2000-09-03 18:04:24 +00:00
|
|
|
.\" Copyright (C) @YEARS@ Internet Software Consortium.
|
|
|
|
.\"
|
|
|
|
.\" Permission to use, copy, modify, and distribute this software for any
|
|
|
|
.\" purpose with or without fee is hereby granted, provided that the above
|
|
|
|
.\" copyright notice and this permission notice appear in all copies.
|
|
|
|
.\"
|
|
|
|
.\" THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM
|
|
|
|
.\" DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
|
|
|
|
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
|
|
|
|
.\" INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT,
|
|
|
|
.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING
|
|
|
|
.\" FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
|
|
|
|
.\" NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
|
|
|
|
.\" WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
|
|
|
.\"
|
2000-09-08 09:42:56 +00:00
|
|
|
.\" $Id: dig.1,v 1.2 2000/09/08 09:42:56 jim Exp $
|
2000-09-03 18:04:24 +00:00
|
|
|
.\"
|
|
|
|
.Dd Jun 30, 2000
|
|
|
|
.Dt DIG 1
|
|
|
|
.Os BIND9 9
|
|
|
|
.ds vT BIND9 Programmer's Manual
|
|
|
|
.Sh NAME
|
|
|
|
.Nm dig
|
|
|
|
.Nd DNS lookup utility
|
|
|
|
.Sh SYNOPSIS
|
|
|
|
.Nm dig
|
|
|
|
.Op @server
|
|
|
|
.Op Fl b Ar address
|
|
|
|
.Op Fl c Ar class
|
|
|
|
.Op Fl f Ar filename
|
|
|
|
.Op Fl p Ar port#
|
|
|
|
.Op Fl t Ar type
|
|
|
|
.Op Fl x Ar addr
|
|
|
|
.Op Fl y Ar name:key
|
|
|
|
.Op name
|
|
|
|
.Op type
|
|
|
|
.Op class
|
|
|
|
.Op queryopt ...
|
|
|
|
.Nm dig
|
|
|
|
.Fl h
|
|
|
|
.Nm dig
|
|
|
|
.Op global-queryopt ...
|
|
|
|
.Op query1
|
|
|
|
.Op query2 ...
|
|
|
|
.Sh DESCRIPTION
|
|
|
|
.Pp
|
|
|
|
.Nm dig
|
|
|
|
(domain information groper) is a flexible tool for interrogating DNS
|
|
|
|
name servers.
|
|
|
|
It performs DNS lookups and displays the answers that are returned from
|
|
|
|
the name server(s) that were queried.
|
|
|
|
Most DNS administrators use
|
|
|
|
.Nm dig
|
|
|
|
to troubleshoot DNS problems because of its flexibility, ease of use and
|
|
|
|
clarity of output.
|
|
|
|
Other lookup tools tend to have less functionality than
|
|
|
|
.Nm dig .
|
|
|
|
.Pp
|
|
|
|
Although
|
2000-09-08 09:42:56 +00:00
|
|
|
.Nm dig
|
2000-09-03 18:04:24 +00:00
|
|
|
is normally used with command-line arguments, it also has a batch
|
|
|
|
mode of operation for reading lookup requests from a file.
|
|
|
|
A brief summary of its command-line arguments and options is printed
|
|
|
|
when the
|
|
|
|
.Fl h
|
|
|
|
option is given to
|
|
|
|
.Nm dig .
|
|
|
|
Unlike earlier versions, the BIND9 implementation of
|
|
|
|
.Nm dig
|
|
|
|
allows multiple lookups to be issued from the command line.
|
|
|
|
.Pp
|
2000-09-08 09:42:56 +00:00
|
|
|
Unless it is told to query a specific name server,
|
|
|
|
.Nm dig
|
|
|
|
will read
|
|
|
|
.Pa /etc/resolv.conf
|
|
|
|
and send queries to the name servers identified by the
|
|
|
|
.Nm nameserver
|
|
|
|
directives in that file.
|
|
|
|
Those name servers are queried in sequence.
|
|
|
|
.Nm dig
|
|
|
|
dig will send its query to the first name server listed in
|
|
|
|
.Pa /etc/resolv.conf .
|
|
|
|
If the query times out,
|
|
|
|
.Nm dig
|
|
|
|
then tries the second name server in the list and if that query
|
|
|
|
times out, it will try the third name server.
|
|
|
|
When the query to that third name server times out,
|
|
|
|
.Nm dig
|
|
|
|
repeats the lookups.
|
|
|
|
It will try all three servers in sequence again and use a longer timeout
|
|
|
|
interval for the second series of lookup attempts.
|
|
|
|
If no answer is returned after the the second round of queries, the
|
|
|
|
lookup fails.
|
|
|
|
.Pp
|
|
|
|
The lookup completes when an answer is returned, even if that
|
|
|
|
answer indicates an error.
|
|
|
|
A commonly held misconception is that the resolver used by tools like
|
|
|
|
.Nm dig
|
|
|
|
will repeat the query to the next name server listed in
|
|
|
|
.Pa /etc/resolv.conf
|
|
|
|
if the name server that was queried returns an error reply.
|
|
|
|
This is not so.
