Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
DIG(1)				    BIND 9				DIG(1)

NAME
       dig - DNS lookup	utility

SYNOPSIS
       dig  [@server] [-b address] [-c class] [-f filename] [-k	filename] [-m]
       [-p port#] [-q name] [-t	type] [-v] [-x addr]  [-y  [hmac:]name:key]  [
       [-4] | [-6] ] [name] [type] [class] [queryopt...]

       dig [-h]

       dig [global-queryopt...]	[query...]

DESCRIPTION
       dig  is a flexible tool for interrogating DNS name servers. It performs
       DNS lookups and displays	the answers that are returned  from  the  name
       server(s)  that	were queried. Most DNS administrators use dig to trou-
       bleshoot	DNS problems because of	its  flexibility,  ease	 of  use,  and
       clarity	of  output. Other lookup tools tend to have less functionality
       than dig.

       Although	dig is normally	used with command-line arguments, it also  has
       a  batch	 mode  of operation for	reading	lookup requests	from a file. A
       brief summary of	its command-line arguments and options is printed when
       the  -h option is given.	The BIND 9 implementation of dig allows	multi-
       ple lookups to be issued	from the command line.

       Unless it is told to query a specific name server, dig  tries  each  of
       the  servers  listed in /etc/resolv.conf. If no usable server addresses
       are found, dig sends the	query to the local host.

       When no command-line arguments or options are given, dig	performs an NS
       query for "." (the root).

       It  is  possible	 to  set per-user defaults for dig via ${HOME}/.digrc.
       This file is read and any options in it are  applied  before  the  com-
       mand-line  arguments.  The -r option disables this feature, for scripts
       that need predictable behavior.

       The IN and CH class names overlap with the IN and CH  top-level	domain
       names.  Either use the -t and -c	options	to specify the type and	class,
       use the -q to specify the domain	name, or  use  "IN."  and  "CH."  when
       looking up these	top-level domains.

SIMPLE USAGE
       A typical invocation of dig looks like:

	  dig @server name type

       where:

       server is  the name or IP address of the	name server to query. This can
	      be an IPv4 address in dotted-decimal notation or an IPv6 address
	      in  colon-delimited  notation. When the supplied server argument
	      is a hostname, dig resolves that name before querying that  name
	      server.

	      If  no  server  argument	is  provided,  dig  consults  /etc/re-
	      solv.conf; if an address is found	there,	it  queries  the  name
	      server at	that address. If either	of the -4 or -6	options	are in
	      use, then	only addresses for  the	 corresponding	transport  are
	      tried.  If no usable addresses are found,	dig sends the query to
	      the local	host. The reply	from the name server that responds  is
	      displayed.

       name   is the name of the resource record that is to be looked up.

       type   indicates	what type of query is required - ANY, A, MX, SIG, etc.
	      type can be any valid query type.	If no type  argument  is  sup-
	      plied, dig performs a lookup for an A record.

OPTIONS
       -4     This option indicates that only IPv4 should be used.

       -6     This option indicates that only IPv6 should be used.

       -b address[#port]
	      This option sets the source IP address of	the query. The address
	      must be a	valid address on one of	the host's network interfaces,
	      or  "0.0.0.0"  or	"::". An optional port may be specified	by ap-
	      pending #port.

       -c class
	      This option sets the query class.	The default class is IN; other
	      classes are HS for Hesiod	records	or CH for Chaosnet records.

       -f file
	      This option sets batch mode, in which dig	reads a	list of	lookup
	      requests to process from the given file. Each line in  the  file
	      should  be  organized in the same	way it would be	presented as a
	      query to dig using the command-line interface.

       -h     Print a usage summary.

       -k keyfile
	      This option tells	dig to sign queries using TSIG or SIG(0) using
	      a	key read from the given	file. Key files	can be generated using
	      tsig-keygen. When	using TSIG authentication with dig,  the  name
	      server  that is queried needs to know the	key and	algorithm that
	      is being used. In	BIND, this is done  by	providing  appropriate
	      key  and server statements in named.conf for TSIG	and by looking
	      up the KEY record	in zone	data for SIG(0).

