Site Navigation

FreeBSD Manual Pages

   man apropos
 
   All Sections 1 - General Commands 2 - System Calls 3 - Subroutines 4 - Special Files 5 - File Formats 6 - Games 7 - Macros and Conventions 8 - Maintenance Commands 9 - Kernel Interface n - New Commands FreeBSD 16.0-CURRENT FreeBSD 15.0-RELEASE FreeBSD 15.0-RELEASE and Ports FreeBSD 15.0-STABLE FreeBSD 14.3-RELEASE FreeBSD 14.3-RELEASE and Ports FreeBSD 14.3-STABLE FreeBSD 14.2-RELEASE FreeBSD 14.2-RELEASE and Ports FreeBSD 14.1-RELEASE FreeBSD 14.1-RELEASE and Ports FreeBSD 14.0-RELEASE FreeBSD 14.0-RELEASE and Ports FreeBSD 13.5-RELEASE FreeBSD 13.5-RELEASE and Ports FreeBSD 13.5-STABLE FreeBSD 13.4-RELEASE FreeBSD 13.4-RELEASE and Ports FreeBSD 13.3-RELEASE FreeBSD 13.3-RELEASE and Ports FreeBSD 13.2-RELEASE FreeBSD 13.2-RELEASE and Ports FreeBSD 13.1-RELEASE FreeBSD 13.1-RELEASE and Ports FreeBSD 13.0-RELEASE FreeBSD 13.0-RELEASE and Ports FreeBSD 12.4-RELEASE FreeBSD 12.4-RELEASE and Ports FreeBSD 12.3-RELEASE FreeBSD 12.3-RELEASE and Ports FreeBSD 12.2-RELEASE FreeBSD 12.2-RELEASE and Ports FreeBSD 12.1-RELEASE FreeBSD 12.1-RELEASE and Ports FreeBSD 12.0-RELEASE FreeBSD 12.0-RELEASE and Ports FreeBSD 11.4-RELEASE FreeBSD 11.4-RELEASE and Ports FreeBSD 11.3-RELEASE FreeBSD 11.3-RELEASE and Ports FreeBSD 11.2-RELEASE FreeBSD 11.2-RELEASE and Ports FreeBSD 11.1-RELEASE FreeBSD 11.1-RELEASE and Ports FreeBSD 11.0-RELEASE FreeBSD 11.0-RELEASE and Ports FreeBSD 10.4-RELEASE FreeBSD 10.4-RELEASE and Ports FreeBSD 10.3-RELEASE FreeBSD 10.3-RELEASE and Ports FreeBSD 10.2-RELEASE FreeBSD 10.2-RELEASE and Ports FreeBSD 10.1-RELEASE FreeBSD 10.1-RELEASE and Ports FreeBSD 10.0-RELEASE FreeBSD 10.0-RELEASE and Ports FreeBSD 9.3-RELEASE FreeBSD 9.3-RELEASE and Ports FreeBSD 9.2-RELEASE FreeBSD 9.2-RELEASE and Ports FreeBSD 9.1-RELEASE FreeBSD 9.1-RELEASE and Ports FreeBSD 9.0-RELEASE FreeBSD 9.0-RELEASE and Ports FreeBSD 8.4-RELEASE FreeBSD 8.4-RELEASE and Ports FreeBSD 8.3-RELEASE FreeBSD 8.3-RELEASE and Ports FreeBSD 8.2-RELEASE FreeBSD 8.2-RELEASE and Ports FreeBSD 8.1-RELEASE FreeBSD 8.1-RELEASE and Ports FreeBSD 8.0-RELEASE FreeBSD 8.0-RELEASE and Ports FreeBSD 7.4-RELEASE FreeBSD 7.4-RELEASE and Ports FreeBSD 7.3-RELEASE FreeBSD 7.3-RELEASE and Ports FreeBSD 7.2-RELEASE FreeBSD 7.2-RELEASE and Ports FreeBSD 7.1-RELEASE FreeBSD 7.1-RELEASE and Ports FreeBSD 7.0-RELEASE