mdig - DNS pipelined lookup utility
mdig {@server} [-f filename] [-h] [-v] [
  [-4] | [-6] ] [-m] [-b address] [-p port#]
  [-c class] [-t type] [-i] [-x addr] [plusopt...]
mdig {-h}
mdig [@server] {global-opt...} { {local-opt...} {query}
    ...}
mdig is a multiple/pipelined query version of dig: instead of
  waiting for a response after sending each query, it begins by sending all
  queries. Responses are displayed in the order in which they are received, not
  in the order the corresponding queries were sent.
mdig options are a subset of the dig options, and
    are divided into "anywhere options," which can occur anywhere,
    "global options," which must occur before the query name (or they
    are ignored with a warning), and "local options," which apply to
    the next query on the command line.
The @server option is a mandatory global option. It is the
    name or IP address of the name server to query. (Unlike dig, this
    value is not retrieved from /etc/resolv.conf.) It can be an IPv4
    address in dotted-decimal notation, an IPv6 address in colon-delimited
    notation, or a hostname. When the supplied server argument is a
    hostname, mdig resolves that name before querying the name
  server.
mdig provides a number of query options which affect the
    way in which lookups are made and the results displayed. Some of these set
    or reset flag bits in the query header, some determine which sections of the
    answer get printed, and others determine the timeout and retry
  strategies.
Each query option is identified by a keyword preceded by a plus
    sign (+). Some keywords set or reset an option. These may be preceded
    by the string no to negate the meaning of that keyword. Other
    keywords assign values to options like the timeout interval. They have the
    form +keyword=value.
  - -f
- This option makes mdig operate in batch mode by reading a list of
      lookup requests to process from the file filename. The file
      contains a number of queries, one per line. Each entry in the file should
      be organized in the same way they would be presented as queries to
      mdig using the command-line interface.
 
  - -h
- This option causes mdig to print detailed help information, with
      the full list of options, and exit.
 
  - -v
- This option causes mdig to print the version number and exit.
 
  - -4
- This option forces mdig to only use IPv4 query transport.
 
  - -6
- This option forces mdig to only use IPv6 query transport.
 
  - -b address
- This option sets the source IP address of the query to address.
      This must be a valid address on one of the host's network interfaces or
      "0.0.0.0" or "::". An optional port may be specified
      by appending "#<port>"
 
  - -m
- This option enables memory usage debugging.
 
  - -p port#
- This option is used when a non-standard port number is to be queried.
      port# is the port number that mdig sends its queries to,
      instead of the standard DNS port number 53. This option is used to test a
      name server that has been configured to listen for queries on a
      non-standard port number.
 
The global query options are:
  - +additional, +noadditional
- This option displays [or does not display] the additional section of a
      reply. The default is to display it.
 
  - +all, +noall
- This option sets or clears all display flags.
 
  - +answer, +noanswer
- This option displays [or does not display] the answer section of a reply.
      The default is to display it.
 
  - +authority, +noauthority
- This option displays [or does not display] the authority section of a
      reply. The default is to display it.
 
  - +besteffort, +nobesteffort
- This option attempts to display [or does not display] the contents of
      messages which are malformed. The default is to not display malformed
      answers.
 
  - +burst
- This option delays queries until the start of the next second.
 
  - +cl, +nocl
- This option displays [or does not display] the CLASS when printing the
      record.
 
  - +comments, +nocomments
- This option toggles the display of comment lines in the output. The
      default is to print comments.
 
  - +continue, +nocontinue
- This option toggles continuation on errors (e.g. timeouts).
 
  - +crypto, +nocrypto
- This option toggles the display of cryptographic fields in DNSSEC records.
      The contents of these fields are unnecessary to debug most DNSSEC
      validation failures and removing them makes it easier to see the common
      failures. The default is to display the fields. When omitted, they are
      replaced by the string "[omitted]"; in the DNSKEY case, the key
      ID is displayed as the replacement, e.g., [ key id = value ].
 
  - +dscp=value
- This option formerly set the DSCP value used when sending a query. It is
      now obsolete, and has no effect.
 
  - +multiline, +nomultiline
- This option toggles printing of records, like the SOA records, in a
      verbose multi-line format with human-readable comments. The default is to
      print each record on a single line, to facilitate machine parsing of the
      mdig output.
 
  - +question, +noquestion
- This option prints [or does not print] the question section of a query
      when an answer is returned. The default is to print the question section
      as a comment.
 
  - +rrcomments, +norrcomments
- This option toggles the display of per-record comments in the output (for
      example, human-readable key information about DNSKEY records). The default
      is not to print record comments unless multiline mode is active.
 
  - +short, +noshort
- This option provides [or does not provide] a terse answer. The default is
      to print the answer in a verbose form.
 
  - +split=W
- This option splits long hex- or base64-formatted fields in resource
      records into chunks of W characters (where W is rounded up
      to the nearest multiple of 4). +nosplit or +split=0 causes
      fields not to be split. The default is 56 characters, or 44 characters
      when multiline mode is active.
 
  - +tcp, +notcp
- This option uses [or does not use] TCP when querying name servers. The
      default behavior is to use UDP.
 
  - +ttlid, +nottlid
- This option displays [or does not display] the TTL when printing the
      record.
 
