dig @server foobar +trace +recurse

John Miller johnmill at brandeis.edu
Thu Jul 9 03:55:56 UTC 2015 

For my part, I'd be curious to know what sort of problem you're trying to
solve with dig.  We might be able to shed a little more light on what the
best command would be for you.

The +recurse gets overridden when you use +trace:

+[no]recurse
           ... Recursion is automatically disabled when the
           +nssearch or +trace query options are used.

so you're getting iterative queries whether you want them or not: +trace
means you're treating yourself as a recursive nameserver, and the RD bit
isn't set on your queries.

If you send a single query to a remote nameserver, you're only going to get
a single response--that's how DNS works.  So if you're looking to see the
chain of lookups that a remote recursive nameserver takes to reach its
final response, you can run dig +trace from the remote nameserver, or you
could run a series of dig @server +norecurse <hostname> queries to get what
you're looking for.

I admit ignorance on the +showsearch option: I'm not seeing the query flags
change, nor am I seeing any different output when I run:

dig @8.8.8.8 trombone.org +showsearch

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.23.rc1.el6_5.1 <<>> @8.8.8.8 trombone.org
+showsearch
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9742
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

versus

dig @8.8.8.8 trombone.org

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.23.rc1.el6_5.1 <<>> @8.8.8.8 trombone.org
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36891
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

Even after flushing Google's cache (
https://developers.google.com/speed/public-dns/cache), I still get the same
response.  Does anyone have insight on +showsearch, other than the
following ;-)

BUGS
       There are probably too many query options.


John



On Wed, Jul 8, 2015 at 6:34 PM, Anne Bennett <anne at encs.concordia.ca> wrote:

>
> I've been trying to debug a problem with dig, and it has finally
> occurred to me that, if I understand this correctly, the "+trace"
> option essentially overrides the @server specification, except for
> the initial query for the root zone nameservers.  (I was using
> "+showsearch +trace +recurse".)
>
> Is my understanding correct?
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20150708/6c6b1c8b/attachment.html>

More information about the bind-users mailing list