Unix‎ > ‎Solaris‎ > ‎Solaris man pages‎ > ‎1m‎ > ‎


     dig - DNS lookup utility

     dig [@server] [-b address] [-c class] [-f filename]
         [-k filename] [-p port#] [-t type] [-x addr]
         [-y name:key] [-4 | -6] [name] [type] [class] [queryopt]...

     dig -h

     dig [global-queryopt]... query...

     The dig utility (domain information groper)  is  a  flexible
     tool  for  interrogating  DNS  name servers. It performs DNS
     lookups and displays the answers that are returned from  the
     name  server(s)  that  were queried. Most DNS administrators
     use dig to troubleshoot DNS problems because of  its  flexi-
     bility,  ease  of  use  and  clarity of output. Other lookup
     tools tend to have less functionality than dig.

     Although dig is normally used with  command-line  arguments,
     it  also  has  a  batch mode of operation for reading lookup
     requests from a file. A brief summary  of  its  command-line
     arguments  and  options  is  printed  when  the -h option is
     specified. Unlike earlier versions, the BIND9 implementation
     of dig allows multiple lookups to be issued from the command

     Unless it is told to query a specific name server, dig tries
     each of the servers listed in /etc/resolv.conf.

     When no command line arguments or  options  are  given,  dig
     performs an NS query for "." (the root).

     It is possible  to  set  per  user  defaults  for  dig  with
     ${HOME}/.digrc.  This file is read and any options in it are
     applied before the command line arguments.

     The following is a typical invocation of dig:

       dig @server name type


     server    The name or IP  address  of  the  name  server  to
               query.  This  can  be  an  IPv4 address in dotted-
               decimal notation or  an  IPv6  address  in  colon-
               delimited notation. When the supplied server argu-
               ment is a hostname, dig resolves that name  before
               querying  that  name server. If no server argument
               is provided,  dig  consults  /etc/resolv.conf  and
               queries  the  name servers listed there. The reply
               from the name server that responds is displayed.

     name      The name of the resource  record  that  is  to  be
               looked up.

     type      Indicates what type of query is required (ANY,  A,
               MX,  SIG,  among  others.)  type  can be any valid
               query type. If no type argument is  supplied,  dig
               performs a lookup for an A record.

     The following options are supported:

     -4             Use only IPv4 transport. By default both IPv4
                    and  IPv6  transports can be used. Options -4
                    and -6 are mutually exclusive.

     -6             Use only IPv6 transport. By default both IPv4
                    and  IPv6  transports can be used. Options -4
                    and -6 are mutually exclusive.

     -b address     Set the source IP address  of  the  query  to
                    address.  This must be a valid address on one
                    of the host's network interfaces.

     -c class       Override the  default  query  class  (IN  for
                    internet).  The  class  argument is any valid
                    class, such as HS for Hesiod  records  or  CH
                    for CHAOSNET records.

     -f filename    Operate in batch mode by reading  a  list  of
                    lookup  requests  to  process  from  the file
                    filename.  The  file  contains  a  number  of
                    queries, one per line. Each entry in the file
                    should be organised  in  the  same  way  they
                    would  be  presented  as queries to dig using
                    the command-line interface.

     -h             Print a brief summary of  command-line  argu-
                    ments and options.

     -k filename    Specify a transaction  signature  (TSIG)  key
                    file  to sign the DNS queries sent by dig and
                    their responses using TSIGs.

     -p port#       Query a non-standard port number.  The  port#
                    argument  is  the  port number that dig sends
                    its queries instead of the standard DNS  port
                    number  53.  This  option tests a name server
                    that  has  been  configured  to  listen   for
                    queries on a non-standard port number.

     -t type        Set the query type to type, which can be  any
                    valid  query  type  supported  in  BIND9. The
                    default query type "A", unless the -x  option
                    is  supplied  to indicate a reverse lookup. A
                    zone transfer can be requested by  specifying
                    a  type  of  AXFR.  When  an incremental zone
                    transfer (IXFR) is required, type is  set  to
                    ixfr=N.  The  incremental  zone transfer will
                    contain the changes made to  the  zone  since
                    the  serial  number  in the zone's SOA record
                    was N.

     -x addr        Simplify reverse lookups  (mapping  addresses
                    to  names  ).  The  addr  argument is an IPv4
                    address  in  dotted-decimal  notation,  or  a
                    colon-delimited   IPv6   address.  When  this
                    option is used, there is no need  to  provide
                    the  name,  class and type arguments. The dig
                    utility automatically performs a lookup for a
                    name  like and sets
                    the query type  and  class  to  PTR  and  IN,
                    respectively.  By default, IPv6 addresses are
                    looked  up  using  the  IP6.ARPA  domain  and
                    binary labels as defined in RFC 2874. Specify
                    the -n (nibble) option to use the  older  RFC
                    1886  method  using  the  IP6.INT  domain and
                    "nibble" labels .