FreeBSD 6.4-RELEASE FreeBSD 6.4-RELEASE and Ports FreeBSD 6.3-RELEASE FreeBSD 6.3-RELEASE and Ports FreeBSD 6.2-RELEASE FreeBSD 6.1-RELEASE FreeBSD 6.0-RELEASE FreeBSD 6.0-RELEASE and Ports FreeBSD 5.5-RELEASE FreeBSD 5.5-RELEASE and Ports FreeBSD 5.4-RELEASE FreeBSD 5.4-RELEASE and Ports FreeBSD 5.3-RELEASE FreeBSD 5.3-RELEASE and Ports FreeBSD 5.2.1-RELEASE FreeBSD 5.2.1-RELEASE and Ports FreeBSD 5.2-RELEASE FreeBSD 5.2-RELEASE and Ports FreeBSD 5.1-RELEASE FreeBSD 5.0-RELEASE FreeBSD 4.11-RELEASE FreeBSD 4.11-RELEASE and Ports FreeBSD 4.10-RELEASE FreeBSD 4.10-RELEASE and Ports FreeBSD 4.9-RELEASE FreeBSD 4.9-RELEASE and Ports FreeBSD 4.8-RELEASE FreeBSD 4.8-RELEASE and Ports FreeBSD 4.7-RELEASE FreeBSD 4.6.2-RELEASE FreeBSD 4.6.2-RELEASE and Ports FreeBSD 4.6-RELEASE FreeBSD 4.6-RELEASE and Ports FreeBSD 4.5-RELEASE FreeBSD 4.5-RELEASE and Ports FreeBSD 4.4-RELEASE FreeBSD 4.3-RELEASE FreeBSD 4.3-RELEASE and Ports FreeBSD 4.2-RELEASE FreeBSD 4.2-RELEASE and Ports FreeBSD 4.1.1-RELEASE FreeBSD 4.1.1-RELEASE and Ports FreeBSD 4.1-RELEASE FreeBSD 4.0-RELEASE FreeBSD 3.5.1-RELEASE FreeBSD 3.5.1-RELEASE and Ports FreeBSD 3.5-RELEASE and Ports FreeBSD 3.4-RELEASE FreeBSD 3.4-RELEASE and Ports FreeBSD 3.3-RELEASE FreeBSD 3.2-RELEASE FreeBSD 3.1-RELEASE FreeBSD 3.0-RELEASE FreeBSD 2.2.8-RELEASE FreeBSD 2.2.8-RELEASE and Ports FreeBSD 2.2.7-RELEASE FreeBSD 2.2.6-RELEASE FreeBSD 2.2.5-RELEASE FreeBSD 2.2.2-RELEASE FreeBSD 2.2.1-RELEASE FreeBSD 2.1.7.1-RELEASE FreeBSD 2.1.6.1-RELEASE FreeBSD 2.1.5-RELEASE FreeBSD 2.1.0-RELEASE FreeBSD 2.0.5-RELEASE FreeBSD 2.0-RELEASE FreeBSD 1.1.5.1-RELEASE FreeBSD 1.1-RELEASE FreeBSD 1.0-RELEASE FreeBSD Ports 15.0 FreeBSD Ports 14.3 FreeBSD Ports 14.3.quarterly FreeBSD Ports 14.2 FreeBSD Ports 14.1 FreeBSD Ports 14.0 FreeBSD Ports 13.5 FreeBSD Ports 13.4 FreeBSD Ports 13.3 FreeBSD Ports 13.2 FreeBSD Ports 13.1 FreeBSD Ports 13.0 FreeBSD Ports 12.4 FreeBSD Ports 12.3 FreeBSD Ports 12.2 FreeBSD Ports 12.1 FreeBSD Ports 12.0 FreeBSD Ports 11.4 FreeBSD Ports 11.3 FreeBSD Ports 11.2 FreeBSD Ports 11.1 FreeBSD Ports 11.0 FreeBSD Ports 10.4 FreeBSD Ports 10.3 FreeBSD Ports 10.2 FreeBSD Ports 10.1 FreeBSD Ports 10.0 FreeBSD Ports 9.3 FreeBSD Ports 9.2 FreeBSD Ports 9.1 FreeBSD Ports 9.0 FreeBSD Ports 8.4 FreeBSD Ports 8.3 FreeBSD Ports 8.2 FreeBSD Ports 8.1 FreeBSD Ports 8.0 FreeBSD Ports 7.4 FreeBSD