kdig(1)
NAME
kdig - Advanced DNS lookup utility
SYNOPSIS
kdig [common-settings] [query [settings]]... kdig -h
DESCRIPTION
This utility sends one or more DNS queries to a nameserver. Each query
can have individual settings, or it can be specified globally via
common-settings, which must precede query specification.
Parameters
query name | -q name | -x address | -G tapfile
common-settings, settings
[class] [type] [@server]... [options]
name Is a domain name that is to be looked up.
server Is a domain name or an IPv4 or IPv6 address of the nameserver to
send a query to. An additional port can be specified using
address:port ([address]:port for IPv6 address), address@port, or
address#port notation. If no server is specified, the servers
from /etc/resolv.conf are used.
If no arguments are provided, kdig sends NS query for the root zone.
Options
-4 Use the IPv4 protocol only.
-6 Use the IPv6 protocol only.
-b address
Set the source IP address of the query to address. The address
must be a valid address for local interface or :: or 0.0.0.0. An
optional port can be specified in the same format as the server
value.
-c class
Set the query class (e.g. CH, CLASS4). An explicit variant of
class specification. The default class is IN.
-d Enable debug messages.
-h, --help
Print the program help.
-k keyfile
Use the TSIG key stored in a file keyfile to authenticate the
request. The file must contain the key in the same format as
accepted by the -y option.
-p port
Set the nameserver port number or service name to send a query
to. The default port is 53.
-q name
Set the query name. An explicit variant of name specification.
-t type
Set the query type (e.g. NS, IXFR=12345, TYPE65535, NOTIFY). An
explicit variant of type specification. The default type is A.
IXFR type requires SOA serial parameter. NOTIFY type without SOA
serial parameter causes pure NOTIFY message without any SOA
hint.
-V, --version
Print the program version.
-x address
Send a reverse (PTR) query for IPv4 or IPv6 address. The correct
name, class and type is set automatically.
-y [alg:]name:key
Use the TSIG key named name to authenticate the request. The alg
part specifies the algorithm (the default is hmac-md5) and key
specifies the shared secret encoded in Base64.
-E tapfile
Export a dnstap trace of the query and response messages
received to the file tapfile.
-G tapfile
Generate message output from a previously saved dnstap file
tapfile.
+[no]multiline
Wrap long records to more lines and improve human readability.
+[no]short
Show record data only.
+[no]generic
Use the generic representation format when printing resource
record types and data.
+[no]aaflag
Set the AA flag.
+[no]tcflag
Set the TC flag.
+[no]rdflag
Set the RD flag.
+[no]recurse
Same as +[no]rdflag
+[no]raflag
Set the RA flag.
+[no]zflag
Set the zero flag bit.
+[no]adflag
Set the AD flag.
+[no]cdflag
Set the CD flag.
+[no]dnssec
Set the DO flag.
+[no]all
Show all packet sections.
+[no]qr
Show the query packet.
+[no]header
Show the packet header.
+[no]opt
Show the EDNS pseudosection.
+[no]question
Show the question section.
+[no]answer
Show the answer section.
+[no]authority
Show the authority section.
+[no]additional
Show the additional section.
+[no]tsig
Show the TSIG pseudosection.
+[no]stats
Show trailing packet statistics.
+[no]class
Show the DNS class.
+[no]ttl
Show the TTL value.
+[no]tcp
Use the TCP protocol (default is UDP for standard query and TCP
for AXFR/IXFR).
+[no]ignore
Don't use TCP automatically if a truncated reply is received.
+[no]tls
Use TLS with the Opportunistic privacy profile.
+[no]tls-ca[=FILE]
Use TLS with the Out-Of-Band privacy profile, use a specified
PEM file (default is system certificate storage if no argument
is provided). Can be specified multiple times.
+[no]tls-pin=BASE64
Use TLS with a pinned certificate check. The PIN must be a
Base64 encoded SHA-256 hash of the X.509 SubjectPublicKeyInfo.
Can be specified multiple times.
+[no]tls-hostname=STR
Use TLS with a remote server hostname check.