     -y name:key    Specify a transaction signature (TSIG) key on
                    the  command  line.  The name argument is the
                    name of the TSIG key and the key argument  is
                    the  actual key. The key is a base-64 encoded
                    string,  typically   generated   by   dnssec-
                    keygen(1M).  Caution  should  be  taken  when
                    using the -y option  on  multi-user  systems,
                    since  the  key  can be visible in the output
                    from ps(1) or in the  shell's  history  file.
                    When  using TSIG authentication with dig, the
                    name server that is queried needs to know the
                    key  and  algorithm  that  is  being used. In
                    BIND, this is done by  providing  appropriate
                    key and server statements in named.conf.

     The dig utility provides a number  of  query  options  which
     affect  the  way  in  which lookups are made and the results
     displayed. Some of these set or reset flag bits in the query
     header,  some  determine  which  sections  of the answer get
     printed, and others determine the timeout  and  retry  stra-

     Each query option is identified by a keyword preceded  by  a
     plus  sign  (+). Some keywords set or reset an option. These
     may be preceded by the string no to negate  the  meaning  of
     that  keyword.  Other keywords assign values to options like
     the timeout interval. They have the form +keyword=value. The
     query options are:

     +[no]tcp            Use [do not use] TCP when querying  name
                         servers. The default behaviour is to use
                         UDP unless an  AXFR  or  IXFR  query  is
                         requested,  in  which case a TCP connec-
                         tion is used.

     +[no]vc             Use [do not use] TCP when querying  name
                         servers.   This   alternate   syntax  to
                         +[no]tcp is provided for backwards  com-
                         patibility. The "vc" stands for "virtual

     +[no]ignore         Ignore  truncation  in   UDP   responses
                         instead   of   retrying   with  TCP.  By
                         default, TCP retries are performed.

     +domain=somename    Set the search list to contain the  sin-
                         gle  domain somename, as if specified in
                         a domain directive in  /etc/resolv.conf,
                         and  enable search list processing as if
                         the +search option were given.

     +[no]search         Use [do not use] the search list defined
                         by the searchlist or domain directive in
                         resolv.conf (if any). The search list is
                         not used by default.

     +[no]defname        Deprecated, treated  as  a  synonym  for

     +[no]aaonly         This option does nothing. It is provided
                         for  compatibility  with old versions of
                         dig  where  it  set   an   unimplemented
                         resolver flag.

     +[no]aaflag         A synonym for +[no]aaonly.

     +[no]adflag         Set [do not set] the AD (authentic data)
                         bit  in  the query. The AD bit currently
                         has   a   standard   meaning   only   in
                         responses, not in queries, but the abil-
                         ity to set the bit in the query is  pro-
                         vided for completeness.

     +[no]cdflag         Set [do not set] the CD  (checking  dis-
                         abled)  bit  in the query. This requests
                         the server to not perform DNSSEC valida-
                         tion of responses.

     +[no]cl             Display [do not display] the CLASS  when
                         printing the record.

     +[no]ttlid          Display [do not display]  the  TTL  when
                         printing the record.

     +[no]recurse        Toggle the setting of the RD  (recursion
                         desired)  bit  in the query. This bit is
                         set by default, which means dig normally
                         sends  recursive  queries.  Recursion is
                         automatically    disabled    when    the
                         +nssearch  or  +trace  query options are

     +[no]nssearch       When this option is set, dig attempts to
                         find  the authoritative name servers for
                         the  zone  containing  the  name   being
                         looked  up  and  display  the SOA record
                         that each name server has for the zone.

     +[no]trace          Toggle tracing of  the  delegation  path
                         from  the root name servers for the name
                         being looked up. Tracing is disabled  by
                         default.  When  tracing  is enabled, dig
                         makes iterative queries to  resolve  the
                         name  being  looked  up.  It will follow
                         referrals from the root servers, showing
                         the  answer  from  each  server that was
                         used to resolve the lookup.

     +[no]cmd            Toggle the printing of the initial  com-
                         ment  in the output identifying the ver-
                         sion of dig and the query  options  that
                         have   been  applied.  This  comment  is
                         printed by default.

     +[no]short          Provide a terse answer. The  default  is
                         to print the answer in a verbose form.

     +[no]identify       Show [or do not show] the IP address and
                         port  number  that  supplied  the answer
                         when the +short option  is  enabled.  If
                         short  form  answers  are requested, the
                         default  is  not  to  show  the   source
                         address  and  port  number of the server
                         that provided the answer.

     +[no]comments       Toggle the display of comment  lines  in
                         the output. The default is to print com-

     +[no]stats          Toggle the printing of statistics:  when
                         the  query  was  made,  the  size of the
                         reply and so on. The  default  behaviour
                         is to print the query statistics.

