Network-commands/dig  

From Aldeid
Jump to: navigation, search
VoirAussi.png
You might also see: DNS Protocol

Contents

Description

dig (domain information groper) is a flexible tool for interrogating DNS name servers. It performs DNS lookups and displays the answers that are returned from the name server(s) that were queried.

Compatibility

Lin-logo.png

Usage

  • dig [@server] [-b address] [-c class] [-f filename] [-k filename] [-m] [-p port#] [-q name] [-t type] [-x addr] [-y [hmac:]name:key] [-4] [-6] [name] [type] [class] [queryopt...]
  • dig [-h]
  • dig [global-queryopt...] [query...]

Options

-4, -6
The -4 option forces dig to only use IPv4 query transport. The -6 option forces dig to only use IPv6 query transport.
-b address
Sets the source IP address of the query to address. This must be a valid address on one of the host's network interfaces or "0.0.0.0" or "::". An optional port may be specified by appending "#<port>".
-c class
The default query class (IN for internet) is overridden by the -c option. class is any valid class, such as HS for Hesiod records or CH for Chaosnet records.
-f filename
The -f option makes dig operate in batch mode by reading a list of lookup requests to process from the file filename. The file contains a number of queries, one per line. Each entry in the file should be organized in the same way they would be presented as queries to dig using the command-line interface.
-k filename, -y [ymac:lname:key]
To sign the DNS queries sent by dig and their responses using transaction signatures (TSIG), specify a TSIG key file using the -k option. You can also specify the TSIG key itself on the command line using the -y option; hmac is the type of the TSIG, default HMAC-MD5, name is the name of the TSIG key and key is the actual key. The key is a base-64 encoded string, typically generated by dnssec-keygen(8). Caution should be taken when using the -y option on multi-user systems as the key can be visible in the output from ps(1) or in the shell's history file. When using TSIG authentication with dig, the name server that is queried needs to know the key and algorithm that is being used. In BIND, this is done by providing appropriate key and server statements in named.conf.
-m
The -m option enables memory usage debugging.
-p port#
If a non-standard port number is to be queried, the -p option is used. port# is the port number that dig will send its queries instead of the standard DNS port number 53. This option would be used to test a name server that has been configured to listen for queries on a non-standard port number.
-q name
The -q option sets the query name to name. This useful do distinguish the name from other arguments.
-t type
The -t option sets the query type to type. It can be any valid query type which is supported in BIND 9. The default query type is "A", unless the -x option is supplied to indicate a reverse lookup. A zone transfer can be requested by specifying a type of AXFR. When an incremental zone transfer (IXFR) is required, type is set to ixfr=N. The incremental zone transfer will contain the changes made to the zone since the serial number in the zone's SOA record was N.
-x addr
Reverse lookups — mapping addresses to names — are simplified by the -x option. addr is an IPv4 address in dotted-decimal notation, or a colon-delimited IPv6 address. When this option is used, there is no need to provide the name, class and type arguments. dig automatically performs a lookup for a name like 11.12.13.10.in-addr.arpa and sets the query type and class to PTR and IN respectively. By default, IPv6 addresses are looked up using nibble format under the IP6.ARPA domain. To use the older RFC1886 method using the IP6.INT domain specify the -i option. Bit string labels (RFC2874) are now experimental and are not attempted.

Example

$ dig gmail.com MX

; <<>> DiG 9.7.0-P1 <<>> gmail.com MX
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13960
;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;gmail.com.			IN	MX

;; ANSWER SECTION:
gmail.com.		336	IN	MX	30 alt3.gmail-smtp-in.l.google.com.
gmail.com.		336	IN	MX	20 alt2.gmail-smtp-in.l.google.com.
gmail.com.		336	IN	MX	10 alt1.gmail-smtp-in.l.google.com.
gmail.com.		336	IN	MX	5 gmail-smtp-in.l.google.com.
gmail.com.		336	IN	MX	40 alt4.gmail-smtp-in.l.google.com.

;; Query time: 44 msec
;; SERVER: 80.10.246.130#53(80.10.246.130)
;; WHEN: Thu Sep  9 06:34:15 2010
;; MSG SIZE  rcvd: 150

Comments

Share this article  •  Tweet it!  •  Email this  •  Digg it  •  Share on Facebook

Talk:Network-commands/dig

Retrieved from "http://www.aldeid.com/w/index.php?title=Network-commands/dig&oldid=17765"
Personal tools
Namespaces

Variants
Actions
Security
Menu
Misc
Toolbox