LinuxCommandLibrary

kdig

Query DNS servers

TLDR

Lookup the IP(s) associated with a hostname (A records)

$ kdig [example.com]
copy

Specify a specific DNS server to query (e.g. Google DNS)
$ kdig [example.com] @[8.8.8.8]
copy

Query a specific DNS record type associated with a given domain name
$ kdig [example.com] [A|AAAA|NS|SOA|DNSKEY|ANY]
copy

Lookup the IP(s) associated with a hostname (A records) using DNS over TLS (DoT)
$ kdig -d @[8.8.8.8] +tls-ca +tls-host=[dns.google] [example.com]
copy

Lookup the IP(s) associated with a hostname (A records) using DNS over HTTPS (DoH)
$ kdig -d @[1.1.1.1] +https +tls-hostname=[1dot1dot1dot1.cloudflare-dns.com] [example.com]
copy

SYNOPSIS

kdig [@server] [name] [type] [options]

PARAMETERS

@server
    Specifies the DNS server to query. If not provided, the system's configured DNS servers are used.

name
    The domain name or hostname to query.

type
    The type of DNS record to query (e.g., A, AAAA, MX, TXT, NS, SOA, ANY).

+[no]tcp
    Use TCP (or not) for the DNS query.

+[no]edns
    Enable (or disable) EDNS0.

+dnssec
    Request DNSSEC records.

+short
    Display a short answer.

+trace
    Enable tracing of the DNS resolution path.

+retry
    Sets the number of retries

+timeout
    Sets the timeout

-x address
    Perform a reverse lookup for the given IP address.

-f filename
    Execute queries from a file.

DESCRIPTION

kdig is a powerful DNS lookup utility, similar to dig, but with enhanced features and flexibility, particularly in crafting DNS queries and interpreting responses. It provides more control over query options, allowing users to specify the DNS server, query type, record type, and other parameters with precision. kdig is useful for diagnosing DNS problems, verifying DNS configurations, and learning about DNS.
Key features include support for DNSSEC validation, various query types (A, AAAA, MX, TXT, etc.), and options to control the query process, making it a valuable tool for network administrators and DNS enthusiasts.
Unlike some simpler tools, kdig readily supports features such as TCP queries, EDNS0, and more complex DNSSEC related operations. It is often part of the BIND distribution.

DNSSEC VALIDATION

kdig provides comprehensive support for DNSSEC validation, allowing users to verify the authenticity and integrity of DNS responses. It can be used to diagnose DNSSEC-related issues and confirm the correct configuration of DNSSEC records.

QUERY OPTIONS

kdig's extensive query options allow users to fine-tune the DNS query process, enabling them to specify the DNS server, query type, record type, protocol (TCP or UDP), and other parameters with precision.

HISTORY

kdig evolved as a complement to dig within the BIND DNS software suite. It was created to address shortcomings in the original dig tool, offering a more streamlined and extensible interface for DNS query and response analysis. Its development prioritized features such as robust DNSSEC support and enhanced control over query parameters. Over time, kdig has become a favorite among network administrators who need detailed control when working with DNS.

SEE ALSO

dig(1), host(1), nslookup(1)

Copied to clipboard