NAME(名称)
dig - 发送域名查询信息包到域名服务器
SYNOPSIS(总览)
dig [@ server ] domain [Aq query-type ] [Aq query-class ] [+ Aq query-option ] [-Aq dig-option ] [%comment ]
DESCRIPTION(描述)
Dig (domain information groper 域名信息搜索)是一个灵活的命令行工具, 它可以用来从域名系统服务器中收集信息. Dig 有两种模式:简单交互模式用于简单的查询,而批处理模式则可以对包含多个查询条目的列表执行查询. 所有查询选项都可以从命令行输入.
通常简单的 dig 用法为下列格式:
dig @ server domain query-type query-class
这里:
- server
- 可为域名或者以点分隔的Internet地址. 如果省略该可选字段, dig 会尝试使用你机器的默认域名服务器.
注意: 如果指定了一个域名,那么将使用域名系统解析程序 (即BIND)来进行解析. 如果你的系统不支持DNS,那么可能 必须 指定一个以点分隔的地址.另外一种选择是, 如果在你配置的某个地方有一台这样的服务器, 那么你所要做的就是建立 /etc/resolv.conf 并在其中指明默认域名服务器的位置,这样 server 自身就可以解析了.参看 resolver(5) 以获得 /etc/resolv.conf 相关的信息. 警告: 修改 /etc/resolv.conf 同样会对标准的解析程序库产生影响,而 (潜在地) 某些程序会要用到它. 作为一种选择,用户可设置环境变量 LOCALRES 为指定的文件,这将用来取代 /etc/resolv.conf Po Ns Ev LOCALRES 是特定针对 dig 解析程序的,并不会牵涉到标准解析程序 Pc . 如果 LOCALRES 变量未设置或者指定的文件不能读,那么就使用 /etc/resolf.conf .
- domain
- 是指一个你请求信息的域名. 参看 -x 选项(在该部分的 Sx OTHER OPTIONS 节中有介绍)以获知指定反向地址查询的便捷方法.
- query-type
- 是指你所请求的信息类型(DNS查询类型). 如果省略,默认为 ``a '' (T_A = address . ) 以下类型是可识别的:
- a T_A
- 网络地址
- any T_ANY
- 所有/任何与指定域相关的信息
- mx T_MX
- 该域的邮件网关
- ns T_NS
- 域名服务器
- soa T_SOA
- 区域的授权记录
- hinfo T_HINFO
- 主机信息
- axfr T_AXFR
- 区域传输记录(必须是询问一台授权的服务器)
- txt T_TXT
- 任意的字符串信息
(参看RFC 1035以获得完整的列表.)
- query-class
- 是指在查询中请求的网络等级.如果省略,默认为 ``in '' (C_IN = Internet . ) 以下的等级是可识别的:
- in C_IN
- Internet等级的域
- any C_ANY
- 所有/任何等级的信息
(参看RFC 1035以获得完整的列表.)
注意: ``Any '' 可以用来指定一个 等级 和/或查询的一种 类型 . Dig 会将第一次出现的 ``any '' 解释为 query-type = T_ANY . 为了指明 query-class = C_ANY , 你必须或者指定 ``any'' 两次,或者使用 -c 选项(见下面)设置 query-class .
OTHER OPTIONS(其它选项)
- % ignored-comment
- ``%'' 用来引用一个不用作解释的参数. 如果正以批处理的模式运行 dig 这可能很有用. 因为不用对一组查询中的每个 @server-domain-name 进行解析,你就可以避免这样做的额外开销, 并且仍然能够在命令行上以域名作为参数. 例如:
dig @128.9.0.32 %venera.isi.edu mx isi.edu
- -Aq dig option
- ``- '' 用来指定一个影响 dig 操作的选项. 当前可用的选项有(尽管不能保证都有用):
- -x dot-notation-address
- 这是指定反向地址映射的便捷的方法. 不用写 ``dig 32.0.9.128.in-addr.arpa , '' 你可以简单地写成 ``dig -x 128.9.0.32 . ''
- -f file
- dig 批处理模式的文件.该文件包含了一组查询清单 ( dig 命令行),它们将一个接一个地执行.以 `; ,' `#' 或 `\n' 开头的行将忽略.其它选项仍然可以在命令行上出现,而且对每个批处理查询都有效.
