forked from shuque/pydig
-
Notifications
You must be signed in to change notification settings - Fork 0
/
pydig.1
109 lines (107 loc) · 4.33 KB
/
pydig.1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
.ds VN 1.3.1
.TH pydig 1 pydig
.SH NAME
pydig \- a DNS query tool written in Python
.SH SYNOPSIS
.B pydig
.I [list of options]
.I qname
.I [qtype]
.I [qclass]
.PP
.B pydig
.I [@server]
.I +walk
.I zone
.SH OPTIONS
.nf
-h print program usage information
@server server to query
-pNN use port NN
-bIP use IP as source IP address
+tcp send query via TCP
+ignore ignore truncation (don't retry with TCP)
+aaonly set authoritative answer bit
+cdflag set checking disabled bit
+norecurse set rd bit to 0 (recursion not desired)
+edns[=N] use EDNS with specified version (default 0)
+ednsflags=N set EDNS flags field to N
+ednsopt=###[:value] set generic EDNS option
+bufsize=NN use EDNS with specified UDP payload size
+dnssec request DNSSEC RRs in response
+nsid send NSID (Name Server ID) option
+expire send an EDNS Expire option
+padding send an EDNS Padding option
+cookie[=xxx] send EDNS cookie option
+subnet=addr send EDNS client subnet option
+chainquery[=name] send EDNS chain query option
+hex print hexdump of rdata field
+walk walk (enumerate) a DNSSEC secured zone
+0x20 randomize case of query name (bit 0x20 hack)
-4 perform queries using IPv4
-6 perform queries using IPv6
-d request additional debugging output
-k/path/to/keyfile use TSIG key in specified file
-iNNN use specified message id
-tNNN use this TSIG timestamp (secs since epoch)
-y<alg>:<name>:<key> use specified TSIG alg, name, key
+tls=auth|noauth use TLS with|without authentication
+tls_port=N use N as the TLS port (default is 853)
+tls_fallback Fallback from TLS to TCP on TLS failure
+tls_hostname=name Check hostname in TLS server certificate
.PP
Example usage:
pydig www.example.com
pydig www.example.com A
pydig www.example.com A IN
pydig @10.0.1.2 example.com MX
pydig @dns1.example.com _blah._tcp.foo.example.com SRV
pydig @192.168.42.6 +dnssec +norecurse blah.example.com NAPTR
pydig @dns2.example.com -6 +hex www.example.com
pydig @192.168.72.3 +walk secure.example.com
pydig @192.168.14.7 -yhmac-md5:my.secret.key.:YWxidXMgZHVtYmxlZG9yZSByaWNoYXJkIGRhd2tpbnM= example.com axfr
pydig @192.168.14.7 -yhmac-sha256:my.secret.key.:NBGFWFr+rR/uu14B94Ab1+u81M2DTqB65gOv16nG8Xw= example.com axfr
pydig @185.49.141.38 +tls=auth +tls_hostname=getdnsapi.net www.ietf.org AAAA
.fi
.SH DESCRIPTION
.I pydig
is a program to perform DNS queries and exercise various existing
and emerging features of the DNS protocol. It works mostly
similar to the dig program that comes with ISC BIND. I wrote
it mostly for fun, and for helping me to learn more esoteric
features of the DNS. Occasionally I use this to quickly prototype
proposed enhancements to the DNS. Some of the more recent
such features include EDNS client subnet, chain query,
cookies, DNS over TLS, and more.
.PP
RR type and class codes (qtype and qclass) unknown to this
program can be specified with the TYPE123 and CLASS123 syntax.
.PP
Written in Python and tested on Solaris 9-11, Linux 2 and Mac OS X
10.4-10.5. Will probably work on most UNIX like platforms.
.SH LIMITATIONS
Expects well formed (ie. correct) DNS responses. Otherwise
it will likely generate an exception and terminate itself
ungracefully.
.PP
Certain combinations of options don't make any sense.
pydig doesn't bother to check that, and just ignores
the nonsensical ones. Certain options also imply other
options, eg. +walk and +dnssec imply +edns0.
.PP
For TSIG (Transaction Signature) signed messages, the program
supports HMAC-MD5/SHA1/SHA256/SHA384/SHA256. It doesn't yet
support GSS-TSIG.
.PP
It does not yet verify signatures in DNSSEC secured data.
.PP
It does not perform iterative resolution (eg. dig's +trace).
.PP
Specific features of TLS depend on the version of Python in
use. TLS server certificate verification and hostname
verification require quite recent versions of Python 2.7.x.
.PP
.SH AUTHORS
Shumon Huque <[email protected]>
.SH VERSION
revision \*(VN