  - +ttlunits, +nottlunits
- This option displays [or does not display] the TTL in friendly
      human-readable time units of "s", "m", "h",
      "d", and "w", representing seconds, minutes, hours,
      days, and weeks. This implies +ttlid.
 
  - +vc, +novc
- This option uses [or does not use] TCP when querying name servers. This
      alternate syntax to +tcp is provided for backwards compatibility.
      The vc stands for "virtual circuit".
 
  - -c class
- This option sets the query class to class. It can be any valid
      query class which is supported in BIND 9. The default query class is
      "IN".
 
  - -t type
- This option sets the query type to type. It can be any valid query
      type which is supported in BIND 9. The default query type is
      "A", unless the -x option is supplied to indicate a
      reverse lookup with the "PTR" query type.
 
  - -x addr
- Reverse lookups - mapping addresses to names - are simplified by this
      option. addr is an IPv4 address in dotted-decimal notation, or a
      colon-delimited IPv6 address. mdig automatically performs a lookup
      for a query name like 11.12.13.10.in-addr.arpa and sets the query
      type and class to PTR and IN respectively. By default, IPv6 addresses are
      looked up using nibble format under the IP6.ARPA domain.
 
The local query options are:
  - +aaflag, +noaaflag
- This is a synonym for +aaonly, +noaaonly.
 
  - +aaonly, +noaaonly
- This sets the aa flag in the query.
 
  - +adflag, +noadflag
- This sets [or does not set] the AD (authentic data) bit in the query. This
      requests the server to return whether all of the answer and authority
      sections have all been validated as secure, according to the security
      policy of the server. AD=1 indicates that all records have been validated
      as secure and the answer is not from a OPT-OUT range. AD=0 indicates that
      some part of the answer was insecure or not validated. This bit is set by
      default.
 
  - +bufsize=B
- This sets the UDP message buffer size advertised using EDNS0 to B
      bytes. The maximum and minimum sizes of this buffer are 65535 and 0
      respectively. Values outside this range are rounded up or down
      appropriately. Values other than zero cause a EDNS query to be sent.
 
  - +cdflag, +nocdflag
- This sets [or does not set] the CD (checking disabled) bit in the query.
      This requests the server to not perform DNSSEC validation of
    responses.
 
  - +cookie=####, +nocookie
- This sends [or does not send] a COOKIE EDNS option, with an optional
      value. Replaying a COOKIE from a previous response allows the server to
      identify a previous client. The default is +nocookie.
 
  - +dnssec, +nodnssec
- This requests that DNSSEC records be sent by setting the DNSSEC OK (DO)
      bit in the OPT record in the additional section of the query.
 
  - +edns[=#], +noedns
- This specifies [or does not specify] the EDNS version to query with. Valid
      values are 0 to 255. Setting the EDNS version causes an EDNS query to be
      sent. +noedns clears the remembered EDNS version. EDNS is set to 0
      by default.
 
  - +ednsflags[=#], +noednsflags
- This sets the must-be-zero EDNS flag bits (Z bits) to the specified value.
      Decimal, hex, and octal encodings are accepted. Setting a named flag (e.g.
      DO) is silently ignored. By default, no Z bits are set.
 
  - +ednsopt[=code[:value]], +noednsopt
- This specifies [or does not specify] an EDNS option with code point
      code and an optional payload of value as a hexadecimal
      string. +noednsopt clears the EDNS options to be sent.
 
  - +expire, +noexpire
- This toggles sending of an EDNS Expire option.
 
  - +nsid, +nonsid
- This toggles inclusion of an EDNS name server ID request when sending a
      query.
 
  - +recurse, +norecurse
- This toggles the setting of the RD (recursion desired) bit in the query.
      This bit is set by default, which means mdig normally sends
      recursive queries.
 
  - +retry=T
- This sets the number of times to retry UDP queries to server to T
      instead of the default, 2. Unlike +tries, this does not include the
      initial query.
 
  - +subnet=addr[/prefix-length], +nosubnet
- This sends [or does not send] an EDNS Client Subnet option with the
      specified IP address or network prefix.
 
  - mdig +subnet=0.0.0.0/0, or simply mdig +subnet=0
- This sends an EDNS client-subnet option with an empty address and a source
      prefix-length of zero, which signals a resolver that the client's address
      information must not be used when resolving this query.
 
  - +timeout=T
- This sets the timeout for a query to T seconds. The default timeout
      is 5 seconds for UDP transport and 10 for TCP. An attempt to set T
      to less than 1 results in a query timeout of 1 second being applied.
 
  - +tries=T
- This sets the number of times to try UDP queries to server to T
      instead of the default, 3. If T is less than or equal to zero, the
      number of tries is silently rounded up to 1.
 
  - +udptimeout=T
- This sets the timeout between UDP query retries to T.
 
  - +unknownformat, +nounknownformat
- This prints [or does not print] all RDATA in unknown RR-type presentation
      format (see RFC 3597). The default is to print RDATA for known
      types in the type's presentation format.
 
  - +yaml, +noyaml
- This toggles printing of the responses in a detailed YAML format.
 
  - +zflag, +nozflag
- This sets [or does not set] the last unassigned DNS header flag in a DNS
      query. This flag is off by default.
 
Internet Systems Consortium
2024, Internet Systems Consortium