NAME¶
- kdig
- - Advanced DNS lookup utility (libknot equivalent of ISC
dig)
SYNOPSIS¶
kdig [
common-settings] [
query [
settings]]...
- kdig -h
DESCRIPTION¶
This utility sends one or more DNS
queries to a nameserver. Each query
can have individual
settings, or it can be specified globally via
common-settings, which must precede
query specification.
- query
- name | -q name | -x
address | -G tapfile
- common-settings, settings
- [class] [type] [@server]...
[options]
- name
- Is a domain name that is to be looked up.
- server
- Is a domain name or an IPv4 or IPv6 address of the
nameserver to send a query to. An additional port can be specified using
address:port ([address]:port for IPv6 address) or address@port or
address#port notation. If no server is specified, the servers from
/etc/resolv.conf are used.
- If no arguments are provided, kdig sends NS
query for the root zone.
OPTIONS¶
- -4
- Use IPv4 protocol only.
- -6
- Use IPv6 protocol only.
- -b address
- Set the source IP address of the query to address.
The address must be a valid address for local interface or :: or 0.0.0.0.
Optional port can be specified in the same format as server
value.
- -c class
- Set query class (e.g. CH, CLASS4). An
explicit variant of class specification. The default class is
IN.
- -d
- Enable debug messages if any.
- -h, --help
- Print short help.
- -k keyfile
- Use TSIG or SIG-0 key stored in a file keyfile to
authenticate the request. Supported file format is the same as generated
by ISC dnssec-keygen. The key comprises of public (.key extension)
and private part (.private extension). Either of these file names or a
name without the extension can be specified as keyfile
parameter.
- -p port
- Set nameserver port number or service name to send a query
to. The default port is 53.
- -q name
- Set query name. An explicit variant of name
specification.
- -t type
- Set query type (e.g. NS, IXFR=12345,
TYPE65535). An explicit variant of type specification. The
default type is A. It is also possible to use NOTIFY
parameter to send a notify message.
- -v, --version
- Print program version.
- -x address
- Send reverse (PTR) query for IPv4 or IPv6
address. Correct name, class and type is set automatically.
- -y [algo:]keyname:key
- Use TSIG key with a name keyname to authenticate the
request. The algo part specifies the algorithm (the default is
hmac-md5) and key specifies the shared secret encoded in
Base64.
- -E tapfile
- Export a dnstap trace of the query and response messages
received to the file tapfile.
- -G tapfile
- Generate message output from a previously saved dnstap file
tapfile.
- +[no]multiline
- Wrap long records to more lines and improve human
readability.
- +[no]short
- Show record data only.
- +[no]aaflag
- Set AA flag.
- +[no]tcflag
- Set TC flag.
- +[no]rdflag
- Set RD flag.
- +[no]recurse
- Same as +[no]rdflag
- +[no]raflag
- Set RA flag.
- +[no]zflag
- Set zero flag bit.
- +[no]adflag
- Set AD flag.
- +[no]cdflag
- Set CD flag.
- +[no]dnssec
- Set DO flag.
- +[no]all
- Show all packet sections.
- +[no]qr
- Show query packet.
- +[no]header
- Show packet header.
- +[no]opt
- Show EDNS pseudosection.
- +[no]question
- Show question section.
- +[no]answer
- Show answer section.
- +[no]authority
- Show authority section.
- +[no]additional
- Show additional section.
- +[no]tsig
- Show TSIG pseudosection.
- +[no]stats
- Show trailing packet statistics.
- +[no]class
- Show DNS class.
- +[no]ttl
- Show TTL value.
- +[no]tcp
- Use TCP protocol (default is UDP for standard query and TCP
for AXFR/IXFR).
- +[no]fail
- Stop querying next nameserver if SERVFAIL response is
received.
- +[no]ignore
- Don't use TCP automatically if truncated reply is
received.
- +[no]nsid
- Request nameserver identifier (NSID).
- +[no]edns=N
- Use EDNS version (default is 0).
- +noidn
- Disable IDN transformation to ASCII and vice versa.
IDNA2003 support depends on libidn availability during project
building!
- +client=SUBN
- Set EDNS client subnet SUBN=IP/prefix.
- +time=T
- Set wait for reply interval in seconds (default is 5
seconds). This timeout applies to each query try.
- +retry=N
- Set number (>=0) of UDP retries (default is 2). This
doesn't apply to AXFR/IXFR.
- +bufsize=B
- Set EDNS buffer size in bytes (default is 512 bytes).
NOTE¶
Options
-k and
-y cannot be used mutually.
Missing features with regard to ISC dig¶
Options
-f and
-m and query options:
+split=W,
+tries=T,
+ndots=D,
+domain=somename,
+trusted-key=####,
+[
no]
vc,
+[
no]
search,
+[
no]
showsearch,
+[
no]
defname,
+[
no]
aaonly,
+[
no]
cmd,
+[
no]
identify,
+[
no]
comments,
+[
no]
rrcomments,
+[
no]
onesoa,
+[
no]
besteffort,
+[
no]
sigchase,
+[
no]
topdown,
+[
no]
nssearch,
+[
no]
trace.
- Per-user file configuration via ${HOME}/.digrc.
EXAMPLES¶
Example 1. Get A record for example.com:
- # kdig example.com A
- Example 2. Perform AXFR for zone example.com from the
server 192.0.2.1:
- # kdig example.com -t AXFR @192.0.2.1
- Example 3. Get A record for example.com from 192.0.2.1
and reverse lookup for address 2001:DB8::1 from 192.0.2.2. Both using TCP
protocol:
- # kdig +tcp example.com -t A @192.0.2.1 -x 2001:DB8::1
@192.0.2.2
FILES¶
/etc/resolv.conf
AUTHOR¶
Daniel Salzman (
www.knot-dns.cz)
- Please send any bug reports or comments to
knot-dns@labs.nic.cz
SEE ALSO¶
khost(1),
knsupdate(1).