Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages


home | help
MDIG(1)				    BIND 9			       MDIG(1)

       mdig - DNS pipelined lookup utility

       mdig  {@server}	[-f  filename]	[-h] [-v] [ [-4] | [-6]	] [-m] [-b ad-
       dress] [-p port#] [-c class] [-t	type] [-i] [-x addr] [plusopt...]

       mdig {-h}

       mdig [@server] {global-opt...} {	{local-opt...} {query} ...}

       mdig is a multiple/pipelined query version of dig: instead  of  waiting
       for  a  response	 after	sending	 each  query, it begins	by sending all
       queries.	Responses are displayed	in the order in	 which	they  are  re-
       ceived, not in the order	the corresponding queries were sent.

       mdig  options  are  a  subset  of the dig options, and are divided into
       "anywhere options" which	can occur  anywhere,  "global  options"	 which
       must  occur before the query name (or they are ignored with a warning),
       and "local options" which apply to the next query on the	command	line.

       The @server option is a mandatory global	option.	It is the name	or  IP
       address of the name server to query. (Unlike dig, this value is not re-
       trieved from /etc/resolv.conf.) It can  be  an  IPv4  address  in  dot-
       ted-decimal notation, an	IPv6 address in	colon-delimited	notation, or a
       hostname. When the supplied server argument is  a  hostname,  mdig  re-
       solves that name	before querying	the name server.

       mdig  provides  a number	of query options which affect the way in which
       lookups are made	and the	results	displayed. Some	of these set or	 reset
       flag bits in the	query header, some determine which sections of the an-
       swer get	printed, and others determine the timeout  and	retry  strate-

       Each  query  option  is identified by a keyword preceded	by a plus sign
       (+). Some keywords set or reset an option. These	may be preceded	by the
       string  no to negate the	meaning	of that	keyword. Other keywords	assign
       values to options like the timeout interval. They have the  form	 +key-

       The  -f	option	makes  mdig operate in batch mode by reading a list of
       lookup requests to process from the file	filename. The file contains  a
       number of queries, one per line.	Each entry in the file should be orga-
       nized in	the same way they would	be presented as	queries	to mdig	 using
       the command-line	interface.

       The -h causes mdig to print the detailed	help with the full list	of op-
       tions and exit.

       The -v causes mdig to print the version number and exit.

       The -4 option forces mdig to only use IPv4 query	transport.

       The -6 option forces mdig to only use IPv6 query	transport.

       The -b option sets the source IP	address	of the query to	address.  This
       must  be	 a  valid  address  on one of the host's network interfaces or
       "" or "::". An optional  port  may  be  specified	 by  appending

       The -m option enables memory usage debugging.

       The -p option is	used when a non-standard port number is	to be queried.
       port# is	the port number	that mdig will send its	queries	instead	of the
       standard	 DNS  port number 53. This option would	be used	to test	a name
       server that has been configured to listen for queries on	a non-standard
       port number.

       The global query	options	are:

	      Display  [do not display]	the additional section of a reply. The
	      default is to display it.

	      Set or clear all display flags.

	      Display [do not display] the answer section of a reply. The  de-
	      fault is to display it.

	      Display  [do  not	display] the authority section of a reply. The
	      default is to display it.

	      Attempt to display the contents of messages which	are malformed.
	      The default is to	not display malformed answers.

	      Display [do not display] the CLASS when printing the record.

	      Toggle  the  display of comment lines in the output. The default
	      is to print comments.

	      Continue on errors (e.g. timeouts).

	      Toggle the display of cryptographic fields  in  DNSSEC  records.
	      The contents of these field are unnecessary to debug most	DNSSEC
	      validation failures and removing them makes it easier to see the
	      common  failures.	 The  default  is  to display the fields. When
	      omitted they are replaced	by the string "[omitted]"  or  in  the
	      DNSKEY  case the key id is displayed as the replacement, e.g. "[
	      key id = value ]".

	      Set the DSCP code	point to be used when sending the query. Valid
	      DSCP  code  points  are in the range [0..63]. By default no code
	      point is explicitly set.

	      Print records like the SOA records in a verbose multi-line  for-
	      mat  with	 human-readable	comments. The default is to print each
	      record on	a single line, to facilitate machine  parsing  of  the
	      mdig output.

	      Print [do	not print] the question	section	of a query when	an an-
	      swer is returned.	The default is to print	the  question  section
	      as a comment.

	      Toggle the display of per-record comments	in the output (for ex-
	      ample, human-readable key	information about DNSKEY records). The
	      default is not to	print record comments unless multiline mode is

	      Provide a	terse answer. The default is to	print the answer in  a
	      verbose form.

	      Split  long  hex-	or base64-formatted fields in resource records
	      into chunks of W characters (where W is rounded up to the	 near-
	      est multiple of 4). +nosplit or +split=0 causes fields not to be
	      split at all. The	default	is 56  characters,  or	44  characters
	      when multiline mode is active.

	      Use [do not use] TCP when	querying name servers. The default be-
	      havior is	to use UDP.