Ports 7.3 FreeBSD Ports 7.2 FreeBSD Ports 7.1 FreeBSD Ports 7.0 FreeBSD Ports 6.4 FreeBSD Ports 6.3 FreeBSD Ports 6.2 FreeBSD Ports 6.0 FreeBSD Ports 5.5 FreeBSD Ports 5.4 FreeBSD Ports 5.3 FreeBSD Ports 5.2.1 FreeBSD Ports 5.2 FreeBSD Ports 5.1 FreeBSD Ports 4.11 FreeBSD Ports 4.10 FreeBSD Ports 4.9 FreeBSD Ports 4.8 FreeBSD Ports 4.7 FreeBSD Ports 4.6.2 FreeBSD Ports 4.6 FreeBSD Ports 4.5 FreeBSD Ports 4.3 FreeBSD Ports 4.2 FreeBSD Ports 4.1.1 FreeBSD Ports 3.5.1 FreeBSD Ports 3.5 FreeBSD Ports 3.4 FreeBSD Ports 2.2.8 4.4BSD Lite2 4.3BSD NET/2 4.3BSD Reno 2.11 BSD 2.10 BSD 2.9.1 BSD 2.8 BSD 386BSD 0.1 386BSD 0.0 CentOS 7.9 CentOS 7.8 CentOS 7.7 CentOS 7.6 CentOS 7.5 CentOS 7.4 CentOS 7.3 CentOS 7.2 CentOS 7.1 CentOS 7.0 CentOS 6.10 CentOS 6.9 CentOS 6.8 CentOS 6.7 CentOS 6.6 CentOS 6.5 CentOS 6.4 CentOS 6.3 CentOS 6.2 CentOS 6.1 CentOS 6.0 CentOS 5.11 CentOS 5.10 CentOS 5.9 CentOS 5.8 CentOS 5.7 CentOS 5.6 CentOS 5.5 CentOS 5.4 CentOS 4.8 CentOS 3.9 Darwin 8.0.1/ppc Darwin 7.0.1 Darwin 6.0.2/x86 Darwin 1.4.1/x86 Darwin 1.3.1/x86 Debian 14.0 unstable Debian 13.1.0 Debian 12.12.0 Debian 11.11.0 Debian 10.13.0 Debian 9.13.0 Debian 8.11.1 Debian 7.11.0 Debian 6.0.10 Debian 5.0.10 Debian 4.0.9 Debian 3.1.8 Debian 2.2.7 Debian 2.0.0 Dell UNIX SVR4 2.2 DragonFly 6.4.0 DragonFly 5.8.3 DragonFly 4.8.1 DragonFly 3.8.2 DragonFly 2.10.1 DragonFly 1.12.1 DragonFly 1.0A HP-UX 11.22 HP-UX 11.20 HP-UX 11.11 HP-UX 11.00 HP-UX 10.20 HP-UX 10.10 HP-UX 10.01 HP-UX 9.07 HP-UX 8.07 Inferno 4th Edition IRIX 6.5.30 Linux Slackware 3.1 MACH 2.5/i386 macOS 26.0 macOS 15.7 macOS 14.8 macOS 13.6.5 macOS 12.7.3 macOS 11.1 macOS 10.15.7 macOS 10.13.6 macOS 10.12.0 Minix 3.3.0 Minix 3.2.1 Minix 3.2.0 Minix 3.1.7 Minix 3.1.6 Minix 3.1.5 Minix 2.0.0 NetBSD 10.1 NetBSD 10.0 NetBSD 9.4 NetBSD 9.3 NetBSD 9.2 NetBSD 9.1 NetBSD 9.0 NetBSD 8.3 NetBSD 8.2 NetBSD 8.1 NetBSD 8.0 NetBSD 7.2 NetBSD 7.1.2 NetBSD 7.1 NetBSD 7.0 NetBSD 6.1.5 NetBSD 6.0 NetBSD 5.2.3 NetBSD 5.2 NetBSD 5.1 NetBSD 5.0 NetBSD 4.0.1 NetBSD 4.0 NetBSD 3.1 NetBSD 3.0 NetBSD 2.1 NetBSD 2.0.2 NetBSD 2.0 NetBSD 1.6.2 NetBSD 1.6.1 NetBSD 1.6 NetBSD 1.5.3 NetBSD 1.5.2 NetBSD 1.5.1 NetBSD 1.5 NetBSD 1.4.3 NetBSD 1.4.2 NetBSD 1.4.1 NetBSD 1.4 NetBSD 1.3.3 NetBSD 1.3.2 NetBSD 1.3.1 NetBSD 1.3 NetBSD 1.2.1 NetBSD 1.2 NetBSD 1.1 NetBSD 1.0 NeXTSTEP 3.3 OpenBSD 7.8 OpenBSD 7.7 OpenBSD 7.6 OpenBSD 7.5 