- -T time
- 当运行于批处理模式下时,两次接着的查询之间的时间间隔,以秒计. 可以用来保持两个或多个批处理 dig 命令大致同步运行.默认为零.
- -p port
- 端口号.通过监听非标准端口号来查询域名服务器.默认为53.
- -P Bq ping-string
- 在查询返回之后,执行一次 ping(8) 命令以获得响应时间的对照关系.这在调用shell上显得不那么自然. 该命令显示的最后三行统计信息为:
ping -s server_name 56 3
如果可选的 ``ping_string '' 存在,那么会覆盖shell命令中的 ``ping -s . ''
- -t query-type
- 指定查询类型.可以指定为一个将包含在类型字段中的整数值,也可以使用上面讨论的缩写助记符(即 mx = T_MX ) .
- -c query-class
- 指定查询等级.可以指定为一个将包含在等级字段中的整数值,也可以使用上面讨论的缩写助记符(即in = C_IN).
- -k keydir:keyname
- 用TSIG密钥指定的的密钥名来签署这次查询, 该密钥名在目录keydir下.
- -envsav
- 该标识指定 dig 的环境变量 (默认的,显示选项,等等.),在所有参数都解释了之后, 应保存它们到一个文件中以使之成为默认的环境变量. 如果你不喜欢默认的标准设置而又不想在每次使用 dig 时带大量的选项,那么这很有用. 环境变量包括解析程序状态变量标识,超时和重试次数以及详细控制 dig 输出的标识(见下面). 如果shell环境变量 LOCALDEF 设置为一个文件的名字,那么此即为默认的 dig 环境变量所保存的地方.如果没有,那么会在当前工作目录下创建 ``DiG.env . ''
注意: LOCALDEF 是特定针对 dig 解析程序, 而它不会影响标准解析程序库的操作.
每当 dig 执行时,它会查找 ``./DiG.env '' 或者在shell环境变量 LOCALDEF 中指定的文件. 如果这样的文件存在而且可读,那么在解释任何参数之前, 先从该文件中恢复环境变量.
- -envset
- 该标识只影响批处理查询的运行.当在 dig 的批处理文件一行上指定了 ``-envset '' 时,在参数之后的 dig 环境变量会被解释为批处理文件执行期间默认的环境变量, 或者直到指定了 ``-envset '' 的下一行为止.
- -[no ] cm stick
- 该标识只影响批处理查询的运行. 它指定 dig 环境变量(通过 ``-envset '' 开关变量初始化读入或设置)会在 dig 批处理文件每次查询(行)之前重建. 默认的 ``-nostick '' 表示 dig 环境变量不是固定的,因而在 dig 批处理文件中单行上指定的选项将对剩余的行继续产生作用(也即,它们不会恢复成 ``sticky(固定的)'' 默认值).
- + Aq query-option
- ``+'' 用来指定一个在查询信息包中需修改的或者需用来修改 dig 输出细节的选项.这些选项中的许多与 nslookup(8) 所承认的参数相同. 如果一个选项需带参数,那么格式如下:
+ keyword [= value ]
绝大多数关键字可简写. ``+'' 选项的解释是非常直白的 --- 值与它的关键字之间千万不能用空格分隔. 当前可用的关键字有:
- Keyword Abbrev. Meaning [default]
(关键字) (缩写) (含义) [默认值]
- [no ] debug (deb )
- 打开/关闭调试模式 Bq Cm deb
- [no ] d2
- 打开/关闭特殊的调试模式 Bq Cm nod2
- [no ] recurse (rec )
- 使用/不使用递归查询 Bq Cm rec
- retry= # (ret )
- 设置重试次数为# Bq 4
- time= # (ti )
- 设置超时长度为#秒 Bq 4
- [no ] ko
- 保留公开的选项(keep open options)(隐含vc) Bq Cm noko
- [no ] vc
- 使用/不使用虚拟电路 Bq Cm novc
- [no ] defname (def )
- 使用/不使用默认的域名 Bq Cm def
- [no ] search (sea )
- 使用/不使用域搜索列表 Bq Cm sea
- domain= NAME (do )
- 设置默认的域名为 NAME
- [no ] ignore (i )
- 忽略/不忽略截断(trunc.)错误 Bq Cm noi
- [no ] primary (pr )
- 使用/不使用主服务器 Bq Cm nopr
- [no ] aaonly (aa )
- 表示只包含授权查询的标识 Bq Cm noaa
- [no ] cmd
- 重复(echo)解释的参数 Bq Cm cmd
- [no ] stats (st )
- 显示查询统计信息 Bq Cm st
- [no ] Header (H )
- 显示基本的包头 Bq Cm H
- [no ] header (he )
- 显示包头的标识 Bq Cm he
- [no ] ttlid (tt )
- 显示TTLs(Time to Live) Bq Cm tt
- [no ] cl
- 显示等级信息 Bq Cm nocl
- [no ] qr
- 显示向外的查询 Bq Cm noqr
- [no ] reply (rep )
- 显示响应信息 Bq Cm rep
- [no ] ques (qu )
- 显示询问部分 Bq Cm qu
- [no ] answer (an )
- 显示应答部分 Bq Cm an
- [no ] author (au )
- 显示授权的部分 Bq Cm au
- [no ] addit (ad )
- 显示附加的部分 Bq Cm ad
- pfdef
- 设置为默认显示位
- pfmin
- 设置为最小的默认显示位
- pfset= #
- 设置显示位为# (#可以为十六进制/八进制/十进制)
- pfand= #
