diff --git a/bin/dig/dig.docbook b/bin/dig/dig.docbook index 7ccfc5d859..7900c1dd36 100644 --- a/bin/dig/dig.docbook +++ b/bin/dig/dig.docbook @@ -363,106 +363,32 @@ - - - - Use [do not use] TCP when querying name servers. The - default behavior is to use UDP unless - an ixfr=N query is requested, in - which case the default is TCP. - AXFR queries always use TCP. - - - - - - - - - Use [do not use] TCP when querying name servers. This alternate - syntax to +[no]tcp is - provided for backwards - compatibility. The "vc" stands for "virtual circuit". - - - - - - - - - Ignore truncation in UDP responses instead of retrying with TCP. - By - default, TCP retries are performed. - - - - - - - - - Set the search list to contain the single domain - somename, as if specified in - a - domain directive in - /etc/resolv.conf, and enable - search list - processing as if the +search - option were given. - - - - - - - - - Use [do not use] the search list defined by the searchlist or - domain - directive in resolv.conf (if - any). - The search list is not used by default. - - - - - - - - - Perform [do not perform] a search showing intermediate - results. - - - - - - - - - Deprecated, treated as a synonym for +[no]search - - - + + + + A synonym for +[no]aaonly. + + + - - - Sets the "aa" flag in the query. - - - + + + Sets the "aa" flag in the query. + + + - - - - A synonym for +[no]aaonly. - - - + + + + Display [do not display] the additional section of a + reply. The default is to display it. + + + @@ -481,35 +407,308 @@ + + + + + Set or clear all display flags. + + + + + + + + + Display [do not display] the answer section of a + reply. The default is to display it. + + + + + + + + + Display [do not display] the authority section of a + reply. The default is to display it. + + + + + + + + + Attempt to display the contents of messages which are + malformed. The default is to not display malformed + answers. + + + + + + + + + Set the UDP message buffer size advertised using EDNS0 + to B bytes. The maximum and + minimum sizes of this buffer are 65535 and 0 respectively. + Values outside this range are rounded up or down + appropriately. Values other than zero will cause a + EDNS query to be sent. + + + + - - - Set [do not set] the CD (checking disabled) bit in the query. - This - requests the server to not perform DNSSEC validation of - responses. - - - + + + Set [do not set] the CD (checking disabled) bit in + the query. This requests the server to not perform + DNSSEC validation of responses. + + + - - - Display [do not display] the CLASS when printing the record. - - - + + + Display [do not display] the CLASS when printing the + record. + + + - - - - Display [do not display] the TTL when printing the record. - - - + + + + Toggles the printing of the initial comment in the + output identifying the version of dig + and the query options that have been applied. This + comment is printed by default. + + + + + + + + + Toggle the display of comment lines in the output. + The default is to print comments. + + + + + + + + + Toggle the display of cryptographic fields in DNSSEC + records. The contents of these field are unnecessary + to debug most DNSSEC validation failures and removing + them makes it easier to see the common failures. The + default is to display the fields. When omitted they + are replaced by the string "[omitted]" or in the + DNSKEY case the key id is displayed as the replacement, + e.g. "[ key id = value ]". + + + + + + + + + Deprecated, treated as a synonym for + +[no]search + + + + + + + + + Set the search list to contain the single domain + somename, as if specified in + a domain directive in + /etc/resolv.conf, and enable + search list processing as if the + +search option were given. + + + + + + + + + Requests DNSSEC records be sent by setting the DNSSEC + OK bit (DO) in the OPT record in the additional section + of the query. + + + + + + + + + Specify the EDNS version to query with. Valid values + are 0 to 255. Setting the EDNS version will cause + a EDNS query to be sent. + clears the remembered EDNS version. EDNS is set to + 0 by default. + + + + + + + + + Send an EDNS Expire option. Currently using experimental + value 65002 for the option code. + + + + + + + + + Do not try the next server if you receive a SERVFAIL. + The default is to not try the next server which is + the reverse of normal stub resolver behavior. + + + + + + + + + Show [or do not show] the IP address and port number + that supplied the answer when the + +short option is enabled. If + short form answers are requested, the default is not + to show the source address and port number of the + server that provided the answer. + + + + + + + + + Ignore truncation in UDP responses instead of retrying + with TCP. By default, TCP retries are performed. + + + + + + + + + Keep the TCP socket open between queries and reuse + it rather than creating a new TCP socket for each + lookup. The default is . + + + + + + + + + Print records like the SOA records in a verbose + multi-line format with human-readable comments. The + default is to print each record on a single line, to + facilitate machine parsing of the dig + output. + + + + + + + + + Set the number of dots that have to appear in + name to D + for it to be considered absolute. The default value + is that defined using the