Dig arguments are positional and they always were. See the Simple Usage and
Multiple Queries sections in the manual page for details.
Ondřej
--
Ondřej Surý — ISC (He/Him)
My working hours and your working hours may be different. Please do not feel
obligated to reply outside your normal working
Sorry, there is no clear description of the problem
I describe the question again
Any parameters of the dig command should not be in sequence,
such as below
dig 1.1.1.1.in-addr.arpa PTR +trace +nodnssec VS dig
1.1.1.1.in-addr.arpa PTR +nodnssec +trace
The output of these two commands after ex
Works fine for me.
% bin/dig/dig 1.1.1.1.in-addr.arpa +trace
; <<>> DiG 9.14.8 <<>> 1.1.1.1.in-addr.arpa +trace
;; global options: +cmd
. 331767 IN NS f.root-servers.net.
. 331767 IN NS j.root-servers.net.
.
dig version 9.14.8
Using the following command can not achieve the desired effect, dnssec
information will still be output
dig 1.1.1.1.in-addr.arpa +trace +nodnssec
Normally, the parameters should not be in sequence
--
Best Regards!!
champion_xie
On Mon, Aug 13, 2012 at 10:18 AM, John Williams wrote:
> I've a system with two interfaces; a management and a data interface. My
> default route is set out to the data interface.
>
> doing a
>
> dig +tcp someIP.com @some.resolver
>
> works fine.
>
> If I want a UDP based query, I have to specify
I've a system with two interfaces; a management and a data interface. My
default route is set out to the data interface.
doing a
dig +tcp someIP.com @some.resolver
works fine.
If I want a UDP based query, I have to specify -b option and provide IP of the
interface otherwise it fails.
> I don't see specific reference to using the AD flag in queries in the
> RFCs (at least on a cursory glance), but it's a very useful feature.
We're kind of flying under the RFC's radar, as I understand it. The RFC
says the server must ignore the AD flag in a query. What we do, though,
is clear
On Wed, 6 Jan 2010, Michael Sinatra wrote:
> I tried this out and I noticed that both BIND and unbound appear to
> behave the same way when using dig in this manner. So both of the
> major validating implementations support it. I don't see specific
> reference to using the AD flag in queries
On 1/6/10 7:10 AM, Alan Clegg wrote:
Tony Finch wrote:
On Wed, 6 Jan 2010, Pamela Rock wrote:
Does that imply that +adflag sets the ad bit on the query and the
response where +dnssec only sets the ad bit on the responce?
The AD flag is meaningless in a query. In a response it tells you whethe
Tony Finch wrote:
> The AD flag is meaningless in a query. In a response it tells you whether
> the server is authoritative or not. It has nothing to do with DNSSEC.
AD bit is authenticated data. AA bit is authoritative answer.
AD has everything to do with DNSSEC.
AA has nothing to do with DNS
Tony Finch wrote:
> On Wed, 6 Jan 2010, Pamela Rock wrote:
>> Does that imply that +adflag sets the ad bit on the query and the
>> response where +dnssec only sets the ad bit on the responce?
>
> The AD flag is meaningless in a query. In a response it tells you whether
> the server is authoritativ
On Wed, 6 Jan 2010, Pamela Rock wrote:
>
> Does that imply that +adflag sets the ad bit on the query and the
> response where +dnssec only sets the ad bit on the responce?
The AD flag is meaningless in a query. In a response it tells you whether
the server is authoritative or not. It has nothing t
> AD is set when authentication is successful by the server
> to whom you
> are sending the query. The "+noadflag" says don't set
> the AD bit in the
> outbound query (which is the default).
>
> AlanC
>
Thanks. Based on that, the following:
dig +adflag gov
produces:
flags: qr rd ra ad;
Doe
Pamela Rock wrote:
> The following dig query
>
> dig gov +dnssec +noadflag @10.10.10.1
>
> produces the following flags in the header section:
>
> ;; flags: qr rd ra ad;
>
> Question - what is the relation with the +dnssec and +noadflag
> options in the query.
The following dig query
dig gov +dnssec +noadflag @10.10.10.1
produces the following flags in the header section:
;; flags: qr rd ra ad;
Question - what is the relation with the +dnssec and +noadflag options in the
query. I would think the query would produce a signed response with no ad bit
15 matches
Mail list logo
