dig command: Query name servers

Options specified on the initial command line are in effect for all queries in the batch file unless explicitly overridden. Several options are provided exclusively for use within batch data sets, giving greater control over dig operation.

If a name server is not specified, dig tries each of the servers found in its TCPIP.DATA statements. When no command line arguments or options are given, dig performs an NS query for "." (the root).

Format:

Command Line Mode

>>-dig--+-----------+------------------------------------------><
        +-| query |-+   
        '- -h-------'   

Multiple Query Mode

>>-dig--+- +global_queryopt--+---------------+-+---------------><
        |                    | .-----------. | |   
        |                    | V           | | |   
        |                    '---| query |-+-' |   
        '- -h----------------------------------'   

query

|--+---------+--+------+--+------+--+-------+------------------->
   '-@server-'  '-name-'  '-type-'  '-class-'   

   .--------------------.                  
   V                    |                  
>----+----------------+-+--| +queryopt |------------------------|
     +- -b --address--+                    
     +- -c --class----+                    
     +- -f --filename-+                    
     +- -k --filename-+                    
     +- -n------------+                    
     +- -p --port#----+                    
     +- -t --type-----+                    
     +- -x --addr-----+                    
     '- -y --name:key-'                    

+queryopt or +global_queryopt

   .----------------------------------.   
   V                                  |   
|----+------------------------------+-+-------------------------|
     +- +noaaonly | +aaonly---------+     
     +- +noadditional | +additional-+     
     +- +noadflag | +adflag---------+     
     +- +noall | +all---------------+     
     +- +noanswer | +answer---------+     
     +- +noauthority | +authority---+     
     +- +nobesteffort | +besteffort-+     
     +- +nocdflag | +cdflag---------+     
     +- +nocmd | +cmd---------------+     
     +- +nocomments | +comments-----+     
     +- +nodefname | +defname-------+     
     +- +nodnssec | +dnssec---------+     
     +- +nofail | +fail-------------+     
     +- +noidentify | +identify-----+     
     +- +noignore | +ignore---------+     
     +- +nomultiline | +multiline---+     
     +- +nonssearch | +nssearch-----+     
     +- +noqr | +qr-----------------+     
     +- +noquestion | +question-----+     
     +- +norecursive | +recursive---+     
     +- +nosearch | +search---------+     
     +- +noshort | +short-----------+     
     +- +nosta | +sta---------------+     
     +- +notcp | +tcp---------------+     
     +- +notrace | +trace-----------+     
     +- +novc | +vc-----------------+     
     +- +bufsize--=--B--------------+     
     +- +domain--=--somename--------+     
     +- +ndots--=--D----------------+     
     +- +time--=--T-----------------+     
     '- +tries--=--A----------------'     

Parameters:

-h

Provides help for the dig command.

@server

The name or IP address of the name server to query. An IPv4 or IPv6 address or a name that resolves to an IPv4 or IPv6 address can be specified. When the supplied server argument is a host name, dig resolves that name before querying that name server. If no server argument is provided, dig consults TCPIP.DATA statements and queries the name servers listed there. The reply from the name server that responds is displayed.

name

The name of the resource record that is to be looked up.

type

Specifies what type of query is required. See the z/OS Communications Server: IP Configuration Reference for detailed information about valid query types.

If the type option is omitted, the default query type is A (an address query).

class

Specifies which network class to request in the query. dig recognizes only the IN, CHAOS, HESIOD, and ANY network classes. The default class is IN. See the z/OS Communications Server: IP Configuration Reference for detailed information about valid query classes.

-query_options

These options must be preceded by a minus (-) sign.

-b address

Sets the source IP address of the query to address. This must be a valid address on one of the host's network interfaces. An IPv6 address can be used here only if the address of the name server is also an IPv6 address. In order to accomplish this, the IPv6 name server address must be explicitly specified with the @ symbol.

-c class

Overrides the default query class (IN for Internet). See the z/OS Communications Server: IP Configuration Reference for detailed information about valid query classes.

-f filename

Makes dig operate in batch mode by reading a list of lookup requests to process from the file filename. The file contains a number of queries, one per line. Organize each entry in the file in the same way they would be presented as queries to dig using the command line interface.

-k filename

Specifies a TSIG key filename to sign the DNS queries sent by dig and their responses using transaction signatures (TSIG).

-n

Sends the query for the IPv6 address specified on the -x option as a nibble label in the IP6.ARPA domain.

-p port#

This option would be used to test a name server that has been configured to listen for queries on a non-standard port number. dig will send its queries to port#. The standard DNS port number is 53.

-s

Sends the reverse query for the IPv6 address specified on the -x option as a bitstring label in the IP6.ARPA domain.

-t type

Sets the query type to type. It can be any valid query type supported in BIND 9. The default query type is A, unless the -x option is supplied to indicate a reverse lookup. A zone transfer can be requested by specifying a type of AXFR. When an incremental zone transfer (IXFR) is required, type is set to ixfr=N. The incremental zone transfer will contain the changes made to the zone because the serial number in the zone's SOA record was N.

-x addr

Reverses lookups by mapping addresses to names. addr is an IPv4 address in dotted decimal notation, or an IPv6 address in colon hexadecimal notation. When this option is used, there is no need to provide the name, class and type arguments. dig automatically performs a lookup for a name like 11.12.13.10.in-addr.arpa and sets the query type and class to PTR and IN respectively. By default, IPv6 addresses are looked up using the IP6.ARPA domain and binary labels as defined in RFC 2874. To use the older RFC 1886 method using the IP6.ARPA domain and nibble labels, specify the -n (nibble) option.

