m] [-b ad‐
10 dress] [-p port#] [-c class] [-t type] [-i] [-x addr] [plusopt...]
11
12 mdig {-h}
13
14 mdig [@server] {global-opt...} { {local-opt...} {query} ...}
15
17 mdig is a multiple/pipelined query version of dig: instead of waiting
18 for a response after sending each query, it begins by sending all
19 queries. Responses are displayed in the order in which they are re‐
20 ceived, not in the order the corresponding queries were sent.
21
22 mdig options are a subset of the dig options, and are divided into
23 "anywhere options," which can occur anywhere, "global options," which
24 must occur before the query name (or they are ignored with a warning),
25 and "local options," which apply to the next query on the command line.
26
27 The @server option is a mandatory global option. It is the name or IP
28 address of the name server to query. (Unlike dig, this value is not re‐
29 trieved from /etc/resolv.conf.) It can be an IPv4 address in dot‐
30 ted-decimal notation, an IPv6 address in colon-delimited notation, or a
31 hostname. When the supplied server argument is a hostname, mdig re‐
32 solves that name before querying the name server.
33
34 mdig provides a number of query options which affect the way in which
35 lookups are made and the results displayed. Some of these set or reset
36 flag bits in the query header, some determine which sections of the an‐
37 swer get printed, and others determine the timeout and retry strate‐
38 gies.
39
40 Each query option is identified by a keyword preceded by a plus sign
41 (+). Some keywords set or reset an option. These may be preceded by the
42 string no to negate the meaning of that keyword. Other keywords assign
43 values to options like the timeout interval. They have the form +key‐
44 word=value.
45
47 -f This option makes mdig operate in batch mode by reading a list
48 of lookup requests to process from the file filename. The file
49 contains a number of queries, one per line. Each entry in the
50 file should be organized in the same way they would be presented
51 as queries to mdig using the command-line interface.
52
53 -h This option causes mdig to print detailed help information, with
54 the full list of options, and exit.
55
56 -v This option causes mdig to print the version number and exit.
57
59 -4 This option forces mdig to only use IPv4 query transport.
60
61 -6 This option forces mdig to only use IPv6 query transport.
62
63 -b address
64 This option sets the source IP address of the query to address.
65 This must be a valid address on one of the host's network inter‐
66 faces or "0.0.0.0" or "::". An optional port may be specified by
67 appending "#<port>"
68
69 -m This option enables memory usage debugging.
70
71 -p port#
72 This option is used when a non-standard port number is to be
73 queried. port# is the port number that mdig sends its queries
74 to, instead of the standard DNS port number 53. This option is
75 used to test a name server that has been configured to listen
76 for queries on a non-standard port number.
77
78 The global query options are:
79
80 +additional, +noadditional
81 This option displays [or does not display] the additional sec‐
82 tion of a reply. The default is to display it.
83
84 +all, +noall
85 This option sets or clears all display flags.
86
87 +answer, +noanswer
88 This option displays [or does not display] the answer section of
89 a reply. The default is to display it.
90
91 +authority, +noauthority
92 This option displays [or does not display] the authority section
93 of a reply. The default is to display it.
94
95 +besteffort, +nobesteffort
96 This option attempts to display [or does not display] the con‐
97 tents of messages which are malformed. The default is to not
98 display malformed answers.
99
100 +burst This option delays queries until the start of the next second.
101
102 +cl, +nocl
103 This option displays [or does not display] the CLASS when print‐
104 ing the record.
105
106 +comments, +nocomments
107 This option toggles the display of comment lines in the output.
108 The default is to print comments.
109
110 +continue, +nocontinue
111 This option toggles continuation on errors (e.g. timeouts).
112
113 +crypto, +nocrypto
114 This option toggles the display of cryptographic fields in
115 DNSSEC records. The contents of these fields are unnecessary to
116 debug most DNSSEC validation failures and removing them makes it
117 easier to see the common failures. The default is to display the
118 fields. When omitted, they are replaced by the string "[omit‐
119 ted]"; in the DNSKEY case, the key ID is displayed as the re‐
120 placement, e.g., [ key id = value ].
121
122 +multiline, +nomultiline
123 This option toggles printing of records, like the SOA records,
124 in a verbose multi-line format with human-readable comments. The
125 default is to print each record on a single line, to facilitate
126 machine parsing of the mdig output.
127
128 +question, +noquestion
129 This option prints [or does not print] the question section of a
130 query when an answer is returned. The default is to print the
131 question section as a comment.
132
133 +rrcomments, +norrcomments
134 This option toggles the display of per-record comments in the
135 output (for example, human-readable key information about DNSKEY
136 records). The default is not to print record comments unless
137 multiline mode is active.
138
139 +short, +noshort
140 This option provides [or does not provide] a terse answer. The
141 default is to print the answer in a verbose form.
142
143 +split=W
144 This option splits long hex- or base64-formatted fields in re‐
145 source records into chunks of W characters (where W is rounded
146 up to the nearest multiple of 4). +nosplit or +split=0 causes
147 fields not to be split. The default is 56 characters, or 44
148 characters when multiline mode is active.
149
150 +tcp, +notcp
151 This option uses [or does not use] TCP when querying name
152 servers. The default behavior is to use UDP.
153
154 +ttlid, +nottlid
155 This option displays [or does not display] the TTL when printing
156 the record.
157
158 +ttlunits, +nottlunits
159 This option displays [or does not display] the TTL in friendly
160 human-readable time units of "s", "m", "h", "d", and "w", repre‐
161 senting seconds, minutes, hours, days, and weeks. This implies
162 +ttlid.