     +[no]qr             Print [do not print] the query as it  is
                         sent.  By  default,  the  query  is  not

     +[no]question       Print [do not print] the  question  sec-
                         tion  of  a  query  when  an  answer  is
                         returned. The default is  to  print  the
                         question section as a comment.

     +[no]answer         Display [do not display] the answer sec-
                         tion  of  a  reply.  The  default  is to
                         display it.

     +[no]authority      Display [do not display]  the  authority
                         section  of  a  reply. The default is to
                         display it.

     +[no]additional     Display [do not display] the  additional
                         section  of  a  reply. The default is to
                         display it.

     +[no]all            Set or clear all display flags.

     +time=T             Sets  the  timeout  for  a  query  to  T
                         seconds.  The  default  time  out  is  5
                         seconds. An attempt to  set  T  to  less
                         than 1 will result in a query timeout of
                         1 second being applied.

     +tries=T            Sets the maximum number of UDP  attempts
                         to T. The default number is 3 (1 initial
                         attempt followed by 2 retries). If T  is
                         less  than  or equal to zero, the number
                         of retries is silently rounded up to 1.

     +retry=T            Sets the number of UDP retries to T. The
                         default is 2.

     +ndots=D            Set the number  of  dots  that  have  to
                         appear  in  name  to D for it to be con-
                         sidered absolute. The default  value  is
                         that  defined  using the ndots statement
                         in /etc/resolv.conf, or 1  if  no  ndots
                         statement  is present.  Names with fewer
                         dots are interpreted as  relative  names
                         and  will be searched for in the domains
                         listed in the search or domain directive
                         in /etc/resolv.conf.

     +bufsize=B          Set the UDP message buffer  size  adver-
                         tised  using  EDNS0 to B bytes. The max-
                         imum and minimum sizes  of  this  buffer
                         are  65535  and  0  respectively. Values
                         outside this range  are  rounded  up  or
                         down appropriately.

     +[no]multiline      Print records like the SOA records in  a
                         verbose  multi-line  format  with human-
                         readable comments.  The  default  is  to
                         print  each  record on a single line, to
                         facilitate machine parsing  of  the  dig

     +[no]fail           Do  not  try  the  next  server  if  you
                         receive  a  SERVFAIL.  The default is to
                         not try the next  server  which  is  the
                         reverse    of   normal   stub   resolver

     +[no]besteffort     Attempt to display the contents of  mes-
                         sages  which  are malformed. The default
                         is to not display malformed answers.

     +[no]dnssec         Request DNSSEC records be sent  by  set-
                         ting  the  DNSSEC OK bit (DO) in the OPT
                         record in the additional section of  the

     The BIND 9 implementation of dig supports specifying  multi-
     ple  queries  on the command line (in addition to supporting
     the -f batch file option). Each of those queries can be sup-
     plied with its own set of flags, options and query options.

     In this case, each query argument  represent  an  individual
     query  in the command-line syntax described above. Each con-
     sists of any of the standard options and flags, the name  to
     be looked up, an optional query type and class and any query
     options that should be applied to that query.

     A global set  of  query  options,  global-queryopt,  can  be
     applied to all queries. These global query options must pre-
     cede the first tuple of name, class, type,  options,  flags,
     and  query  options supplied on the command line. Any global
     query options (except the +[no]cmd option) can be overridden
     by a query-specific set of query options. For example:
       dig +qr www.isc.org any -x isc.org ns +noqr

     shows how dig could be used from the command  line  to  make
     three  lookups:  an  ANY  query  for  www.isc.org, a reverse
     lookup of and  a  query  for  the  NS  records  of
     isc.org.  A  global  query option of +qr is applied, so that
     dig shows the initial query it made  for  each  lookup.  The
     final  query  has  a local query option of +noqr which means
     that dig will not print the initial query when it  looks  up
     the NS records for isc.org.

     /etc/resolv.conf    Resolver configuration file

     ${HOME}/.digrc      User-defined configuration file

     See attributes(5) for descriptions of the  following  attri-

    |       ATTRIBUTE TYPE        |       ATTRIBUTE VALUE       |
    | Availability                | SUNWbind                    |
    | Interface Stability         | External                    |

     dnssec-keygen(1M), host(1M), named(1M), nslookup(1M), attri-

     RFC 1035

     There are probably too many query options.

     Source for BIND9 is available in the SUNWbind9S package.

     nslookup(1M) and dig now report "Not Implemented" as  NOTIMP
     rather  than NOTIMPL.  This will have impact on scripts that
     are looking for NOTIMPL.

Man pages from Solaris 10 Update 8. See docs.sun.com and www.oracle.com for further documentation and Solaris information.