|
|
|
|
.Pp
|
2000-09-03 18:04:24 +00:00
|
|
|
When no command line arguments or options are given,
|
|
|
|
.Nm dig
|
|
|
|
reads
|
|
|
|
.Pa /etc/resolv.conf
|
2000-09-08 09:42:56 +00:00
|
|
|
and makes a lookup for details of the root zone \*q.\*q
|
2000-09-03 18:04:24 +00:00
|
|
|
.Sh SIMPLE USAGE
|
|
|
|
.Pp
|
|
|
|
In normal usage, a typical invocation of
|
|
|
|
.Nm dig
|
|
|
|
would be:
|
|
|
|
.Bd -ragged | -offset indent
|
|
|
|
.Ic dig Ar @server name type class
|
|
|
|
.Ed
|
|
|
|
.Pp
|
|
|
|
where:
|
|
|
|
.Bl -tag -width server
|
|
|
|
.It Ar server
|
|
|
|
is the name or IP address of the name server to query.
|
|
|
|
An IPv4 address can be provided in dotted-decimal notation.
|
|
|
|
When the supplied
|
|
|
|
.Ar server
|
|
|
|
argument is a hostname,
|
|
|
|
.Nm dig
|
|
|
|
resolves that name before querying that name server.
|
|
|
|
If no
|
|
|
|
.Ar server
|
|
|
|
argument is provided,
|
|
|
|
.Nm dig
|
|
|
|
consults
|
|
|
|
.Pa /etc/resolv.conf
|
2000-09-08 09:42:56 +00:00
|
|
|
and queries the name servers listed there.
|
|
|
|
The reply from the name server that responds is displayed.
|
2000-09-03 18:04:24 +00:00
|
|
|
.It Ar name
|
|
|
|
is the name of the resource record that is to be looked up.
|
|
|
|
.It Ar type
|
|
|
|
indicates what type of query is required - ANY, A, MX, SIG, etc.
|
|
|
|
.Ar type
|
|
|
|
can be any valid query type.
|
|
|
|
If no
|
|
|
|
.Ar type
|
|
|
|
argument is supplied,
|
|
|
|
.Nm dig
|
|
|
|
will perform a lookup for an A record by default.
|
|
|
|
The query type can also be defined using the
|
|
|
|
.Fl x
|
|
|
|
and
|
|
|
|
.Fl t
|
|
|
|
options.
|
|
|
|
These are described later.
|
|
|
|
When an incremental zone transfer (IXFR) is required,
|
|
|
|
.Ar type
|
|
|
|
should be supplied as
|
|
|
|
.Dv ixfr=N .
|
|
|
|
The incremental zone transfer will contain the changes made to the zone
|
|
|
|
since the serial number in the zone's SOA record was
|
|
|
|
.Ar N .
|
|
|
|
.It Ar class
|
|
|
|
denotes the class of query.
|
|
|
|
If this is not provided, the default class is IN: internet.
|
|
|
|
The
|
|
|
|
.Fl c
|
|
|
|
option can also be used to set the query class.
|
|
|
|
.El
|
|
|
|
.Pp
|
|
|
|
If the query and class arguments are explicitly supplied on the command
|
|
|
|
line, the BIND9 implementation requires these arguments to be
|
|
|
|
supplied in the order described above.
|
|
|
|
This is to avoid confusion when looking up names that also happen to be
|
|
|
|
a valid query type or class.
|
|
|
|
Previous versions of
|
|
|
|
.Nm dig
|
|
|
|
did not have this restriction.
|
|
|
|
.Sh OPTIONS
|
|
|
|
Command line options and arguments can be supplied to provide
|
|
|
|
additional flexibility to when making queries.
|
|
|
|
.Pp
|
|
|
|
The
|
|
|
|
.Fl b
|
|
|
|
option sets the source IP address of query to
|
|
|
|
.Ar address .
|
|
|
|
Most systems require that the source address corresponds to a valid
|
|
|
|
address on one of the host's network interfaces.
|
|
|
|
[If some non-local address was used as the source address
|
|
|
|
.Nm dig
|
|
|
|
would be unlikely to receive the reply because the remote name server
|
|
|
|
would send that reply to
|
|
|
|
.Ar address
|
|
|
|
rather than the host which actually made the request.]
|
|
|
|
Setting the source address on queries can be used to verify
|
|
|
|
that the name server's access control lists or
|
|
|
|
.Dv view{}
|
|
|
|
statements have been set up correctly.
|
|
|
|
.Pp
|
|
|
|
The default query class (IN for internet) is overridden by the
|
|
|
|
.Fl c
|
|
|
|
option.
|
|
|
|
.Ar class
|
|
|
|
is any valid class: typically HS for Hesiod records or CHAOS for
|
|
|
|
CHAOSNET records
|
|
|
|
.Pp
|
|
|
|
The
|
|
|
|
.Fl f
|
|
|
|
option gets
|
|
|
|
.Nm dig
|
|
|
|
operate in batch mode by reading a list of lookup requests to process
|
|
|
|
from the file
|
|
|
|
.Ar filename .
|
|
|
|
The file contains a number queries, one per line.
|
|
|
|
Each entry in the file should be organised in the same way they would be
|
|
|
|
presented as queries to
|
|
|
|
.Nm dig
|
|
|
|
using the command-line interface.
|
|
|
|
.Pp
|
|
|
|
If a non-standard port number is to be queried, the
|
|
|
|
.Fl p
|
|
|
|
option is used.
|
|
|
|
.Ar port#
|
|
|
|
is the port number that
|
|
|
|
.Nm dig
|
|
|
|
will send its queries instead of the standard DNS port number 53.
|
|
|
|
This option would be used to test a name server that has been configured
|
|
|
|
to listen for queries on a non-standard port number.