ndots statement in + /etc/resolv.conf, or 1 if no + ndots statement is present. Names with fewer dots + are interpreted as relative names and will be searched + for in the domains listed in the + or directive in + /etc/resolv.conf. + + + + + + + + + Include an EDNS name server ID request when sending + a query. + + + + + + + + + When this option is set, dig + attempts to find the authoritative name servers for + the zone containing the name being looked up and + display the SOA record that each name server has for + the zone. + + + + + + + + + Print only one (starting) SOA record when performing + an AXFR. The default is to print both the starting + and ending SOA records. + + + + + + + + + Print [do not print] the query as it is sent. By + default, the query is not printed. + + + + + + + + + Print [do not print] the question section of a query + when an answer is returned. The default is to print + the question section as a comment. + + + @@ -526,209 +725,139 @@ - - - - When this option is set, dig - attempts to find the - authoritative name servers for the zone containing the name - being - looked up and display the SOA record that each name server has - for the - zone. - - - - - - - + + - Toggle tracing of the delegation path from the root - name servers for the name being looked up. Tracing - is disabled by default. When tracing is enabled, - dig makes iterative queries to - resolve the name being looked up. It will follow - referrals from the root servers, showing the answer - from each server that was used to resolve the lookup. - - - +dnssec is also set when +trace is - set to better emulate the default queries from a nameserver. + Sets the number of times to retry UDP queries to + server to T instead of the + default, 2. Unlike +tries, + this does not include the initial query. - - - - Toggles the printing of the initial comment in the output - identifying - the version of dig and the query - options that have - been applied. This comment is printed by default. - - - + + + + Toggle the display of per-record comments in the + output (for example, human-readable key information + about DNSKEY records). The default is not to print + record comments unless multiline mode is active. + + + + + + + + + Use [do not use] the search list defined by the + searchlist or domain directive in + resolv.conf (if any). The search + list is not used by default. + + + - - - Provide a terse answer. The default is to print the answer in a - verbose form. - - - + + + Provide a terse answer. The default is to print the + answer in a verbose form. + + + - - - - Show [or do not show] the IP address and port number that - supplied the - answer when the +short option - is enabled. If - short form answers are requested, the default is not to show the - source address and port number of the server that provided the - answer. - - - + + + + Perform [do not perform] a search showing intermediate + results. + + + - - - - Toggle the display of comment lines in the output. The default - is to print comments. - - - + + + + Chase DNSSEC signature chains. Requires dig be + compiled with -DDIG_SIGCHASE. + + + - - - - Toggle the display of per-record comments in the output (for - example, human-readable key information about DNSKEY records). - The default is not to print record comments unless multiline - mode is active. - - - - - - - - - Toggle the display of cryptographic fields in DNSSEC records. - The contents of these field are unnecessary to debug most DNSSEC - validation failures and removing them makes it easier to see - the common failures. The default is to display the fields. - When omitted they are replaced by the string "[omitted]" or - in the DNSKEY case the key id is displayed as the replacement, - e.g. "[ key id = value ]". - - - + + + + Send a Source Identity Token EDNS option, with optional + value. Replaying a SIT from a previous response will + allow the server to identify a previous client. The + default is . Currently using + experimental value 65001 for the option code. + + + - - - Split long hex- or base64-formatted fields in resource - records into chunks of W characters - (where W is rounded up to the nearest - multiple of 4). - +nosplit or - +split=0 causes fields not to be - split at all. The default is 56 characters, or 44 characters - when multiline mode is active. - - - + + + Split long hex- or base64-formatted fields in resource + records into chunks of W + characters (where W is rounded + up to the nearest multiple of 4). + +nosplit or + +split=0 causes fields not to + be split at all. The default is 56 characters, or + 44 characters when multiline mode is active. + + + - - - This query option toggles the printing of statistics: when the - query - was made, the size of the reply and so on. The default - behavior is - to print the query statistics. - - - + + + This query option toggles the printing of statistics: + when the query was made, the size of the reply and + so on. The default behavior is to print the query + statistics. + + + - - - - Print [do not print] the query as it is sent. - By default, the query is not printed. - - - + + + + Send an EDNS Client Subnet option with the speciifed + IP address or network prefix. + + + - - - - Print [do not print] the question section of a query when an - answer is - returned. The default is to