Site Navigation

FreeBSD Manual Pages

   man apropos
 
   All Sections 1 - General Commands 2 - System Calls 3 - Subroutines 4 - Special Files 5 - File Formats 6 - Games 7 - Macros and Conventions 8 - Maintenance Commands 9 - Kernel Interface n - New Commands FreeBSD 16.0-CURRENT FreeBSD 15.0-STABLE FreeBSD 14.3-RELEASE FreeBSD 14.3-RELEASE and Ports FreeBSD 14.3-STABLE FreeBSD 14.2-RELEASE FreeBSD 14.2-RELEASE and Ports FreeBSD 14.1-RELEASE FreeBSD 14.1-RELEASE and Ports FreeBSD 14.0-RELEASE FreeBSD 14.0-RELEASE and Ports FreeBSD 13.5-RELEASE FreeBSD 13.5-RELEASE and Ports FreeBSD 13.5-STABLE FreeBSD 13.4-RELEASE FreeBSD 13.4-RELEASE and Ports FreeBSD 13.3-RELEASE FreeBSD 13.3-RELEASE and Ports FreeBSD 13.2-RELEASE FreeBSD 13.2-RELEASE and Ports FreeBSD 13.1-RELEASE FreeBSD 13.1-RELEASE and Ports FreeBSD 13.0-RELEASE FreeBSD 13.0-RELEASE and Ports FreeBSD 12.4-RELEASE FreeBSD 12.4-RELEASE and Ports FreeBSD 12.3-RELEASE FreeBSD 12.3-RELEASE and Ports FreeBSD 12.2-RELEASE FreeBSD 12.2-RELEASE and Ports FreeBSD 12.1-RELEASE FreeBSD 12.1-RELEASE and Ports FreeBSD 12.0-RELEASE FreeBSD 12.0-RELEASE and Ports FreeBSD 11.4-RELEASE FreeBSD 11.4-RELEASE and Ports FreeBSD 11.3-RELEASE FreeBSD 11.3-RELEASE and Ports FreeBSD 11.2-RELEASE FreeBSD 11.2-RELEASE and Ports FreeBSD 11.1-RELEASE FreeBSD 11.1-RELEASE and Ports FreeBSD 11.0-RELEASE FreeBSD 11.0-RELEASE and Ports FreeBSD 10.4-RELEASE FreeBSD 10.4-RELEASE and Ports FreeBSD 10.3-RELEASE FreeBSD 10.3-RELEASE and Ports FreeBSD 10.2-RELEASE FreeBSD 10.2-RELEASE and Ports FreeBSD 10.1-RELEASE FreeBSD 10.1-RELEASE and Ports FreeBSD 10.0-RELEASE FreeBSD 10.0-RELEASE and Ports FreeBSD 9.3-RELEASE FreeBSD 9.3-RELEASE and Ports FreeBSD 9.2-RELEASE FreeBSD 9.2-RELEASE and Ports FreeBSD 9.1-RELEASE FreeBSD 9.1-RELEASE and Ports FreeBSD 9.0-RELEASE FreeBSD 9.0-RELEASE and Ports FreeBSD 8.4-RELEASE FreeBSD 8.4-RELEASE and Ports FreeBSD 8.3-RELEASE FreeBSD 8.3-RELEASE and Ports FreeBSD 8.2-RELEASE FreeBSD 8.2-RELEASE and Ports FreeBSD 8.1-RELEASE FreeBSD 8.1-RELEASE and Ports FreeBSD 8.0-RELEASE FreeBSD 8.0-RELEASE and Ports FreeBSD 7.4-RELEASE FreeBSD 7.4-RELEASE and Ports FreeBSD 7.3-RELEASE FreeBSD 7.3-RELEASE and Ports FreeBSD 7.2-RELEASE FreeBSD 7.2-RELEASE and Ports FreeBSD 7.1-RELEASE FreeBSD 7.1-RELEASE and Ports FreeBSD 7.0-RELEASE FreeBSD 6.4-RELEASE FreeBSD 6.4-RELEASE