Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
DIG(1)				    BIND 9				DIG(1)

NAME
       dig - DNS lookup	utility

SYNOPSIS
       dig  [@server] [-b address] [-c class] [-f filename] [-k	filename] [-m]
       [-p port#] [-q name] [-t	type] [-v] [-x addr]  [-y  [hmac:]name:key]  [
       [-4] | [-6] ] [name] [type] [class] [queryopt...]

       dig [-h]

       dig [global-queryopt...]	[query...]

DESCRIPTION
       dig  is a flexible tool for interrogating DNS name servers. It performs
       DNS lookups and displays	the answers that are returned  from  the  name
       server(s)  that	were queried. Most DNS administrators use dig to trou-
       bleshoot	DNS problems because of	its  flexibility,  ease	 of  use,  and
       clarity	of  output. Other lookup tools tend to have less functionality
       than dig.

       Although	dig is normally	used with command-line arguments, it also  has
       a  batch	 mode  of operation for	reading	lookup requests	from a file. A
       brief summary of	its command-line arguments and options is printed when
       the  -h option is given.	The BIND 9 implementation of dig allows	multi-
       ple lookups to be issued	from the command line.

       Unless it is told to query a specific name server, dig  tries  each  of
       the  servers  listed in /etc/resolv.conf. If no usable server addresses
       are found, dig sends the	query to the local host.

       When no command-line arguments or options are given, dig	performs an NS
       query for "." (the root).

       It  is  possible	 to  set per-user defaults for dig via ${HOME}/.digrc.
       This file is read and any options in it are  applied  before  the  com-
       mand-line  arguments.  The -r option disables this feature, for scripts
       that need predictable behavior.

       The IN and CH class names overlap with the IN and CH  top-level	domain
       names.  Either use the -t and -c	options	to specify the type and	class,
       use the -q to specify the domain	name, or  use  "IN."  and  "CH."  when
       looking up these	top-level domains.

SIMPLE USAGE
       A typical invocation of dig looks like:

	  dig @server name type

       where:

       server is  the name or IP address of the	name server to query. This can
	      be an IPv4 address in dotted-decimal notation or an IPv6 address
	      in  colon-delimited  notation. When the supplied server argument
	      is a hostname, dig resolves that name before querying that  name
	      server.

	      If  no  server  argument	is  provided,  dig  consults  /etc/re-
	      solv.conf; if an address is found	there,	it  queries  the  name
	      server at	that address. If either	of the -4 or -6	options	are in
	      use, then	only addresses for  the	 corresponding	transport  are
	      tried.  If no usable addresses are found,	dig sends the query to
	      the local	host. The reply	from the name server that responds  is
	      displayed.

       name   is the name of the resource record that is to be looked up.

       type   indicates	what type of query is required - ANY, A, MX, SIG, etc.
	      type can be any valid query type.	If no type  argument  is  sup-
	      plied, dig performs a lookup for an A record.

OPTIONS
       -4     This option indicates that only IPv4 should be used.

       -6     This option indicates that only IPv6 should be used.

       -b address[#port]
	      This option sets the source IP address of	the query. The address
	      must be a	valid address on one of	the host's network interfaces,
	      or  "0.0.0.0"  or	"::". An optional port may be specified	by ap-
	      pending #port.

       -c class
	      This option sets the query class.	The default class is IN; other
	      classes are HS for Hesiod	records	or CH for Chaosnet records.

       -f file
	      This option sets batch mode, in which dig	reads a	list of	lookup
	      requests to process from the given file. Each line in  the  file
	      should  be  organized in the same	way it would be	presented as a
	      query to dig using the command-line interface.

       -h     Print a usage summary.

       -k keyfile
	      This option tells	named to sign queries using TSIG using	a  key
	      read  from  the  given  file.  Key  files	can be generated using
	      tsig-keygen. When	using TSIG authentication with dig,  the  name
	      server  that is queried needs to know the	key and	algorithm that
	      is being used. In	BIND, this is done  by	providing  appropriate
	      key and server statements	in named.conf.

