dig man page on SunOS

Man page or keyword search:  
man Server   20652 pages
apropos Keyword Search (all sections)
Output format
SunOS logo
[printable version]

dig(1M)			System Administration Commands		       dig(1M)

NAME
       dig - DNS lookup utility

SYNOPSIS
       dig [@server] [-b address] [-c class] [-f filename]
	    [-k filename] [-m] [-p port#] [-q name] [-t type] [-x addr]
	    [-y [hmac:]name:key] [-4] [-6] [name] [type] [class] [queryopt]...

       dig [-h]

       dig [global-queryopt...] [query...]

DESCRIPTION
       The  dig	 utility  (domain  information	groper) is a flexible tool for
       interrogating DNS name servers. It performs DNS	lookups	 and  displays
       the  answers  that  are	returned  from	the  name  server(s) that were
       queried. Most DNS administrators use dig to troubleshoot	 DNS  problems
       because	of  its	 flexibility, ease of use and clarity of output. Other
       lookup tools tend to have less functionality than dig.

       Although dig is normally used with command-line arguments, it also  has
       a  batch	 mode  of operation for reading lookup requests from a file. A
       brief summary of its command-line arguments and options is printed when
       the  -h option is specified. Unlike earlier versions, the BIND 9 imple‐
       mentation of dig allows multiple lookups to be issued from the  command
       line.

       Unless  it  is  told to query a specific name server, dig tries each of
       the servers listed in /etc/resolv.conf.

       When no command line arguments or options are given, dig performs an NS
       query for "." (the root).

       It  is  possible	 to set per-user defaults for dig with ${HOME}/.digrc.
       This file is read and any options in it are applied before the  command
       line arguments.

       The  IN and CH class names overlap with the IN and CH top level domains
       names. Either use the -t and -c options to specify the type and	class,
       or use "IN." and "CH." when looking up these top level domains.

   Simple Usage
       The following is a typical invocation of dig:

	 dig @server name type

       where:

       server

	   The	name or IP address of the name server to query. This can be an
	   IPv4 address in dotted-decimal  notation  or	 an  IPv6  address  in
	   colon-delimited  notation.  When  the supplied server argument is a
	   hostname, dig resolves that name before querying that name  server.
	   If  no  server  argument is provided, dig consults /etc/resolv.conf
	   and queries the name servers listed there. The reply from the  name
	   server that responds is displayed.

       name

	   The name of the resource record that is to be looked up.

       type

	   Indicates  what  type  of query is required (ANY, A, MX, SIG, among
	   others.) type can be any valid query type. If no type  argument  is
	   supplied, dig performs a lookup for an A record.

OPTIONS
       The following options are supported:

       -4

	   Use	only  IPv4 transport. By default both IPv4 and IPv6 transports
	   can be used. Options -4 and -6 are mutually exclusive.

       -6

	   Use only IPv6 transport. By default both IPv4 and  IPv6  transports
	   can be used. Options -4 and -6 are mutually exclusive.

       -b address

	   Set	the  source IP address of the query to address. This must be a
	   valid address on one of the host's network interfaces or 0.0.0.0 or
	   ::. An optional port may be specified by appending: #<port>

       -c class

	   Override the default query class (IN for internet). The class argu‐
	   ment is any valid class, such as HS for Hesiod records  or  CH  for
	   CHAOSNET records.

       -f filename

	   Operate  in	batch  mode  by	 reading  a list of lookup requests to
	   process from the file filename.  The	 file  contains	 a  number  of
	   queries,  one  per line. Each entry in the file should be organized
	   in the same way they would be presented as queries to dig using the
	   command-line interface.

       -h

	   Print a brief summary of command-line arguments and options.

       -k filename

	   Specify  a  transaction  signature  (TSIG) key file to sign the DNS
	   queries sent by dig and their responses using TSIGs.

       -m

	   Enable memory usage debugging.

       -p port#

	   Query a non-standard port number. The port# argument	 is  the  port
	   number  that dig sends its queries instead of the standard DNS port
	   number 53. This option tests a name server that has been configured
	   to listen for queries on a non-standard port number.

       -q name

	   Sets	 the  query name to name. This can be useful in that the query
	   name can be easily distinguished from other arguments.