and Ports FreeBSD 6.3-RELEASE FreeBSD 6.3-RELEASE and Ports FreeBSD 6.2-RELEASE FreeBSD 6.1-RELEASE FreeBSD 6.0-RELEASE FreeBSD 6.0-RELEASE and Ports FreeBSD 5.5-RELEASE FreeBSD 5.5-RELEASE and Ports FreeBSD 5.4-RELEASE FreeBSD 5.4-RELEASE and Ports FreeBSD 5.3-RELEASE FreeBSD 5.3-RELEASE and Ports FreeBSD 5.2.1-RELEASE FreeBSD 5.2.1-RELEASE and Ports FreeBSD 5.2-RELEASE FreeBSD 5.2-RELEASE and Ports FreeBSD 5.1-RELEASE FreeBSD 5.0-RELEASE FreeBSD 4.11-RELEASE FreeBSD 4.11-RELEASE and Ports FreeBSD 4.10-RELEASE FreeBSD 4.10-RELEASE and Ports FreeBSD 4.9-RELEASE FreeBSD 4.9-RELEASE and Ports FreeBSD 4.8-RELEASE FreeBSD 4.8-RELEASE and Ports FreeBSD 4.7-RELEASE FreeBSD 4.6.2-RELEASE FreeBSD 4.6.2-RELEASE and Ports FreeBSD 4.6-RELEASE FreeBSD 4.6-RELEASE and Ports FreeBSD 4.5-RELEASE FreeBSD 4.5-RELEASE and Ports FreeBSD 4.4-RELEASE FreeBSD 4.3-RELEASE FreeBSD 4.3-RELEASE and Ports FreeBSD 4.2-RELEASE FreeBSD 4.2-RELEASE and Ports FreeBSD 4.1.1-RELEASE FreeBSD 4.1.1-RELEASE and Ports FreeBSD 4.1-RELEASE FreeBSD 4.0-RELEASE FreeBSD 3.5.1-RELEASE FreeBSD 3.5.1-RELEASE and Ports FreeBSD 3.5-RELEASE and Ports FreeBSD 3.4-RELEASE FreeBSD 3.4-RELEASE and Ports FreeBSD 3.3-RELEASE FreeBSD 3.2-RELEASE FreeBSD 3.1-RELEASE FreeBSD 3.0-RELEASE FreeBSD 2.2.8-RELEASE FreeBSD 2.2.8-RELEASE and Ports FreeBSD 2.2.7-RELEASE FreeBSD 2.2.6-RELEASE FreeBSD 2.2.5-RELEASE FreeBSD 2.2.2-RELEASE FreeBSD 2.2.1-RELEASE FreeBSD 2.1.7.1-RELEASE FreeBSD 2.1.6.1-RELEASE FreeBSD 2.1.5-RELEASE FreeBSD 2.1.0-RELEASE FreeBSD 2.0.5-RELEASE FreeBSD 2.0-RELEASE FreeBSD 1.1.5.1-RELEASE FreeBSD 1.1-RELEASE FreeBSD 1.0-RELEASE FreeBSD Ports 14.3 FreeBSD Ports 14.3.quarterly FreeBSD Ports 14.2 FreeBSD Ports 14.1 FreeBSD Ports 14.0 FreeBSD Ports 13.5 FreeBSD Ports 13.4 FreeBSD Ports 13.3 FreeBSD Ports 13.2 FreeBSD Ports 13.1 FreeBSD Ports 13.0 FreeBSD Ports 12.4 FreeBSD Ports 12.3 FreeBSD Ports 12.2 FreeBSD Ports 12.1 FreeBSD Ports 12.0 FreeBSD Ports 11.4 FreeBSD Ports 11.3 FreeBSD Ports 11.2 FreeBSD Ports 11.1 FreeBSD Ports 11.0 FreeBSD Ports 10.4 FreeBSD Ports 10.3 FreeBSD Ports 10.2 FreeBSD Ports 10.1 FreeBSD Ports 10.0 FreeBSD Ports 9.3 FreeBSD Ports 9.2 FreeBSD Ports 9.1 FreeBSD Ports 9.0 FreeBSD Ports 8.4 FreeBSD Ports 8.3 FreeBSD Ports 8.2 FreeBSD Ports 8.1 FreeBSD Ports 8.0 FreeBSD Ports 7.4 FreeBSD Ports 7.3 FreeBSD Ports 7.2 FreeBSD