       -m     This option enables memory usage debugging.

       -p port
	      This  option  sends  the	query  to  a  non-standard port	on the
	      server, instead of the default port 53. This option is  used  to
	      test  a  name  server  that  has	been  configured to listen for
	      queries on a non-standard	port number.

       -q name
	      This option specifies the	domain name to query. This  is	useful
	      to distinguish the name from other arguments.

       -r     This  option  indicates  that options from ${HOME}/.digrc	should
	      not be read. This	is useful for scripts  that  need  predictable
	      behavior.

       -t type
	      This  option  indicates the resource record type to query, which
	      can be any valid query type. If it is  a	resource  record  type
	      supported	 in BIND 9, it can be given by the type	mnemonic (such
	      as NS or AAAA). The default query	type is	A, unless the  -x  op-
	      tion  is	supplied to indicate a reverse lookup. A zone transfer
	      can be requested by specifying a type of AXFR. When an incremen-
	      tal  zone	 transfer  (IXFR) is required, set the type to ixfr=N.
	      The incremental zone transfer contains all changes made  to  the
	      zone since the serial number in the zone's SOA record was	N.

	      All  resource  record types can be expressed as TYPEnn, where nn
	      is the number of the type. If the	resource record	 type  is  not
	      supported	in BIND	9, the result is displayed as described	in RFC
	      3597.

       -u     This option indicates that print query times should be  provided
	      in microseconds instead of milliseconds.

       -v     This option prints the version number and	exits.

       -x addr
	      This  option  sets  simplified  reverse lookups, for mapping ad-
	      dresses to names.	The addr is an IPv4 address in	dotted-decimal
	      notation,	 or a colon-delimited IPv6 address. When the -x	option
	      is used, there is	no need	to provide the name, class,  and  type
	      arguments.   dig automatically performs a	lookup for a name like
	      94.2.0.192.in-addr.arpa and sets the query type and class	to PTR
	      and  IN  respectively. IPv6 addresses are	looked up using	nibble
	      format under the IP6.ARPA	domain.

       -y [hmac:]keyname:secret
	      This option signs	queries	using TSIG with	the given  authentica-
	      tion  key.   keyname  is	the name of the	key, and secret	is the
	      base64-encoded shared secret. hmac is the	name of	the key	 algo-
	      rithm;  valid  choices  are  hmac-md5,  hmac-sha1,  hmac-sha224,
	      hmac-sha256, hmac-sha384,	or hmac-sha512.	If hmac	is not	speci-
	      fied,  the default is hmac-md5; if MD5 was disabled, the default
	      is hmac-sha256.

       NOTE:
	  Only the -k option should be used, rather than the  -y  option,  be-
	  cause	 with -y the shared secret is supplied as a command-line argu-
	  ment in clear	text. This may be visible in the output	from ps1 or in
	  a history file maintained by the user's shell.

QUERY OPTIONS
       dig  provides  a	 number	of query options which affect the way in which
       lookups are made	and the	results	displayed. Some	of these set or	 reset
       flag bits in the	query header, some determine which sections of the an-
       swer get	printed, and others determine the timeout  and	retry  strate-
       gies.

       Each  query  option  is identified by a keyword preceded	by a plus sign
       (+). Some keywords set or reset an option; these	may be preceded	by the
       string  no to negate the	meaning	of that	keyword. Other keywords	assign
       values to options, like the timeout interval. They have the form	 +key-
       word=value.  Keywords  may be abbreviated, provided the abbreviation is
       unambiguous; for	example, +cd is	equivalent to +cdflag. The  query  op-
       tions are:

       +aaflag,	+noaaflag
	      This option is a synonym for +aaonly, +noaaonly.

       +aaonly,	+noaaonly
	      This option sets the aa flag in the query.

       +additional, +noadditional
	      This  option  displays [or does not display] the additional sec-
	      tion of a	reply. The default is to display it.