- 位和显示位设为#(bitwise and print flags with #)
- pfor= #
- 位或显示位设为#(bitwise or print flags with #)
当发送数据报查询时, retry 和 time 选项会影响解析程序库的重传策略.其算法如下:
- for i = 0 to retry - 1 for j = 1 to num_servers send_query wait((time * (2**i)) / num_servers) end end
(注意: dig 通常取 ``num_servers '' 的值为1 . )
DETAILS(细节)
Dig 以前要求BIND的 resolver(3) 库的版本作一些细微的修改. 从BIND 4.9起,BIND的解析程序已经修补好并可以正常地与 dig 一起工作. 实质上, dig 在解释参数和设置适合的参数时是直来直去的 (虽然并不巧妙) Dig 会用到 resolver(3) 的例程 Fn res_init , Fn res_mkquery , Fn res_send 以及访问 Ft _res 结构.
ENVIRONMENT(环境变量)
- LOCALRES
- 用来替换Pa /etc/resolv.conf的文件
- LOCALDEF
- 默认的环境变量文件
另见上面对 -envsav , -envset , 和 -[no ] stick 选项的说明.
FILES(相关文件)
- /etc/resolv.conf
- 初始化的域名和域名服务器地址
- ./DiG.env
- 默认的保存默认选项的文件
SEE ALSO(另见)
named(8), resolver(3), resolver(5), nslookup(8).
#p#
NAME
dig - DNS lookup utility
SYNOPSIS
dig [ @server ] [ -b address ] [ -c class ] [ -f filename ] [ -k filename ] [ -p port# ] [ -t type ] [ -x addr ] [ -y name:key ] [ name ] [ type ] [ class ] [ queryopt... ]
dig [ -h ]
dig [ global-queryopt... ] [ query... ]
DESCRIPTION
dig (domain information groper) is a flexible tool for interrogating DNS name servers. It performs DNS lookups and displays the answers that are returned from the name server(s) that were queried. Most DNS administrators use dig to troubleshoot DNS problems because of its flexibility, ease of use and clarity of output. Other lookup tools tend to have less functionality than dig.
Although dig is normally used with command-line arguments, it also has a batch mode of operation for reading lookup requests from a file. A brief summary of its command-line arguments and options is printed when the -h option is given. Unlike earlier versions, the BIND9 implementation of dig allows multiple lookups to be issued from the command line.
Unless it is told to query a specific name server, dig will try each of the servers listed in /etc/resolv.conf.
When no command line arguments or options are given, will perform an NS query for "." (the root).
It is possible to set per user defaults for dig via ${HOME}/.digrc. This file is read and any options in it are applied before the command line arguments.
SIMPLE USAGE
A typical invocation of dig looks like:
dig @server name type
where:
- server
- is the name or IP address of the name server to query. This can be an IPv4 address in dotted-decimal notation or an IPv6 address in colon-delimited notation. When the supplied server argument is a hostname, dig resolves that name before querying that name server. If no server argument is provided, dig consults /etc/resolv.conf and queries the name servers listed there. The reply from the name server that responds is displayed.