Ports 7.1 FreeBSD Ports 7.0 FreeBSD Ports 6.4 FreeBSD Ports 6.3 FreeBSD Ports 6.2 FreeBSD Ports 6.0 FreeBSD Ports 5.5 FreeBSD Ports 5.4 FreeBSD Ports 5.3 FreeBSD Ports 5.2.1 FreeBSD Ports 5.2 FreeBSD Ports 5.1 FreeBSD Ports 4.11 FreeBSD Ports 4.10 FreeBSD Ports 4.9 FreeBSD Ports 4.8 FreeBSD Ports 4.7 FreeBSD Ports 4.6.2 FreeBSD Ports 4.6 FreeBSD Ports 4.5 FreeBSD Ports 4.3 FreeBSD Ports 4.2 FreeBSD Ports 4.1.1 FreeBSD Ports 3.5.1 FreeBSD Ports 3.5 FreeBSD Ports 3.4 FreeBSD Ports 2.2.8 4.4BSD Lite2 4.3BSD NET/2 4.3BSD Reno 2.11 BSD 2.10 BSD 2.9.1 BSD 2.8 BSD 386BSD 0.1 386BSD 0.0 CentOS 7.9 CentOS 7.8 CentOS 7.7 CentOS 7.6 CentOS 7.5 CentOS 7.4 CentOS 7.3 CentOS 7.2 CentOS 7.1 CentOS 7.0 CentOS 6.10 CentOS 6.9 CentOS 6.8 CentOS 6.7 CentOS 6.6 CentOS 6.5 CentOS 6.4 CentOS 6.3 CentOS 6.2 CentOS 6.1 CentOS 6.0 CentOS 5.11 CentOS 5.10 CentOS 5.9 CentOS 5.8 CentOS 5.7 CentOS 5.6 CentOS 5.5 CentOS 5.4 CentOS 4.8 CentOS 3.9 Darwin 8.0.1/ppc Darwin 7.0.1 Darwin 6.0.2/x86 Darwin 1.4.1/x86 Darwin 1.3.1/x86 Debian 14.0 unstable Debian 13.1.0 Debian 12.12.0 Debian 11.11.0 Debian 10.13.0 Debian 9.13.0 Debian 8.11.1 Debian 7.11.0 Debian 6.0.10 Debian 5.0.10 Debian 4.0.9 Debian 3.1.8 Debian 2.2.7 Debian 2.0.0 Dell UNIX SVR4 2.2 DragonFly 6.4.0 DragonFly 5.8.3 DragonFly 4.8.1 DragonFly 3.8.2 DragonFly 2.10.1 DragonFly 1.12.1 DragonFly 1.0A HP-UX 11.22 HP-UX 11.20 HP-UX 11.11 HP-UX 11.00 HP-UX 10.20 HP-UX 10.10 HP-UX 10.01 HP-UX 9.07 HP-UX 8.07 Inferno 4th Edition IRIX 6.5.30 Linux Slackware 3.1 MACH 2.5/i386 macOS 26.0 macOS 15.7 macOS 14.8 macOS 13.6.5 macOS 12.7.3 macOS 11.1 macOS 10.15.0 macOS 10.13.6 macOS 10.12.0 Minix 3.3.0 Minix 3.2.1 Minix 3.2.0 Minix 3.1.7 Minix 3.1.6 Minix 3.1.5 Minix 2.0.0 NetBSD 10.1 NetBSD 10.0 NetBSD 9.4 NetBSD 9.3 NetBSD 9.2 NetBSD 9.1 NetBSD 9.0 NetBSD 8.3 NetBSD 8.2 NetBSD 8.1 NetBSD 8.0 NetBSD 7.2 NetBSD 7.1.2 NetBSD 7.1 NetBSD 7.0 NetBSD 6.1.5 NetBSD 6.0 NetBSD 5.2.3 NetBSD 5.2 NetBSD 5.1 NetBSD 5.0 NetBSD 4.0.1 NetBSD 4.0 NetBSD 3.1 NetBSD 3.0 NetBSD 2.1 NetBSD 2.0.2 NetBSD 2.0 NetBSD 1.6.2 NetBSD 1.6.1 NetBSD 1.6 NetBSD 1.5.3 NetBSD 1.5.2 NetBSD 1.5.1 NetBSD 1.5 NetBSD 1.4.3 NetBSD 1.4.2 NetBSD 1.4.1 NetBSD 1.4 NetBSD 1.3.3 NetBSD 1.3.2 NetBSD 1.3.1 NetBSD 1.3 NetBSD 1.2.1 NetBSD 1.2 NetBSD 1.1 NetBSD 1.0 NeXTSTEP 3.3 OpenBSD 7.8 OpenBSD 7.7 OpenBSD 7.6 OpenBSD 7.5 OpenBSD 7.4 OpenBSD 