       -m     This option enables memory usage debugging.

       -p port
	      This option sends	the  query  to	a  non-standard	 port  on  the
	      server,  instead	of the default port 53.	This option is used to
	      test a name server  that	has  been  configured  to  listen  for
	      queries on a non-standard	port number.

       -q name
	      This  option  specifies the domain name to query.	This is	useful
	      to distinguish the name from other arguments.

       -r     This option indicates that options  from	${HOME}/.digrc	should
	      not  be  read.  This is useful for scripts that need predictable
	      behavior.

       -t type
	      This option indicates the	resource record	type to	 query,	 which
	      can  be  any  valid  query type. If it is	a resource record type
	      supported	in BIND	9, it can be given by the type mnemonic	 (such
	      as  NS  or AAAA).	The default query type is A, unless the	-x op-
	      tion is supplied to indicate a reverse lookup. A	zone  transfer
	      can be requested by specifying a type of AXFR. When an incremen-
	      tal zone transfer	(IXFR) is required, set	the  type  to  ixfr=N.
	      The  incremental	zone transfer contains all changes made	to the
	      zone since the serial number in the zone's SOA record was	N.

	      All resource record types	can be expressed as TYPEnn,  where  nn
	      is  the  number  of the type. If the resource record type	is not
	      supported	in BIND	9, the result is displayed as described	in RFC
	      3597.

       -u     This  option indicates that print	query times should be provided
	      in microseconds instead of milliseconds.

       -v     This option prints the version number and	exits.

       -x addr
	      This option sets simplified reverse  lookups,  for  mapping  ad-
	      dresses  to names. The addr is an	IPv4 address in	dotted-decimal
	      notation,	or a colon-delimited IPv6 address. When	the -x	option
	      is  used,	 there is no need to provide the name, class, and type
	      arguments.  dig automatically performs a lookup for a name  like
	      94.2.0.192.in-addr.arpa and sets the query type and class	to PTR
	      and IN respectively. IPv6	addresses are looked up	 using	nibble
	      format under the IP6.ARPA	domain.

       -y [hmac:]keyname:secret
	      This  option signs queries using TSIG with the given authentica-
	      tion key.	 keyname is the	name of	the key,  and  secret  is  the
	      base64-encoded  shared secret. hmac is the name of the key algo-
	      rithm;  valid  choices  are  hmac-md5,  hmac-sha1,  hmac-sha224,
	      hmac-sha256,  hmac-sha384, or hmac-sha512. If hmac is not	speci-
	      fied, the	default	is hmac-md5; if	MD5 was	disabled, the  default
	      is hmac-sha256.

       NOTE:
	  Only	the  -k	 option	should be used,	rather than the	-y option, be-
	  cause	with -y	the shared secret is supplied as a command-line	 argu-
	  ment in clear	text. This may be visible in the output	from ps1 or in
	  a history file maintained by the user's shell.

QUERY OPTIONS
       dig provides a number of	query options which affect the	way  in	 which
       lookups	are made and the results displayed. Some of these set or reset
       flag bits in the	query header, some determine which sections of the an-
       swer  get  printed,  and	others determine the timeout and retry strate-
       gies.

       Each query option is identified by a keyword preceded by	 a  plus  sign
       (+). Some keywords set or reset an option; these	may be preceded	by the
       string no to negate the meaning of that keyword.	Other keywords	assign
       values  to options, like	the timeout interval. They have	the form +key-
       word=value. Keywords may	be abbreviated,	provided the  abbreviation  is
       unambiguous;  for  example, +cd is equivalent to	+cdflag. The query op-
       tions are:

       +aaflag,	+noaaflag
	      This option is a synonym for +aaonly, +noaaonly.

       +aaonly,	+noaaonly
	      This option sets the aa flag in the query.

       +additional, +noadditional
	      This option displays [or does not	display] the  additional  sec-
	      tion of a	reply. The default is to display it.