163
164 +vc, +novc
165 This option uses [or does not use] TCP when querying name
166 servers. This alternate syntax to +tcp is provided for backwards
167 compatibility. The vc stands for "virtual circuit".
168
170 -c class
171 This option sets the query class to class. It can be any valid
172 query class which is supported in BIND 9. The default query
173 class is "IN".
174
175 -t type
176 This option sets the query type to type. It can be any valid
177 query type which is supported in BIND 9. The default query type
178 is "A", unless the -x option is supplied to indicate a reverse
179 lookup with the "PTR" query type.
180
181 -x addr
182 Reverse lookups - mapping addresses to names - are simplified by
183 this option. addr is an IPv4 address in dotted-decimal notation,
184 or a colon-delimited IPv6 address. mdig automatically performs a
185 lookup for a query name like 11.12.13.10.in-addr.arpa and sets
186 the query type and class to PTR and IN respectively. By default,
187 IPv6 addresses are looked up using nibble format under the
188 IP6.ARPA domain.
189
190 The local query options are:
191
192 +aaflag, +noaaflag
193 This is a synonym for +aaonly, +noaaonly.
194
195 +aaonly, +noaaonly
196 This sets the aa flag in the query.
197
198 +adflag, +noadflag
199 This sets [or does not set] the AD (authentic data) bit in the
200 query. This requests the server to return whether all of the an‐
201 swer and authority sections have all been validated as secure,
202 according to the security policy of the server. AD=1 indicates
203 that all records have been validated as secure and the answer is
204 not from a OPT-OUT range. AD=0 indicates that some part of the
205 answer was insecure or not validated. This bit is set by de‐
206 fault.
207
208 +bufsize=B
209 This sets the UDP message buffer size advertised using EDNS0 to
210 B bytes. The maximum and minimum sizes of this buffer are 65535
211 and 0 respectively. Values outside this range are rounded up or
212 down appropriately. Values other than zero cause a EDNS query to
213 be sent.
214
215 +cdflag, +nocdflag
216 This sets [or does not set] the CD (checking disabled) bit in
217 the query. This requests the server to not perform DNSSEC vali‐
218 dation of responses.
219
220 +cookie=####, +nocookie
221 This sends [or does not send] a COOKIE EDNS option, with an op‐
222 tional value. Replaying a COOKIE from a previous response allows
223 the server to identify a previous client. The default is +no‐
224 cookie.
225
226 +dnssec, +nodnssec
227 This requests that DNSSEC records be sent by setting the DNSSEC
228 OK (DO) bit in the OPT record in the additional section of the
229 query.
230
231 +edns[=#], +noedns
232 This specifies [or does not specify] the EDNS version to query
233 with. Valid values are 0 to 255. Setting the EDNS version
234 causes an EDNS query to be sent. +noedns clears the remembered
235 EDNS version. EDNS is set to 0 by default.
236
237 +ednsflags[=#], +noednsflags
238 This sets the must-be-zero EDNS flag bits (Z bits) to the speci‐
239 fied value. Decimal, hex, and octal encodings are accepted.
240 Setting a named flag (e.g. DO) is silently ignored. By default,
241 no Z bits are set.
242
243 +ednsopt[=code[:value]], +noednsopt
244 This specifies [or does not specify] an EDNS option with code
245 point code and an optional payload of value as a hexadecimal
246 string. +noednsopt clears the EDNS options to be sent.
247
248 +expire, +noexpire
249 This toggles sending of an EDNS Expire option.
250
251 +nsid, +nonsid
252 This toggles inclusion of an EDNS name server ID request when
253 sending a query.
254
255 +recurse, +norecurse
256 This toggles the setting of the RD (recursion desired) bit in
257 the query. This bit is set by default, which means mdig nor‐
258 mally sends recursive queries.
259
260 +retry=T
261 This sets the number of times to retry UDP queries to server to
262 T instead of the default, 2. Unlike +tries, this does not in‐
263 clude the initial query.
264
265 +subnet=addr[/prefix-length], +nosubnet
266 This sends [or does not send] an EDNS Client Subnet option with
267 the specified IP address or network prefix.
268
269 mdig +subnet=0.0.0.0/0, or simply mdig +subnet=0
270 This sends an EDNS client-subnet option with an empty address
271 and a source prefix-length of zero, which signals a resolver
272 that the client's address information must not be used when re‐
273 solving this query.
274
275 +timeout=T
276 This sets the timeout for a query to T seconds. The default
277 timeout is 5 seconds for UDP transport and 10 for TCP. An at‐
278 tempt to set T to less than 1 results in a query timeout of 1
279 second being applied.
280
281 +tries=T
282 This sets the number of times to try UDP queries to server to T
283 instead of the default, 3. If T is less than or equal to zero,
284 the number of tries is silently rounded up to 1.
285
286 +udptimeout=T
287 This sets the timeout between UDP query retries to T.
288
289 +unknownformat, +nounknownformat
290 This prints [or does not print] all RDATA in unknown RR-type
291 presentation format (see RFC 3597). The default is to print
292 RDATA for known types in the type's presentation format.
293
294 +yaml, +noyaml
295 This toggles printing of the responses in a detailed YAML for‐
296 mat.
297
298 +zflag, +nozflag
299 This sets [or does not set] the last unassigned DNS header flag
300 in a DNS query. This flag is off by default.
301
303 dig(1), RFC 1035.
304
306 Internet Systems Consortium
307
309 2023, Internet Systems Consortium
310
311
312
313
3149.19.18 MDIG(1)