|
|
|
|
.Pp
|
|
|
|
The
|
|
|
|
.Fl t
|
|
|
|
option sets the query type to
|
|
|
|
.Ar type .
|
|
|
|
It can be any valid query type which is supported in BIND9.
|
|
|
|
The default query type is an A record unless the
|
|
|
|
.Fl x
|
|
|
|
option is supplied to indicate a reverse lookup.
|
|
|
|
When an incremental zone transfer (IXFR) is required,
|
|
|
|
.Ar type
|
|
|
|
is set to
|
|
|
|
.Dv ixfr=N .
|
|
|
|
The incremental zone transfer will contain the changes made to the zone
|
|
|
|
since the serial number in the zone's SOA record was
|
|
|
|
.Ar N .
|
|
|
|
.Pp
|
|
|
|
Reverse lookups - mapping addresses to names - are simplified
|
|
|
|
by the
|
|
|
|
.Fl x
|
|
|
|
option.
|
|
|
|
.Ar addr
|
|
|
|
is an IPv4 in conventional dotted-decimal notation.
|
|
|
|
A reverse lookup of
|
|
|
|
.Ar addr
|
|
|
|
is performed.
|
|
|
|
When this option is used, there is no need to provide the
|
|
|
|
.Ar name ,
|
|
|
|
.Ar class
|
|
|
|
and
|
|
|
|
.Ar type
|
|
|
|
arguments.
|
|
|
|
.Nm dig
|
|
|
|
automatically performs a lookup for a name like
|
|
|
|
.Dv 11.12.13.10.in-addr.arpa
|
|
|
|
and sets the query type and class to PTR and IN respectively.
|
|
|
|
.Pp
|
|
|
|
The
|
|
|
|
.Fl y
|
|
|
|
option is supplied when
|
|
|
|
.Nm dig
|
|
|
|
is to use transaction signatures (TSIG) when exchanging queries and
|
|
|
|
replies with a name server.
|
|
|
|
.Ar name
|
|
|
|
is the name of the key and
|
|
|
|
.Ar key
|
|
|
|
is the actual key.
|
|
|
|
The key is normally a base-64 encoded string generated by
|
|
|
|
.Xr dnssec-keygen 8 .
|
|
|
|
Caution should be taken when using the
|
|
|
|
.Fl y
|
|
|
|
option.
|
|
|
|
The key is usually secret but could be publicly readable in
|
|
|
|
the output from
|
|
|
|
.Xr ps 1
|
|
|
|
or in the shell's history file if one exists.
|
|
|
|
When using TSIG authentication with
|
|
|
|
.Nm dig ,
|
|
|
|
the name server that is queried needs to know the key and algorithm
|
|
|
|
that is being used.
|
|
|
|
This is done by providing appropriate
|
|
|
|
.Dv key{}
|
|
|
|
and
|
|
|
|
.Dv server{}
|
|
|
|
statements in
|
|
|
|
.Pa /etc/named.conf .
|
|
|
|
.Sh QUERY OPTIONS
|
|
|
|
.Nm dig
|
|
|
|
provides a number of query options which affect the way in which
|
|
|
|
lookups are made and the results displayed.
|
|
|
|
Some of these set or reset flag bits in the query header.
|
|
|
|
Others determine which sections of the answer get printed.
|
|
|
|
A small number of these query options are used to determine the timeout
|
|
|
|
and retry strategies.
|
|
|
|
.Pp
|
|
|
|
Each query option is identified by a keyword preceded by a
|
|
|
|
plus sign: \*q+\*q.
|
|
|
|
Some keywords set or reset an option.
|
|
|
|
These may be preceded by the string \*qno\*q to negate the meaning of
|
|
|
|
that keyword.
|
|
|
|
Other keywords assign values to options like the timeout interval.
|
|
|
|
They have the form
|
|
|
|
.Dv +keyword=value .
|
|
|
|
The query options are:
|
|
|
|
.Bl -tag -width +[no]additional
|
|
|
|
.It +[no]vc
|
|
|
|
Use [do not use] TCP when querying name servers.
|
|
|
|
The default behaviour is to use UDP unless an AXFR or IXFR query is
|
|
|
|
requested, when a TCP connection is used.
|
|
|
|
.It +[no]tcp
|
|
|
|
Use [do not use] TCP when querying name servers.
|
|
|
|
This alternate syntax to
|
|
|
|
.Ar +[no]vc
|
|
|
|
is provided for backwards compatibility for scripts
|
|
|
|
which depend on the old form of this query option.
|
|
|
|
.It +domain=somename
|
|
|
|
Set the default domain name or search list to
|
|
|
|
.Ar somename .
|
|
|
|
.It +[no]search
|
|
|
|
Use [do not use] the search list in
|
|
|
|
.Pa resolv.conf
|
|
|
|
(if any).
|
|
|
|
The search list is not used by default.
|
|
|
|
.It +[no]defname
|
|
|
|
Use [do not use] the default domain name, if any, in
|
|
|
|
.Pa resolv.conf
|
|
|
|
The default is not to append that name to
|
|
|
|
.Ar name
|
|
|
|
when making queries.
|
|
|
|
.It +[no]aaonly
|
|
|
|
This option does nothing.
|
|
|
|
It is provided for compatibilty with old versions of
|
|
|
|
.Nm dig
|
|
|
|
that sometimes used this option to set the AA (authoritative answer) bit
|
|
|
|
on queries, even though the AA bit is only valid in a reply.