7.3 OpenBSD 7.2 OpenBSD 7.1 OpenBSD 7.0 OpenBSD 6.9 OpenBSD 6.8 OpenBSD 6.7 OpenBSD 6.6 OpenBSD 6.5 OpenBSD 6.4 OpenBSD 6.3 OpenBSD 6.2 OpenBSD 6.1 OpenBSD 6.0 OpenBSD 5.9 OpenBSD 5.8 OpenBSD 5.7 OpenBSD 5.6 OpenBSD 5.5 OpenBSD 5.4 OpenBSD 5.3 OpenBSD 5.2 OpenBSD 5.1 OpenBSD 5.0 OpenBSD 4.9 OpenBSD 4.8 OpenBSD 4.7 OpenBSD 4.6 OpenBSD 4.5 OpenBSD 4.4 OpenBSD 4.3 OpenBSD 4.2 OpenBSD 4.1 OpenBSD 4.0 OpenBSD 3.9 OpenBSD 3.8 OpenBSD 3.7 OpenBSD 3.6 OpenBSD 3.5 OpenBSD 3.4 OpenBSD 3.3 OpenBSD 3.2 OpenBSD 3.1 OpenBSD 3.0 OpenBSD 2.9 OpenBSD 2.8 OpenBSD 2.7 OpenBSD 2.6 OpenBSD 2.5 OpenBSD 2.4 OpenBSD 2.3 OpenBSD 2.2 OpenBSD 2.1 OpenBSD 2.0 OpenDarwin 7.2.1 OpenDarwin 6.6.2/x86 OpenDarwin 6.6.1/x86 OpenDarwin 20030208pre4/ppc OpenIndiana 2024.10 OpenIndiana 2022.10 OpenIndiana 2020.10 OpenIndiana 2017.10 OpenIndiana 2015.10 OpenIndiana 2013.08 OpenSolaris 2010.03 OpenSolaris 2009.06 OpenStep 4.2 openSUSE 42.3 openSUSE 42.2 openSUSE 42.1 openSUSE 16.0 openSUSE 15.6 openSUSE 15.5 openSUSE 15.4 openSUSE 15.3 openSUSE 15.2 openSUSE 15.1 openSUSE 15.0 openSUSE 13.2 openSUSE 13.1 openSUSE 11.4 openSUSE 11.3 openSUSE 11.2 openSUSE 10.3 openSUSE 10.2 OSF1 V5.1/alpha OSF1 V4.0/alpha OSF1 V1.0/mips Plan 9 Red Hat 9.0 Red Hat 8.0 Red Hat 7.3 Red Hat 7.2 Red Hat 7.1 Red Hat 7.0 Red Hat 6.2 Red Hat 6.1 Red Hat 5.2 Red Hat 5.0 Red Hat 4.2 Rhapsody DR1 Rhapsody DR2 Rocky 10.0 Rocky 9.6 Rocky 9.5 Rocky 9.4 Rocky 9.3 Rocky 9.2 Rocky 9.1 Rocky 9.0 Rocky 8.10 Rocky 8.9 Rocky 8.8 Rocky 8.7 Rocky 8.6 Rocky 8.5 Rocky 8.4 Rocky 8.3 Sun UNIX 0.4 SunOS 5.10 SunOS 5.9 SunOS 5.8 SunOS 5.7 SunOS 5.6 SunOS 5.5.1 SunOS 4.1.3 SuSE 11.3 SuSE 11.2 SuSE 11.1 SuSE 11.0 SuSE 10.3 SuSE 10.2 SuSE 10.1 SuSE 10.0 SuSE 9.3 SuSE 9.2 SuSE 8.2 SuSE 8.1 SuSE 8.0 SuSE 7.3 SuSE 7.2 SuSE 7.1 SuSE 7.0 SuSE 6.4 SuSE 6.3 SuSE 6.1 SuSE 6.0 SuSE 5.3 SuSE 5.2 SuSE 5.0 SuSE 4.3 SuSE ES 10 SP1 Ubuntu 24.04 noble Ubuntu 23.10 mantic Ubuntu 22.04 jammy Ubuntu 20.04 focal Ubuntu 18.04 bionic Ubuntu 16.04 xenial Ubuntu 14.04 trusty ULTRIX 4.2 Ultrix-32 2.0/VAX Unix Seventh Edition X11R7.4 X11R7.3.2 X11R7.2 X11R6.9.0 X11R6.8.2 X11R6.7.0 XFree86 4.8.0 XFree86 4.7.0 XFree86 4.6.0 XFree86 4.5.0 XFree86 4.4.0 XFree86 4.3.0 XFree86 4.2.99.3 XFree86 4.2.0 XFree86 4.1.0 XFree86 4.0.2 XFree86 4.0.1 XFree86 4.0 XFree86 3.3.6 XFree86 3.3 XFree86 2.1 All Architectures html pdf ascii

