sdig(1) - f35

1SDIG(1)                  PowerDNS Authoritative Server                 SDIG(1)
2
3
4

NAME

6       sdig - Perform a DNS query and show the results
7

SYNOPSIS

9       sdig IP-ADDRESS-OR-DOH-URL PORT QNAME QTYPE [OPTION]
10

DESCRIPTION

12       sdig  sends  a DNS query to IP-ADDRESS-OR-DOH-URL on port PORT and dis‐
13       plays the answer in a formatted way.  If the address starts with an  h,
14       it  is assumed to be a DoH endpoint, and PORT is ignored.  If qname and
15       qtype are both - and tcp is used, multiple lines are read  from  stdin,
16       where  each line contains a qname and a type.  If the address is stdin,
17       a DNS packet is read from stdin instead of from the network,  and  PORT
18       is ignored.  All input is literal and case sensitive.  Queries need op‐
19       tion recurse to expect a resource record reply if the query  target  is
20       not known to be the authoritative server for that record.
21

OPTIONS

23       These options can be added to the commandline in any order.
24
25       class CLASSNUM
26              Send  the query in the numbered class (like 3 for CHAOS) instead
27              of the default 1 (for IN).
28
29       dnssec Set the DO bit to request DNSSEC information.
30
31       ednssubnet SUBNET
32              Send SUBNET in the edns-client-subnet option. If this option  is
33              not set, no edns-client-subnet option is set in the query.
34
35       hidesoadetails
36              Don't show the SOA serial in the response.
37
38       hidettl
39              Replace TTLs with [ttl] in the response.
40
41       proxy TCP? SRC DST
42              Wrap  query in PROXYv2 protocol with these parameters. The first
43              parameter accepts 0 for UDP and 1 for TCP. The second and  third
44              take IP addresses and port.
45
46       recurse
47              Set the RD bit in the question.
48
49       showflags
50              Show  the  NSEC3  flags  in the response (they are hidden by de‐
51              fault).
52
53       dumpluaraw
54              Display  record  contents  in  a  form  suitable  for  dnsdist's
55              SpoofRawAction.
56
57       tcp    Use TCP instead of UDP to send the query.
58
59       dot    use DoT instead of UDP to send a query. Implies tcp.
60
61       insecure
62              when using DoT, do not validate the server certificate.
63
64       fastOpen
65              when using TCP or, DoT, enable TCP Fast Open
66
67       subjectName name
68              when  using  DoT,  verify  the  server certificate is issued for
69              name. The openssl provider will accept an empty name  and  still
70              make sure the certificate is issued by a trusted CA, gnutls will
71              only do the validation if a name is given.  Default is the empty
72              name. Also, note that older provide libraries might not validate
73              at all.
74
75       caStore file
76              when using DoT, read the trusted CA certificates from file.  De‐
77              fault is to use the system provided CA store.
78
79       tlsProvider name
80              when  using  DoT, use TLS provider name. Currently supported (if
81              compiled in): openssl and gnutls. Default is openssl  if  avail‐
82              able.
83
84       xpf XPFCODE XPFVERSION XPFPROTO XPFSRC XPFDST
85              Send an XPF additional with these parameters.
86

EXAMPLES

88       Simple queries to local resolvers
89              sdig  127.0.0.1  53  example.com  AAAA recurse sdig ::1 53 exam‐
90              ple.com A recurse
91
92       Query to a DNS-over-HTTPS server requesting dnssec and recursion
93              sdig https://dns.example.net/dns-query 443 example.com A  dnssec
94              recurse
95

AUTHOR

97       PowerDNS.COM BV
98

COPYRIGHT

100       2001-2021, PowerDNS.COM BV
101
102
103
104
105                                 Nov 09, 2021                          SDIG(1)