|
|
|
|
.It +[no]adflag
|
|
|
|
Set [do not set] the AD (authentic data) bit in the query.
|
|
|
|
The default is not to set the AD bit.
|
|
|
|
\fBXXXJR\fP RFC2535 says this should be set in the server's reply, not the
|
|
|
|
resolver's query.
|
|
|
|
.It +[no]cdflag
|
|
|
|
Set [do not set] the CD (checking disabled) bit in the query.
|
|
|
|
By default this bit is not set.
|
|
|
|
When this bit is set,
|
|
|
|
.Nm dig
|
|
|
|
will perform whatever cryptographic functions are needed to
|
|
|
|
authenticate and validate the reply from the name server.
|
|
|
|
.It +[no]recursive
|
|
|
|
Toggle the setting of the RD (recursion desired) bit in the query.
|
|
|
|
This bit is set by default which means recursive queries are normally made
|
|
|
|
by
|
|
|
|
.Nm dig .
|
|
|
|
Recursive queries are disabled whenever the
|
|
|
|
.Ar +nssearch
|
|
|
|
or
|
|
|
|
.Ar +trace
|
|
|
|
query options are used.
|
|
|
|
.It +[no]nssearch
|
|
|
|
When this option is set
|
|
|
|
.Nm dig
|
|
|
|
attempts to find the authoritative name servers for the zone containing
|
|
|
|
the name being looked up and
|
|
|
|
display the SOA record that each name server has for the zone.
|
|
|
|
The default is not to check all authoritative name servers.
|
|
|
|
.It +[no]trace
|
|
|
|
Toggle tracing of the delegation path from the root name servers for
|
|
|
|
the name being looked up.
|
|
|
|
Tracing is disabled by default.
|
|
|
|
When tracing is enabled,
|
|
|
|
.Nm dig
|
|
|
|
behaves like a name server by making iterative queries to resolve the
|
|
|
|
name being looked up.
|
|
|
|
It will follow referrals from the root servers, showing
|
|
|
|
the answer from each server that was used to resolve the lookup.
|
|
|
|
.It +[no]details
|
|
|
|
Show [do not show] details of all requests and replies.
|
|
|
|
By default, details are always shown.
|
|
|
|
When the
|
|
|
|
.Ar +trace
|
|
|
|
query option is used, the results of iterative queries are not shown
|
|
|
|
when
|
|
|
|
.Ar nodetails
|
|
|
|
is set.
|
|
|
|
.It +[no]cmd
|
|
|
|
toggles the printing of the initial comment in the output identifying
|
|
|
|
the version of
|
|
|
|
.Nm dig
|
|
|
|
and the query options that have been applied.
|
|
|
|
This comment is printed by default.
|
|
|
|
.It +[no]short
|
|
|
|
Provide a terse answer.
|
|
|
|
The default is not to provide the short form of answer.
|
|
|
|
.It +[no]identify
|
|
|
|
Show [or do not show] the IP address and port number that supplied the
|
|
|
|
answer when the
|
|
|
|
.Ar +short
|
|
|
|
option is enabled.
|
|
|
|
If short form answers are requested, the default is not to show
|
|
|
|
the source address and port number of the server that provided the
|
|
|
|
answer.
|
|
|
|
.It +[no]comments
|
|
|
|
Toggle the display of comment lines in the output.
|
|
|
|
The default behaviour is to print comments.
|
|
|
|
.It +[no]sta
|
|
|
|
This query option toggles the printing of statistics: when the query was
|
|
|
|
made, the size of the reply and so on.
|
|
|
|
The default behaviour is to print the query statistics.
|
|
|
|
.It +[no]qr
|
|
|
|
Print [do not print] the question section of a query as a comment
|
|
|
|
before sending the query.
|
|
|
|
The default is not to print the question section before making a query.
|
|
|
|
The question is usually printed as a comment
|
|
|
|
however when the answer is displayed.
|
|
|
|
.It +[no]question
|
|
|
|
Print [do not print] the question section of a query when an answer is
|
|
|
|
returned.
|
|
|
|
The default is to print the question section as a comment.
|
|
|
|
.It +[no]answer
|
|
|
|
Display [do not display] the answer section of a reply.
|
|
|
|
It is printed by default.
|
|
|
|
.It +[no]authority
|
|
|
|
Display [do not display] the authority section of a reply.
|
|
|
|
The default is to print the authority section.
|
|
|
|
.It +[no]additional
|
|
|
|
Display [do not display] the additional section of a reply.
|
|
|
|
By default the reply's additional section is printed.
|
|
|
|
.It +[no]all
|
|
|
|
Set or clear all display flags
|
|
|
|
This option would tend to be used when running
|
|
|
|
.Nm dig
|
|
|
|
in batch mode to set or clear all of the standard query option defaults.
|
|
|
|
.It +time=T
|
|
|
|
Sets the timeout for a query to
|
|
|
|
.Dv T
|
|
|
|
seconds.
|
|
|
|
The default time out is 5 seconds.
|
|
|
|
An attempt to set
|
|
|
|
.Dv T
|
|
|
|
to less than 1 will result in a query timeout of 1 second being applied.
|
|
|
|
.It +tries=A
|
|
|
|
Sets the number of times to retry UDP queries to server to
|
|
|
|
.Dv T
|
|
|
|
instead of the default, 3.
|
|
|
|
If
|
|
|
|
.Dv T
|
|
|
|
is less than or equal to zero, the number of retries is silently rounded
|
|
|
|
up to 1.
