Provided by: knot-dnsutils_1.4.2-1_amd64 bug


       kdig - Advanced DNS lookup utility (libknot equivalent of ISC dig)


       kdig [common-settings] [query [settings]]...

       kdig -h


       This utility sends one or more DNS queries to a nameserver. Each query can have individual
       settings, or it can be specified globally via common-settings, which  must  precede  query

           name | -q name | -x address

       common-settings, settings
           [class] [type] [@server]... [options]

           Is a domain name that is to be looked up.

           Is  a domain name or an IPv4 or IPv6 address of the nameserver to send a query to.  An
           additional port can be specified using address:port ([address]:port for IPv6  address)
           or address#port notation. If no server is specified, the servers from /etc/resolv.conf
           are used.

       If no arguments are provided, kdig sends NS query for the root zone.


       -4  Use IPv4 protocol only.

       -6  Use IPv6 protocol only.

       -b address
           Set the source IP address of the query to address. The address must be a valid address
           for  local  interface  or  ::  or   Optional  port  can  be  specified using
           [address]:port notation.

       -c class
           Set query class (e.g. CH, CLASS4). An explicit variant  of  class  specification.  The
           default class is IN.

       -d  Enable debug messages if any.

       -h, --help
           Print short help.

       -k keyfile
           Use TSIG or SIG-0 key stored in a file keyfile to authenticate the request.  Supported
           file format is the same as generated by  ISC  dnssec-keygen.   The  key  comprises  of
           public  (.key  extension) and private part (.private extension).  Either of these file
           names or a name without the extension can be specified as keyfile parameter.

       -p port
           Set nameserver port number or service name to send a query to.  The  default  port  is

       -q name
           Set query name. An explicit variant of name specification.

       -t type
           Set  query  type  (e.g.  NS,  IXFR=12345,  TYPE65535).   An  explicit  variant of type
           specification. The default type is A.

       -v, --version
           Print program version.

       -x address
           Send reverse (PTR) query for IPv4 or IPv6 address. Correct name, class and type is set

       -y [algo:]keyname:key
           Use  TSIG key with a name keyname to authenticate the request. The algo part specifies
           the algorithm (the default is hmac-md5) and key specifies the shared secret encoded in

           Wrap long records to more lines and improve human readability.

           Show record data only.

           Set AA flag.

           Set TC flag.

           Set RD flag.

           Same as +[no]rdflag

           Set RA flag.

           Set zero flag bit.

           Set AD flag.

           Set CD flag.

           Set DO flag.

           Show all packet sections.

           Show query packet.

           Show packet header.

           Show EDNS pseudosection.

           Show question section.

           Show answer section.

           Show authority section.

           Show additional section.

           Show trailing packet statistics.

           Show DNS class.

           Show TTL value.

           Use TCP protocol (default is UDP for standard query and TCP for AXFR/IXFR).

           Stop quering next nameserver if SERVFAIL response is received.

           Don't use TCP automatically if truncated reply is received.

           Request nameserver identifier (NSID).

           Use EDNS version (default is 0).

           Disable  IDN  transformation  to  ASCII  and  vice versa.  IDNA2003 support depends on
           libidn availability during project building!

           Set wait for reply interval in seconds (default is 5 seconds).  This  timeout  applies
           to each query try.

           Set number (>=0) of UDP retries (default is 2). This doesn't apply to AXFR/IXFR.

           Set EDNS buffer size in bytes (default is 512 bytes).


       Options -k and -y cannot be used mutually.

   Missing features with regard to ISC dig
       Options    -f    and    -m    and   query   options:      +split=W, +tries=T, +ndots=D,
       +domain=somename,+trusted-key=####,           +[no]vc, +[no]search, +[no]showsearch,
       +[no]defname, +[no]aaonly, +[no]cmd,      +[no]identify, +[no]comments, +[no]rrcomments,
       +[no]onesoa, +[no]besteffort, +[no]sigchase,  +[no]topdown, +[no]nssearch, +[no]trace.

       Per-user file configuration via ${HOME}/.digrc.


       Example 1. Get A record for

       # kdig A

       Example 2. Perform AXFR for zone from the server

       # kdig -t AXFR @

       Example 3. Get A record for from  and  reverse  lookup  for  address
       2001:DB8::1 from Both using TCP protocol:

       # kdig +tcp -t A @ -x 2001:DB8::1 @




       Daniel Salzman (

       Please send any bug reports or comments to


       khost(1), knsupdate(1).