OpenBSD 7.4 OpenBSD 7.3 OpenBSD 7.2 OpenBSD 7.1 OpenBSD 7.0 OpenBSD 6.9 OpenBSD 6.8 OpenBSD 6.7 OpenBSD 6.6 OpenBSD 6.5 OpenBSD 6.4 OpenBSD 6.3 OpenBSD 6.2 OpenBSD 6.1 OpenBSD 6.0 OpenBSD 5.9 OpenBSD 5.8 OpenBSD 5.7 OpenBSD 5.6 OpenBSD 5.5 OpenBSD 5.4 OpenBSD 5.3 OpenBSD 5.2 OpenBSD 5.1 OpenBSD 5.0 OpenBSD 4.9 OpenBSD 4.8 OpenBSD 4.7 OpenBSD 4.6 OpenBSD 4.5 OpenBSD 4.4 OpenBSD 4.3 OpenBSD 4.2 OpenBSD 4.1 OpenBSD 4.0 OpenBSD 3.9 OpenBSD 3.8 OpenBSD 3.7 OpenBSD 3.6 OpenBSD 3.5 OpenBSD 3.4 OpenBSD 3.3 OpenBSD 3.2 OpenBSD 3.1 OpenBSD 3.0 OpenBSD 2.9 OpenBSD 2.8 OpenBSD 2.7 OpenBSD 2.6 OpenBSD 2.5 OpenBSD 2.4 OpenBSD 2.3 OpenBSD 2.2 OpenBSD 2.1 OpenBSD 2.0 OpenDarwin 7.2.1 OpenDarwin 6.6.2/x86 OpenDarwin 6.6.1/x86 OpenDarwin 20030208pre4/ppc OpenIndiana 2024.10 OpenIndiana 2022.10 OpenIndiana 2020.10 OpenIndiana 2017.10 OpenIndiana 2015.10 OpenIndiana 2013.08 OpenSolaris 2010.03 OpenSolaris 2009.06 OpenStep 4.2 openSUSE 42.3 openSUSE 42.2 openSUSE 42.1 openSUSE 16.0 openSUSE 15.6 openSUSE 15.5 openSUSE 15.4 openSUSE 15.3 openSUSE 15.2 openSUSE 15.1 openSUSE 15.0 openSUSE 13.2 openSUSE 13.1 openSUSE 11.4 openSUSE 11.3 openSUSE 11.2 openSUSE 10.3 openSUSE 10.2 OSF1 V5.1/alpha OSF1 V4.0/alpha OSF1 V1.0/mips Plan 9 Red Hat 9.0 Red Hat 8.0 Red Hat 7.3 Red Hat 7.2 Red Hat 7.1 Red Hat 7.0 Red Hat 6.2 Red Hat 6.1 Red Hat 5.2 Red Hat 5.0 Red Hat 4.2 Rhapsody DR1 Rhapsody DR2 Rocky 10.0 Rocky 9.6 Rocky 9.5 Rocky 9.4 Rocky 9.3 Rocky 9.2 Rocky 9.1 Rocky 9.0 Rocky 8.10 Rocky 8.9 Rocky 8.8 Rocky 8.7 Rocky 8.6 Rocky 8.5 Rocky 8.4 Rocky 8.3 Sun UNIX 0.4 SunOS 5.10 SunOS 5.9 SunOS 5.8 SunOS 5.7 SunOS 5.6 SunOS 5.5.1 SunOS 4.1.3 SuSE 11.3 SuSE 11.2 SuSE 11.1 SuSE 11.0 SuSE 10.3 SuSE 10.2 SuSE 10.1 SuSE 10.0 SuSE 9.3 SuSE 9.2 SuSE 8.2 SuSE 8.1 SuSE 8.0 SuSE 7.3 SuSE 7.2 SuSE 7.1 SuSE 7.0 SuSE 6.4 SuSE 6.3 SuSE 6.1 SuSE 6.0 SuSE 5.3 SuSE 5.2 SuSE 5.0 SuSE 4.3 SuSE ES 10 SP1 Ubuntu 24.04 noble Ubuntu 23.10 mantic Ubuntu 22.04 jammy Ubuntu 20.04 focal Ubuntu 18.04 bionic Ubuntu 16.04 xenial Ubuntu 14.04 trusty ULTRIX 4.2 Ultrix-32 2.0/VAX Unix Seventh Edition X11R7.4 X11R7.3.2 X11R7.2 X11R6.9.0 X11R6.8.2 X11R6.7.0 XFree86 4.8.0 XFree86 4.7.0 XFree86 4.6.0 XFree86 4.5.0 XFree86 4.4.0 XFree86 4.3.0 XFree86 4.2.99.3 XFree86 4.2.0 XFree86 4.1.0 XFree86 4.0.2 XFree86 4.0.1 XFree86 4.0 XFree86 3.3.6 XFree86 3.3 XFree86 2.1 All Architectures html pdf ascii