|
|
|
|
.It +ndots=D
|
|
|
|
Set the number of dots that have to appear in
|
|
|
|
.Ar name
|
|
|
|
to
|
|
|
|
.Dv D
|
|
|
|
before an absolute lookup is attempted.
|
|
|
|
i.e.
|
|
|
|
.Ar name
|
|
|
|
is looked up as-is,
|
|
|
|
without appending a default domain name or components of a domain search
|
|
|
|
list.
|
|
|
|
The default number of dots is 1.
|
|
|
|
If this query option is supplied, it replaces any default number of dots
|
|
|
|
that were defined by an
|
|
|
|
.Dv ndots
|
|
|
|
directive in
|
|
|
|
.Pa /etc/resolv.conf .
|
|
|
|
.It +bufsize=B
|
|
|
|
Sets the size of the buffer for UDP queries to
|
|
|
|
.Dv B
|
|
|
|
bytes.
|
|
|
|
The maximum and minimum sizes of this buffer are 65535 and 0
|
|
|
|
respectively.
|
|
|
|
Values outside this range are rounded up or down appropriately.
|
|
|
|
Setting the buffer size should only be necessary for EDNS0 queries.
|
|
|
|
.El
|
|
|
|
.Sh MULTIPLE QUERIES
|
|
|
|
.Pp
|
|
|
|
.Nm dig
|
|
|
|
can operate in batch mode, reading query requests from a file
|
|
|
|
The file should contain a number queries, one per line.
|
|
|
|
Each entry in the file should be organised in the same way the
|
|
|
|
equivalent query would be presented to
|
|
|
|
.Nm dig
|
|
|
|
using the command-line interface.
|
|
|
|
.Pp
|
|
|
|
Multiple queries can also be made using the command line interface of the BIND9
|
|
|
|
implementation of
|
|
|
|
.Nm dig .
|
|
|
|
Each of those queries can be supplied with its own set of flags,
|
|
|
|
options and query options.
|
|
|
|
.Pp
|
|
|
|
In this case,
|
|
|
|
.Ar query1 ,
|
|
|
|
.Ar query2
|
|
|
|
and so on represent an individual query in the command-line syntax described
|
|
|
|
above.
|
|
|
|
Each consists of any of the standard options and flags, the name to be looked
|
|
|
|
up, an optional query type and class and any query options that should
|
|
|
|
be applied to that query.
|
|
|
|
.Pp
|
|
|
|
A global set of query options, which should be applied to all queries, can
|
|
|
|
also be supplied.
|
|
|
|
These global query options must precede the first tuple of name, class, type,
|
|
|
|
options, flags, and query options supplied on the command line.
|
|
|
|
Any global query options can be over-ridden by a
|
|
|
|
query-specific set of query options.
|
|
|
|
For example:
|
|
|
|
.Bd -literal
|
|
|
|
dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
|
|
|
|
.Ed
|
|
|
|
.Pp
|
|
|
|
shows how
|
|
|
|
.Nm dig
|
|
|
|
could be used from the command line to make three lookups: an ANY query
|
|
|
|
for
|
|
|
|
.Dv www.isc.org ,
|
|
|
|
a reverse lookup of 127.0.0.1
|
|
|
|
and
|
|
|
|
a query for the NS records of
|
|
|
|
.Dv isc.org .
|
|
|
|
A global query option of
|
|
|
|
.Ar +qr
|
|
|
|
is applied, so that
|
|
|
|
.Nm dig
|
|
|
|
shows the initial query it made for each lookup.
|
|
|
|
The final query has a local query option of
|
|
|
|
.Ar +noqr
|
|
|
|
which means that
|
|
|
|
.Nm dig
|
|
|
|
will not print the initial query when it looks up the
|
|
|
|
NS records for
|
|
|
|
.Dv isc.org .
|
|
|
|
.Sh EXAMPLES
|
|
|
|
.Bd -literal
|
|
|
|
% \fBdig localhost\fP
|
|
|
|
|
|
|
|
; <<>> DiG 9.0 <<>> localhost
|
|
|
|
;; global options: printcmd
|
|
|
|
;; Got answer:
|
|
|
|
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6284
|
|
|
|
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
|
|
|
|
|
|
|
|
;; QUESTION SECTION:
|
|
|
|
;localhost. IN A
|
|
|
|
|
|
|
|
;; ANSWER SECTION:
|
|
|
|
localhost. 14400 IN A 127.0.0.1
|
|
|
|
|
|
|
|
;; AUTHORITY SECTION:
|
|
|
|
localhost. 14400 IN NS localhost.
|
|
|
|
|
|
|
|
;; ADDITIONAL SECTION:
|
|
|
|
localhost. 14400 IN A 127.0.0.1
|
|
|
|
|
|
|
|
;; Query time: 27 msec
|
|
|
|
;; SERVER: 204.152.187.11#53(204.152.187.11)
|
|
|
|
;; WHEN: Wed Jul 5 14:13:21 2000
|
|
|
|
;; MSG SIZE rcvd: 73
|
|
|
|
.Ed
|
|
|
|
.Pp
|
|
|
|
In the above example a lookup is being made for
|
|
|
|
.Dv localhost .
|
|
|
|
No query type or class arguments were supplied, so the default values of
|
|
|
|
an A record and IN class were used.
|
|
|
|
The commented-out question section shows that
|
|
|
|
.Nm dig
|
|
|
|
made a query for an A record for
|
|
|
|
.Dv localhost
|
|
|
|
and the query class was IN.
