1SDIG(1)                  PowerDNS Authoritative Server                 SDIG(1)
2
3
4

NAME

6       sdig - Perform a DNS query and show the results
7

SYNOPSIS

9       sdig IP-ADDRESS-OR-DOH-URL PORT QNAME QTYPE [OPTION]
10

DESCRIPTION

12       sdig  sends  a DNS query to IP-ADDRESS-OR-DOH-URL on port PORT and dis‐
13       plays the answer in a formatted way.  If the address starts with an  h,
14       it  is assumed to be a DoH endpoint, and PORT is ignored.  If qname and
15       qtype are both - and tcp is used, multiple lines are read  from  stdin,
16       where  each line contains a qname and a type.  If the address is stdin,
17       a DNS packet is read from stdin instead of from the network,  and  PORT
18       is ignored.  All input is literal and case sensitive.  Queries need op‐
19       tion recurse to expect a resource record reply if the query  target  is
20       not known to be the authoritative server for that record.
21

OPTIONS

23       These options can be added to the commandline in any order.
24
25       class CLASSNUM
26              Send  the query in the numbered class (like 3 for CHAOS) instead
27              of the default 1 (for IN).
28
29       dnssec Set the DO bit to request DNSSEC information.
30
31       ednssubnet SUBNET
32              Send SUBNET in the edns-client-subnet option. If this option  is
33              not set, no edns-client-subnet option is set in the query.
34
35       hidesoadetails
36              Don't show the SOA serial in the response.
37
38       hidettl
39              Replace TTLs with [ttl] in the response.
40
41       proxy TCP? SRC DST
42              Wrap  query in PROXYv2 protocol with these parameters. The first
43              parameter accepts 0 for UDP and 1 for TCP. The second and  third
44              take IP addresses and port.
45
46       recurse
47              Set the RD bit in the question.
48
49       showflags
50              Show  the  NSEC3  flags  in the response (they are hidden by de‐
51              fault).
52
53       dumpluaraw
54              Display  record  contents  in  a  form  suitable  for  dnsdist's
55              SpoofRawAction.
56
57       tcp    Use TCP instead of UDP to send the query.
58
59       dot    use DoT instead of UDP to send a query. Implies tcp.
60
61       insecure
62              when using DoT, do not validate the server certificate.
63
64       fastOpen
65              when using TCP or, DoT, enable TCP Fast Open
66
67       subjectName name
68              when  using  DoT,  verify  the  server certificate is issued for
69              name. The openssl provider will accept an empty name  and  still
70              make sure the certificate is issued by a trusted CA, gnutls will
71              only do the validation if a name is given.  Default is the empty
72              name. Also, note that older provide libraries might not validate
73              at all.
74
75       caStore file
76              when using DoT, read the trusted CA certificates from file.  De‐
77              fault is to use the system provided CA store.
78
79       tlsProvider name
80              when  using  DoT, use TLS provider name. Currently supported (if
81              compiled in): openssl and gnutls. Default is openssl  if  avail‐
82              able.
83
84       xpf XPFCODE XPFVERSION XPFPROTO XPFSRC XPFDST
85              Send an XPF additional with these parameters.
86
87       opcode OPNUM
88              Use  opcode  OPNUM  instead  of  0  (Query).  For  example, sdig
89              192.0.2.1 53 example.com SOA opcode 4 sends a NOTIFY.
90

EXAMPLES

92       Simple queries to local resolvers
93              sdig 127.0.0.1 53 example.com AAAA recurse  sdig  ::1  53  exam‐
94              ple.com A recurse
95
96       Query to a DNS-over-HTTPS server requesting dnssec and recursion
97              sdig  https://dns.example.net/dns-query 443 example.com A dnssec
98              recurse
99

AUTHOR

101       PowerDNS.COM BV
102
104       2001-2022, PowerDNS.COM BV
105
106
107
108
109                                 Nov 01, 2022                          SDIG(1)
Impressum