home | help

---

KDIG(1)				   Knot	DNS			       KDIG(1)

NAME
       kdig - Advanced DNS lookup utility

SYNOPSIS
       kdig [common-settings] [query [settings]]...

       kdig -h

DESCRIPTION
       This  utility sends one or more DNS queries to a	nameserver. Each query
       can have	individual settings, or	it can be specified globally via  com-
       mon-settings, which must	precede	query specification.

   Parameters
       query  name | -q	name | -x address | -G tapfile

       common-settings,	settings
	      [query_class] [query_type] [@server]... [options]

       name   Is a domain name that is to be looked up.

       server Is a domain name or an IPv4 or IPv6 address of the nameserver to
	      send  a  query to. An additional port can	be specified using ad-
	      dress:port ([address]:port for IPv6 address),  address@port,  or
	      address#port  notation.  A value which begins with '/' character
	      is considered an absolute	UNIX socket  path.  If	no  server  is
	      specified, the servers from /etc/resolv.conf are used.

       If no arguments are provided, kdig sends	NS query for the root zone.

   Query classes
       A  query_class can be either a DNS class	name (IN, CH) or generic class
       specification CLASSXXXXX	where XXXXX is a corresponding	decimal	 class
       number. The default query class is IN.

   Query types
       A  query_type  can  be  either a	DNS resource record type (A, AAAA, NS,
       SOA, DNSKEY, ANY, etc.) or one of the following:

       TYPEXXXXX
	      Generic query type specification where XXXXX is a	 corresponding
	      decimal type number.

       AXFR   Full zone	transfer request.

