Make dig and nslookup DNSSEC aware?
David Farje
davidabelfarje at gmail.com
Wed May 22 15:38:03 UTC 2024
forget about nslookup. deprecated in my mind. use dig like so:
for DoT:
$dig @1.1.1.1 -tA +dnssec +tls www.google.com
for Doh:
dig @1.1.1.1 -ta +https +dnssec www.google.com
Make sure you have a more recent version of dig to supports this.
If you need programmatic DNSSEC access use a library like libdns, ldns, or
getdns.
Cheers,
David
On Wed, May 22, 2024 at 7:47 AM Robert Wagner <rwagner at tesla.net> wrote:
> Sorry if this has already been hashed through, but I cannot find anything
> in the archive. Is there any chance someone can make dig and nslookup
> DNSSEC aware and force it to use DoT or DoH ports - TCP 443 or 853 only?
>
> RW
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
> from this list
>
> ISC funds the development of this software with paid support
> subscriptions. Contact us at https://www.isc.org/contact/ for more
> information.
>
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20240522/2308eab1/attachment-0001.htm>
More information about the bind-users
mailing list