       +adflag,	+noadflag
	      This  option  sets [or does not set] the AD (authentic data) bit
	      in the query. This requests the server to	return whether all  of
	      the answer and authority sections	have been validated as secure,
	      according	to the security	policy of the server.  AD=1  indicates
	      that all records have been validated as secure and the answer is
	      not from a OPT-OUT range.	AD=0 indicates that some part  of  the
	      answer  was  insecure  or	not validated.	This bit is set	by de-
	      fault.

       +all, +noall
	      This option sets or clears all display flags.

       +answer,	+noanswer
	      This option displays [or does not	display] the answer section of
	      a	reply. The default is to display it.

       +authority, +noauthority
	      This option displays [or does not	display] the authority section
	      of a reply. The default is to display it.

       +badcookie, +nobadcookie
	      This option retries the lookup with a new	 server	 cookie	 if  a
	      BADCOOKIE	response is received.

       +besteffort, +nobesteffort
	      This  option  attempts to	display	the contents of	messages which
	      are malformed. The default is to not display malformed answers.

       +bufsize[=B]
	      This option sets the UDP message buffer  size  advertised	 using
	      EDNS0  to	B bytes.  The maximum and minimum sizes	of this	buffer
	      are 65535	and 0, respectively.  +bufsize	restores  the  default
	      buffer size.

       +cd, +cdflag, +nocdflag
	      This  option  sets  [or does not set] the	CD (checking disabled)
	      bit in the query.	This requests the server to not	perform	DNSSEC
	      validation of responses.

       +class, +noclass
	      This option displays [or does not	display] the CLASS when	print-
	      ing the record.

       +cmd, +nocmd
	      This option toggles the printing of the initial comment  in  the
	      output,  identifying  the	 version  of dig and the query options
	      that have	been applied. This option always has a global  effect;
	      it  cannot  be  set globally and then overridden on a per-lookup
	      basis. The default is to print this comment.

       +comments, +nocomments
	      This option toggles the display of some  comment	lines  in  the
	      output, with information about the packet	header and OPT pseudo-
	      section, and the names of	the response section. The  default  is
	      to print these comments.

	      Other  types  of comments	in the output are not affected by this
	      option, but can be controlled using other	command-line switches.
	      These include +cmd, +question, +stats, and +rrcomments.

       +cookie=####, +nocookie
	      This  option sends [or does not send] a COOKIE EDNS option, with
	      an optional value. Replaying a COOKIE from a  previous  response
	      allows  the server to identify a previous	client.	The default is
	      +cookie.

	      +cookie is also set when +trace is set to	better emulate the de-
	      fault queries from a nameserver.

       +crypto,	+nocrypto
	      This  option  toggles  the  display  of  cryptographic fields in
	      DNSSEC records. The contents of these fields are unnecessary for
	      debugging	 most  DNSSEC  validation  failures  and removing them
	      makes it easier to see the common	failures. The  default	is  to
	      display  the  fields.  When  omitted,  they  are replaced	by the
	      string [omitted] or, in the DNSKEY case, the key ID is displayed
	      as the replacement, e.g. [ key id	= value	].

       +defname, +nodefname
	      This  option,  which  is deprecated, is treated as a synonym for
	      +search, +nosearch.

       +dns64prefix, +nodns64prefix
	      Lookup IPV4ONLY.ARPA AAAA	and print any DNS64 prefixes found.

       +dnssec,	+do, +nodnssec,	+nodo
	      This option requests that	DNSSEC records be sent by setting  the
	      DNSSEC  OK  (DO) bit in the OPT record in	the additional section
	      of the query.

       +domain=somename
	      This option sets the search list to contain  the	single	domain
	      somename,	 as  if	 specified  in	a domain directive in /etc/re-
	      solv.conf, and enables search list processing as if the  +search
	      option were given.

       +dscp=value
	      This option sets the DSCP	code point to be used when sending the
	      query. Valid DSCP	code points are	in the range [0...63]. By  de-
	      fault no code point is explicitly	set.

       +edns[=#], +noedns
	      This option specifies the	EDNS version to	query with. Valid val-
	      ues are 0	to 255.	 Setting the EDNS version causes an EDNS query
	      to be sent.  +noedns clears the remembered EDNS version. EDNS is
	      set to 0 by default.