       +adflag,	+noadflag
	      This option sets [or does	not set] the AD	(authentic  data)  bit
	      in  the query. This requests the server to return	whether	all of
	      the answer and authority sections	have been validated as secure,
	      according	 to  the security policy of the	server.	AD=1 indicates
	      that all records have been validated as secure and the answer is
	      not  from	 a OPT-OUT range. AD=0 indicates that some part	of the
	      answer was insecure or not validated.  This bit is  set  by  de-
	      fault.

       +all, +noall
	      This option sets or clears all display flags.

       +answer,	+noanswer
	      This option displays [or does not	display] the answer section of
	      a	reply. The default is to display it.

       +authority, +noauthority
	      This option displays [or does not	display] the authority section
	      of a reply. The default is to display it.

       +badcookie, +nobadcookie
	      This  option  retries  the  lookup with a	new server cookie if a
	      BADCOOKIE	response is received.

       +besteffort, +nobesteffort
	      This option attempts to display the contents of  messages	 which
	      are malformed. The default is to not display malformed answers.

       +bufsize[=B]
	      This  option  sets  the UDP message buffer size advertised using
	      EDNS0 to B bytes.	 The maximum and minimum sizes of this	buffer
	      are  65535  and  0, respectively.	 +bufsize restores the default
	      buffer size.

       +cd, +cdflag, +nocdflag
	      This option sets [or does	not set] the  CD  (checking  disabled)
	      bit in the query.	This requests the server to not	perform	DNSSEC
	      validation of responses.

       +class, +noclass
	      This option displays [or does not	display] the CLASS when	print-
	      ing the record.

       +cmd, +nocmd
	      This  option  toggles the	printing of the	initial	comment	in the
	      output, identifying the version of dig  and  the	query  options
	      that  have been applied. This option always has a	global effect;
	      it cannot	be set globally	and then overridden  on	 a  per-lookup
	      basis. The default is to print this comment.

       +comments, +nocomments
	      This  option  toggles  the  display of some comment lines	in the
	      output, with information about the packet	header and OPT pseudo-
	      section,	and  the names of the response section.	The default is
	      to print these comments.

	      Other types of comments in the output are	not affected  by  this
	      option, but can be controlled using other	command-line switches.
	      These include +cmd, +question, +stats, and +rrcomments.

       +cookie=####, +nocookie
	      This option sends	[or does not send] a COOKIE EDNS option,  with
	      an  optional  value. Replaying a COOKIE from a previous response
	      allows the server	to identify a previous client. The default  is
	      +cookie.

	      +cookie is also set when +trace is set to	better emulate the de-
	      fault queries from a nameserver.

       +crypto,	+nocrypto
	      This option toggles  the	display	 of  cryptographic  fields  in
	      DNSSEC records. The contents of these fields are unnecessary for
	      debugging	most DNSSEC  validation	 failures  and	removing  them
	      makes  it	 easier	 to see	the common failures. The default is to
	      display the fields. When	omitted,  they	are  replaced  by  the
	      string [omitted] or, in the DNSKEY case, the key ID is displayed
	      as the replacement, e.g. [ key id	= value	].

       +defname, +nodefname
	      This option, which is deprecated,	is treated as  a  synonym  for
	      +search, +nosearch.

       +dns64prefix, +nodns64prefix
	      Lookup IPV4ONLY.ARPA AAAA	and print any DNS64 prefixes found.

       +dnssec,	+do, +nodnssec,	+nodo
	      This  option requests that DNSSEC	records	be sent	by setting the
	      DNSSEC OK	(DO) bit in the	OPT record in the  additional  section
	      of the query.

       +domain=somename
	      This  option  sets  the search list to contain the single	domain
	      somename,	as if specified	in  a  domain  directive  in  /etc/re-
	      solv.conf,  and enables search list processing as	if the +search
	      option were given.

       +dscp=value
	      This option sets the DSCP	code point to be used when sending the
	      query.  Valid DSCP code points are in the	range [0...63].	By de-
	      fault no code point is explicitly	set.

