qdns is a lightweight and versatile command-line DNS client designed to facilitate advanced DNS queries and troubleshooting. It supports multiple transport protocols, including UDP, TCP, DoT (DNS over TLS), DoH (DNS over HTTPS), DoQ (DNS over QUIC), and ODoH (Oblivious DNS over HTTPS). The tool provides a robust set of features for querying DNS records, diagnosing network issues, and analyzing domain configurations.
Key Features:
Multi-Protocol Support: qdns supports a wide range of DNS protocols, enabling users to query DNS servers using UDP, TCP, DoT, DoH, DoQ, or ODoH.
Flexible Query Options: Users can specify custom DNS servers, including those defined via DNS stamps, and customize their queries with options like EDNS0 padding, client subnet, and DNSSEC settings.
Output Formats: The tool supports various output formats, including raw (dig-style), pretty-printed color-formatted results, JSON, YAML, and more.
Recursive AXFR Support: qdns can perform recursive zone transfers, allowing users to retrieve complete DNS zone data from authoritative servers.
IP Whois Lookup: The tool integrates IP address lookups to resolve ASNs and geolocation information for A and AAAA records.
Customizable Sections: Users can toggle the display of question, answer, authority, and additional sections in the query results for focused analysis.
Audience & Benefit:
Ideal for network administrators, developers, security professionals, and DNS enthusiasts, qdns offers a powerful toolset for troubleshooting DNS issues, auditing domain configurations, and performing advanced DNS queries. Its flexibility and support for modern DNS protocols make it an essential utility for anyone working with DNS infrastructure, enabling precise control over query parameters and comprehensive analysis of DNS responses.
qdns can be installed via winget, making it easy to incorporate into your workflow.
README
q
A tiny and feature-rich command line DNS client with support for UDP, TCP, DoT, DoH, DoQ, and ODoH.
Examples
q example.com Lookup default records for a domain
q example.com MX SOA ...or specify a list of types
q example.com MX @9.9.9.9 Query a specific server
q example.com MX @https://dns.quad9.net ...over HTTPS (or TCP, TLS, QUIC, or ODoH)...
q @sdns://AgcAAAAAAAAAAAAHOS45LjkuOQA ...or from a DNS Stamp
q example.com MX --format=raw Output in raw (dig) format
q example.com MX --format=json ...or as JSON (or YAML)
Usage
Usage:
q [OPTIONS] [@server] [type...] [name]
All long form (--) flags can be toggled with the dig-standard +[no]flag notation.
Application Options:
-q, --qname= Query name
-s, --server= DNS server(s)
-t, --type= RR type (e.g. A, AAAA, MX, etc.) or type
integer
-x, --reverse Reverse lookup
-d, --dnssec Set the DO (DNSSEC OK) bit in the OPT record
-n, --nsid Set EDNS0 NSID opt
-N, --nsid-only Set EDNS0 NSID opt and query only for the NSID
--subnet= Set EDNS0 client subnet
-c, --chaos Use CHAOS query class
-C= Set query class (default: IN 0x01) (default:
1)
-p, --odoh-proxy= ODoH proxy
--timeout= Query timeout (default: 10s)
--pad Set EDNS0 padding
--http2 Use HTTP/2 for DoH
--http3 Use HTTP/3 for DoH
--id-check Check DNS response ID (default: true)
--reuse-conn Reuse connections across queries to the same
server (default: true)
--txtconcat Concatenate TXT responses
--qid= Set query ID (-1 for random) (default: -1)
-b, --bootstrap-server= DNS server to use for bootstrapping
--bootstrap-timeout= Bootstrapping timeout (default: 5s)
--cookie= EDNS0 cookie
--recaxfr Perform recursive AXFR
-f, --format= Output format (pretty, column, json, yaml,
raw) (default: pretty)
--pretty-ttls Format TTLs in human readable format
(default: true)
--short-ttls Remove zero components of pretty TTLs.
(24h0m0s->24h) (default: true)
--color Enable color output
--question Show question section
--opt Show OPT records
--ede Show Extended DNS Errors (RFC 8914)
--answer Show answer section (default: true)
--authority Show authority section
--additional Show additional section
-S, --stats Show time statistics
--all Show all sections and statistics
-w Resolve ASN/ASName for A and AAAA records
-r, --short Show record values only
-R, --resolve-ips Resolve PTR records for IP addresses in A and
AAAA records
--round-ttls Round TTLs to the nearest minute
--aa Set AA (Authoritative Answer) flag in query
--ad Set AD (Authentic Data) flag in query
--cd Set CD (Checking Disabled) flag in query
--rd Set RD (Recursion Desired) flag in query
(default: true)
--ra Set RA (Recursion Available) flag in query
--z Set Z (Zero) flag in query
--t Set TC (Truncated) flag in query
-i, --tls-insecure-skip-verify Disable TLS certificate verification
--tls-server-name= TLS server name for host verification
--tls-min-version= Minimum TLS version to use (default: 1.0)
--tls-max-version= Maximum TLS version to use (default: 1.3)
--tls-next-protos= TLS next protocols for ALPN
--tls-cipher-suites= TLS cipher suites
--tls-curve-preferences= TLS curve preferences
--tls-client-cert= TLS client certificate file
--tls-client-key= TLS client key file
--tls-key-log-file= TLS key log file [$SSLKEYLOGFILE]
--http-user-agent= HTTP user agent
--http-method= HTTP method (default: GET)
--http-header= HTTP header in format 'Name: Value'
--pmtud PMTU discovery (default: true)
--edns Enable EDNS0 (default: true)
--tcp Use TCP for plain DNS (force TCP)
--quic-alpn-tokens= QUIC ALPN tokens (default: doq, doq-i11)
--quic-length-prefix Add RFC 9250 compliant length prefix
(default: true)
--dnscrypt-tcp Use TCP for DNSCrypt (default UDP)
--dnscrypt-udp-size= Maximum size of a DNS response this client
can sent or receive (default: 0)
--dnscrypt-key= DNSCrypt public key
--dnscrypt-provider= DNSCrypt provider name
--default-rr-types= Default record types (default: A, AAAA, NS,
MX, TXT, CNAME)
--udp-buffer= Set EDNS0 UDP size in query (default: 1232)
-v, --verbose Show verbose log messages
--trace Show trace log messages
-V, --version Show version and exit
Help Options:
-h, --help Show this help message
