File: sdig.1

package info (click to toggle)
pdns 5.0.2-1
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid
  • size: 10,824 kB
  • sloc: cpp: 101,240; sh: 5,616; makefile: 2,318; sql: 860; ansic: 675; python: 635; yacc: 245; perl: 161; lex: 131
file content (124 lines) | stat: -rw-r--r-- 4,503 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
 
.\" Man page generated from reStructuredText.
.
.
.nr rst2man-indent-level 0
.
.de1 rstReportMargin
\\$1 \\n[an-margin]
level \\n[rst2man-indent-level]
level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
-
\\n[rst2man-indent0]
\\n[rst2man-indent1]
\\n[rst2man-indent2]
..
.de1 INDENT
.\" .rstReportMargin pre:
. RS \\$1
. nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin]
. nr rst2man-indent-level +1
.\" .rstReportMargin post:
..
.de UNINDENT
. RE
.\" indent \\n[an-margin]
.\" old: \\n[rst2man-indent\\n[rst2man-indent-level]]
.nr rst2man-indent-level -1
.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
..
.TH "SDIG" "1" "Dec 11, 2025" "" "PowerDNS Authoritative Server"
.SH NAME
sdig \- Perform a DNS query and show the results
.SH SYNOPSIS
.sp
\fBsdig\fP \fIIP\-ADDRESS\-OR\-DOH\-URL\fP \fIPORT\fP \fIQNAME\fP \fIQTYPE\fP [\fIOPTION\fP]
.SH DESCRIPTION
.sp
\fBsdig\fP sends a DNS query to \fIIP\-ADDRESS\-OR\-DOH\-URL\fP on port \fIPORT\fP and displays the answer in a formatted way.
If the address starts with an \fBh\fP, it is assumed to be a DoH endpoint, and \fIPORT\fP is ignored.
If qname and qtype are both \fI\-\fP and tcp is used, multiple lines are read from stdin, where each line contains a qname and a type.
If the address is \fBstdin\fP, a DNS packet is read from stdin instead of from the network, and \fIPORT\fP is ignored.
All input is literal and case\-sensitive.
Queries need option \fIrecurse\fP to expect a resource record reply if the query target is not known to be the authoritative server for that record.
.SH OPTIONS
.sp
These options can be added to the commandline in any order.
.INDENT 0.0
.TP
.B class \fICLASSNUM\fP
Send the query in the numbered class (like 3 for CHAOS) instead of the default 1 (for IN).
.TP
.B dnssec
Set the DO bit to request DNSSEC information.
.TP
.B ednssubnet \fISUBNET\fP
Send \fISUBNET\fP in the edns\-client\-subnet option. If this option is not set, no edns\-client\-subnet option is set in the query.
.TP
.B hidesoadetails
Don\(aqt show the SOA serial in the response.
.TP
.B hidettl
Replace TTLs with \fI[ttl]\fP in the response.
.TP
.B proxy \fITCP?\fP \fISRC\fP \fIDST\fP
Wrap query in PROXYv2 protocol with these parameters. The first parameter accepts 0 for UDP and 1 for TCP. The second and third take IP addresses and port.
.TP
.B recurse
Set the RD bit in the question.
.TP
.B showflags
Show the NSEC3 flags in the response (they are hidden by default).
.TP
.B dumpluaraw
Display record contents in a form suitable for dnsdist\(aqs \fISpoofRawAction\fP\&.
.TP
.B tcp
Use TCP instead of UDP to send the query.
.TP
.B dot
use DoT instead of UDP to send a query. Implies tcp.
.TP
.B insecure
when using DoT, do not validate the server certificate.
.TP
.B fastOpen
when using TCP or, DoT, enable TCP Fast Open
.TP
.B subjectName \fIname\fP
when using DoT, verify the server certificate is issued for \fIname\fP\&. The \fIopenssl\fP provider will accept an empty name and still
make sure the certificate is issued by a trusted CA, \fIgnutls\fP will only do the validation if a name is given.
Default is the empty name. Also, note that older provide libraries might not validate at all.
.TP
.B caStore \fIfile\fP
when using DoT, read the trusted CA certificates from \fIfile\fP\&. Default is to use the system provided CA store.
.TP
.B tlsProvider \fIname\fP
when using DoT, use TLS provider \fIname\fP\&. Currently supported (if compiled in): \fIopenssl\fP and \fIgnutls\fP\&. Default is \fIopenssl\fP if available.
.TP
.B opcode \fIOPNUM\fP
Use opcode \fIOPNUM\fP instead of 0 (Query). For example, \fBsdig 192.0.2.1 53 example.com SOA opcode 4\fP sends a \fBNOTIFY\fP\&.
.TP
.B cookie \fICOOKIE\fP
if \fICOOKIE\fP is \fB\-\fP send a random client cookie. Otherwise, send the given cookie, which should be a hex string received from a server earlier.
.TP
.B traceid \fITraceID\fP
include a TraceID and an empty SpanID value into the EDNS data. If TraceID is \fB\-\fP, a random TraceID is generated; otherwise, it is a hex string.
.UNINDENT
.SH EXAMPLES
.INDENT 0.0
.TP
.B Simple queries to local resolvers
\fBsdig 127.0.0.1 53 example.com AAAA recurse\fP
.sp
\fBsdig ::1 53 example.com A recurse\fP
.TP
.B Query to a DNS\-over\-HTTPS server requesting dnssec and recursion
\fBsdig https://dns.example.net/dns\-query 443 example.com A dnssec recurse\fP
.UNINDENT
.SH AUTHOR
PowerDNS.COM BV
.SH COPYRIGHT
PowerDNS.COM BV
.\" Generated by docutils manpage writer.
.