       +edns[=#], +noedns
	      This option specifies the	EDNS version to	query with. Valid val-
	      ues are 0	to 255.	 Setting the EDNS version causes an EDNS query
	      to be sent.  +noedns clears the remembered EDNS version. EDNS is
	      set to 0 by default.

       +ednsflags[=#], +noednsflags
	      This  option  sets  the must-be-zero EDNS	flags bits (Z bits) to
	      the specified value.  Decimal, hex, and octal encodings are  ac-
	      cepted.  Setting a named flag (e.g., DO) is silently ignored. By
	      default, no Z bits are set.

       +ednsnegotiation, +noednsnegotiation
	      This option enables/disables EDNS	version	 negotiation.  By  de-
	      fault, EDNS version negotiation is enabled.

       +ednsopt[=code[:value]],	+noednsopt
	      This  option  specifies the EDNS option with code	point code and
	      an optional payload of value as a	hexadecimal string.  code  can
	      be  either  an EDNS option name (for example, NSID or ECS) or an
	      arbitrary	numeric	value. +noednsopt clears the EDNS  options  to
	      be sent.

       +expire,	+noexpire
	      This option sends	an EDNS	Expire option.

       +fail, +nofail
	      This  option  indicates  that  named should try [or not try] the
	      next server if a SERVFAIL	is received. The default is to not try
	      the  next	 server,  which	is the reverse of normal stub resolver
	      behavior.

       +header-only, +noheader-only
	      This option sends	a query	with a DNS header without  a  question
	      section.	The  default  is  to add a question section. The query
	      type and query name are ignored when this	is set.

       +https[=value], +nohttps
	      This option indicates whether to use DNS over HTTPS  (DoH)  when
	      querying	name  servers.	 When  this option is in use, the port
	      number defaults to 443.  The HTTP	POST request mode is used when
	      sending the query.

	      If  value	 is specified, it will be used as the HTTP endpoint in
	      the query	URI; the default is /dns-query.	So, for	 example,  dig
	      @example.com    +https	will   use   the   URI	 https://exam-
	      ple.com/dns-query.

       +https-get[=value], +nohttps-get
	      Similar to +https, except	that the HTTP GET request mode is used
	      when sending the query.

       +https-post[=value], +nohttps-post
	      Same as +https.

       +http-plain[=value], +nohttp-plain
	      Similar  to +https, except that HTTP queries will	be sent	over a
	      non-encrypted channel. When this option is in use, the port num-
	      ber defaults to 80 and the HTTP request mode is POST.

       +http-plain-get[=value],	+nohttp-plain-get
	      Similar  to  +http-plain,	 except	 that the HTTP request mode is
	      GET.

       +http-plain-post[=value], +nohttp-plain-post
	      Same as +http-plain.

       +identify, +noidentify
	      This option shows	[or does not show] the	IP  address  and  port
	      number  that  supplied the answer, when the +short option	is en-
	      abled. If	short form answers are requested, the default  is  not
	      to  show	the  source address and	port number of the server that
	      provided the answer.

       +idnin, +noidnin
	      This option processes [or	does not process] IDN domain names  on
	      input. This requires IDN SUPPORT to have been enabled at compile
	      time.

	      The default is to	process	IDN input when standard	 output	 is  a
	      tty.  The	IDN processing on input	is disabled when dig output is
	      redirected to files, pipes, and other non-tty file descriptors.

       +idnout,	+noidnout
	      This option converts [or does not	convert] puny code on  output.
	      This requires IDN	SUPPORT	to have	been enabled at	compile	time.

	      The default is to	process	puny code on output when standard out-
	      put is a tty. The	puny code processing  on  output  is  disabled
	      when dig output is redirected to files, pipes, and other non-tty
	      file descriptors.

       +ignore,	+noignore
	      This option ignores [or does not ignore] truncation in  UDP  re-
	      sponses  instead	of  retrying with TCP. By default, TCP retries
	      are performed.

       +keepalive, +nokeepalive
	      This option sends	[or does not send] an EDNS Keepalive option.

       +keepopen, +nokeepopen
	      This option keeps	[or does not keep] the TCP socket open between
	      queries, and reuses it rather than creating a new	TCP socket for
	      each lookup. The default is +nokeepopen.

