dnssec

dig flags :

  • +norecurse – don’t ask nameserver to do recursion
  • +[no]additional, +[no]authority, +[no]answer, +[no]all, etc. – [don’t] print the section indicated
  • +short – provide the shortest possible output
  • +trace – trace the authority chain from the root to the specified domain
  • +ignore – ignore the tc bit, if response is longer than 512 bytes and EDNS0 is not being used (default if not using +dnssec)
  • +dnssec – ask server for DNSSEC records and ask server to set the ad bit if DNS data validates (sets the DO bit on the query)
  • +cdflags – set the CD (checking disabled) flag, to tell the server not to try to validate the records, and to return the answer
  • +multi – use multi-line output; useful for printing DNSKEYs (with IDs)