       +ednsflags[=#], +noednsflags
	      This option sets the must-be-zero	EDNS flags bits	 (Z  bits)  to
	      the  specified value.  Decimal, hex, and octal encodings are ac-
	      cepted. Setting a	named flag (e.g., DO) is silently ignored.  By
	      default, no Z bits are set.

       +ednsnegotiation, +noednsnegotiation
	      This  option  enables/disables  EDNS version negotiation.	By de-
	      fault, EDNS version negotiation is enabled.

       +ednsopt[=code[:value]],	+noednsopt
	      This option specifies the	EDNS option with code point  code  and
	      an  optional  payload of value as	a hexadecimal string. code can
	      be either	an EDNS	option name (for example, NSID or ECS)	or  an
	      arbitrary	 numeric  value. +noednsopt clears the EDNS options to
	      be sent.

       +expire,	+noexpire
	      This option sends	an EDNS	Expire option.

       +fail, +nofail
	      This option indicates that named should try  [or	not  try]  the
	      next server if a SERVFAIL	is received. The default is to not try
	      the next server, which is	the reverse of	normal	stub  resolver
	      behavior.

       +fuzztime[=value], +nofuzztime
	      This  option allows the signing time to be specified when	gener-
	      ating signed messages.  If a value is specified it is  the  sec-
	      onds  since  00:00:00 January 1, 1970 UTC	ignoring leap seconds.
	      If no value is specified 1646972129 (Fri 11  Mar	2022  04:15:29
	      UTC)  is	used.  The default is +nofuzztime and the current time
	      is used.

       +header-only, +noheader-only
	      This option sends	a query	with a DNS header without  a  question
	      section.	The  default  is  to add a question section. The query
	      type and query name are ignored when this	is set.

       +https[=value], +nohttps
	      This option indicates whether to use DNS over HTTPS  (DoH)  when
	      querying	name  servers.	 When  this option is in use, the port
	      number defaults to 443.  The HTTP	POST request mode is used when
	      sending the query.

	      If  value	 is specified, it will be used as the HTTP endpoint in
	      the query	URI; the default is /dns-query.	So, for	 example,  dig
	      @example.com    +https	will   use   the   URI	 https://exam-
	      ple.com/dns-query.

       +https-get[=value], +nohttps-get
	      Similar to +https, except	that the HTTP GET request mode is used
	      when sending the query.

       +https-post[=value], +nohttps-post
	      Same as +https.

       +http-plain[=value], +nohttp-plain
	      Similar  to +https, except that HTTP queries will	be sent	over a
	      non-encrypted channel. When this option is in use, the port num-
	      ber defaults to 80 and the HTTP request mode is POST.

       +http-plain-get[=value],	+nohttp-plain-get
	      Similar  to  +http-plain,	 except	 that the HTTP request mode is
	      GET.

       +http-plain-post[=value], +nohttp-plain-post
	      Same as +http-plain.

       +identify, +noidentify
	      This option shows	[or does not show] the	IP  address  and  port
	      number  that  supplied the answer, when the +short option	is en-
	      abled. If	short form answers are requested, the default  is  not
	      to  show	the  source address and	port number of the server that
	      provided the answer.

       +idnin, +noidnin
	      This option processes [or	does not process] IDN domain names  on
	      input. This requires IDN SUPPORT to have been enabled at compile
	      time.

	      The default is to	process	IDN input when standard	 output	 is  a
	      tty.  The	IDN processing on input	is disabled when dig output is
	      redirected to files, pipes, and other non-tty file descriptors.

       +idnout,	+noidnout
	      This option converts [or does not	convert] puny code on  output.
	      This requires IDN	SUPPORT	to have	been enabled at	compile	time.

	      The default is to	process	puny code on output when standard out-
	      put is a tty. The	puny code processing  on  output  is  disabled
	      when dig output is redirected to files, pipes, and other non-tty
	      file descriptors.

       +ignore,	+noignore
	      This option ignores [or does not ignore] truncation in  UDP  re-
	      sponses  instead	of  retrying with TCP. By default, TCP retries
	      are performed.

