Program: pydig (a DNS query tool written in Python)
Version: 1.3.0
Written by: Shumon Huque <shuque@gmail.com>
Description:
A program to perform DNS queries and exercise various existing
and emerging features of the DNS protocol. It works mostly
similar to the dig program that comes with ISC BIND. I wrote
it mostly for fun, and for helping me to learn more esoteric
features of the DNS. Occasionally I use this to quickly prototype
proposed enhancements to the DNS. Some of the more recent
such features include EDNS client subnet, chain query,
cookies, DNS over TLS, and more.
RR type and class codes (qtype and qclass) unknown to this
program can be specified with the TYPE123 and CLASS123 syntax.
Usage:
pydig [list of options] <qname> [<qtype>] [<qclass>]
pydig @server +walk <zone>
Options:
-h print program usage information
@server server to query
-pNN use port NN (default is port 53)
-bIP use IP as source IP address
+tcp send query via TCP
+ignore ignore truncation (don't retry with TCP)
+aaonly set authoritative answer bit
+cdflag set checking disabled bit
+norecurse set rd bit to 0 (recursion not desired)
+edns[=N] use EDNS with specified version (default 0)
+ednsflags=N set EDNS flags field to N
+ednsopt=###[:value] set generic EDNS option
+bufsize=NN use EDNS with specified UDP payload size
+dnssec request DNSSEC RRs in response
+nsid send NSID (Name Server ID) option
+expire send an EDNS Expire option
+cookie[=xxx] send EDNS cookie option
+subnet=addr send EDNS client subnet option
+chainquery[=name] send EDNS chain query option
+hex print hexdump of rdata field
+walk walk (enumerate) a DNSSEC secured zone
+0x20 randomize case of query name (bit 0x20 hack)
-4 perform queries with IPv4
-6 perform queries with IPv6
-d request additional debugging output
-k/path/to/keyfile use TSIG key in specified file
-iNNN use specified message id
-tNNN use this TSIG timestamp (secs since epoch)
-y<alg>:<name>:<key> use specified TSIG alg, name, key
+tls=auth|noauth use TLS with|without authentication
+tls_port=N use N as the TLS port (default is 853)
+tls_fallback Fallback from TLS to TCP on TLS failure
+tls_hostname=name Check hostname in TLS server certificate
Example usage:
pydig www.example.com
pydig www.example.com A
pydig www.example.com A IN
pydig @10.0.1.2 example.com MX
pydig @dns1.example.com _blah._tcp.foo.example.com SRV
pydig @192.168.42.6 +dnssec +norecurse blah.example.com NAPTR
pydig @dns2.example.com -6 +hex www.example.com
pydig @192.168.72.3 +walk secure.example.com
pydig @192.168.14.7 -yhmac-md5:my.secret.key.:YWxidXMgZHVtYmxlZG9yZSByaWNoYXJkIGRhd2tpbnM= example.com axfr
pydig @192.168.14.7 -yhmac-sha256:my.secret.key.:NBGFWFr+rR/uu14B94Ab1+u81M2DTqB65gOv16nG8Xw= example.com axfr
pydig @185.49.141.38 +tls=auth +tls_hostname=getdnsapi.net www.ietf.org AAAA
Limitations:
Certain combinations of options don't make any sense (eg.
+tcp and +edns0). pydig doesn't bother to check that, and
just ignores the nonsensical ones. Certain options also
imply other options, eg. +walk and +dnssec imply +edns0.
For TSIG (Transaction Signature) signed messages, the program
supports HMAC-MD5/SHA1/SHA256/SHA384/SHA256. It doesn't yet
support GSS-TSIG.
It decodes but does not yet verify signatures in DNSSEC secured
data.
It does not perform iterative resolution (eg. dig's +trace).
Specific features of TLS depend on the version of Python in
use. TLS server certificate verification and hostname
verification require quite recent versions of Python 2.7.x.
Pre-requisites:
Python 2.7 (or later) or Python 3.x
Platforms:
Tested on the following platforms:
Solaris 8, 9, 10, and 11
Linux 2.x
FreeBSD 9.x and 10.x
Mac OS X 10.4 through 10.7
and with Python 2.7.x and Python 3.x.
Installation:
1. (as root) python setup.py install
Shumon Huque
E-mail: shuque -at- gmail.com
Web: https://www.huque.com/
Copyright (c) 2006 - 2016, Shumon Huque.
All rights reserved. This program is free software; you can redistribute
it and/or modify it under the same terms of the GNU General Public License.