Provided by: pdns-tools_4.8.1-1build1_amd64
NAME
sdig - Perform a DNS query and show the results
SYNOPSIS
sdig IP-ADDRESS-OR-DOH-URL PORT QNAME QTYPE [OPTION]
DESCRIPTION
sdig sends a DNS query to IP-ADDRESS-OR-DOH-URL on port PORT and displays the answer in a formatted way. If the address starts with an h, it is assumed to be a DoH endpoint, and PORT is ignored. If qname and qtype are both - and tcp is used, multiple lines are read from stdin, where each line contains a qname and a type. If the address is stdin, a DNS packet is read from stdin instead of from the network, and PORT is ignored. All input is literal and case sensitive. Queries need option recurse to expect a resource record reply if the query target is not known to be the authoritative server for that record.
OPTIONS
These options can be added to the commandline in any order. class CLASSNUM Send the query in the numbered class (like 3 for CHAOS) instead of the default 1 (for IN). dnssec Set the DO bit to request DNSSEC information. ednssubnet SUBNET Send SUBNET in the edns-client-subnet option. If this option is not set, no edns-client-subnet option is set in the query. hidesoadetails Don't show the SOA serial in the response. hidettl Replace TTLs with [ttl] in the response. proxy TCP? SRC DST Wrap query in PROXYv2 protocol with these parameters. The first parameter accepts 0 for UDP and 1 for TCP. The second and third take IP addresses and port. recurse Set the RD bit in the question. showflags Show the NSEC3 flags in the response (they are hidden by default). dumpluaraw Display record contents in a form suitable for dnsdist's SpoofRawAction. tcp Use TCP instead of UDP to send the query. dot use DoT instead of UDP to send a query. Implies tcp. insecure when using DoT, do not validate the server certificate. fastOpen when using TCP or, DoT, enable TCP Fast Open subjectName name when using DoT, verify the server certificate is issued for name. The openssl provider will accept an empty name and still make sure the certificate is issued by a trusted CA, gnutls will only do the validation if a name is given. Default is the empty name. Also, note that older provide libraries might not validate at all. caStore file when using DoT, read the trusted CA certificates from file. Default is to use the system provided CA store. tlsProvider name when using DoT, use TLS provider name. Currently supported (if compiled in): openssl and gnutls. Default is openssl if available. xpf XPFCODE XPFVERSION XPFPROTO XPFSRC XPFDST Send an XPF additional with these parameters. opcode OPNUM Use opcode OPNUM instead of 0 (Query). For example, sdig 192.0.2.1 53 example.com SOA opcode 4 sends a NOTIFY.
EXAMPLES
Simple queries to local resolvers sdig 127.0.0.1 53 example.com AAAA recurse sdig ::1 53 example.com A recurse Query to a DNS-over-HTTPS server requesting dnssec and recursion sdig https://dns.example.net/dns-query 443 example.com A dnssec recurse
AUTHOR
PowerDNS.COM BV
COPYRIGHT
2001-2023, PowerDNS.COM BV Jul 07, 2023 SDIG(1)