-y name:key

You can use this option to specify the TSIG key itself on the command line. name is the name of the TSIG key and key is the actual key. The key is a base-64 encoded string, typically generated by dnssec-keygen. Take care when using this option on multiuser systems as the key can be visible in the output from ps -ef or in the shell's history file. When using TSIG authentication with dig, the name server that is queried needs to know the key and algorithm that is being used. In BIND 9, this is done by providing appropriate key{} and server{} statements in named.conf.

+queryopt

The query options available in the dig command. These options must be preceded by a plus (+) sign. Many of these options can be abbreviated by the minimum unique prefix string that is usually two characters, but three for +additional and +adflag. To abbreviate the negative command, prepend the unique string with no. Some of these set or reset flag bits in the query header, some determine which sections of the answer get printed, and others determine the timeout and retry strategies.

When used in multiple queries, +queryopt options can become a global options (+queyoption_global). To be a valid global option, +queyoption_global must be placed before the first query set to be queried.

+[no]aaonly

This option does nothing. It is provided for compatibility with old versions of dig where it set an unimplemented resolver flag.

+[no]additional

Display [do not display] the additional section of a reply. The default is to display it.

+[no]adflag

Set [do not set] the AD (authentic data) bit in the query. The AD bit currently has a standard meaning only in responses, not in queries, but the ability to set the bit in the query is provided for completeness.

+[no]all

Set or clear all display flags. The default is on.

+[no]answer

Display [do not display] the answer section of a reply. The default is to display it.

+[no]authority

Display [do not display] the authority section of a reply. The default is to display it.

+[no]besteffort

Try [do not try] to parse illegal messages. The default is not to parse illegal messages.

+[no]cdflag

Set [do not set] the CD (checking disabled) bit in the query. This requests the server to not perform DNSSEC validation of responses. The default is off, meaning that DNSSEC validation will occur.

+[no]cmd

Toggles the printing of the initial comment in the output identifying the version of dig and the query options that have been applied. This comment is printed by default. This option is recognized only when used as a global option (placed before the first query).

+[no]comments

Toggle the display of comment lines in the output. The default is to print comments.

+[no]defname

Use [do not use] the default domain name, if any, in TCPIP.DATA. The default is not to append that name to name when making queries.

+[no]dnssec

Request [do not request] DNSSEC records. The default is not to request DNSSEC records.

+[no]fail

Try the next server on SERVFAIL (fail), or do not try the next server on SERVFAIL (nofail). The default is not to try the next server on SERVFAIL.

+[no]identify

Show [do not show] the IP address and port number that supplied the answer when the +short option is enabled. If short form answers are requested, the default is not to show the source address and port number of the server that provided the answer.

+ignore

Ignore truncation in UDP responses instead of trying again with TCP. By default, TCP retries are performed.

+[no]multiline

Print [do not print] records in expanded format. The default is not to print records in expanded format.

+[no]nssearch

When this option is set on, dig attempts to find the authoritative name servers for the zone containing the name being looked up and display the SOA record that each name server has for the zone. The default is off.

+[no]qr

Print [do not print] the query as it is sent before sending the query. By default, the query is not printed.

+[no]question

Print [do not print] the question section of a query when an answer is returned. The default is to print the question section as a comment.

+[no]recursive

Toggle the setting of the RD (recursion required) bit in the query. This bit is set by default, which means dig normally sends recursive queries. Recursion is automatically disabled when the +nssearch or +trace query options are used.

+[no]search

Use [do not use] the search list in TCPIP.DATA. The search list is not used by default.

+[no]short

Provide a terse answer. The default is to print the answer in a verbose form.

+[no]sta

This query option toggles the printing of statistics when the query was made, the size of the reply and so on. The default behavior is to print the query statistics.

+[no]tcp

Use [do not use] TCP when querying name servers. The default is UDP unless an AXFR or IXFR query is requested, in which case a TCP connection is used.

+[no]trace

Toggle tracing of the delegation path from the root name servers for the name being looked up. Tracing is disabled by default. When tracing is enabled, dig makes iterative queries to resolve the name being looked up. It will follow referrals from the root servers, showing the answer from each server that was used to resolve the lookup.

+[no]vc

Use [do not use] TCP virtual circuit when querying name servers. This alternate syntax to +[no]tcp is provided for backwards compatibility. By default, UDP is used instead of TCP.

+bufsize=B

Set the UDP message buffer size advertised using EDNS0 to B bytes. The maximum and minimum sizes of this buffer are 65 535 and 0 respectively. Values outside this range are rounded up or down appropriately. The default value is 2048.

+domain=somename

Set the default domain to somename, as if specified in a domain directive or domainorigin in the resolver configuration file.

+ndots=D

Set the number of dots that have to appear in name to be considered absolute. The default value is that defined using the ndots statement in resolver configuration file, or 1 if ndots statement is not present. Names with fewer dots are interpreted as relative names and are searched for in the domains listed in the search or domain/domainorigin directive in the resolver configuration file.

+time=T

Sets the timeout for a query to T seconds. The default timeout is 5 seconds. An attempt to set T to less than 1 will result in a query timeout of 1 second being applied.

+tries=A

Sets the number of times to retry UDP queries to server. The default number of tries is 3. If T is less than or equal to 0, the number of retries is set to 1.

Usage:

The queryoption and option parameters are case sensitive and must be entered in lowercase. Domain names, query types, query classes, and the values associated with queryoption and option parameters are not case sensitive.