dig(1M) dig(1M)
NAME [Toc] [Back]
dig - domain information groper
SYNOPSIS [Toc] [Back]
dig [@server] [options] domain [query-type] [query-class]
[query-options]
dig [@global-server] [global-d-options] domain [@server] [options] [q-
options] [q-type] [q-class] [domain [@server ][options] [q-
options] [q-type] [q-class] [...]]
DESCRIPTION [Toc] [Back]
dig (domain information groper) is a flexible tool for interrogating
Domain Name System (DNS) servers. It performs DNS lookups and
displays the answers that are returned from the name server(s) that
were queried. Most DNS administrators use dig to troubleshoot DNS
problems because of its flexibility, ease of use, and clarity of
output. The dig command has two modes: simple command-line mode for
single or multiple queries and batch mode for reading lookup requests
from a file.
Arguments [Toc] [Back]
dig accepts the following arguments:
@server Specifies the DNS server that is queried in each query. If
a specific name server is not provided, dig will try each of
the servers listed in /etc/resolv.conf.
@global-server
Specifies the name of the server that is used in multiple
queries to provide a single server for all the queries.
domain Specifies the domain name to look up.
query-type
Specifies the resource record types for DNS queries and
responses. The textual representation is used in master
files. The binary representation is used in DNS queries and
responses. The resource record types are:
a a host address (dotted quad). This is the default
value for query-type.
AAAA resource record type for IPv6 queries.
any request data of any type for a name.
axfr a request for a transfer of an entire zone.
hinfo host information.
Hewlett-Packard Company - 1 - HP-UX 11i Version 2: August 2003
dig(1M) dig(1M)
mx a mail exchange.
ns an authoritative name server.
soa marks the start of a zone of authority.
txt text strings.
Ensure that you use ixfr=version for type ixfr. ixfr
transfers only the incremental/changed data to the slave
servers when the data in the master server changes.
query-class
Classes are the fields that appear in resource records. The
values defined for a class are: IN (Internet), CS (CSNET),
CH (CHAOS), and HS (Hesiod). The default value for query-
class is IN.
query-option
Query options affect the way in which lookups are made and
how the results are displayed. Each query option is
identified by a keyword preceded by a +[no] See the "Query
Options" subsection below for details.
global-d-opt
Global domain query options control the lookup and display
of results for multiple queries and affect all queries.
Note that query options set globally can be overwritten by
query options set for each individual query.
options
-b This option is used to set the source IP address of the
query to address. This must be a valid address on one
of the host's network interfaces.
-f This option is used to perform batch processing. It
allows to group queries into one file and to pass this
file to dig for processing. Example: dig -f
/home/bind/some-file, where some-file contains all the
queries that need to be processed as a group.
-k This option is used to sign the DNS queries sent by dig
and their responses using transaction signatures
(TSIG).
-p This option can be used when you want to specify a
different port for dig to contact the name-server for
its queries.
Hewlett-Packard Company - 2 - HP-UX 11i Version 2: August 2003
dig(1M) dig(1M)
-x This option allows queries using an IP address instead
of a domain name. This option cannot be used with IPv6
addresses.
-y This option is used to specify the TSIG key on the
command line.
-t & -c
The -t (type) and -c (class) option. Equivalent to
query-type and query-class.
-h Displays usage information of the dig command.
A typical dig command is:
dig @server domain query-type
where @server is the name or IP address of the name server, which is
to be queried. An IPv4 address can be provided in a dotted-decimal
notation, xxx.xxx.xxx. dig resolves the host name before querying
that name server. If no argument is provided, dig consults
/etc/resolv.conf and queries the name servers listed there. The reply
from the name server that responds to the query is displayed.
domain is the name of the resource record, which is to be looked up.
query-type indicates the required query type ie., ANY, A, MX, SIG etc.
It can be any valid query type. The dig command will perform a lookup
for an A record if no query-type argument is specified.