       IXFR=serial
	      Incremental  zone	transfer request for specified SOA serial num-
	      ber (i.e.	all zone updates since the specified zone version  are
	      to be returned).

       NOTIFY=serial
	      Notify message with a SOA	serial hint specified.

       NOTIFY Notify message with a SOA	serial hint unspecified.

       The default query type is A.

   Options
       -4     Use the IPv4 protocol only.

       -6     Use the IPv6 protocol only.

       -b address
	      Set  the	source IP address of the query to address. The address
	      must be a	valid address for local	interface or ::	or 0.0.0.0. An
	      optional port can	be specified in	the same format	as the	server
	      value.

       -c class
	      An  explicit  query_class	 specification.	 See  possible	values
	      above.

       -d     Enable debug messages.

       -dd    Enable more verbose debug	messages  (print  Subject  Alternative
	      Name).

       -h, --help
	      Print the	program	help.

       -k keyfile
	      Use  the	TSIG  key stored in a file keyfile to authenticate the
	      request. The file	must contain the key in	the same format	as ac-
	      cepted by	the -y option.

       -p port
	      Set the nameserver port number or	service	name to	send  a	 query
	      to. The default port is 53.

       -q name
	      Set  the	query name. An explicit	variant	of name	specification.
	      If no name is provided, empty question section is	set.

       -t type
	      An explicit query_type specification. See	possible values	above.

       -V, --version
	      Print the	program	version. The  option  -VV  makes  the  program
	      print the	compile	time configuration summary.

       -x address
	      Send a reverse (PTR) query for IPv4 or IPv6 address. The correct
	      name, class and type is set automatically.

       -y [alg:]name:key
	      Use the TSIG key named name to authenticate the request. The alg
	      part  specifies  the  algorithm (the default is hmac-sha256) and
	      key specifies the	shared secret encoded in Base64.

       -E tapfile
	      Export a dnstap trace of the query  and  response	 messages  re-
	      ceived to	the file tapfile.

       -G tapfile
	      Generate message output from a previously	saved dnstap file tap-
	      file.

       +[no]multiline
	      Wrap long	records	to more	lines and improve human	readability.

       +[no]short
	      Show record data only.

       +[no]generic
	      Use  the	generic	 representation	 format	when printing resource
	      record types and data.

       +[no]crypto
	      Display the DNSSEC keys and signatures values in base64, instead
	      of omitting them.	 (*)

       +[no]aaflag
	      Set the AA flag.

       +[no]tcflag
	      Set the TC flag.

       +[no]rdflag
	      Set the RD flag. (*)

       +[no]recurse
	      Same as +[no]rdflag

       +[no]raflag
	      Set the RA flag.

       +[no]zflag
	      Set the zero flag	bit.

       +[no]adflag
	      Set the AD flag. (*)

       +[no]cdflag
	      Set the CD flag.

       +[no]doflag
	      Set the DO flag.

       +[no]dnssec
	      Same as +[no]doflag

       +[no]all
	      Show all packet sections.

       +[no]qr
	      Show the query packet.

       +[no]header
	      Show the packet header. (*)

       +[no]comments
	      Show commented section names. (*)

       +[no]opt
	      Show the EDNS pseudosection. (*)

       +[no]opttext
	      Try to show unknown EDNS options as text.

       +[no]optpresent
	      Show EDNS	in presentation	format according to the	 specification
	      in version draft-peltan-edns-presentation-format-01.

       +[no]question
	      Show the question	section. (*)

       +[no]answer
	      Show the answer section. (*)

       +[no]authority
	      Show the authority section. (*)

       +[no]additional
	      Show the additional section. (*)

       +[no]tsig
	      Show the TSIG pseudosection. (*)

       +[no]stats
	      Show trailing packet statistics. (*)

       +[no]class
	      Show the DNS class. (*)

       +[no]ttl
	      Show the TTL value. (*)

       +[no]tcp
	      Use  the TCP protocol (default is	UDP for	standard query and TCP
	      for AXFR/IXFR).