- name
- is the name of the resource record that is to be looked up.
- type
- indicates what type of query is required --- ANY, A, MX, SIG, etc. type can be any valid query type. If no type argument is supplied, dig will perform a lookup for an A record.
OPTIONS
The -b option sets the source IP address of the query to address. This must be a valid address on one of the host's network interfaces.
The default query class (IN for internet) is overridden by the -c option. class is any valid class, such as HS for Hesiod records or CH for CHAOSNET records.
The -f option makes dig operate in batch mode by reading a list of lookup requests to process from the file filename. The file contains a number of queries, one per line. Each entry in the file should be organised in the same way they would be presented as queries to dig using the command-line interface.
If a non-standard port number is to be queried, the -p option is used. port# is the port number that dig will send its queries instead of the standard DNS port number 53. This option would be used to test a name server that has been configured to listen for queries on a non-standard port number.
The -t option sets the query type to type. It can be any valid query type which is supported in BIND9. The default query type "A", unless the -x option is supplied to indicate a reverse lookup. A zone transfer can be requested by specifying a type of AXFR. When an incremental zone transfer (IXFR) is required, type is set to ixfr=N. The incremental zone transfer will contain the changes made to the zone since the serial number in the zone's SOA record was N.
Reverse lookups - mapping addresses to names - are simplified by the -x option. addr is an IPv4 address in dotted-decimal notation, or a colon-delimited IPv6 address. When this option is used, there is no need to provide the name, class and type arguments. dig automatically performs a lookup for a name like 11.12.13.10.in-addr.arpa and sets the query type and class to PTR and IN respectively. By default, IPv6 addresses are looked up using the IP6.ARPA domain and binary labels as defined in RFC2874. To use the older RFC1886 method using the IP6.INT domain and "nibble" labels, specify the -n (nibble) option.
To sign the DNS queries sent by dig and their responses using transaction signatures (TSIG), specify a TSIG key file using the -k option. You can also specify the TSIG key itself on the command line using the -y option; name is the name of the TSIG key and key is the actual key. The key is a base-64 encoded string, typically generated by dnssec-keygen(8). Caution should be taken when using the -y option on multi-user systems as the key can be visible in the output from ps(1) or in the shell's history file. When using TSIG authentication with dig, the name server that is queried needs to know the key and algorithm that is being used. In BIND, this is done by providing appropriate key and server statements in named.conf.
QUERY OPTIONS
dig provides a number of query options which affect the way in which lookups are made and the results displayed. Some of these set or reset flag bits in the query header, some determine which sections of the answer get printed, and others determine the timeout and retry strategies.
Each query option is identified by a keyword preceded by a plus sign (+). Some keywords set or reset an option. These may be preceded by the string no to negate the meaning of that keyword. Other keywords assign values to options like the timeout interval. They have the form +keyword=value. The query options are:
- +[no]tcp
- Use [do not use] TCP when querying name servers. The default behaviour is to use UDP unless an AXFR or IXFR query is requested, in which case a TCP connection is used.
- +[no]vc
- Use [do not use] TCP when querying name servers. This alternate syntax to +[no]tcp is provided for backwards compatibility. The "vc" stands for "virtual circuit".
- +[no]ignore
- Ignore truncation in UDP responses instead of retrying with TCP. By default, TCP retries are performed.
- +domain=somename
- Set the search list to contain the single domain somename, as if specified in a domain directive in /etc/resolv.conf, and enable search list processing as if the +search option were given.
- +[no]search
- Use [do not use] the search list defined by the searchlist or domain directive in resolv.conf (if any). The search list is not used by default.
- +[no]defname
- Deprecated, treated as a synonym for +[no]search
- +[no]aaonly
- This option does nothing. It is provided for compatibility with old versions of dig where it set an unimplemented resolver flag.
- +[no]adflag
- Set [do not set] the AD (authentic data) bit in the query. The AD bit currently has a standard meaning only in responses, not in queries, but the ability to set the bit in the query is provided for completeness.
- +[no]cdflag
- Set [do not set] the CD (checking disabled) bit in the query. This requests the server to not perform DNSSEC validation of responses.
