Scroll to navigation

kdig(1) Knot DNS, version 1.6.0 kdig(1)

NAME

kdig
- Advanced DNS lookup utility (libknot equivalent of ISC dig)

SYNOPSIS

kdig [ common-settings] [query [settings]]...
kdig -h

DESCRIPTION

This utility sends one or more DNS queries to a nameserver. Each query can have individual settings, or it can be specified globally via common-settings, which must precede query specification.
query
name | -q name | -x address | -G tapfile
common-settings, settings
[class] [type] [@server]... [options]
name
Is a domain name that is to be looked up.
server
Is a domain name or an IPv4 or IPv6 address of the nameserver to send a query to. An additional port can be specified using address:port ([address]:port for IPv6 address) or address@port or address#port notation. If no server is specified, the servers from /etc/resolv.conf are used.
If no arguments are provided, kdig sends NS query for the root zone.

OPTIONS

-4
Use IPv4 protocol only.
-6
Use IPv6 protocol only.
-b address
Set the source IP address of the query to address. The address must be a valid address for local interface or :: or 0.0.0.0. Optional port can be specified in the same format as server value.
-c class
Set query class (e.g. CH, CLASS4). An explicit variant of class specification. The default class is IN.
-d
Enable debug messages if any.
-h--help
Print short help.
-k keyfile
Use TSIG or SIG-0 key stored in a file keyfile to authenticate the request. Supported file format is the same as generated by ISC dnssec-keygen. The key comprises of public (.key extension) and private part (.private extension). Either of these file names or a name without the extension can be specified as keyfile parameter.
-p port
Set nameserver port number or service name to send a query to. The default port is 53.
-q name
Set query name. An explicit variant of name specification.
-t type
Set query type (e.g. NS, IXFR=12345, TYPE65535). An explicit variant of type specification. The default type is A. It is also possible to use NOTIFY parameter to send a notify message.
-v--version
Print program version.
-x address
Send reverse (PTR) query for IPv4 or IPv6 address. Correct name, class and type is set automatically.
-y [algo:]keyname:key
Use TSIG key with a name keyname to authenticate the request. The algo part specifies the algorithm (the default is hmac-md5) and key specifies the shared secret encoded in Base64.
-E tapfile
Export a dnstap trace of the query and response messages received to the file tapfile.
-G tapfile
Generate message output from a previously saved dnstap file tapfile.
+[no]multiline
Wrap long records to more lines and improve human readability.
+[no]short
Show record data only.
+[no]aaflag
Set AA flag.
+[no]tcflag
Set TC flag.
+[no]rdflag
Set RD flag.
+[no]recurse
Same as +[no]rdflag
+[no]raflag
Set RA flag.
+[no]zflag
Set zero flag bit.
+[no]adflag
Set AD flag.
+[no]cdflag
Set CD flag.
+[no]dnssec
Set DO flag.
+[no]all
Show all packet sections.
+[no]qr
Show query packet.
+[no]header
Show packet header.
+[no]opt
Show EDNS pseudosection.
+[no]question
Show question section.
+[no]answer
Show answer section.
+[no]authority
Show authority section.
+[no]additional
Show additional section.
+[no]tsig
Show TSIG pseudosection.
+[no]stats
Show trailing packet statistics.
+[no]class
Show DNS class.
+[no]ttl
Show TTL value.
+[no]tcp
Use TCP protocol (default is UDP for standard query and TCP for AXFR/IXFR).
+[no]fail
Stop querying next nameserver if SERVFAIL response is received.
+[no]ignore
Don't use TCP automatically if truncated reply is received.
+[no]nsid
Request nameserver identifier (NSID).
+[no]edns=N
Use EDNS version (default is 0).
+noidn
Disable IDN transformation to ASCII and vice versa. IDNA2003 support depends on libidn availability during project building!
+client=SUBN
Set EDNS client subnet SUBN=IP/prefix.
+time=T
Set wait for reply interval in seconds (default is 5 seconds). This timeout applies to each query try.
+retry=N
Set number (>=0) of UDP retries (default is 2). This doesn't apply to AXFR/IXFR.
+bufsize=B
Set EDNS buffer size in bytes (default is 512 bytes).

NOTE

Options -k and -y cannot be used mutually.

Missing features with regard to ISC dig

Options -f and -m and query options: +split=W+tries=T+ndots=D, +domain=somename,+trusted-key=####, +[no]vc+[no]search+[no]showsearch, +[no]defname+[no]aaonly+[no]cmd, +[no]identify+[no]comments+[no]rrcomments, +[no]onesoa+[no]besteffort+[no]sigchase, +[no]topdown+[no]nssearch+[no]trace.
Per-user file configuration via ${HOME}/.digrc.

EXAMPLES

Example 1. Get A record for example.com:
# kdig example.com A
Example 2. Perform AXFR for zone example.com from the server 192.0.2.1:
# kdig example.com -t AXFR @192.0.2.1
Example 3. Get A record for example.com from 192.0.2.1 and reverse lookup for address 2001:DB8::1 from 192.0.2.2. Both using TCP protocol:
# kdig +tcp example.com -t A @192.0.2.1 -x 2001:DB8::1 @192.0.2.2

FILES

/etc/resolv.conf

AUTHOR

Daniel Salzman ( www.knot-dns.cz)
Please send any bug reports or comments to knot-dns@labs.nic.cz

SEE ALSO

khost(1), knsupdate(1).
2017-07-14 CZ.NIC Labs