       +[no]fastopen
	      Use TCP Fast Open.

       +[no]ignore
	      Don't use	TCP automatically if a truncated reply is received.

       +[no]keepopen
	      Keep TCP connection open for the following query if it  has  the
	      same  connection	configuration.	This  applies  to  +tcp, +tls,
	      +https, and +quic	operations. The	connection  is	considered  in
	      the context of a single kdig call	only.

       +[no]tls
	      Use TLS with the Opportunistic privacy profile (RFC 7858 Section
	      4.1).

       +[no]tls-ca[=FILE]
	      Use  TLS	with a certificate validation. Certification authority
	      certificates are loaded from the specified PEM file (default  is
	      system  certificate storage if no	argument is provided).	Can be
	      specified	multiple times.	If the	+tls-hostname  option  is  not
	      provided,	 the  name of the target server	(if specified) is used
	      for strict authentication.

       +[no]tls-pin=BASE64
	      Use TLS with the Out-of-Band  key-pinned	privacy	 profile  (RFC
	      7858  Section  4.2).   The  PIN must be a	Base64 encoded SHA-256
	      hash of the X.509	SubjectPublicKeyInfo.  Can be specified	multi-
	      ple times.

       +[no]tls-hostname=STR
	      Use TLS with a remote server hostname check.

       +[no]tls-sni=STR
	      Use TLS with a Server Name Indication.

       +[no]tls-keyfile=FILE
	      Use TLS with a client keyfile.

       +[no]tls-certfile=FILE
	      Use TLS with a client certfile.

       +[no]tls-ocsp-stapling[=H]
	      Use TLS with a valid stapled OCSP	response for the  server  cer-
	      tificate	(%u  or	 specify hours). OCSP responses	older than the
	      specified	period are considered invalid.

       +[no]https[=URL]
	      Use HTTPS	(DNS-over-HTTPS) in  wire  format  (RFC	 1035  Section
	      4.2.1).	It  is also possible to	specify	URL=[authority][/path]
	      where request will be sent to. Any leading scheme	and  authority
	      indicator	(i.e. //) are ignored.	Authority might	also be	speci-
	      fied  as	the server (using the parameter	@).  If	path is	speci-
	      fied and authority is missing, then the server is	 used  as  au-
	      thority together with the	specified path.	 Library libnghttp2 is
	      required.

       +[no]https-get
	      Use  HTTPS with HTTP/GET method instead of the default HTTP/POST
	      method.  Library libnghttp2 is required.

       +[no]quic
	      Use QUIC (DNS-over-QUIC).

       +[no]nsid
	      Request the nameserver identifier	(NSID).

       +[no]zoneversion
	      Request the EDNS zone version.

       +[no]bufsize=B
	      Set EDNS buffer size in bytes (default is	1232 bytes).

       +[no]padding[=B]
	      Use EDNS(0) padding option to pad	queries, optionally to a  spe-
	      cific size. The default is to pad	queries	with a sensible	amount
	      when  using  +tls,  and  not to pad at all when queries are sent
	      without TLS.  With no argument (i.e., just +padding)  pad	 every
	      query  with a sensible amount regardless of the use of TLS. With
	      +nopadding, never	pad.

       +[no]alignment[=B]
	      Align the	 query	to  B-byte-block  message  using  the  EDNS(0)
	      padding  option  (default	 is no or 128 if no argument is	speci-
	      fied).

       +[no]subnet=SUBN
	      Set EDNS(0) client subnet	SUBN=addr/prefix.

       +[no]edns[=N]
	      Use EDNS version (default	is 0).

       +[no]msgdelay=T
	      Wait the specified number	of milliseconds	before receiving  each
	      AXFR/IXFR	message.

       +[no]timeout=T
	      Set  the	wait-for-reply	interval in seconds (default is	5 sec-
	      onds). This timeout applies to each query	attempt. Zero value or
	      notimeout	is interpreted as infinity.