home | help

---

KDIG(1)				   Knot	DNS			       KDIG(1)

NAME
       kdig - Advanced DNS lookup utility

SYNOPSIS
       kdig [common-settings] [query [settings]]...

       kdig -h

DESCRIPTION
       This  utility sends one or more DNS queries to a	nameserver. Each query
       can have	individual settings, or	it can be specified globally via  com-
       mon-settings, which must	precede	query specification.

   Parameters
       query  name | -q	name | -x address | -G tapfile

       common-settings,	settings
	      [query_class] [query_type] [@server]... [options]

       name   Is a domain name that is to be looked up.

       server Is a domain name or an IPv4 or IPv6 address of the nameserver to
	      send  a  query to. An additional port can	be specified using ad-
	      dress:port ([address]:port for IPv6 address),  address@port,  or
	      address#port  notation.  A value which begins with '/' character
	      is considered an absolute	UNIX socket  path.  If	no  server  is
	      specified, the servers from /etc/resolv.conf are used.

       If no arguments are provided, kdig sends	NS query for the root zone.

   Query classes
       A  query_class can be either a DNS class	name (IN, CH) or generic class
       specification CLASSXXXXX	where XXXXX is a corresponding	decimal	 class
       number. The default query class is IN.

   Query types
       A  query_type  can  be  either a	DNS resource record type (A, AAAA, NS,
       SOA, DNSKEY, ANY, etc.) or one of the following:

       TYPEXXXXX
	      Generic query type specification where XXXXX is a	 corresponding
	      decimal type number.