       +keepalive, +nokeepalive
	      This option sends	[or does not send] an EDNS Keepalive option.

       +keepopen, +nokeepopen
	      This option keeps	[or does not keep] the TCP socket open between
	      queries, and reuses it rather than creating a new	TCP socket for
	      each lookup. The default is +nokeepopen.

       +multiline, +nomultiline
	      This option prints [or does not print]  records,	like  the  SOA
	      records, in a verbose multi-line format with human-readable com-
	      ments. The default is to print each record on a single  line  to
	      facilitate machine parsing of the	dig output.

       +ndots=D
	      This option sets the number of dots (D) that must	appear in name
	      for it to	be considered absolute.	The default value is that  de-
	      fined  using the ndots statement in /etc/resolv.conf, or 1 if no
	      ndots statement is present. Names	with  fewer  dots  are	inter-
	      preted  as  relative  names, and are searched for	in the domains
	      listed in	the search or domain directive in /etc/resolv.conf  if
	      +search is set.

       +nsid, +nonsid
	      When  enabled,  this  option includes an EDNS name server	ID re-
	      quest when sending a query.

       +nssearch, +nonssearch
	      When this	option is set, dig attempts to find the	 authoritative
	      name  servers  for the zone containing the name being looked up,
	      and display the SOA record that each name	 server	 has  for  the
	      zone.   Addresses	 of  servers  that  did	 not  respond are also
	      printed.

       +onesoa,	+noonesoa
	      When enabled, this option	prints only one	(starting) SOA	record
	      when performing an AXFR. The default is to print both the	start-
	      ing and ending SOA records.

       +opcode=value, +noopcode
	      When enabled, this option	sets (restores)	the DNS	message	opcode
	      to the specified value. The default value	is QUERY (0).

       +padding=value
	      This  option  pads  the  size of the query packet	using the EDNS
	      Padding option to	blocks of  value  bytes.  For  example,	 +pad-
	      ding=32 causes a 48-byte query to	be padded to 64	bytes. The de-
	      fault block size is 0, which disables padding;  the  maximum  is
	      512. Values are ordinarily expected to be	powers of two, such as
	      128; however, this is not	mandatory. Responses to	padded queries
	      may  also	 be  padded,  but  only	 if  the query uses TCP	or DNS
	      COOKIE.

       +qid=value
	      This option specifies the	query ID to use	when sending queries.

       +qr, +noqr
	      This option toggles the display of the query message  as	it  is
	      sent. By default,	the query is not printed.

       +question, +noquestion
	      This  option  toggles  the  display of the question section of a
	      query when an answer is returned.	The default is	to  print  the
	      question section as a comment.

       +raflag,	+noraflag
	      This  option sets	[or does not set] the RA (Recursion Available)
	      bit in the query.	The default is +noraflag. This bit is  ignored
	      by the server for	QUERY.

       +rdflag,	+nordflag
	      This option is a synonym for +recurse, +norecurse.

       +recurse, +norecurse
	      This  option  toggles  the setting of the	RD (recursion desired)
	      bit in the query.	 This bit is set by default, which  means  dig
	      normally	sends  recursive  queries.  Recursion is automatically
	      disabled when the	+nssearch or +trace query option is used.

       +retry=T
	      This option sets the number  of  times  to  retry	 UDP  and  TCP
	      queries  to  server  to  T  instead  of  the default, 2.	Unlike
	      +tries, this does	not include the	initial	query.

       +rrcomments, +norrcomments
	      This option toggles the display of per-record  comments  in  the
	      output (for example, human-readable key information about	DNSKEY
	      records).	The default is not to  print  record  comments	unless
	      multiline	mode is	active.

       +search,	+nosearch
	      This  option  uses  [or does not use] the	search list defined by
	      the searchlist or	domain directive in resolv.conf, if  any.  The
	      search list is not used by default.

	      ndots  from  resolv.conf (default	1), which may be overridden by
	      +ndots, determines whether the name is treated as	 relative  and
	      hence whether a search is	eventually performed.