|
|
|
|
The header indicates that a standard query was made and that it
|
|
|
|
succeeded: the status code is
|
|
|
|
.Dv NOERROR .
|
|
|
|
In other words, the query was answered successfully.
|
|
|
|
The query ID was 6284.
|
|
|
|
The QR, AA, RD and RA bits were set by the server which replied.
|
|
|
|
These indicate that the reply was a query response, an authoritative answer,
|
|
|
|
recursion was desired (set by the initial query) and that recursion was
|
|
|
|
available respectively.
|
|
|
|
Each section of the reply - query, answer, authority and additional -
|
|
|
|
contained 1 resource record.
|
|
|
|
.Pp
|
|
|
|
The answer section of the reply shows the expected result.
|
|
|
|
.Dv localhost
|
|
|
|
has IP address 127.0.0.1 and the corresponding A record has a 4 hour
|
|
|
|
(14400 second) TTL.
|
|
|
|
The authority section shows that there is one name server for the
|
|
|
|
.Dv localhost
|
|
|
|
zone:
|
|
|
|
.Dv localhost
|
|
|
|
itself.
|
|
|
|
The additional section provides the IP address of this name server
|
|
|
|
which just happens to be the same as the answer section of the query.
|
|
|
|
.Pp
|
|
|
|
The final section of output shows the statistics: how long the query
|
|
|
|
took, when the query was made and the source IP address and port number of
|
|
|
|
the server that answered the query: port number 53 of IP address
|
|
|
|
204.152.187.11.
|
|
|
|
The size of the reply from the server was 73 bytes.
|
|
|
|
.Pp
|
|
|
|
In the following example the
|
|
|
|
.Fl x
|
|
|
|
option is used to make a reverse lookup for IP address 127.0.0.1.
|
|
|
|
For this query,
|
|
|
|
.Nm dig
|
|
|
|
automatically generates a request for the PTR record for
|
|
|
|
.Dv 1.0.0.127.in-addr.arpa .
|
|
|
|
.Bd -literal
|
|
|
|
% \fBdig -x 127.0.0.1\fP
|
|
|
|
; <<>> DiG 9.0 <<>> -x 127.0.0.1
|
|
|
|
;; global options: printcmd
|
|
|
|
;; Got answer:
|
|
|
|
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61518
|
|
|
|
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
|
|
|
|
|
|
|
|
;; QUESTION SECTION:
|
|
|
|
;1.0.0.127.in-addr.arpa. IN PTR
|
|
|
|
|
|
|
|
;; ANSWER SECTION:
|
|
|
|
1.0.0.127.in-addr.arpa. 14400 IN PTR localhost.
|
|
|
|
|
|
|
|
;; AUTHORITY SECTION:
|
|
|
|
0.0.127.in-addr.arpa. 14400 IN NS localhost.
|
|
|
|
|
|
|
|
;; ADDITIONAL SECTION:
|
|
|
|
localhost. 14400 IN A 127.0.0.1
|
|
|
|
|
|
|
|
;; Query time: 10 msec
|
|
|
|
;; SERVER: 204.152.187.11#53(204.152.187.11)
|
|
|
|
;; WHEN: Wed Jul 5 14:13:21 2000
|
|
|
|
;; MSG SIZE rcvd: 93
|
|
|
|
.Ed
|
|
|
|
.Pp
|
|
|
|
A query for a Chaosnet TXT record is illustrated in the next example.
|
|
|
|
Most versions of BIND will respond with a version identification string
|
|
|
|
when they are asked for a Chaosnet TXT for the name
|
|
|
|
.Dv version.bind .
|
|
|
|
In the example below, a remote name server is queried (198.133.199.1)
|
|
|
|
and the
|
|
|
|
.Ar +qr
|
|
|
|
query option is set.
|
|
|
|
This is used to show the original query that was sent to the server
|
|
|
|
and the header flags that were set by the server when it replied.
|
|
|
|
The server at 198.133.199.1 claims to be running version 9.1.0a1 of
|
|
|
|
BIND.
|
|
|
|
.Bd -literal
|
|
|
|
% \fBdig @198.133.199.1 version.bind chaos txt +qr\fP
|
|
|
|
|
|
|
|
; <<>> DiG 9.0 <<>> @198.133.199.1 version.bind chaos txt +qr
|
|
|
|
;; global options: printcmd
|
|
|
|
;; Sending:
|
|
|
|
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42921
|
|
|
|
;; flags: rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
|
|
|
|
|
|
|
|
;; QUESTION SECTION:
|
|
|
|
;version.bind. CHAOS TXT
|
|
|
|
|
|
|
|
;; Got answer:
|
|
|
|
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42921
|
|
|
|
;; flags: qr aa rd ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
|
|
|
|
|
|
|
|
;; QUESTION SECTION:
|
|
|
|
;version.bind. CHAOS TXT
|
|
|
|
|
|
|
|
;; ANSWER SECTION:
|
|
|
|
version.bind. 0 CHAOS TXT "9.1.0a1"
|
|
|
|
|
|
|
|
;; Query time: 184 msec
|
|
|
|
;; SERVER: 198.133.199.1#53(198.133.199.1)
|
|
|
|
;; WHEN: Wed Jul 5 14:13:21 2000
|
|
|
|
;; MSG SIZE rcvd: 50
|
|
|
|
.Ed
|
|
|
|
.Bd -literal
|
|
|
|
% \fBdig www.isc.org +trace +all\fP
|
|
|
|
|
|
|
|
; <<>> DiG 9.0 <<>> www.isc.org +trace +all
|
|
|
|
;; global options: printcmd
|
|
|
|
;; Got answer:
|
|
|
|
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28809
|
|
|
|
;; flags: qr ra; QUERY: 1, ANSWER: 1, AUTHORITY: 13, ADDITIONAL: 13
|
|
|
|
|
|
|
|
;; QUESTION SECTION:
|
|
|
|
;. IN SOA
|
|
|
|
|
|
|
|
;; ANSWER SECTION:
|
|
|
|
. 42227 IN SOA A.ROOT-SERVERS.NET. hostmaster.nsiregistry.NET. ( 2000090201 1800 900 604800 86400 )
|
|
|
|
|
|
|
|
;; AUTHORITY SECTION:
|
|
|
|
. 404535 IN NS I.ROOT-SERVERS.NET.