       AXFR   Full zone	transfer request.

       IXFR=serial
	      Incremental  zone	transfer request for specified SOA serial num-
	      ber (i.e.	all zone updates since the specified zone version  are
	      to be returned).

       NOTIFY=serial
	      Notify message with a SOA	serial hint specified.

       NOTIFY Notify message with a SOA	serial hint unspecified.

       The default query type is A.

   Options
       -4     Use the IPv4 protocol only.

       -6     Use the IPv6 protocol only.

       -b address
	      Set  the	source IP address of the query to address. The address
	      must be a	valid address for local	interface or ::	or 0.0.0.0. An
	      optional port can	be specified in	the same format	as the	server
	      value.

       -c class
	      An  explicit  query_class	 specification.	 See  possible	values
	      above.

       -d     Enable debug messages.

       -h, --help
	      Print the	program	help.

       -k keyfile
	      Use the TSIG key stored in a file	keyfile	 to  authenticate  the
	      request. The file	must contain the key in	the same format	as ac-
	      cepted by	the -y option.

       -p port
	      Set  the	nameserver port	number or service name to send a query
	      to. The default port is 53.

       -q name
	      Set the query name. An explicit variant of  name	specification.
	      If no name is provided, empty question section is	set.

       -t type
	      An explicit query_type specification. See	possible values	above.

       -V, --version
	      Print  the  program  version.  The  option -VV makes the program
	      print the	compile	time configuration summary.

       -x address
	      Send a reverse (PTR) query for IPv4 or IPv6 address. The correct
	      name, class and type is set automatically.

       -y [alg:]name:key
	      Use the TSIG key named name to authenticate the request. The alg
	      part specifies the algorithm (the	default	 is  hmac-sha256)  and
	      key specifies the	shared secret encoded in Base64.

       -E tapfile
	      Export  a	 dnstap	 trace	of the query and response messages re-
	      ceived to	the file tapfile.

       -G tapfile
	      Generate message output from a previously	saved dnstap file tap-
	      file.

       +[no]multiline
	      Wrap long	records	to more	lines and improve human	readability.

       +[no]short
	      Show record data only.

       +[no]generic
	      Use the generic representation  format  when  printing  resource
	      record types and data.

       +[no]crypto
	      Display the DNSSEC keys and signatures values in base64, instead
	      of omitting them.	 Enabled by default.

       +[no]aaflag
	      Set the AA flag.

       +[no]tcflag
	      Set the TC flag.

       +[no]rdflag
	      Set the RD flag. Enabled by default.

       +[no]recurse
	      Same as +[no]rdflag

       +[no]raflag
	      Set the RA flag.

       +[no]zflag
	      Set the zero flag	bit.

       +[no]adflag
	      Set the AD flag. Enabled by default.

       +[no]cdflag
	      Set the CD flag.

       +[no]doflag
	      Set the DO flag.

       +[no]dnssec
	      Same as +[no]doflag

       +[no]all
	      Show all packet sections.

       +[no]qr
	      Show the query packet.

       +[no]header
	      Show the packet header. Enabled by default.

       +[no]comments
	      Show commented section names. Enabled by default.

       +[no]opt
	      Show the EDNS pseudosection. Enabled by default.

       +[no]opttext
	      Try to show unknown EDNS options as text.

       +[no]optpresent
	      Show  EDNS in presentation format	according to the specification
	      in version draft-peltan-edns-presentation-format-01.

       +[no]question
	      Show the question	section. Enabled by default.

       +[no]answer
	      Show the answer section. Enabled by default.

       +[no]authority
	      Show the authority section. Enabled by default.

       +[no]additional
	      Show the additional section. Enabled by default.

       +[no]tsig
	      Show the TSIG pseudosection. Enabled by default.

       +[no]stats
	      Show trailing packet statistics. Enabled by default.

       +[no]class
	      Show the DNS class. Enabled by default.

