unbound-host

Look up a hostname

$ unbound-host [example.com]

$ unbound-host -v [example.com]

$ unbound-host -t [MX] [example.com]

$ unbound-host -r [example.com]

$ unbound-host -f [8.8.8.8] [example.com]

$ unbound-host -C [/etc/unbound/unbound.conf] [example.com]

$ unbound-host -4 [example.com]

unbound-host [options] hostname

unbound-host performs DNS lookups using the Unbound resolver library. It provides DNSSEC validation capabilities, showing whether responses are secure, insecure, or bogus (failed validation).
By default, the tool queries root servers directly without reading system configuration. The -r option uses resolvers from /etc/resolv.conf, though this may break DNSSEC validation if those servers don't support it.
Validation status in verbose mode shows: secure (cryptographically validated), insecure (no DNSSEC for domain), or bogus (validation failed, possible tampering).

-v

Verbose output with DNSSEC validation status.

Query specific record type (A, AAAA, MX, TXT, etc.).

Query specific class (IN, CH, HS).

Read /etc/resolv.conf for DNS servers.

Use specified DNS server.

Use unbound configuration file.

Specify trust anchor for DNSSEC validation.

Use IPv4 only.

Use IPv6 only.

Enable DNSSEC validation.

Display help.

Direct root queries may be slow or blocked by firewalls. Using -r with non-DNSSEC servers breaks validation. Trust anchors must be current for DNSSEC to work correctly.

unbound-host is part of the Unbound project by NLnet Labs, providing command-line access to Unbound's validating resolver capabilities. It was designed as a DNSSEC-aware alternative to traditional host and dig commands.

unbound(8), dig(1), host(1), drill(1), nslookup(1)