       -t type

	   Set the query type to type, which can be any valid query type  sup‐
	   ported  in  BIND9. The default query type "A", unless the -x option
	   is supplied to indicate a reverse lookup. A zone  transfer  can  be
	   requested  by  specifying  a type of AXFR. When an incremental zone
	   transfer (IXFR) is required, type is set to ixfr=N. The incremental
	   zone	 transfer  will contain the changes made to the zone since the
	   serial number in the zone's SOA record was N.

       -x addr

	   Simplify reverse lookups (mapping addresses to names	 ).  The  addr
	   argument is an IPv4 address in dotted-decimal notation, or a colon-
	   delimited IPv6 address. When this option is used, there is no  need
	   to  provide	the  name,  class  and type arguments. The dig utility
	   automatically performs a lookup for	a  name	 like  11.12.13.10.in-
	   addr.arpa  and sets the query type and class to PTR and IN, respec‐
	   tively. By default, IPv6 addresses are looked up using nibble  for‐
	   mat	under  the  IP6.ARPA  domain.  To use the older RFC1886 method
	   using the IP6.INT domain, specify the -i option. Bit string	labels
	   (RFC 2874) are now experimental and are not attempted.

       -y [hmac:]name:key

	   Specify  a  transaction  signature  (TSIG) key on the command line.
	   This is done to sign the DNS queries sent by dig, as well as	 their
	   responses.  You can also specify the TSIG key itself on the command
	   line using the -y option. The optional hmac is the  type  of	 TSIG;
	   the	default is HMAC-MD5. The name argument is the name of the TSIG
	   key and the key argument is the actual key. The key	is  a  base-64
	   encoded string, typically generated by dnssec-keygen(1M).

	   Caution should be taken when using the -y option on multi-user sys‐
	   tems, since the key can be visible in the output from ps(1)	or  in
	   the	shell's history file. When using TSIG authentication with dig,
	   the name server that is queried needs to know the key and algorithm
	   that	 is being used. In BIND, this is done by providing appropriate
	   key and server statements in named.conf.

QUERY OPTIONS
       The dig utility provides a number of query options which affect the way
       in  which lookups are made and the results displayed. Some of these set
       or reset flag bits in the query header, some determine  which  sections
       of  the	answer get printed, and others determine the timeout and retry
       strategies.

       Each query option is identified by a keyword preceded by	 a  plus  sign
       (+). Some keywords set or reset an option. These may be preceded by the
       string no to negate the meaning of that keyword. Other keywords	assign
       values  to  options like the timeout interval. They have the form +key‐
       word=value. The query options are:

       +[no]tcp

	   Use [do not use] TCP when querying name servers. The default behav‐
	   iour	 is  to	 use UDP unless an AXFR or IXFR query is requested, in
	   which case a TCP connection is used.

       +[no]vc

	   Use [do not use] TCP when querying  name  servers.  This  alternate
	   syntax  to  +[no]tcp	 is  provided for backwards compatibility. The
	   "vc" stands for "virtual circuit".

       +[no]ignore

	   Ignore truncation in UDP responses instead of retrying with TCP. By
	   default, TCP retries are performed.

       +domain=somename

	   Set	the  search  list to contain the single domain somename, as if
	   specified in a domain directive  in	/etc/resolv.conf,  and	enable
	   search list processing as if the +search option were given.

       +[no]search

	   Use	[do  not  use]	the  search  list defined by the searchlist or
	   domain directive in resolv.conf (if any). The search	 list  is  not
	   used by default.

       +[no]showsearch

	   Perform [do not perform] a search showing intermediate results.

       +[no]defname

	   Deprecated, treated as a synonym for +[no]search.

       +[no]aaonly

	   Sets the aa flag in the query.

       +[no]aaflag

	   A synonym for +[no]aaonly.

       +[no]adflag

	   Set	[do  not  set]	the AD (authentic data) bit in the query. This
	   requests that the server return, regardless of whether all  of  the
	   answer  and	authority  sections  have all been validated as secure
	   according to the security policy of the server. A setting  of  AD=1
	   indicates  that  all	 records have been validated as secure and the
	   answer is not from an OPT-OUT range. AD=0 indicates that some  part
	   of the answer is insecure or not validated.