       +multiline, +nomultiline
	      This option prints [or does not print]  records,	like  the  SOA
	      records, in a verbose multi-line format with human-readable com-
	      ments. The default is to print each record on a single  line  to
	      facilitate machine parsing of the	dig output.

       +ndots=D
	      This option sets the number of dots (D) that must	appear in name
	      for it to	be considered absolute.	The default value is that  de-
	      fined  using the ndots statement in /etc/resolv.conf, or 1 if no
	      ndots statement is present. Names	with  fewer  dots  are	inter-
	      preted  as  relative  names, and are searched for	in the domains
	      listed in	the search or domain directive in /etc/resolv.conf  if
	      +search is set.

       +nsid, +nonsid
	      When  enabled,  this  option includes an EDNS name server	ID re-
	      quest when sending a query.

       +nssearch, +nonssearch
	      When this	option is set, dig attempts to find the	 authoritative
	      name  servers  for the zone containing the name being looked up,
	      and display the SOA record that each name	 server	 has  for  the
	      zone.   Addresses	 of  servers  that  did	 not  respond are also
	      printed.

       +onesoa,	+noonesoa
	      When enabled, this option	prints only one	(starting) SOA	record
	      when performing an AXFR. The default is to print both the	start-
	      ing and ending SOA records.

       +opcode=value, +noopcode
	      When enabled, this option	sets (restores)	the DNS	message	opcode
	      to the specified value. The default value	is QUERY (0).

       +padding=value
	      This  option  pads  the  size of the query packet	using the EDNS
	      Padding option to	blocks of  value  bytes.  For  example,	 +pad-
	      ding=32 causes a 48-byte query to	be padded to 64	bytes. The de-
	      fault block size is 0, which disables padding;  the  maximum  is
	      512. Values are ordinarily expected to be	powers of two, such as
	      128; however, this is not	mandatory. Responses to	padded queries
	      may  also	 be  padded,  but  only	 if  the query uses TCP	or DNS
	      COOKIE.

       +qid=value
	      This option specifies the	query ID to use	when sending queries.

       +qr, +noqr
	      This option toggles the display of the query message  as	it  is
	      sent. By default,	the query is not printed.

       +question, +noquestion
	      This  option  toggles  the  display of the question section of a
	      query when an answer is returned.	The default is	to  print  the
	      question section as a comment.

       +raflag,	+noraflag
	      This  option sets	[or does not set] the RA (Recursion Available)
	      bit in the query.	The default is +noraflag. This bit is  ignored
	      by the server for	QUERY.

       +rdflag,	+nordflag
	      This option is a synonym for +recurse, +norecurse.

       +recurse, +norecurse
	      This  option  toggles  the setting of the	RD (recursion desired)
	      bit in the query.	 This bit is set by default, which  means  dig
	      normally	sends  recursive  queries.  Recursion is automatically
	      disabled when the	+nssearch or +trace query option is used.

       +retry=T
	      This option sets the number  of  times  to  retry	 UDP  and  TCP
	      queries  to  server  to  T  instead  of  the default, 2.	Unlike
	      +tries, this does	not include the	initial	query.

       +rrcomments, +norrcomments
	      This option toggles the display of per-record  comments  in  the
	      output (for example, human-readable key information about	DNSKEY
	      records).	The default is not to  print  record  comments	unless
	      multiline	mode is	active.

       +search,	+nosearch
	      This  option  uses  [or does not use] the	search list defined by
	      the searchlist or	domain directive in resolv.conf, if  any.  The
	      search list is not used by default.

	      ndots  from  resolv.conf (default	1), which may be overridden by
	      +ndots, determines whether the name is treated as	 relative  and
	      hence whether a search is	eventually performed.

       +short, +noshort
	      This  option toggles whether a terse answer is provided. The de-
	      fault is to print	the answer in a	verbose	form. This option  al-
	      ways  has	 a  global  effect; it cannot be set globally and then
	      overridden on a per-lookup basis.