       +[no]ttl
	      Show the TTL value. Enabled by default.

       +[no]tcp
	      Use the TCP protocol (default is UDP for standard	query and  TCP
	      for AXFR/IXFR).

       +[no]fastopen
	      Use TCP Fast Open.

       +[no]ignore
	      Don't use	TCP automatically if a truncated reply is received.

       +[no]keepopen
	      Keep  TCP	 connection open for the following query if it has the
	      same connection configuration. This applies to +tcp,  +tls,  and
	      +https  operations.  The connection is considered	in the context
	      of a single kdig call only.

       +[no]tls
	      Use TLS with the Opportunistic privacy  profile  (RFC  7858#sec-
	      tion-4.1).

       +[no]tls-ca[=FILE]
	      Use  TLS	with a certificate validation. Certification authority
	      certificates are loaded from the specified PEM file (default  is
	      system  certificate storage if no	argument is provided).	Can be
	      specified	multiple times.	If the	+tls-hostname  option  is  not
	      provided,	 the  name of the target server	(if specified) is used
	      for strict authentication.

       +[no]tls-pin=BASE64
	      Use TLS with the Out-of-Band  key-pinned	privacy	 profile  (RFC
	      7858#section-4.2).   The	PIN  must  be a	Base64 encoded SHA-256
	      hash of the X.509	SubjectPublicKeyInfo.  Can be specified	multi-
	      ple times.

       +[no]tls-hostname=STR
	      Use TLS with a remote server hostname check.

       +[no]tls-sni=STR
	      Use TLS with a Server Name Indication.

       +[no]tls-keyfile=FILE
	      Use TLS with a client keyfile.

       +[no]tls-certfile=FILE
	      Use TLS with a client certfile.

       +[no]tls-ocsp-stapling[=H]
	      Use TLS with a valid stapled OCSP	response for the  server  cer-
	      tificate	(%u  or	 specify hours). OCSP responses	older than the
	      specified	period are considered invalid.

       +[no]https[=URL]
	      Use  HTTPS  (DNS-over-HTTPS)  in	wire  format  (RFC   1035#sec-
	      tion-4.2.1).   It	 is  also  possible  to	 specify  URL=[author-
	      ity][/path] where	request	will be	sent to.  Any  leading	scheme
	      and  authority indicator (i.e. //) are ignored.  Authority might
	      also be specified	as the server (using  the  parameter  @).   If
	      path  is	specified and authority	is missing, then the server is
	      used as authority	together with  the  specified  path.   Library
	      libnghttp2 is required.

       +[no]https-get
	      Use  HTTPS with HTTP/GET method instead of the default HTTP/POST
	      method.  Library libnghttp2 is required.

       +[no]quic
	      Use QUIC (DNS-over-QUIC).

       +[no]nsid
	      Request the nameserver identifier	(NSID).

       +[no]zoneversion
	      Request the EDNS zone version.

       +[no]bufsize=B
	      Set EDNS buffer size in bytes (default is	1232 bytes).

       +[no]padding[=B]
	      Use EDNS(0) padding option to pad	queries, optionally to a  spe-
	      cific size. The default is to pad	queries	with a sensible	amount
	      when  using  +tls,  and  not to pad at all when queries are sent
	      without TLS.  With no argument (i.e., just +padding)  pad	 every
	      query  with a sensible amount regardless of the use of TLS. With
	      +nopadding, never	pad.

       +[no]alignment[=B]
	      Align the	 query	to  B-byte-block  message  using  the  EDNS(0)
	      padding  option  (default	 is no or 128 if no argument is	speci-
	      fied).

       +[no]subnet=SUBN
	      Set EDNS(0) client subnet	SUBN=addr/prefix.

       +[no]edns[=N]
	      Use EDNS version (default	is 0).

       +[no]timeout=T
	      Set the wait-for-reply interval in seconds (default  is  5  sec-
	      onds). This timeout applies to each query	attempt. Zero value or
	      notimeout	is interpreted as infinity.