	      Display [do not display] the TTL when printing the record.

	      Display [do not display] the TTL in friendly human-readable time
	      units of "s", "m", "h", "d", and "w", representing seconds, min-
	      utes, hours, days	and weeks. Implies +ttlid.

	      Use [do not use] TCP when	querying name servers. This  alternate
	      syntax  to +[no]tcp is provided for backwards compatibility. The
	      "vc" stands for "virtual circuit".

       The -c option sets the query class to class. It can be any valid	 query
       class which is supported	in BIND	9. The default query class is "IN".

       The  -t	option	sets the query type to type. It	can be any valid query
       type which is supported in BIND 9. The default query type is  "A",  un-
       less  the  -x  option is	supplied to indicate a reverse lookup with the
       "PTR" query type.

       Reverse lookups MDASH mapping addresses to names	MDASH  are  simplified
       by  the	-x option. addr	is an IPv4 address in dotted-decimal notation,
       or a colon-delimited IPv6 address. mdig automatically performs a	lookup
       for  a query name like and sets	the query type
       and class to PTR	and IN respectively. By	default,  IPv6	addresses  are
       looked up using nibble format under the IP6.ARPA	domain.

       The local query options are:

	      A	synonym	for +[no]aaonly.

	      Sets the "aa" flag in the	query.

	      Set  [do not set]	the AD (authentic data)	bit in the query. This
	      requests the server to return whether all	of the answer and  au-
	      thority  sections	have all been validated	as secure according to
	      the security policy of  the  server.  AD=1  indicates  that  all
	      records have been	validated as secure and	the answer is not from
	      a	OPT-OUT	range. AD=0 indicate that some part of the answer  was
	      insecure or not validated.  This bit is set by default.

	      Set  the	UDP  message  buffer  size advertised using EDNS0 to B
	      bytes. The maximum and minimum sizes of this  buffer  are	 65535
	      and  0 respectively. Values outside this range are rounded up or
	      down appropriately. Values other than zero  will	cause  a  EDNS
	      query to be sent.

	      Set  [do	not  set] the CD (checking disabled) bit in the	query.
	      This requests the	server to not perform DNSSEC validation	of re-

	      Send  a  COOKIE  EDNS  option,  with optional value. Replaying a
	      COOKIE from a previous response will allow the server  to	 iden-
	      tify a previous client. The default is +nocookie.

	      Requests	DNSSEC	records	 be  sent by setting the DNSSEC	OK bit
	      (DO) in the OPT record in	the additional section of the query.

	      Specify the EDNS version to query	with. Valid values  are	 0  to
	      255.   Setting  the  EDNS	 version will cause a EDNS query to be
	      sent.  +noedns clears the	remembered EDNS	version. EDNS  is  set
	      to 0 by default.

	      Set  the	must-be-zero EDNS flags	bits (Z	bits) to the specified
	      value.  Decimal, hex and octal encodings are accepted. Setting a
	      named  flag (e.g.	DO) will silently be ignored. By default, no Z
	      bits are set.

	      Specify EDNS option with code point code and optionally  payload
	      of value as a hexadecimal	string.	+noednsopt clears the EDNS op-
	      tions to be sent.

	      Send an EDNS Expire option.

	      Include an EDNS name server ID request when sending a query.

	      Toggle the setting of the	RD  (recursion	desired)  bit  in  the
	      query.   This  bit  is set by default, which means mdig normally
	      sends recursive queries.

	      Sets the number of times to retry	UDP queries to server to T in-
	      stead  of	 the  default, 2. Unlike +tries, this does not include
	      the initial query.

	      Send (don't send)	an EDNS	Client Subnet option with  the	speci-
	      fied IP address or network prefix.

	      mdig  +subnet=,	or  simply  mdig  +subnet=0 for	short,
	      sends an EDNS client-subnet option with an empty address	and  a
	      source  prefix-length of zero, which signals a resolver that the
	      client's address information must	not  be	 used  when  resolving
	      this query.

	      Sets  the	 timeout for a query to	T seconds. The default timeout
	      is 5 seconds for UDP transport and 10 for	TCP. An	attempt	to set
	      T	 to less than 1	will result in a query timeout of 1 second be-
	      ing applied.

	      Sets the number of times to try UDP queries to server to	T  in-
	      stead of the default, 3. If T is less than or equal to zero, the
	      number of	tries is silently rounded up to	1.

	      Sets the timeout between UDP query retries.

	      Print all	RDATA in unknown  RR  type  presentation  format  (RFC
	      3597).   The  default  is	 to print RDATA	for known types	in the
	      type's presentation format.

	      Print the	responses in a detailed	YAML format.

	      Set [do not set] the last	unassigned DNS header flag  in	a  DNS
	      query.  This flag	is off by default.

       dig(1), RFC 1035.

       Internet	Systems	Consortium

       2020, Internet Systems Consortium

9.16.6				  2020-08-10			       MDIG(1)


Want to link to this manual page? Use this URL:

home | help