       +[no]cdflag

	   Set	[do not set] the CD (checking disabled) bit in the query. This
	   requests the server to not perform DNSSEC validation of responses.

       +[no]cl

	   Display [do not display] the CLASS when printing the record.

       +[no]ttlid

	   Display [do not display] the TTL when printing the record.

       +[no]recurse

	   Toggle the setting of the RD (recursion desired) bit in the	query.
	   This	 bit  is set by default, which means dig normally sends recur‐
	   sive	 queries.  Recursion  is  automatically	 disabled   when   the
	   +nssearch or +trace query options are used.

       +[no]nssearch

	   When	 this  option  is  set, dig attempts to find the authoritative
	   name servers for the zone containing the name being looked  up  and
	   display the SOA record that each name server has for the zone.

       +[no]trace

	   Toggle  tracing  of	the delegation path from the root name servers
	   for the name being looked up. Tracing is disabled by default.  When
	   tracing is enabled, dig makes iterative queries to resolve the name
	   being looked up. It will follow referrals from  the	root  servers,
	   showing  the	 answer	 from each server that was used to resolve the
	   lookup.

       +[no]cmd

	   Toggle the printing of the initial comment in the output  identify‐
	   ing	the  version  of  dig  and  the	 query	options that have been
	   applied. This comment is printed by default.

       +[no]short

	   Provide a terse answer. The default is to print  the	 answer	 in  a
	   verbose form.

       +[no]identify

	   Show	 [or do not show] the IP address and port number that supplied
	   the answer when the +short option is enabled. If short form answers
	   are	requested,  the	 default is not to show the source address and
	   port number of the server that provided the answer.

       +[no]comments

	   Toggle the display of comment lines in the output. The  default  is
	   to print comments.

       +[no]stats

	   Toggle  the	printing  of  statistics: when the query was made, the
	   size of the reply and so on. The default behaviour is to print  the
	   query statistics.

       +[no]qr

	   Print [do not print] the query as it is sent. By default, the query
	   is not printed.

       +[no]question

	   Print [do not print] the question section of a query when an answer
	   is returned. The default is to print the question section as a com‐
	   ment.

       +[no]answer

	   Display [do not display] the answer section of a reply. The default
	   is to display it.

       +[no]authority

	   Display  [do	 not  display]	the  authority section of a reply. The
	   default is to display it.

       +[no]additional

	   Display [do not display] the additional section  of	a  reply.  The
	   default is to display it.

       +[no]all

	   Set or clear all display flags.

       +time=T

	   Sets	 the timeout for a query to T seconds. The default time out is
	   5 seconds. An attempt to set T to less than	1  will	 result	 in  a
	   query timeout of 1 second being applied.

       +tries=T

	   Sets the maximum number of UDP attempts to T. The default number is
	   3 (1 initial attempt followed by 2 retries). If T is less  than  or
	   equal to zero, the number of retries is silently rounded up to 1.

       +retry=T

	   Sets the number of UDP retries to T. The default is 2.

       +ndots=D

	   Set	the  number of dots that have to appear in name to D for it to
	   be considered absolute. The default value is that defined using the
	   ndots  statement in /etc/resolv.conf, or 1 if no ndots statement is
	   present. Names with fewer dots are interpreted  as  relative	 names
	   and	will  be  searched  for in the domains listed in the search or
	   domain directive in /etc/resolv.conf.

       +bufsize=B

	   Set the UDP message buffer size advertised using EDNS0 to B	bytes.
	   The	maximum	 and  minimum  sizes  of  this	buffer are 65535 and 0
	   respectively. Values outside this range  are	 rounded  up  or  down
	   appropriately.

       +edns=#

	   Specify the EDNS version with which to query. Valid values are 0 to
	   255. Setting the EDNS version causes	 a  EDNS  query	 to  be	 sent.
	   +noedns clears the remembered EDNS version.

       +[no]multiline

	   Print  records  like the SOA records in a verbose multi-line format
	   with human-readable comments. The default is to print  each	record
	   on a single line, to facilitate machine parsing of the dig output.