       +showbadcookie, +noshowbadcookie
	      This option toggles whether to show the message  containing  the
	      BADCOOKIE	 rcode before retrying the request or not. The default
	      is to not	show the messages.

       +showsearch, +noshowsearch
	      This option performs [or does not	perform] a search showing  in-
	      termediate results.

       +sigchase, +nosigchase
	      This  feature is now obsolete and	has been removed; use delv in-
	      stead.

       +split=W
	      This option splits long hex- or base64-formatted fields  in  re-
	      source  records  into chunks of W	characters (where W is rounded
	      up to the	nearest	multiple of 4).	+nosplit  or  +split=0	causes
	      fields  not to be	split at all. The default is 56	characters, or
	      44 characters when multiline mode	is active.

       +stats, +nostats
	      This option toggles the printing of statistics: when  the	 query
	      was made,	the size of the	reply, etc. The	default	behavior is to
	      print the	query statistics as a comment after each lookup.

       +subnet=addr[/prefix-length], +nosubnet
	      This option sends	[or does not send] an EDNS  CLIENT-SUBNET  op-
	      tion with	the specified IP address or network prefix.

	      dig  +subnet=0.0.0.0/0, or simply	dig +subnet=0 for short, sends
	      an EDNS CLIENT-SUBNET option with	an empty address and a	source
	      prefix-length  of	 zero,	which  signals	a  resolver  that  the
	      client's address information must	not  be	 used  when  resolving
	      this query.

       +tcflag,	+notcflag
	      This  option  sets  [or does not set] the	TC (TrunCation)	bit in
	      the query. The default is	+notcflag. This	bit is ignored by  the
	      server for QUERY.

       +tcp, +notcp
	      This  option  indicates  whether	to  use	TCP when querying name
	      servers.	The default behavior is	to use UDP unless a  type  any
	      or  ixfr=N query is requested, in	which case the default is TCP.
	      AXFR queries always use TCP.

       +timeout=T
	      This option sets the timeout for a query to T seconds.  The  de-
	      fault  timeout  is 5 seconds. An attempt to set T	to less	than 1
	      is silently set to 1.

       +tls, +notls
	      This option indicates whether to use DNS	over  TLS  (DoT)  when
	      querying name servers. When this option is in use, the port num-
	      ber defaults to 853.

       +tls-ca[=file-name], +notls-ca
	      This option enables remote server	TLS certificate	validation for
	      DNS transports, relying on TLS. Certificate authorities certifi-
	      cates are	loaded from the	specified PEM file (file-name).	If the
	      file  is not specified, the default certificates from the	global
	      certificates store are used.

       +tls-certfile=file-name,	   +tls-keyfile=file-name,    +notls-certfile,
       +notls-keyfile
	      These  options set the state of certificate-based	client authen-
	      tication for DNS transports, relying on  TLS.  Both  certificate
	      chain  file  and private key file	are expected to	be in PEM for-
	      mat.  Both options must be specified at the same time.

       +tls-hostname=hostname, +notls-hostname
	      This option makes	dig use	the provided  hostname	during	remote
	      server  TLS  certificate verification. Otherwise,	the DNS	server
	      name is used. This option	has no effect if +tls-ca is not	speci-
	      fied.

       +topdown, +notopdown
	      This  feature is related to dig +sigchase, which is obsolete and
	      has been removed.	Use delv instead.

       +trace, +notrace
	      This option toggles tracing of the delegation path from the root
	      name  servers  for the name being	looked up. Tracing is disabled
	      by default. When tracing is enabled, dig makes iterative queries
	      to  resolve  the name being looked up. It	follows	referrals from
	      the root servers,	showing	the answer from	each server  that  was
	      used to resolve the lookup.

	      If  @server is also specified, it	affects	only the initial query
	      for the root zone	name servers.

	      +dnssec is also set when +trace is set, to  better  emulate  the
	      default queries from a name server.

