Provided by: knot-dnsutils_2.1.1-1build1_amd64 bug


       kdig - Advanced DNS lookup utility


       kdig [common-settings] [query [settings]]...

       kdig -h


       This utility sends one or more DNS queries to a nameserver. Each query can have individual
       settings, or it can be specified globally via common-settings, which  must  precede  query

       query  name | -q name | -x address | -G tapfile

       common-settings, settings
              [class] [type] [@server]... [options]

       name   Is a domain name that is to be looked up.

       server Is  a  domain name or an IPv4 or IPv6 address of the nameserver to send a query to.
              An additional port can be specified using  address:port  ([address]:port  for  IPv6
              address),  address@port,  or  address#port notation. If no server is specified, the
              servers from /etc/resolv.conf are used.

       If no arguments are provided, kdig sends NS query for the root zone.

       -4     Use the IPv4 protocol only.

       -6     Use the IPv6 protocol only.

       -b address
              Set the source IP address of the query to address. The  address  must  be  a  valid
              address  for local interface or :: or An optional port can be specified in
              the same format as the server value.

       -c class
              Set the query class (e.g. CH, CLASS4). An explicit variant of class  specification.
              The default class is IN.

       -d     Enable debug messages.

       -h, --help
              Print the program help.

       -k keyfile
              Use  the  TSIG  key  stored in a file keyfile to authenticate the request. The file
              must contain the key in the same format as accepted by the -y option.

       -p port
              Set the nameserver port number or service name to send a query to. The default port
              is 53.

       -q name
              Set the query name. An explicit variant of name specification.

       -t type
              Set the query type (e.g. NS, IXFR=12345, TYPE65535, NOTIFY). An explicit variant of
              type specification. The default type is A. IXFR type requires SOA serial parameter.
              NOTIFY type without SOA serial parameter causes pure NOTIFY message without any SOA

       -V, --version
              Print the program version.

       -x address
              Send a reverse (PTR) query for IPv4 or IPv6 address. The correct  name,  class  and
              type is set automatically.

       -y [alg:]name:key
              Use the TSIG key named name to authenticate the request. The alg part specifies the
              algorithm (the default is hmac-md5) and key specifies the shared secret encoded  in

       -E tapfile
              Export  a  dnstap  trace  of  the  query and response messages received to the file

       -G tapfile
              Generate message output from a previously saved dnstap file tapfile.

              Wrap long records to more lines and improve human readability.

              Show record data only.

              Set the AA flag.

              Set the TC flag.

              Set the RD flag.

              Same as +[no]rdflag

              Set the RA flag.

              Set the zero flag bit.

              Set the AD flag.

              Set the CD flag.

              Set the DO flag.

              Show all packet sections.

              Show the query packet.

              Show the packet header.

              Show the EDNS pseudosection.

              Show the question section.

              Show the answer section.

              Show the authority section.

              Show the additional section.

              Show the TSIG pseudosection.

              Show trailing packet statistics.

              Show the DNS class.

              Show the TTL value.

              Use the TCP protocol (default is UDP for standard query and TCP for AXFR/IXFR).

              Don't use TCP automatically if a truncated reply is received.

              Request the nameserver identifier (NSID).

              Use EDNS version (default is 0).

       +noidn Disable the IDN transformation to ASCII and vice versa. IDNA2003 support depends on
              libidn availability during project building!

              Use the generic representation format when printing resource record types and data.

              Set the EDNS client subnet SUBN=IP/prefix.

              Set  the  wait-for-reply  interval  in seconds (default is 5 seconds). This timeout
              applies to each query attempt.

              Set the number (>=0)  of  UDP  retries  (default  is  2).  This  doesn't  apply  to

              Set the EDNS buffer size in bytes (default is 512 bytes).


       Options -k and -y can not be used simultaneously.

       Missing features with regard to ISC dig:
          Options  -f  and  -m and query options: +split=W, +tries=T, +ndots=D, +domain=somename,
          +trusted-key=####,  +[no]fail,  +[no]vc,  +[no]search,  +[no]showsearch,  +[no]defname,
          +[no]aaonly,  +[no]cmd,  +[no]identify,  +[no]comments,  +[no]rrcomments,  +[no]onesoa,
          +[no]besteffort, +[no]sigchase, +[no]topdown, +[no]nssearch, and +[no]trace.

          Per-user file configuration via ~/.digrc.


       1. Get A records for

             $ kdig A

       2. Perform AXFR for zone from the server

             $ kdig -t AXFR @

       3. Get A records for from and reverse lookup for address 2001:DB8::1
          from Both using the TCP protocol:

             $ kdig +tcp -t A @ -x 2001:DB8::1 @




       khost(1), knsupdate(1).


       CZ.NIC Labs <>


       Copyright 2010–2016, CZ.NIC, z.s.p.o.