       +[no]fail

	   Do  not  try the next server if you receive a SERVFAIL. The default
	   is to not try the next server which is the reverse of  normal  stub
	   resolver behavior.

       +[no]besteffort

	   Attempt  to	display	 the contents of messages which are malformed.
	   The default is to not display malformed answers.

       +[no]dnssec

	   Request DNSSEC records be sent by setting the DNSSEC OK bit (DO) in
	   the OPT record in the additional section of the query.

       +[no]sigchase

	   Chase  DNSSEC  signature  chains.  Requires	dig  be	 compiled with
	   -DDIG_SIGCHASE.

       +trusted-key=####

	   Specifies a file containing trusted keys to be used with +sigchase.
	   Each DNSKEY record must be on its own line.

	   If  not  specified  dig  will  look	for  /etc/trusted-key.key then
	   trusted-key.key in the current directory.

	   Requires dig be compiled with -DDIG_SIGCHASE.

       +[no]topdown

	   When chasing DNSSEC signature chains, perform  a  top-down  valida‐
	   tion. Requires dig be compiled with -DDIG_SIGCHASE.

       +[no]nsid

	   Include an EDNS name server ID request when sending a query.

MULTIPLE QUERIES
       The  BIND  9 implementation of dig supports specifying multiple queries
       on the command line (in	addition  to  supporting  the  -f  batch  file
       option).	 Each  of  those  queries  can be supplied with its own set of
       flags, options and query options.

       In this case, each query argument represent an individual query in  the
       command-line  syntax described above. Each consists of any of the stan‐
       dard options and flags, the name to be looked  up,  an  optional	 query
       type,  and  class  and any query options that should be applied to that
       query.

       A global set of query options, which should be applied to all  queries,
       can also be supplied. These global query options must precede the first
       tuple of name, class, type, options, flags, and query options  supplied
       on  the	command	 line.	Any  global query options (except the +[no]cmd
       option) can be overridden by a query-specific set of query options. For
       example:

	 dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr

       ...shows	 how  dig  could  be  used from the command line to make three
       lookups: an ANY query for www.isc.org, a reverse	 lookup	 of  127.0.0.1
       and a query for the NS records of isc.org. A global query option of +qr
       is applied, so that dig shows  the  initial  query  it  made  for  each
       lookup.	The  final query has a local query option of +noqr which means
       that dig will not print the initial query  when	it  looks  up  the  NS
       records for isc.org.

FILES
       /etc/resolv.conf

	   Resolver configuration file

       ${HOME}/.digrc

	   User-defined configuration file

ATTRIBUTES
       See attributes(5) for descriptions of the following attributes:

       ┌─────────────────────────────┬─────────────────────────────┐
       │      ATTRIBUTE TYPE	     │	    ATTRIBUTE VALUE	   │
       ├─────────────────────────────┼─────────────────────────────┤
       │Availability		     │network/dns/bind		   │
       ├─────────────────────────────┼─────────────────────────────┤
       │Interface Stability	     │Volatile			   │
       └─────────────────────────────┴─────────────────────────────┘

SEE ALSO
       dnssec-keygen(1M), host(1M), named(1M), nslookup(1M), attributes(5)

       RFC 1035

       See the BIND 9 Administrator's Reference Manual. As of the date of pub‐
       lication	 of  this  man	 page,	 this	document   is	available   at
       https://www.isc.org/software/bind/documentation.

BUGS
       There are probably too many query options.

NOTES
       nslookup(1M)  and  dig  now  report  "Not Implemented" as NOTIMP rather
       than NOTIMPL. This will have impact on scripts  that  are  looking  for
       NOTIMPL.

SunOS 5.10			  11 Jan 2010			       dig(1M)
[top]

List of man pages available for SunOS

Copyright (c) for man pages and the logo by the respective OS vendor.

For those who want to learn more, the polarhome community provides shell access and support.

[legal] [privacy] [GNU] [policy] [cookies] [netiquette] [sponsors] [FAQ]
Tweet
Polarhome, production since 1999.
Member of Polarhome portal.
Based on Fawad Halim's script.
....................................................................
Vote for polarhome
Free Shell Accounts :: the biggest list on the net