|
|
|
|
. 404535 IN NS E.ROOT-SERVERS.NET.
|
|
|
|
. 404535 IN NS D.ROOT-SERVERS.NET.
|
|
|
|
. 404535 IN NS A.ROOT-SERVERS.NET.
|
|
|
|
. 404535 IN NS H.ROOT-SERVERS.NET.
|
|
|
|
. 404535 IN NS C.ROOT-SERVERS.NET.
|
|
|
|
. 404535 IN NS G.ROOT-SERVERS.NET.
|
|
|
|
. 404535 IN NS F.ROOT-SERVERS.NET.
|
|
|
|
. 404535 IN NS B.ROOT-SERVERS.NET.
|
|
|
|
. 404535 IN NS J.ROOT-SERVERS.NET.
|
|
|
|
. 404535 IN NS K.ROOT-SERVERS.NET.
|
|
|
|
. 404535 IN NS L.ROOT-SERVERS.NET.
|
|
|
|
. 404535 IN NS M.ROOT-SERVERS.NET.
|
|
|
|
|
|
|
|
;; ADDITIONAL SECTION:
|
|
|
|
I.ROOT-SERVERS.NET. 490935 IN A 192.36.148.17
|
|
|
|
E.ROOT-SERVERS.NET. 490935 IN A 192.203.230.10
|
|
|
|
D.ROOT-SERVERS.NET. 490935 IN A 128.8.10.90
|
|
|
|
A.ROOT-SERVERS.NET. 490935 IN A 198.41.0.4
|
|
|
|
H.ROOT-SERVERS.NET. 490935 IN A 128.63.2.53
|
|
|
|
C.ROOT-SERVERS.NET. 490935 IN A 192.33.4.12
|
|
|
|
G.ROOT-SERVERS.NET. 490935 IN A 192.112.36.4
|
|
|
|
F.ROOT-SERVERS.NET. 490935 IN A 192.5.5.241
|
|
|
|
B.ROOT-SERVERS.NET. 490935 IN A 128.9.0.107
|
|
|
|
J.ROOT-SERVERS.NET. 490935 IN A 198.41.0.10
|
|
|
|
K.ROOT-SERVERS.NET. 490935 IN A 193.0.14.129
|
|
|
|
L.ROOT-SERVERS.NET. 490935 IN A 198.32.64.12
|
|
|
|
M.ROOT-SERVERS.NET. 490935 IN A 202.12.27.33
|
|
|
|
|
|
|
|
;; Received 494 bytes from 204.152.187.11#53 in 4 ms
|
|
|
|
;; Got answer:
|
|
|
|
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4033
|
|
|
|
;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 12, ADDITIONAL: 12
|
|
|
|
|
|
|
|
;; QUESTION SECTION:
|
|
|
|
;www.isc.org. IN A
|
|
|
|
|
|
|
|
;; AUTHORITY SECTION:
|
|
|
|
ORG. 518400 IN NS A.ROOT-SERVERS.NET.
|
|
|
|
ORG. 518400 IN NS E.GTLD-SERVERS.NET.
|
|
|
|
ORG. 518400 IN NS F.GTLD-SERVERS.NET.
|
|
|
|
ORG. 518400 IN NS F.ROOT-SERVERS.NET.
|
|
|
|
ORG. 518400 IN NS J.GTLD-SERVERS.NET.
|
|
|
|
ORG. 518400 IN NS K.GTLD-SERVERS.NET.
|
|
|
|
ORG. 518400 IN NS A.GTLD-SERVERS.NET.
|
|
|
|
ORG. 518400 IN NS M.GTLD-SERVERS.NET.
|
|
|
|
ORG. 518400 IN NS G.GTLD-SERVERS.NET.
|
|
|
|
ORG. 518400 IN NS C.GTLD-SERVERS.NET.
|
|
|
|
ORG. 518400 IN NS I.GTLD-SERVERS.NET.
|
|
|
|
ORG. 518400 IN NS B.GTLD-SERVERS.NET.
