Intent and implementation of dig's +crypto option
Anand Buddhdev
anandb at ripe.net
Fri Sep 22 14:17:29 UTC 2023
On 22/09/2023 15:03, Marco Davids (SIDN) via bind-users wrote:
Hi Marco,
> It reminded me that that there is such thing as a .digrc file, that
> perhaps not all of the readers are familiar with.
>
> Mine has this content:
>
> +bufsize=1232
> +dnssec
> +nocrypto
> +multi
> -t AAAA
>
> It serves me well, mostly. Sometimes it bites me as well.
I am also aware of .digrc, and choose not to use it. Putting options
into .digrc has the effect that the output of dig doesn't show me which
options were used. This can be a source of great confusion when trying
to figure out why dig is behaving a certain way.
My preferred method uses shell aliases:
alias d='dig -r +noclass +nocookie +nocrypto +nsid +retry=0'
alias k='kdig +noclass +nocrypto +nsid +noretry'
The benefit of this (at least with dig) is that the options are all
shown in the command section of the output, eg:
% d ripe.net mx
; <<>> DiG 9.18.19 <<>> -r +noclass +nocookie +nocrypto +nsid +retry
ripe.net mx
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57653
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
With my shell alias, I can always add options, and they override the
previous ones. So I can add +crypto if I want to see the hashes. And
when I want to avoid my alias altogether, for default behaviour, I just
run "dig" or "kdig".
Regards,
Anand
More information about the bind-users
mailing list