man_kdig.rst 6.49 KB
Newer Older
1 2
.. highlight:: console

3 4
kdig – Advanced DNS lookup utility
==================================
Jan Včelák's avatar
Jan Včelák committed
5 6 7 8 9 10

Synopsis
--------

:program:`kdig` [*common-settings*] [*query* [*settings*]]...

11
:program:`kdig` **-h**
Jan Včelák's avatar
Jan Včelák committed
12 13 14 15 16 17 18 19

Description
-----------

This utility sends one or more DNS queries to a nameserver. Each query can have
individual *settings*, or it can be specified globally via *common-settings*,
which must precede *query* specification.

Daniel Salzman's avatar
Daniel Salzman committed
20 21 22
Parameters
..........

Jan Včelák's avatar
Jan Včelák committed
23
*query*
24
  *name* | **-q** *name* | **-x** *address* | **-G** *tapfile*
Jan Včelák's avatar
Jan Včelák committed
25 26

*common-settings*, *settings*
27
  [*class*] [*type*] [**@**\ *server*]... [*options*]
Jan Včelák's avatar
Jan Včelák committed
28 29 30 31 32 33 34 35 36 37

*name*
  Is a domain name that is to be looked up.

*server*
  Is a domain name or an IPv4 or IPv6 address of the nameserver to send a query
  to. An additional port can be specified using address:port ([address]:port
  for IPv6 address), address@port, or address#port notation. If no server is
  specified, the servers from :file:`/etc/resolv.conf` are used.

Daniel Salzman's avatar
Daniel Salzman committed
38
If no arguments are provided, :program:`kdig` sends NS query for the root
39
zone.
Jan Včelák's avatar
Jan Včelák committed
40 41

Options
Daniel Salzman's avatar
Daniel Salzman committed
42
.......
Jan Včelák's avatar
Jan Včelák committed
43

44
**-4**
45
  Use the IPv4 protocol only.
Jan Včelák's avatar
Jan Včelák committed
46

47
**-6**
48
  Use the IPv6 protocol only.
Jan Včelák's avatar
Jan Včelák committed
49

50 51
**-b** *address*
  Set the source IP address of the query to *address*. The address must be a
52 53
  valid address for local interface or :: or 0.0.0.0. An optional port
  can be specified in the same format as the *server* value.
Jan Včelák's avatar
Jan Včelák committed
54

55
**-c** *class*
56
  Set the query class (e.g. CH, CLASS4). An explicit variant of *class*
Daniel Salzman's avatar
Daniel Salzman committed
57
  specification. The default class is IN.
Jan Včelák's avatar
Jan Včelák committed
58

59
**-d**
Daniel Salzman's avatar
Daniel Salzman committed
60
  Enable debug messages.
Jan Včelák's avatar
Jan Včelák committed
61

62
**-h**, **--help**
63
  Print the program help.
Jan Včelák's avatar
Jan Včelák committed
64

65
**-k** *keyfile*
66 67
  Use the TSIG key stored in a file *keyfile* to authenticate the request. The
  file must contain the key in the same format as accepted by the
68
  **-y** option.
Jan Včelák's avatar
Jan Včelák committed
69

70
**-p** *port*
71
  Set the nameserver port number or service name to send a query to. The default
Daniel Salzman's avatar
Daniel Salzman committed
72
  port is 53.
Jan Včelák's avatar
Jan Včelák committed
73

74
**-q** *name*
75
  Set the query name. An explicit variant of *name* specification.
Jan Včelák's avatar
Jan Včelák committed
76

77
**-t** *type*
78 79 80 81
  Set the query type (e.g. NS, IXFR=12345, TYPE65535, NOTIFY). An explicit 
  variant of *type* specification. The default type is A. IXFR type requires 
  SOA serial parameter. NOTIFY type without SOA serial parameter causes pure 
  NOTIFY message without any SOA hint.
Jan Včelák's avatar
Jan Včelák committed
82

83
**-V**, **--version**
84
  Print the program version.
Jan Včelák's avatar
Jan Včelák committed
85

86
**-x** *address*
87
  Send a reverse (PTR) query for IPv4 or IPv6 *address*. The correct name, class
88
  and type is set automatically.
Jan Včelák's avatar
Jan Včelák committed
89