- +[no]recurse
- Toggle the setting of the RD (recursion desired) bit in the query. This bit is set by default, which means dig normally sends recursive queries. Recursion is automatically disabled when the +nssearch or +trace query options are used.
- +[no]nssearch
- When this option is set, dig attempts to find the authoritative name servers for the zone containing the name being looked up and display the SOA record that each name server has for the zone.
- +[no]trace
- Toggle tracing of the delegation path from the root name servers for the name being looked up. Tracing is disabled by default. When tracing is enabled, dig makes iterative queries to resolve the name being looked up. It will follow referrals from the root servers, showing the answer from each server that was used to resolve the lookup.
- +[no]cmd
- toggles the printing of the initial comment in the output identifying the version of dig and the query options that have been applied. This comment is printed by default.
- +[no]short
- Provide a terse answer. The default is to print the answer in a verbose form.
- +[no]identify
- Show [or do not show] the IP address and port number that supplied the answer when the +short option is enabled. If short form answers are requested, the default is not to show the source address and port number of the server that provided the answer.
- +[no]comments
- Toggle the display of comment lines in the output. The default is to print comments.
- +[no]stats
- This query option toggles the printing of statistics: when the query was made, the size of the reply and so on. The default behaviour is to print the query statistics.
- +[no]qr
- Print [do not print] the query as it is sent. By default, the query is not printed.
- +[no]question
- Print [do not print] the question section of a query when an answer is returned. The default is to print the question section as a comment.
- +[no]answer
- Display [do not display] the answer section of a reply. The default is to display it.
- +[no]authority
- Display [do not display] the authority section of a reply. The default is to display it.
- +[no]additional
- Display [do not display] the additional section of a reply. The default is to display it.
- +[no]all
- Set or clear all display flags.
- +time=T
- Sets the timeout for a query to T seconds. The default time out is 5 seconds. An attempt to set T to less than 1 will result in a query timeout of 1 second being applied.
- +tries=T
- Sets the number of times to retry UDP queries to server to T instead of the default, 3. If T is less than or equal to zero, the number of retries is silently rounded up to 1.
- +ndots=D
- Set the number of dots that have to appear in name to D for it to be considered absolute. The default value is that defined using the ndots statement in /etc/resolv.conf, or 1 if no ndots statement is present. Names with fewer dots are interpreted as relative names and will be searched for in the domains listed in the search or domain directive in /etc/resolv.conf.
- +bufsize=B
- Set the UDP message buffer size advertised using EDNS0 to B bytes. The maximum and minimum sizes of this buffer are 65535 and 0 respectively. Values outside this range are rounded up or down appropriately.
- +[no]multiline
- Print records like the SOA records in a verbose multi-line format with human-readable comments. The default is to print each record on a single line, to facilitate machine parsing of the dig output.
- +[no]fail
- Do not try the next server if you receive a SERVFAIL. The default is to not try the next server which is the reverse of normal stub resolver behaviour.
- +[no]besteffort
- Attempt to display the contents of messages which are malformed. The default is to not display malformed answers.
- +[no]dnssec
- Requests DNSSEC records be sent by setting the DNSSEC OK bit (DO) in the OPT record in the additional section of the query.
MULTIPLE QUERIES
The BIND 9 implementation of dig supports specifying multiple queries on the command line (in addition to supporting the -f batch file option). Each of those queries can be supplied with its own set of flags, options and query options.
In this case, each query argument represent an individual query in the command-line syntax described above. Each consists of any of the standard options and flags, the name to be looked up, an optional query type and class and any query options that should be applied to that query.
A global set of query options, which should be applied to all queries, can also be supplied. These global query options must precede the first tuple of name, class, type, options, flags, and query options supplied on the command line. Any global query options (except the +[no]cmd option) can be overridden by a query-specific set of query options. For example:
dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
shows how dig could be used from the command line to make three lookups: an ANY query for www.isc.org, a reverse lookup of 127.0.0.1 and a query for the NS records of isc.org. A global query option of +qr is applied, so that dig shows the initial query it made for each lookup. The final query has a local query option of +noqr which means that dig will not print the initial query when it looks up the NS records for isc.org.
FILES
/etc/resolv.conf
${HOME}/.digrc
SEE ALSO
host(1), named(8), dnssec-keygen(8), RFC1035.