Query Options [Toc] [Back]
dig uses a number of query options to affect lookups and to affect the
results that are displayed. Some options set or reset flag bits in
the query header, some options determine which sections of the answer
get displayed, and other options determine the timeout and retry
strategies.
Each query option is identified by a keyword preceded by +[no] which
causes an option to be set or reset or to negate the meaning of that
keyword. Other keywords assign values to options like the timeout
interval. They have the form +keyword=value. The query options are:
+[no]tcp Use [or do not use] TCP when querying name servers. The
default behavior is to use UDP unless an AXFR or IXFR query
is requested, in which case a TCP connection is used.
+[no]vc Use [or do not use] virtual circuit when querying name
servers. This alternate syntax to +[no]tcp is provided for
backwards compatibility.
Hewlett-Packard Company - 3 - HP-UX 11i Version 2: August 2003
dig(1M) dig(1M)
+[no]ignore
Ignore [or do not ignore] truncation in UDP responses
instead of retrying with TCP. By default, TCP retries are
performed.
+domain=somename
Set the default domain to somename as it is specified in a
directive in the /etc/resolv.conf file.
+[no]search
Use [or do not use] the search list in /etc/resolv.conf (if
any). The search list is not used by default.
+[no]defname
Use [or do not use] the default domain name, if any, in the
/etc/resolv.conf file while making queries. By default,
this name is not appended to name while making queries.
+[no]aaonly
Authenticate [or do not authenticate] the client when it
queries a server. If this option is set, whenever a client
tries querying a server, the client will be subjected to an
authentication check to make sure that the client has
sufficient permissions to query the server.
+[no]adflag
Set [or do not set] the AD (authenticate data) bit in the
query. The AD bit currently has a standard meaning only in
responses and not in queries. The ability to set the bit in
the query is provided for completeness.
+[no]cdflag
Set [or do not set] the CD (checking disabled) bit in the
query. This requests the server not to perform DNSSEC
validation of responses.
+[no]recursive
Set [or do not set] the RD (recursion desired) bit in the
query. This bit is set by default, which means dig normally
sends recursive queries. Recursion is automatically
disabled when the +nssearch or +trace query options are
used.
+[no]nssearch
Attempt [or do not attempt] to find the authoritative name
servers for the zone containing the name being looked up and
display the SOA record that each name server has for the
zone.
+[no]trace
Trace [or do not trace] the delegation path from the root
Hewlett-Packard Company - 4 - HP-UX 11i Version 2: August 2003
dig(1M) dig(1M)
name servers for the name being looked up. Tracing is
disabled by default. When tracing is enabled, dig makes
iterative queries to resolve the name that is being looked
up. It will follow referrals from the root servers, showing
the answer from each server that was used to resolve the
lookup.
+[no]cmd +[no]comment dig and the query options that have been
applied. The comment is included in the answer section by
default.
+[no]short
Display [or do not display] a short answer. The query
results can be displayed in two forms: Complete and Short
answers. In the short form, only the result will be
displayed whereas in the complete form, additional
information (like info about other servers that might answer
your query) is also included. By default, the answer is
printed in a verbose form.
+[no]identify
Show [or do not show] the IP address and port number that
supplied the answer when the +short option is enabled. If
short form answers are requested, source address and port
number of the server that provided the answer are not shown
by default.
+[no]comments
Display [or do not display] comment lines in the output. By
default, the comments are printed.
+[no]stats
Print [or do not print] statistics such as the size of the
reply when the query was made. By default, the query
characteristics are printed.
+[no]qr Print [or do not print] the query before actually sending
the query. By default, the query is not printed.
+[no]question
Print [or do not print] the question section of a query when
an answer is returned. By default, the question section is
printed as a comment.
+[no]answer
Display [or do not display] the answer section of a reply.
By default, the answer section is printed.
+[no]authority
Display [or do not display] the authority section of a
reply. By default, the authority section is displayed.