Daniel Salzman's avatar
Daniel Salzman committed
90
**-y** [*alg*:]\ *name*:*key*
91
  Use the TSIG key named *name* to authenticate the request. The *alg*
92 93
  part specifies the algorithm (the default is hmac-md5) and *key* specifies
  the shared secret encoded in Base64.
Jan Včelák's avatar
Jan Včelák committed
94

95
**-E** *tapfile*
Jan Včelák's avatar
Jan Včelák committed
96
  Export a dnstap trace of the query and response messages received to the
97
  file *tapfile*.
Jan Včelák's avatar
Jan Včelák committed
98

99 100
**-G** *tapfile*
  Generate message output from a previously saved dnstap file *tapfile*.
Jan Včelák's avatar
Jan Včelák committed
101

102
**+**\ [\ **no**\ ]\ **multiline**
Jan Včelák's avatar
Jan Včelák committed
103 104
  Wrap long records to more lines and improve human readability.

105
**+**\ [\ **no**\ ]\ **short**
Jan Včelák's avatar
Jan Včelák committed
106 107
  Show record data only.

108
**+**\ [\ **no**\ ]\ **aaflag**
109
  Set the AA flag.
Jan Včelák's avatar
Jan Včelák committed
110

111
**+**\ [\ **no**\ ]\ **tcflag**
112
  Set the TC flag.
Jan Včelák's avatar
Jan Včelák committed
113

114
**+**\ [\ **no**\ ]\ **rdflag**
115
  Set the RD flag.
Jan Včelák's avatar
Jan Včelák committed
116

117 118
**+**\ [\ **no**\ ]\ **recurse**
  Same as **+**\ [\ **no**\ ]\ **rdflag**
Jan Včelák's avatar
Jan Včelák committed
119

120
**+**\ [\ **no**\ ]\ **raflag**
121
  Set the RA flag.
Jan Včelák's avatar
Jan Včelák committed
122

123
**+**\ [\ **no**\ ]\ **zflag**
124
  Set the zero flag bit.
Jan Včelák's avatar
Jan Včelák committed
125

126
**+**\ [\ **no**\ ]\ **adflag**
127
  Set the AD flag.
Jan Včelák's avatar
Jan Včelák committed
128

129
**+**\ [\ **no**\ ]\ **cdflag**
130
  Set the CD flag.
Jan Včelák's avatar
Jan Včelák committed
131

132
**+**\ [\ **no**\ ]\ **dnssec**
133
  Set the DO flag.
Jan Včelák's avatar
Jan Včelák committed
134

135
**+**\ [\ **no**\ ]\ **all**
Jan Včelák's avatar
Jan Včelák committed
136 137
  Show all packet sections.

138
**+**\ [\ **no**\ ]\ **qr**
139
  Show the query packet.
Jan Včelák's avatar
Jan Včelák committed
140

141
**+**\ [\ **no**\ ]\ **header**
142
  Show the packet header.
Jan Včelák's avatar
Jan Včelák committed
143

144
**+**\ [\ **no**\ ]\ **opt**
145
  Show the EDNS pseudosection.
Jan Včelák's avatar
Jan Včelák committed
146

147
**+**\ [\ **no**\ ]\ **question**
148
  Show the question section.
Jan Včelák's avatar
Jan Včelák committed
149

150
**+**\ [\ **no**\ ]\ **answer**
151
  Show the answer section.
Jan Včelák's avatar
Jan Včelák committed
152

153
**+**\ [\ **no**\ ]\ **authority**
154
  Show the authority section.
Jan Včelák's avatar
Jan Včelák committed
155

156
**+**\ [\ **no**\ ]\ **additional**
157
  Show the additional section.
Jan Včelák's avatar
Jan Včelák committed
158

159
**+**\ [\ **no**\ ]\ **tsig**
160
  Show the TSIG pseudosection.
Jan Včelák's avatar
Jan Včelák committed
161

162
**+**\ [\ **no**\ ]\ **stats**
Jan Včelák's avatar
Jan Včelák committed
163 164
  Show trailing packet statistics.