       +[no]retry=N
	      Set the number (>=0) of UDP retries (default is 2). This doesn't
	      apply to AXFR/IXFR.

       +[no]expire
	      Sets the EXPIRE EDNS option.

       +[no]cookie[=HEX]
	      Attach EDNS(0) cookie to the query.

       +[no]badcookie
	      Repeat a query with the correct cookie.

       +[no]ednsopt[=CODE[:HEX]]
	      Send  custom  EDNS option. The CODE is EDNS option code in deci-
	      mal, HEX is an optional hex encoded string to use	as EDNS	option
	      value. This argument can	be  used  multiple  times.  +noednsopt
	      clears all EDNS options specified	by +ednsopt.

       +[no]proxy=SRC_ADDR[#SRC_PORT]-DST_ADDR[#DST_PORT]
	      Add PROXYv2 header with the specified source and destination ad-
	      dresses to the query.  The default source	port is	0 and destina-
	      tion port	53.

       +[no]json
	      Use JSON for output encoding (RFC	8427).

       +noidn Disable the IDN transformation to	ASCII and vice versa. IDN sup-
	      port depends on libidn2 availability during project building! If
	      used  in	common-settings, all IDN transformations are disabled.
	      If used in the individual	query  settings,  transformation  from
	      ASCII  is	disabled on output for the particular query. Note that
	      IDN transformation does not preserve domain name letter case.

NOTES
       Every option is disabled	by default if not mentioned otherwise.

       Options -k and -y can not be used simultaneously.

       Dnssec-keygen keyfile format is not supported. Use keymgr(8) instead.

EXIT VALUES
       Exit status of 0	means successful operation. Any	other exit status  in-
       dicates an error.

EXAMPLES
       1. Get A	records	for example.com:

	     $ kdig example.com	A

       2. Perform AXFR for zone	example.com from the server 192.0.2.1:

	     $ kdig example.com	-t AXFR	@192.0.2.1

       3. Get  A records for example.com from 192.0.2.1	and reverse lookup for
	  address 2001:DB8::1 from 192.0.2.2. Both using the TCP protocol:

	     $ kdig +tcp example.com -t	A @192.0.2.1 -x	2001:DB8::1 @192.0.2.2

       4. Get SOA record for example.com, use TLS,  use	 system	 certificates,
	  check	 for  specified	hostname, check	for certificate	pin, and print
	  additional debug info:

	     $ kdig -d @185.49.141.38 +tls-ca +tls-host=getdnsapi.net \
	       +tls-pin=foxZRnIh9gZpWnl+zEiKa0EJ2rdCGroMWm02gaxSc9S= soa example.com

       5. DNS over HTTPS examples (various DoH implementations):

	     $ kdig @1.1.1.1 +https example.com.
	     $ kdig @193.17.47.1 +https=/doh example.com.
	     $ kdig @8.8.4.4 +https +https-get example.com.
	     $ kdig @8.8.8.8 +https +tls-hostname=dns.google +fastopen example.com.

       6. More queries share one DoT connection:

	     $ kdig @1.1.1.1 +tls +keepopen abc.example.com A mail.example.com AAAA

FILES
       /etc/resolv.conf

SEE ALSO
       khost(1), knsupdate(1), keymgr(8).

AUTHOR
       CZ.NIC Labs <https://www.knot-dns.cz>

COPYRIGHT
       Copyright 20102025, CZ.NIC, z.s.p.o.

3.4.6				  2025-04-10			       KDIG(1)

---

NAME | SYNOPSIS | DESCRIPTION | NOTES | EXIT VALUES | EXAMPLES | FILES | SEE ALSO | AUTHOR | COPYRIGHT

Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=kdig&sektion=1&manpath=FreeBSD+Ports+14.3.quarterly>

home | help

---

Legal Notices | © 1995-2025 The FreeBSD Project. All rights reserved.

Contact