       +short, +noshort
	      This  option toggles whether a terse answer is provided. The de-
	      fault is to print	the answer in a	verbose	form. This option  al-
	      ways  has	 a  global  effect; it cannot be set globally and then
	      overridden on a per-lookup basis.

       +showbadcookie, +noshowbadcookie
	      This option toggles whether to show the message  containing  the
	      BADCOOKIE	 rcode before retrying the request or not. The default
	      is to not	show the messages.

       +showsearch, +noshowsearch
	      This option performs [or does not	perform] a search showing  in-
	      termediate results.

       +sigchase, +nosigchase
	      This  feature is now obsolete and	has been removed; use delv in-
	      stead.

       +split=W
	      This option splits long hex- or base64-formatted fields  in  re-
	      source  records  into chunks of W	characters (where W is rounded
	      up to the	nearest	multiple of 4).	+nosplit  or  +split=0	causes
	      fields  not to be	split at all. The default is 56	characters, or
	      44 characters when multiline mode	is active.

       +stats, +nostats
	      This option toggles the printing of statistics: when  the	 query
	      was made,	the size of the	reply, etc. The	default	behavior is to
	      print the	query statistics as a comment after each lookup.

       +subnet=addr[/prefix-length], +nosubnet
	      This option sends	[or does not send] an EDNS  CLIENT-SUBNET  op-
	      tion with	the specified IP address or network prefix.

	      dig  +subnet=0.0.0.0/0, or simply	dig +subnet=0 for short, sends
	      an EDNS CLIENT-SUBNET option with	an empty address and a	source
	      prefix-length  of	 zero,	which  signals	a  resolver  that  the
	      client's address information must	not  be	 used  when  resolving
	      this query.

       +tcflag,	+notcflag
	      This  option  sets  [or does not set] the	TC (TrunCation)	bit in
	      the query. The default is	+notcflag. This	bit is ignored by  the
	      server for QUERY.

       +tcp, +notcp
	      This  option  indicates  whether	to  use	TCP when querying name
	      servers.	The default behavior is	to use UDP unless a  type  any
	      or  ixfr=N query is requested, in	which case the default is TCP.
	      AXFR queries always use TCP.

       +timeout=T
	      This option sets the timeout for a query to T seconds.  The  de-
	      fault  timeout  is 5 seconds. An attempt to set T	to less	than 1
	      is silently set to 1.

       +tls, +notls
	      This option indicates whether to use DNS	over  TLS  (DoT)  when
	      querying name servers. When this option is in use, the port num-
	      ber defaults to 853.

       +tls-ca[=file-name], +notls-ca
	      This option enables remote server	TLS certificate	validation for
	      DNS transports, relying on TLS. Certificate authorities certifi-
	      cates are	loaded from the	specified PEM file (file-name).	If the
	      file  is not specified, the default certificates from the	global
	      certificates store are used.

       +tls-certfile=file-name,	   +tls-keyfile=file-name,    +notls-certfile,
       +notls-keyfile
	      These  options set the state of certificate-based	client authen-
	      tication for DNS transports, relying on  TLS.  Both  certificate
	      chain  file  and private key file	are expected to	be in PEM for-
	      mat.  Both options must be specified at the same time.

       +tls-hostname=hostname, +notls-hostname
	      This option makes	dig use	the provided  hostname	during	remote
	      server  TLS  certificate verification. Otherwise,	the DNS	server
	      name is used. This option	has no effect if +tls-ca is not	speci-
	      fied.

       +topdown, +notopdown
	      This  feature is related to dig +sigchase, which is obsolete and
	      has been removed.	Use delv instead.

       +trace, +notrace
	      This option toggles tracing of the delegation path from the root
	      name  servers  for the name being	looked up. Tracing is disabled
	      by default. When tracing is enabled, dig makes iterative queries
	      to  resolve  the name being looked up. It	follows	referrals from
	      the root servers,	showing	the answer from	each server  that  was
	      used to resolve the lookup.

	      If  @server is also specified, it	affects	only the initial query
	      for the root zone	name servers.

	      +dnssec is also set when +trace is set, to  better  emulate  the
	      default queries from a name server.