+[no]nsid
Request the nameserver identifier (NSID).
+[no]bufsize=B
Set EDNS buffer size in bytes (default is 512 bytes).
+[no]padding=B
Set EDNS(0) padding option data length (default is no).
+[no]alignment[=B]
Align the query to B-byte-block message using the EDNS(0)
padding option (default is no or 128 if no argument is
specified).
+[no]subnet=SUBN
Set EDNS(0) client subnet SUBN=addr/prefix.
+[no]edns[=N]
Use EDNS version (default is 0).
+[no]time=T
Set the wait-for-reply interval in seconds (default is 5
seconds). This timeout applies to each query attempt.
+[no]retry=N
Set the number (>=0) of UDP retries (default is 2). This doesn't
apply to AXFR/IXFR.
+noidn Disable the IDN transformation to ASCII and vice versa. IDNA2003
support depends on libidn availability during project building!
NOTES
Options -k and -y can not be used simultaneously. Dnssec-keygen keyfile format is not supported. Use keymgr(8) instead.
EXAMPLES
1. Get A records for example.com:
$ kdig example.com A
2. Perform AXFR for zone example.com from the server 192.0.2.1:
$ kdig example.com -t AXFR @192.0.2.1
3. Get A records for example.com from 192.0.2.1 and reverse lookup for
address 2001:DB8::1 from 192.0.2.2. Both using the TCP protocol:
$ kdig +tcp example.com -t A @192.0.2.1 -x 2001:DB8::1 @192.0.2.2
4. Get SOA record for example.com, use TLS, use system certificates,
check for specified hostname, check for certificate pin, and print
additional debug info:
$ kdig -d @185.49.141.38 +tls-ca +tls-host=getdnsapi.net \
+tls-pin=foxZRnIh9gZpWnl+zEiKa0EJ2rdCGroMWm02gaxSc9S= soa example.com
FILES
/etc/resolv.conf
SEE ALSO
khost(1), knsupdate(1), keymgr(8).
AUTHOR
CZ.NIC Labs <http://www.knot-dns.cz>
COPYRIGHT
Copyright 2010–2016, CZ.NIC, z.s.p.o.
Opportunity
Personal Opportunity - Free software gives you access to billions of dollars of software at no cost. Use this software for your business, personal use or to develop a profitable skill. Access to source code provides access to a level of capabilities/information that companies protect though copyrights. Open source is a core component of the Internet and it is available to you. Leverage the billions of dollars in resources and capabilities to build a career, establish a business or change the world. The potential is endless for those who understand the opportunity.
Business Opportunity - Goldman Sachs, IBM and countless large corporations are leveraging open source to reduce costs, develop products and increase their bottom lines. Learn what these companies know about open source and how open source can give you the advantage.
Free Software
Free Software provides computer programs and capabilities at no cost but more importantly, it provides the freedom to run, edit, contribute to, and share the software. The importance of free software is a matter of access, not price. Software at no cost is a benefit but ownership rights to the software and source code is far more significant.
Free Office Software - The Libre Office suite provides top desktop productivity tools for free. This includes, a word processor, spreadsheet, presentation engine, drawing and flowcharting, database and math applications. Libre Office is available for Linux or Windows.
Free Books
The Free Books Library is a collection of thousands of the most popular public domain books in an online readable format. The collection includes great classical literature and more recent works where the U.S. copyright has expired. These books are yours to read and use without restrictions.
Source Code - Want to change a program or know how it works? Open Source provides the source code for its programs so that anyone can use, modify or learn how to write those programs themselves. Visit the GNU source code repositories to download the source.
Education
Study at Harvard, Stanford or MIT - Open edX provides free online courses from Harvard, MIT, Columbia, UC Berkeley and other top Universities. Hundreds of courses for almost all major subjects and course levels. Open edx also offers some paid courses and selected certifications.
Linux Manual Pages - A man or manual page is a form of software documentation found on Linux/Unix operating systems. Topics covered include computer programs (including library and system calls), formal standards and conventions, and even abstract concepts.
