9 awl.1
Sam Therapy edited this page 2022-12-27 21:09:20 +01:00

NAME

awl - DNS lookup tool

SYNOPSIS

awl [ OPTIONS ] name [ @server ] [ type ], where

name is the query to make (example: froth.zone)
@server is the server to query (example: dns.froth.zone)
type is the DNS resource type (example: AAAA)

DESCRIPTION

awl (awls want licorice) is a simple tool designed to make DNS queries, much like the venerable dig(1). An awl is a tool used to make small holes, typically used in leatherworking.

awl is designed to be a more "modern" version of drill(1) by including some more recent RFCs and output options.

When no arguments are given, awl will perform an NS query on the root ('.').

When a nameserver is not given, awl will query a random system nameserver. If one cannot be found, awl will query the localhost.

OPTIONS

-4

Force only IPv4

-6

Force only IPv6

-c, --class class

DNS class to query (eg. IN, CH) The default is IN.

-h

Show a "short" help message.

-p, --port port

Sets the port to query. Default ports listed below.

  • 53 for UDP and TCP

  • 853 for TLS and QUIC

  • 443 for HTTPS

-q, --query domain

Explicitly set a domain to query (eg. example.com)

-t, --qType type

Explicitly set a DNS type to query (eg. A, AAAA, NS) The default is A.

-v[=int]

Set verbosity of output Accepted values are as follows:

  • 0: Only log errors.

  • 1: Log warnings. This is the default.

  • 2: Log information Default when specifying just -v.

  • 3: Log information useful for debugging.

Setting a value lower than 0 disables logging entirely.

By default, specifying just -v sets the verbosity to 2 (info).

-x, --reverse

Do a reverse lookup. Sets default type to PTR. awl automatically makes an IP or phone number canonical.

-V

Print the version and exit.

QUERY OPTIONS

Anything in [brackets] is optional. Many options are inherited from dig(1).

--aa[=bool], +[no]aaflag, +[no]aaonly

Sets the AA (Authoritative Answer) flag.

--ad[=bool], +[no]adflag

Sets the AD (Authenticated Data) flag.

--no-additional, +[no]additional

Toggle the display of the Additional section.

--no-answer, +[no]answer

Toggle the display of the Answer section.

--no-authority, +[no]authority

Toggle the display of the Authority section.

--no-bad-cookie, +[no]badcookie

Do not

--buffer-size int, +bufize=int

Set the UDP message buffer size, using EDNS. Max is 65535, minimum is zero. The default value is 1232.

--cd[=bool], +[no]cdflag

(Set, Unset) CD (Checking Disabled) flag.

--no-cookie, +[no]cookie[=string]

Send an EDNS cookie. This is enabled by default with a random string.

-D, --dnssec, +dnssec, +do

Request DNSSEC records as well. This sets the DNSSEC OK bit (DO)

--dnscrypt, +[no]dnscrypt

Use DNSCrypt.

--expire. +[no]expire

Send an EDNS Expire.

--edns-ver, +edns[=int]

Enable EDNS and set EDNS version. The maximum value is 255, and the minimum (default) value is 0.

--no-edns, +noedns

Disable EDNS.

-H, --https, +[no]https[=endpoint], +[no]https-post[=endpoint]

Use DNS-over-HTTPS (see RFC 8484). The default endpoint is /dns-query

+[no]https-get[=endpoint]

Use an HTTP GET instead of an HTTP POST when making a DNS-over-HTTPS query.

+[no]idnout

Converts [or leaves] punycode on output. Input is automatically translated to punycode.

--no-truncate, +ignore

Ignore UDP truncation (by default, awl retries with TCP).

-j, --json, +[no]json

Print the query results as JSON. The result is not in compliance with RFC 8427.

--keep-alive, +[no]keepalive, +[no]keepopen

Send an EDNS keep-alive. This does nothing unless using TCP.

--nsid, +[no]nsid

Send an EDNS name server ID request.

--qr[=bool], +[no]qrflag

Sets the QR (QueRy) flag.

--no-question, +[no]question

Toggle the display of the Question section.

-Q. --quic, +[no]quic

Use DNS-over-QUIC (see RFC 9250).

-s, --short, +[no]short

Print just the address of the answer.

--no-statistics, +[no]stats

Toggle the display of the Statistics (additional comments) section.

--subnet ip[/prefix], +[no]subnet[=ip[/prefix]]

Send an EDNS Client Subnet option with the specified address.

Like dig(1), setting the IP to 0.0.0.0/0, ::/0 or 0 will signal the resolver to not use any client information when returning the query.

--tc[=bool], +[no]tcflag

Sets the TC (TrunCated) flag

--tcp, +[no]tcp, +[no]vc

Use TCP for the query (see RFC 7766).

--timeout seconds, +timeout=seconds

Set the timeout period. Floating point numbers are accepted. 0.5 seconds is the minimum.

-T, --tls, +[no]tls

Use DNS-over-TLS, implies --tcp (see RFC 7858)

--tls-host string

Set hostname to use for TLS certificate validation. Default is the name of the domain when querying over TLS, and empty for IPs.

--tls-no-verify

Ignore TLS validation when performing a DNS query.

--trace, +trace

Trace the path of the query from the root, acting like its own resolver. This option enables DNSSEC. When @server is specified, this will only affect the initial query.

--retries int, +tries=int, +retry=int

Set the number of retries. Retry is one more than tries, dig style.

-X, --xml, +[no]xml

Print the query results as XML.

-y, --yaml, +[no]yaml

Print the query results as YAML.

-z[=bool], +[no]zflag

Sets the Z (Zero) flag.

--zflag int, +ednsflags=int

Set the must-be-zero EDNS flags. Decimal, hexadecimal and octal are supported. Trying to set DO will be ignored.

EXIT STATUS

The exit code is 0 when a query is successfully made and received. This includes SERVFAILs, NOTIMPL among others.

EXAMPLES

awl grumbulon.xyz -j +cd

Run a query of your local resolver for the A records of grumbulon.xyz, print them as JSON and disable DNSSEC verification.

awl +short example.com AAAA @1.1.1.1

Query 1.1.1.1 for the AAAA records of example.com, print just the answers

awl -xT PTR 8.8.4.4 @dns.google

Query dns.google over TLS for the PTR record to the IP address 8.8.4.4

SEE ALSO

drill(1), dig(1)

STANDARDS

RFC 1034,1035 (UDP), 7766 (TCP), 7858 (TLS), 8484 (HTTPS), 9230 (QUIC)

Probably more, https://www.statdns.com/rfc

BUGS

Full parity with dig(1) is not complete.

This man page is probably not complete.

Likely numerous more, report them either to the tracker https://git.froth.zone/sam/awl/issues or via email ~sammefishe/awl-dev@lists.sr.ht