       +tries=T
	      This  option sets	the number of times to try UDP and TCP queries
	      to server	to T instead of	the default, 3.	If T is	less  than  or
	      equal to zero, the number	of tries is silently rounded up	to 1.

       +trusted-key=####
	      This  option  formerly  specified	 trusted keys for use with dig
	      +sigchase. This feature is now obsolete and  has	been  removed;
	      use delv instead.

       +ttlid, +nottlid
	      This option displays [or does not	display] the TTL when printing
	      the record.

       +ttlunits, +nottlunits
	      This option displays [or does not	display] the TTL  in  friendly
	      human-readable  time  units  of  s, m, h,	d, and w, representing
	      seconds, minutes,	hours, days, and weeks.	This implies +ttlid.

       +unknownformat, +nounknownformat
	      This option prints all RDATA in  unknown	RR  type  presentation
	      format  (RFC  3597).   The  default  is to print RDATA for known
	      types in the type's presentation format.

       +vc, +novc
	      This option uses [or  does  not  use]  TCP  when	querying  name
	      servers. This alternate syntax to	+tcp is	provided for backwards
	      compatibility. The vc stands for "virtual	circuit."

       +yaml, +noyaml
	      When enabled, this option	prints the responses (and, if  +qr  is
	      in use, also the outgoing	queries) in a detailed YAML format.

       +zflag, +nozflag
	      This  option  sets  [or  does  not  set] the last	unassigned DNS
	      header flag in a DNS query.  This	flag is	off by default.

MULTIPLE QUERIES
       The BIND	9 implementation of dig	supports specifying  multiple  queries
       on  the	command	 line (in addition to supporting the -f	batch file op-
       tion). Each of those queries can	be supplied with its own set of	flags,
       options,	and query options.

       In this case, each query	argument represents an individual query	in the
       command-line syntax described above. Each consists of any of the	 stan-
       dard  options  and  flags,  the name to be looked up, an	optional query
       type and	class, and any query options that should be  applied  to  that
       query.

       A  global set of	query options, which should be applied to all queries,
       can also	be supplied. These global query	options	must precede the first
       tuple  of name, class, type, options, flags, and	query options supplied
       on the command line. Any	global query options (except +cmd  and	+short
       options)	 can  be  overridden by	a query-specific set of	query options.
       For example:

	  dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr

       shows how dig can be used from the command line to make three  lookups:
       an  ANY	query  for  www.isc.org,  a reverse lookup of 127.0.0.1, and a
       query for the NS	records	of isc.org. A global query option  of  +qr  is
       applied,	 so  that dig shows the	initial	query it made for each lookup.
       The final query has a local query option	of +qr which  means  that  dig
       does  not  print	 the initial query when	it looks up the	NS records for
       isc.org.

IDN SUPPORT
       If dig has been built with IDN (internationalized domain	name) support,
       it  can	accept	and  display non-ASCII domain names. dig appropriately
       converts	character encoding of a	domain name before sending  a  request
       to a DNS	server or displaying a reply from the server.  To turn off IDN
       support,	use the	parameters +idnin and +idnout, or define the  IDN_DIS-
       ABLE environment	variable.

RETURN CODES
       dig return codes	are:

       0      DNS response received, including NXDOMAIN	status

       1      Usage error

       8      Couldn't open batch file

       9      No reply from server

       10     Internal error

FILES
       /etc/resolv.conf

       ${HOME}/.digrc

SEE ALSO
       delv(1),	host(1), named(8), dnssec-keygen(8), RFC 1035.

BUGS
       There are probably too many query options.

AUTHOR
       Internet	Systems	Consortium

COPYRIGHT
       2022, Internet Systems Consortium

9.18.9				  2022-11-07				DIG(1)

NAME | SYNOPSIS | DESCRIPTION | SIMPLE USAGE | OPTIONS | QUERY OPTIONS | MULTIPLE QUERIES | IDN SUPPORT | RETURN CODES | FILES | SEE ALSO | BUGS | AUTHOR | COPYRIGHT

Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=dig&manpath=FreeBSD+13.1-RELEASE+and+Ports>

home | help