165
**+**\ [\ **no**\ ]\ **class**
166
  Show the DNS class.
Jan Včelák's avatar
Jan Včelák committed
167

168
**+**\ [\ **no**\ ]\ **ttl**
169
  Show the TTL value.
Jan Včelák's avatar
Jan Včelák committed
170

171
**+**\ [\ **no**\ ]\ **tcp**
172
  Use the TCP protocol (default is UDP for standard query and TCP for AXFR/IXFR).
Jan Včelák's avatar
Jan Včelák committed
173

174
**+**\ [\ **no**\ ]\ **ignore**
175
  Don't use TCP automatically if a truncated reply is received.
Jan Včelák's avatar
Jan Včelák committed
176

177
**+**\ [\ **no**\ ]\ **nsid**
178
  Request the nameserver identifier (NSID).
Jan Včelák's avatar
Jan Včelák committed
179

180
**+**\ [\ **no**\ ]\ **edns**\ =\ *N*
Jan Včelák's avatar
Jan Včelák committed
181 182
  Use EDNS version (default is 0).

183
**+noidn**
184
  Disable the IDN transformation to ASCII and vice versa. IDNA2003 support depends
Jan Včelák's avatar
Jan Včelák committed
185 186
  on libidn availability during project building!

187
**+generic**
Jan Včelák's avatar
Jan Včelák committed
188 189 190
  Use the generic representation format when printing resource record types
  and data.

191
**+client**\ =\ *SUBN*
192
  Set the EDNS client subnet SUBN=IP/prefix.
Jan Včelák's avatar
Jan Včelák committed
193

194
**+time**\ =\ *T*
195 196
  Set the wait-for-reply interval in seconds (default is 5 seconds). This timeout
  applies to each query attempt.
Jan Včelák's avatar
Jan Včelák committed
197

198
**+retry**\ =\ *N*
199
  Set the number (>=0) of UDP retries (default is 2). This doesn't apply to
Jan Včelák's avatar
Jan Včelák committed
200 201
  AXFR/IXFR.

202
**+bufsize**\ =\ *B*
203
  Set the EDNS buffer size in bytes (default is 512 bytes).
Jan Včelák's avatar
Jan Včelák committed
204 205 206 207

Notes
-----

208
Options **-k** and **-y** can not be used simultaneously.
Jan Včelák's avatar
Jan Včelák committed
209 210 211

Missing features with regard to ISC dig:

212 213 214 215 216 217
  Options **-f** and **-m** and query options:
  **+split**\ =\ *W*,
  **+tries**\ =\ *T*,
  **+ndots**\ =\ *D*,
  **+domain**\ =\ *somename*,
  **+trusted-key**\ =\ *####*,
218
  **+**\ [\ **no**\ ]\ **fail**,
219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234
  **+**\ [\ **no**\ ]\ **vc**,
  **+**\ [\ **no**\ ]\ **search**,
  **+**\ [\ **no**\ ]\ **showsearch**,
  **+**\ [\ **no**\ ]\ **defname**,
  **+**\ [\ **no**\ ]\ **aaonly**,
  **+**\ [\ **no**\ ]\ **cmd**,
  **+**\ [\ **no**\ ]\ **identify**,
  **+**\ [\ **no**\ ]\ **comments**,
  **+**\ [\ **no**\ ]\ **rrcomments**,
  **+**\ [\ **no**\ ]\ **onesoa**,
  **+**\ [\ **no**\ ]\ **besteffort**,
  **+**\ [\ **no**\ ]\ **sigchase**,
  **+**\ [\ **no**\ ]\ **topdown**,
  **+**\ [\ **no**\ ]\ **nssearch**, and
  **+**\ [\ **no**\ ]\ **trace**.

235
  Per-user file configuration via :file:`~/.digrc`.
Jan Včelák's avatar
Jan Včelák committed
236 237 238 239

Examples
--------

240
1. Get A records for example.com::
Jan Včelák's avatar
Jan Včelák committed
241

242
     $ kdig example.com A
Jan Včelák's avatar
Jan Včelák committed
243

244
2. Perform AXFR for zone example.com from the server 192.0.2.1::
Jan Včelák's avatar
Jan Včelák committed
245

246
     $ kdig example.com -t AXFR @192.0.2.1
Jan Včelák's avatar
Jan Včelák committed
247

248 249
3. Get A records for example.com from 192.0.2.1 and reverse lookup for address
   2001:DB8::1 from 192.0.2.2. Both using the TCP protocol::
Jan Včelák's avatar
Jan Včelák committed
250

251
     $ kdig +tcp example.com -t A @192.0.2.1 -x 2001:DB8::1 @192.0.2.2
Jan Včelák's avatar
Jan Včelák committed
252 253 254 255 256 257 258 259 260 261

Files
-----

:file:`/etc/resolv.conf`

See Also
--------

:manpage:`khost(1)`, :manpage:`knsupdate(1)`.