       +[no]retry=N
	      Set the number (>=0) of UDP retries (default is 2). This doesn't
	      apply to AXFR/IXFR.

       +[no]expire
	      Sets the EXPIRE EDNS option.

       +[no]cookie[=HEX]
	      Attach EDNS(0) cookie to the query.

       +[no]badcookie
	      Repeat a query with the correct cookie.

       +[no]ednsopt[=CODE[:HEX]]
	      Send custom EDNS option. The CODE	is EDNS	option code  in	 deci-
	      mal, HEX is an optional hex encoded string to use	as EDNS	option
	      value.  This  argument  can  be  used multiple times. +noednsopt
	      clears all EDNS options specified	by +ednsopt.

       +[no]proxy=SRC_ADDR[#SRC_PORT]-DST_ADDR[#DST_PORT]
	      Add PROXYv2 header with the specified source and destination ad-
	      dresses to the query.  The default source	port is	0 and destina-
	      tion port	53.

       +[no]json
	      Use JSON for output encoding (RFC	8427).

       +noidn Disable the IDN transformation to	ASCII and vice versa. IDN sup-
	      port depends on libidn2 availability during project building! If
	      used in common-settings, all IDN transformations	are  disabled.
	      If  used	in  the	individual query settings, transformation from
	      ASCII is disabled	on output for the particular query. Note  that
	      IDN transformation does not preserve domain name letter case.

NOTES
       By default, only	options	marked with (*)	are enabled.

       Options -k and -y can not be used simultaneously.

       Dnssec-keygen keyfile format is not supported. Use keymgr(8) instead.

EXIT VALUES
       Exit  status of 0 means successful operation. Any other exit status in-
       dicates an error.

EXAMPLES
       1. Get A	records	for example.com:

	     $ kdig example.com	A

       2. Perform AXFR for zone	example.com from the server 192.0.2.1:

	     $ kdig example.com	-t AXFR	@192.0.2.1

       3. Get A	records	for example.com	from 192.0.2.1 and reverse lookup  for
	  address 2001:DB8::1 from 192.0.2.2. Both using the TCP protocol:

	     $ kdig +tcp example.com -t	A @192.0.2.1 -x	2001:DB8::1 @192.0.2.2

       4. Get  SOA  record  for	example.com, use TLS, use system certificates,
	  check	for specified hostname,	check for certificate pin,  and	 print
	  additional debug info:

	     $ kdig -d @185.49.141.38 +tls-ca +tls-host=getdnsapi.net \
	       +tls-pin=foxZRnIh9gZpWnl+zEiKa0EJ2rdCGroMWm02gaxSc9S= soa example.com

       5. DNS over HTTPS examples (various DoH implementations):

	     $ kdig @1.1.1.1 +https example.com.
	     $ kdig @193.17.47.1 +https=/doh example.com.
	     $ kdig @8.8.4.4 +https +https-get example.com.
	     $ kdig @8.8.8.8 +https +tls-hostname=dns.google +fastopen example.com.

       6. More queries share one DoT connection:

	     $ kdig @1.1.1.1 +tls +keepopen abc.example.com A mail.example.com AAAA

       7. Query	the name server	identifier and version according to RFC	4892:

	     $ kdig @a.iana-servers.net. CH TXT	id.server version.server

FILES
       /etc/resolv.conf

SEE ALSO
       khost(1), knsupdate(1), keymgr(8).

AUTHOR
       CZ.NIC, z.s.p.o.	and contributors <https://www.knot-dns.cz/>

COPYRIGHT
       Copyright (C) CZ.NIC, z.s.p.o. and contributors

3.5.0				  2025-09-18			       KDIG(1)

---

NAME | SYNOPSIS | DESCRIPTION | NOTES | EXIT VALUES | EXAMPLES | FILES | SEE ALSO | AUTHOR | COPYRIGHT

Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=kdig&sektion=1&manpath=FreeBSD+Ports+15.0>

home | help

---

Legal Notices | © 1995-2025 The FreeBSD Project. All rights reserved.

Contact