kdig
Query DNS servers
TLDR
Lookup the IP(s) associated with a hostname (A records)
Specify a specific DNS server to query (e.g. Google DNS)
Query a specific DNS record type associated with a given domain name
Lookup the IP(s) associated with a hostname (A records) using DNS over TLS (DoT)
Lookup the IP(s) associated with a hostname (A records) using DNS over HTTPS (DoH)
SYNOPSIS
kdig [@server] [name] [type] [options]
PARAMETERS
@server
Specifies the DNS server to query. If not provided, the system's configured DNS servers are used.
name
The domain name or hostname to query.
type
The type of DNS record to query (e.g., A, AAAA, MX, TXT, NS, SOA, ANY).
+[no]tcp
Use TCP (or not) for the DNS query.
+[no]edns
Enable (or disable) EDNS0.
+dnssec
Request DNSSEC records.
+short
Display a short answer.
+trace
Enable tracing of the DNS resolution path.
+retry
Sets the number of retries
+timeout
Sets the timeout
-x address
Perform a reverse lookup for the given IP address.
-f filename
Execute queries from a file.
DESCRIPTION
kdig is a powerful DNS lookup utility, similar to dig, but with enhanced features and flexibility, particularly in crafting DNS queries and interpreting responses. It provides more control over query options, allowing users to specify the DNS server, query type, record type, and other parameters with precision. kdig is useful for diagnosing DNS problems, verifying DNS configurations, and learning about DNS.
Key features include support for DNSSEC validation, various query types (A, AAAA, MX, TXT, etc.), and options to control the query process, making it a valuable tool for network administrators and DNS enthusiasts.
Unlike some simpler tools, kdig readily supports features such as TCP queries, EDNS0, and more complex DNSSEC related operations. It is often part of the BIND distribution.
DNSSEC VALIDATION
kdig provides comprehensive support for DNSSEC validation, allowing users to verify the authenticity and integrity of DNS responses. It can be used to diagnose DNSSEC-related issues and confirm the correct configuration of DNSSEC records.
QUERY OPTIONS
kdig's extensive query options allow users to fine-tune the DNS query process, enabling them to specify the DNS server, query type, record type, protocol (TCP or UDP), and other parameters with precision.
HISTORY
kdig evolved as a complement to dig within the BIND DNS software suite. It was created to address shortcomings in the original dig tool, offering a more streamlined and extensible interface for DNS query and response analysis. Its development prioritized features such as robust DNSSEC support and enhanced control over query parameters. Over time, kdig has become a favorite among network administrators who need detailed control when working with DNS.