dig flags :
- +norecurse – don’t ask nameserver to do recursion
- +[no]additional, +[no]authority, +[no]answer, +[no]all, etc. – [don’t] print the section indicated
- +short – provide the shortest possible output
- +trace – trace the authority chain from the root to the specified domain
- +ignore – ignore the tc bit, if response is longer than 512 bytes and EDNS0 is not being used (default if not using +dnssec)
- +dnssec – ask server for DNSSEC records and ask server to set the ad bit if DNS data validates (sets the DO bit on the query)
- +cdflags – set the CD (checking disabled) flag, to tell the server not to try to validate the records, and to return the answer
- +multi – use multi-line output; useful for printing DNSKEYs (with IDs)