       +tries=T
	      This  option sets	the number of times to try UDP and TCP queries
	      to server	to T instead of	the default, 3.	If T is	less  than  or
	      equal to zero, the number	of tries is silently rounded up	to 1.

       +trusted-key=####
	      This  option  formerly  specified	 trusted keys for use with dig
	      +sigchase. This feature is now obsolete and  has	been  removed;
	      use delv instead.

       +ttlid, +nottlid
	      This option displays [or does not	display] the TTL when printing
	      the record.

       +ttlunits, +nottlunits
	      This option displays [or does not	display] the TTL  in  friendly
	      human-readable  time  units  of  s, m, h,	d, and w, representing
	      seconds, minutes,	hours, days, and weeks.	This implies +ttlid.

       +unknownformat, +nounknownformat
	      This option prints all RDATA in  unknown	RR  type  presentation
	      format  (RFC  3597).   The  default  is to print RDATA for known
	      types in the type's presentation format.

       +vc, +novc
	      This option uses [or  does  not  use]  TCP  when	querying  name
	      servers. This alternate syntax to	+tcp is	provided for backwards
	      compatibility. The vc stands for "virtual	circuit."

       +yaml, +noyaml
	      When enabled, this option	prints the responses (and, if  +qr  is
	      in use, also the outgoing	queries) in a detailed YAML format.

       +zflag, +nozflag
	      This  option  sets  [or  does  not  set] the last	unassigned DNS
	      header flag in a DNS query.  This	flag is	off by default.

MULTIPLE QUERIES
       The BIND	9 implementation of dig	supports specifying  multiple  queries
       on  the	command	 line (in addition to supporting the -f	batch file op-
       tion). Each of those queries can	be supplied with its own set of	flags,
       options,	and query options.

       In this case, each query	argument represents an individual query	in the
       command-line syntax described above. Each consists of any of the	 stan-
       dard  options  and  flags,  the name to be looked up, an	optional query
       type and	class, and any query options that should be  applied  to  that
       query.

       A  global set of	query options, which should be applied to all queries,
       can also	be supplied. These global query	options	must precede the first
       tuple  of name, class, type, options, flags, and	query options supplied
       on the command line. Any	global query options (except +cmd  and	+short
       options)	 can  be  overridden by	a query-specific set of	query options.
       For example:

	  dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr

       shows how dig can be used from the command line to make three  lookups:
       an  ANY	query  for  www.isc.org,  a reverse lookup of 127.0.0.1, and a
       query for the NS	records	of isc.org. A global query option  of  +qr  is
       applied,	 so  that dig shows the	initial	query it made for each lookup.
       The final query has a local query option	of +qr which  means  that  dig
       does  not  print	 the initial query when	it looks up the	NS records for
       isc.org.

IDN SUPPORT
       If dig has been built with IDN (internationalized domain	name) support,
       it  can	accept	and  display non-ASCII domain names. dig appropriately
       converts	character encoding of a	domain name before sending  a  request
       to a DNS	server or displaying a reply from the server.  To turn off IDN
       support,	use the	parameters +idnin and +idnout, or define the  IDN_DIS-
       ABLE environment	variable.

RETURN CODES
       dig return codes	are:

       0      DNS response received, including NXDOMAIN	status

       1      Usage error

       8      Couldn't open batch file

       9      No reply from server

       10     Internal error

FILES
       /etc/resolv.conf

       ${HOME}/.digrc

SEE ALSO
       delv(1),	host(1), named(8), dnssec-keygen(8), RFC 1035.

BUGS
       There are probably too many query options.

AUTHOR
       Internet	Systems	Consortium

COPYRIGHT
       2022, Internet Systems Consortium

9.18.5				  2022-07-07				DIG(1)

NAME | SYNOPSIS | DESCRIPTION | SIMPLE USAGE | OPTIONS | QUERY OPTIONS | MULTIPLE QUERIES | IDN SUPPORT | RETURN CODES | FILES | SEE ALSO | BUGS | AUTHOR | COPYRIGHT

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=dig&sektion=1&manpath=FreeBSD+13.1-RELEASE+and+Ports>

home | help