 |
» |
|
|
|
NAMEdig — domain information groper SYNOPSISdig
[@server
]
[options]
domain
[query-type]
[query-class]
[query-options] dig
[@global-server
]
[global-d-options]
domain
[@server
]
[options]
[q-options]
[q-type]
[q-class]
[domain
[@server
][options]
[q-options]
[q-type]
[q-class]
[...]] DESCRIPTIONdig
(domain information groper)
is a flexible tool for interrogating Domain Name System (DNS) servers.
It performs DNS lookups and displays the answers that are returned from the
name server(s) that were queried.
Most DNS administrators use
dig
to troubleshoot DNS problems because of its flexibility, ease of use,
and clarity of output.
The
dig
command has two modes: simple command-line mode for single or multiple
queries and batch mode for reading lookup requests from a file. Argumentsdig
accepts the following arguments:
- @server
Specifies the DNS server that is queried in each query.
If a specific name server is not provided, dig will try each of the
servers listed in
/etc/resolv.conf.
- @global-server
Specifies the name of the server that is used in multiple
queries to provide a single server for all the queries. - domain
Specifies the domain name to look up. - query-type
Specifies the resource record types for DNS queries and responses.
The textual representation is used in master files.
The binary representation is used in DNS queries and responses.
The resource record types are:
- a
a host address (dotted quad).
This is the default value for
query-type. - AAAA
resource record type for IPv6 queries. - any
request data of any type for a name. - axfr
a request for a transfer of an entire zone. - hinfo
host information. - mx
a mail exchange. - ns
an authoritative name server. - soa
marks the start of a zone of authority. - txt
text strings.
Ensure that you use
ixfr=version
for type
ixfr.
ixfr
transfers only the incremental/changed data to the slave servers when
the data in the master server changes. - query-class
Classes are the fields that appear in resource records.
The values defined for a class are:
IN (Internet),
CS (CSNET),
CH (CHAOS),
and
HS (Hesiod).
The default value for
query-class
is
IN. - query-option
Query options affect the way in which lookups are made
and how the results are displayed.
Each query option is identified by a keyword preceded by a
+[no]
See the "Query Options" subsection below for details. - global-d-opt
Global domain query options control the lookup and display of results
for multiple queries and affect all queries.
Note that query options set globally can be overwritten by query options
set for each individual query. - options
- -b
This option is used to set the source IP address of the query to address. This must
be a valid address on one of the host's network interfaces. - -f
This option is used to perform batch processing.
It allows to group queries into one file and to pass this file to
dig
for processing.
Example:
dig -f /home/bind/some-file,
where
some-file
contains all the queries that need to be processed as a group. - -k
This option is used to sign the DNS queries sent by
dig
and their responses
using transaction signatures (TSIG). - -p
This option can be used when you want to specify a different port for
dig
to contact the name-server for its queries. - -x
This option allows queries using an IP address instead of a domain name.
This option cannot be used with IPv6 addresses. - -y
This option is used to specify the TSIG key on the command line. - -t & -c
The
-t
(type) and
-c
(class) option.
Equivalent to
query-type
and
query-class. - -h
Displays usage information of the
dig
command.
A typical
dig
command is: dig @server domain query-type where
@server
is the name or IP address of the name server, which is to be queried.
An IPv4 address can be provided in a dotted-decimal notation,
xxx.xxx.xxx.
dig
resolves the host name before querying that name server.
If no argument is provided,
dig
consults
/etc/resolv.conf
and queries the name servers listed there.
The reply from the name server that responds to the query is
displayed. domain
is the name of the resource record, which is to be looked up. query-type
indicates the required query type ie., ANY, A, MX, SIG etc.
It can be any valid query type.
The
dig
command will perform a lookup for an
A
record if no
query-type
argument is specified.
Query Optionsdig
uses a number of query options to affect lookups and to affect the
results that are displayed.
Some options set or reset flag bits in the query header,
some options determine which sections of the answer get displayed,
and other options determine the timeout and retry strategies. Each query option is identified by a keyword preceded by
+[no]
which causes an option to be set or reset or to negate the meaning
of that keyword.
Other keywords assign values to options like the timeout interval.
They have the form
+keyword=value.
The query options are:
- +[no]tcp
Use [or do not use] TCP when querying name servers.
The default behavior is to use UDP unless an AXFR or IXFR query is
requested, in which case a TCP connection is used. - +[no]vc
Use [or do not use] virtual circuit when querying name servers.
This alternate syntax to
+[no]tcp
is provided for backwards compatibility. - +[no]ignore
Ignore [or do not ignore] truncation in UDP responses instead
of retrying with TCP.
By default, TCP retries are performed. - +domain=somename
Set the default domain to
somename
as it is specified in a directive in the
/etc/resolv.conf
file. - +[no]search
Use [or do not use] the search list in
/etc/resolv.conf
(if any).
The search list is not used by default. - +[no]defname
Use [or do not use] the default domain name, if any, in the
/etc/resolv.conf
file while making queries.
By default, this name is not appended to name while making queries. - +[no]aaonly
Authenticate [or do not authenticate] the client when it
queries a server.
If this option is set, whenever a client tries querying a server, the
client will be subjected to an authentication check to make sure that
the client has sufficient permissions to query the server. - +[no]adflag
Set [or do not set] the AD (authenticate data) bit in the query.
The AD bit currently has a standard meaning only in responses and
not in queries.
The ability to set the bit in the query is provided for completeness. - +[no]cdflag
Set [or do not set] the CD (checking disabled) bit in the query.