|
|
|
|
|
|
|
|
;; ADDITIONAL SECTION:
|
|
|
|
A.ROOT-SERVERS.NET. 3600000 IN A 198.41.0.4
|
|
|
|
E.GTLD-SERVERS.NET. 518400 IN A 207.200.81.69
|
|
|
|
F.GTLD-SERVERS.NET. 518400 IN A 198.17.208.67
|
|
|
|
F.ROOT-SERVERS.NET. 3600000 IN A 192.5.5.241
|
|
|
|
J.GTLD-SERVERS.NET. 518400 IN A 198.41.0.21
|
|
|
|
K.GTLD-SERVERS.NET. 518400 IN A 195.8.99.11
|
|
|
|
A.GTLD-SERVERS.NET. 518400 IN A 198.41.3.38
|
|
|
|
M.GTLD-SERVERS.NET. 518400 IN A 202.153.114.101
|
|
|
|
G.GTLD-SERVERS.NET. 518400 IN A 198.41.3.101
|
|
|
|
C.GTLD-SERVERS.NET. 518400 IN A 205.188.185.18
|
|
|
|
I.GTLD-SERVERS.NET. 518400 IN A 192.36.144.133
|
|
|
|
B.GTLD-SERVERS.NET. 518400 IN A 203.181.106.5
|
|
|
|
|
|
|
|
;; Received 445 bytes from 192.36.148.17#53 in 203 ms
|
|
|
|
;; Got answer:
|
|
|
|
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41582
|
|
|
|
;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 2
|
|
|
|
|
|
|
|
;; QUESTION SECTION:
|
|
|
|
;www.isc.org. IN A
|
|
|
|
|
|
|
|
;; AUTHORITY SECTION:
|
|
|
|
isc.org. 172800 IN NS NS1.GNAC.COM.
|
|
|
|
isc.org. 172800 IN NS NS-EXT.VIX.COM.
|
|
|
|
|
|
|
|
;; ADDITIONAL SECTION:
|
|
|
|
NS1.GNAC.COM. 172800 IN A 209.182.195.77
|
|
|
|
NS-EXT.VIX.COM. 172800 IN A 204.152.184.64
|
|
|
|
|
|
|
|
;; Received 112 bytes from 192.5.5.241#53 in 3 ms
|
|
|
|
;; Got answer:
|
|
|
|
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22863
|
|
|
|
;; flags: qr aa; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 2
|
|
|
|
|
|
|
|
;; QUESTION SECTION:
|
|
|
|
;www.isc.org. IN A
|
|
|
|
|
|
|
|
;; ANSWER SECTION:
|
|
|
|
www.isc.org. 3600 IN CNAME isc.org.
|
|
|
|
isc.org. 3600 IN A 204.152.184.101
|
|
|
|
|
|
|
|
;; AUTHORITY SECTION:
|
|
|
|
isc.org. 3600 IN NS ns-ext.vix.com.
|
|
|
|
isc.org. 3600 IN NS ns2.gnac.com.
|
|
|
|
|
|
|
|
;; ADDITIONAL SECTION:
|
|
|
|
ns-ext.vix.com. 3600 IN A 204.152.184.64
|
|
|
|
ns2.gnac.com. 907 IN A 209.182.195.77
|
|
|
|
|
|
|
|
;; Received 142 bytes from 204.152.184.64#53 in 2 ms
|
|
|
|
|
|
|
|
.Ed
|
|
|
|
.Pp
|
|
|
|
The above example illustrates the use of the
|
|
|
|
.Ar +trace
|
|
|
|
query option.
|
|
|
|
.Nm dig
|
|
|
|
makes a sequence of iterative queries to resolve
|
|
|
|
.Dv www.isc.org .
|
|
|
|
.Nm dig
|
|
|
|
first makes a query for the SOA record for the root zone to a local
|
|
|
|
name server, 204.152.187.11,
|
|
|
|
This local server returns a list of the root name servers.
|
|
|
|
One of those root servers, 192.36.148.17 is then queried for
|
|
|
|
an A record for
|
|
|
|
.Dv www.isc.org .
|
|
|
|
This server replies with a referral to the
|
|
|
|
.Dv .org
|
|
|
|
name servers.
|
|
|
|
.Pp
|
|
|
|
The query is then repeated, but is sent to 192.5.5.241 -
|
|
|
|
.Dv f.root-servers.net
|
|
|
|
- one of the
|
|
|
|
.Dv.org
|
|
|
|
name servers.
|
|
|
|
It returns a referral to the two
|
|
|
|
.Dv isc.org
|
|
|
|
name servers.
|
|
|
|
The query is finally repeated to one of those name servers, 204.152.184.64,
|
|
|
|
which returns the eventual answer.
|
|
|
|
.Sh FILES
|
|
|
|
.Pa /etc/resolv.conf
|
|
|
|
.Sh SEE ALSO
|
|
|
|
.Xr host 1 ,
|
|
|
|
.Xr resolver 5 ,
|
|
|
|
.Xr named 8 ,
|
|
|
|
.Xr dnssec-keygen 8 ,
|
|
|
|
.Xr RFC1035 ,
|
|
|
|
.Xr RFC2535 .
|
|
|
|
.Sh BUGS
|
2000-09-08 09:42:56 +00:00
|
|
|
Truncated replies are handled differently in the BIND9 implementation
|
|
|
|
of
|
|
|
|
.Nm dig .
|
|
|
|
In previous versions,
|
|
|
|
.Nm dig
|
|
|
|
would automatically repeat the query using TCP whenever it received
|
|
|
|
a truncated response.
|
|
|
|
The BIND9 implementation does not do this.
|
|
|
|
It will just display the truncated response unless
|
|
|
|
.Nm dig
|
|
|
|
was told to use a TCP connection when making queries.
|
|
|
|
.Pp
|
2000-09-03 18:04:24 +00:00
|
|
|
The
|
|
|
|
.Fl x
|
|
|
|
flag and
|
|
|
|
.Ar server
|
|
|
|
arguments do not yet cope with IPv6 addresses.
|
|
|
|
.Pp
|
|
|
|
There are probably too many query options.
|