Hewlett-Packard Company - 5 - HP-UX 11i Version 2: August 2003
dig(1M) dig(1M)
+[no]additional
Display [or do not display] the additional section of a
reply. By default, the additional section is displayed.
+[no]multiline
Print records like the SOA records in a verbose multi-line
format with human-readable comments. The default is to print
each record on a single line, thereby facilitating machine
parsing of the dig output.
+[no]all Set or clear all display flags.
+time=T Set the timeout for a query to T seconds. The default
timeout is 5 seconds, and 1 second is the minimum value to
which T can be set. Even if you try setting T to a value
less than 1, T will be set to 1 second.
+tries=A This option sets the number of times to retry UDP queries to
server to A instead of the default, 3. If A is less than or
equal to zero, then the number of retries is set to 1.
+ndots=D Set the number of dots that appear in hostname to D. The
default value is to use either the ndots statement in
/etc/resolv.conf or 1 if no ndots statement is present.
Names with fewer dots are interpreted as relative names and
will be searched for, in the domains listed in the search or
the domain directive in the /etc/resolv.conf file.
+bufsize=B
Set the UDP message buffer size advertised using EDNS0 to B
bytes. The maximum and minimum sizes of this buffer are
65535 and 0 respectively. If the B size is specified
outside of this range, then the size is rounded up or down
appropriately.
Multiple Queries [Toc] [Back]
dig allows multiple queries on the command line (in addition to
supporting the -f batch file option). Each of those queries can be
supplied with its own set of options, query class, query type and
query options.
A global set of query options, which should be applied to all queries
can also be supplied via global-d-options.
These global query options must precede the first set of domain,
class, type, options, and query options supplied on the command line.
Any global query options can be overridden by a query-specific set of
query options for each individual query.
For example:
Hewlett-Packard Company - 6 - HP-UX 11i Version 2: August 2003
dig(1M) dig(1M)
dig +qr www.bind.org any -x 127.0.0.1 bind.org ns +noqr
shows how dig can be used from the command line to make three lookups:
www.bind.org any
An ANY query for domain name www.bind.org.
-x 127.0.0.1
A reverse lookup of 127.0.0.1
bind.org ns +noqr
A name server lookup for domain bind.org, suppressing
the query display for this query only (+noqr).
EXAMPLES [Toc] [Back]
1. To look up information about domain a.example.com using DNSServer
10.53.0.2 asking for host address a records:
/usr/bin/dig +tcp +noadd +nosea +nostat +noquest +nocmd -p 5300
a.example.com @10.53.0.2 a
2. To query a.example.com using DNS-Server 10.53.0.2 without
authentication, asking for a records:
/usr/bin/dig +tcp +noadd +nosea +nostat +noquest +nocmd +noauth
-p 5300 a.example.com @10.53.0.2 a
3. To request a transfer:
/usr/bin/dig +tcp +noadd +nosea +nostat +noquest +nocomm +nocmd
example.com @10.53.0.2 axfr -p 5300
4. To request a transfer with Transaction Signature (TSIG):
/usr/bin/dig +tcp +noadd +nosea +nostat +noquest +nocomm +nocmd
tsigzone.com @10.53.0.3 axfr -y tsigzone.com:1234abcd8765 -p 5300
where 1234abcd8765 is the key.
To secure server-to-server communication BINDv9 primarily uses TSIG
for zone transfer, notify, and recursive query messages. TSIG is very
useful for dynamic updates.
SEE ALSO [Toc] [Back]
dnssec-keygen(1), dnssec-makekeyset(1), dnssec-signkey(1), dnssecsignzone(1), host(1), nsupdate(1), hosts_to_named(1M), lwresd(1M),
named(1M), gethostent(3N), hostname(5).
Hewlett-Packard Company - 7 - HP-UX 11i Version 2: August 2003 [ Back ] |