This requests the server not to perform DNSSEC validation of responses. - +[no]recursive
Set [or do not set] the RD (recursion desired) bit in the query.
This bit is set by default, which means
dig
normally sends recursive queries.
Recursion is automatically disabled when the
+nssearch
or
+trace
query options are used. - +[no]nssearch
Attempt [or do not attempt] to find the authoritative
name servers for the zone containing the name being looked up and
display the SOA record that each name server has for the zone. - +[no]trace
Trace [or do not trace] the delegation path from the root name
servers for the name being looked up.
Tracing is disabled by default. When tracing is enabled,
dig
makes iterative queries to resolve the name that is being looked up.
It will follow referrals from the root servers, showing the answer
from each server that was used to resolve the lookup. - +[no]cmd
+[no]comment
dig
and the query options that have been applied.
The comment is included in the answer section by default. - +[no]short
Display [or do not display] a short answer.
The query results can be displayed in two forms: Complete and
Short answers.
In the short form, only the result will be displayed whereas
in the complete form, additional information (like info about
other servers that might answer your query) is also included.
By default, the answer is printed in a verbose form. - +[no]identify
Show [or do not show]
the IP address and port number that supplied the answer when the
+short
option is enabled.
If short form answers are requested, source address and port number
of the server that provided the answer are not shown by default. - +[no]comments
Display [or do not display] comment lines in the output.
By default, the comments are printed. - +[no]stats
Print [or do not print] statistics such as the size of the reply
when the query was made.
By default, the query characteristics are printed. - +[no]qr
Print [or do not print] the query before actually sending the query.
By default, the query is not printed. - +[no]question
Print [or do not print] the question section of a query when an
answer is returned.
By default, the question section is printed as a comment. - +[no]answer
Display [or do not display] the answer section of a reply.
By default, the answer section is printed. - +[no]authority
Display [or do not display] the authority section of a reply.
By default, the authority section is displayed. - +[no]additional
Display [or do not display] the additional section of a reply.
By default, the additional section is displayed. - +[no]multiline
Print records like the SOA records in a verbose multi-line
format with human-readable comments. The default is to print
each record on a single line, thereby facilitating machine parsing of
the dig output. - +[no]all
Set or clear all display flags. - +time=T
Set the timeout for a query to
T
seconds.
The default timeout is 5 seconds, and 1 second is the minimum
value to which
T
can be set.
Even if you try setting
T
to a value less than 1,
T
will be set to 1 second. - +tries=A
This option sets the number of times to retry UDP queries to server to
A
instead of the default, 3.
If
A
is less than or equal to zero, then the number of retries is set to 1. - +ndots=D
Set the number of dots that appear in
hostname
to
D.
The default value is to use either the
ndots
statement in
/etc/resolv.conf
or 1 if no
ndots
statement is present.
Names with fewer dots are interpreted as relative names and will be
searched for, in the domains listed in the search or the domain
directive in the
/etc/resolv.conf
file. - +bufsize=B
Set the UDP message buffer size advertised using EDNS0 to
B
bytes.
The maximum and minimum sizes of this buffer are 65535 and 0
respectively.
If the
B
size is specified outside of this range, then the size is rounded
up or down appropriately.
Multiple Queriesdig
allows multiple queries on the command line (in addition to
supporting the
-f
batch file option).
Each of those queries can be supplied with its own set of
options, query class, query type and query options. A global set of query options, which should be applied to all
queries can also be supplied via global-d-options. These global query options must precede the first set of domain,
class, type, options, and query options supplied on the
command line.
Any global query options can be overridden by a query-specific
set of query options for each individual query. For example:
dig +qr www.bind.org any -x 127.0.0.1 bind.org ns +noqr shows how
dig
can be used from the command line to make three lookups:
- www.bind.org any
An ANY query for domain name www.bind.org. - -x 127.0.0.1
A reverse lookup of 127.0.0.1 - bind.org ns +noqr
A name server lookup for domain bind.org, suppressing the
query display for this query only (+noqr).
EXAMPLES- 1.
To look up information about domain
a.example.com
using DNS-Server
10.53.0.2
asking for host address
a
records: /usr/bin/dig +tcp +noadd +nosea +nostat +noquest +nocmd -p 5300
a.example.com @10.53.0.2 a - 2.
To query
a.example.com
using DNS-Server
10.53.0.2
without authentication, asking for
a
records: /usr/bin/dig +tcp +noadd +nosea +nostat +noquest +nocmd +noauth
-p 5300 a.example.com @10.53.0.2 a - 3.
To request a transfer: /usr/bin/dig +tcp +noadd +nosea +nostat +noquest +nocomm +nocmd
example.com @10.53.0.2 axfr -p 5300 - 4.
To request a transfer with Transaction Signature (TSIG): /usr/bin/dig +tcp +noadd +nosea +nostat +noquest +nocomm +nocmd
tsigzone.com @10.53.0.3 axfr -y tsigzone.com:1234abcd8765 -p 5300
where
1234abcd8765
is the key.
To secure server-to-server communication BINDv9 primarily uses TSIG
for zone transfer, notify, and recursive query messages.
TSIG is very useful for dynamic updates. SEE ALSOdnssec-keygen(1),
dnssec-makekeyset(1),
dnssec-signkey(1),
dnssec-signzone(1),
host(1),
nsupdate(1),
hosts_to_named(1M),
lwresd(1M),
named(1M),
gethostent(3N),
hostname(5). |