print the question section as a - comment. - - - - - - - - - Display [do not display] the answer section of a reply. The - default - is to display it. - - - - - - - - - Display [do not display] the authority section of a reply. The - default is to display it. - - - - - - - - - Display [do not display] the additional section of a reply. - The default is to display it. - - - - - - - - - Set or clear all display flags. - - - + + + + Use [do not use] TCP when querying name servers. The + default behavior is to use UDP unless an + ixfr=N query is requested, in which + case the default is TCP. AXFR queries always use + TCP. + + + - - + + Sets the timeout for a query to T seconds. The default @@ -740,228 +869,87 @@ + + + + + When chasing DNSSEC signature chains perform a top-down + validation. Requires dig be compiled with -DDIG_SIGCHASE. + + + + + + + + + Toggle tracing of the delegation path from the root + name servers for the name being looked up. Tracing + is disabled by default. When tracing is enabled, + dig makes iterative queries to + resolve the name being looked up. It will follow + referrals from the root servers, showing the answer + from each server that was used to resolve the lookup. + + +dnssec is also set when +trace + is set to better emulate the default queries from a + nameserver. + + + + - - - Sets the number of times to try UDP queries to server to - T instead of the default, 3. - If - T is less than or equal to - zero, the number of - tries is silently rounded up to 1. - - - - - - - - - Sets the number of times to retry UDP queries to server to - T instead of the default, 2. - Unlike - +tries, this does not include - the initial - query. - - - - - - - - - Set the number of dots that have to appear in - name to D for it to be - considered absolute. The default value is that defined using - the - ndots statement in /etc/resolv.conf, or 1 if no - ndots statement is present. Names with fewer dots are - interpreted as - relative names and will be searched for in the domains listed in - the - or directive in - /etc/resolv.conf. - - - - - - - - - Set the UDP message buffer size advertised using EDNS0 to - B bytes. The maximum and minimum sizes - of this buffer are 65535 and 0 respectively. Values outside - this range are rounded up or down appropriately. - Values other than zero will cause a EDNS query to be sent. - - - - - - - Specify the EDNS version to query with. Valid values - are 0 to 255. Setting the EDNS version will cause - a EDNS query to be sent. - clears the remembered EDNS version. EDNS is set to - 0 by default. + Sets the number of times to try UDP queries to server + to T instead of the default, + 3. If T is less than or equal + to zero, the number of tries is silently rounded up + to 1. - - - - - Print records like the SOA records in a verbose multi-line - format with human-readable comments. The default is to print - each record on a single line, to facilitate machine parsing - of the dig output. - - - - - - - - - Print only one (starting) SOA record when performing - an AXFR. The default is to print both the starting and - ending SOA records. - - - - - - - - - Do not try the next server if you receive a SERVFAIL. The - default is - to not try the next server which is the reverse of normal stub - resolver - behavior. - - - - - - - - - Attempt to display the contents of messages which are malformed. - The default is to not display malformed answers. - - - - - - - - - Requests DNSSEC records be sent by setting the DNSSEC OK bit - (DO) - in the OPT record in the additional section of the query. - - - - - - - - - Chase DNSSEC signature chains. Requires dig be compiled with - -DDIG_SIGCHASE. - - - - - - - Specifies a file containing trusted keys to be used with - . Each DNSKEY record must be - on its own line. - + - If not specified, dig will look for - /etc/trusted-key.key then - trusted-key.key in the current directory. + Specifies a file containing trusted keys to be used + with . Each DNSKEY record + must be on its own line. + + If not specified, dig will look + for /etc/trusted-key.key then + trusted-key.key in the current + directory. + + Requires dig be compiled with -DDIG_SIGCHASE. + + + + + + - Requires dig be compiled with -DDIG_SIGCHASE. + Display [do not display] the TTL when printing the + record. - - + + - - - - When chasing DNSSEC signature chains perform a top-down - validation. - Requires dig be compiled with -DDIG_SIGCHASE. - - - - - - - - - Include an EDNS name server ID request when sending a query. - - - - - - - - - Keep the TCP socket open between queries and reuse it rather - than creating a new TCP socket for each lookup. The default - is . - - - - - - - - - Send a Source Identity Token EDNS option, with optional value. - Replaying a SIT from a previous response will allow the - server to identify a previous client. The default is - . Currently using experimental value - 65001 for the option code. - - - - - - - - - Send an EDNS Client Subnet option with the speciifed - IP address or network prefix. - - - - - - - - - Send an EDNS Expire option. Currently using experimental - value 65002 for the option code. - - - + + + + Use [do not use] TCP when querying name servers. This + alternate syntax to +[no]tcp + is provided for backwards compatibility. The "vc" + stands for "virtual circuit". + + +