Man Linux: Main Page and Category List

NAME

       unbound-host - unbound DNS lookup utility

SYNOPSIS

       unbound-host  [-vdhr46]  [-c  class]  [-t  type]  hostname [-y key] [-f
       keyfile] [-F namedkeyfile] [-C configfile]

DESCRIPTION

       Unbound-host uses the unbound validating  resolver  to  query  for  the
       hostname and display results. With the -v option it displays validation
       status: secure, insecure, bogus (security failure).

       By default it reads no configuration file whatsoever.  It  attempts  to
       reach  the  internet  root servers.  With -C an unbound config file and
       with -r resolv.conf can be read.

       The available options are:

       hostname
              This name is resolved (looked up in the DNS).  If a IPv4 or IPv6
              address is given, a reverse lookup is performed.

       -h     Show the version and commandline option help.

       -v     Enable  verbose output and it shows validation results, on every
              line.  Secure means that the NXDOMAIN  (no  such  domain  name),
              nodata  (no  such  data)  or  positive  data  response validated
              correctly with one of the keys.  Insecure means that that domain
              name  has  no  security set up for it.  Bogus (security failure)
              means that the response failed one or more checks, it is  likely
              wrong, outdated, tampered with, or broken.

       -d     Enable  debug  output  to stderr. One -d shows what the resolver
              and validator are doing and may tell you what is going on.  More
              times,  -d -d, gives a lot of output, with every packet sent and
              received.

       -c class
              Specify the class to lookup for, the default is IN the  internet
              class.

       -t type
              Specify  the type of data to lookup. The default looks for IPv4,
              IPv6 and mail handler data, or domain name pointers for  reverse
              queries.

       -y key Specify  a  public  key to use as trust anchor. This is the base
              for a chain of trust that is built up from the trust  anchor  to
              the  response, in order to validate the response message. Can be
              given as a DS or DNSKEY record.  For example -y "example.com  DS
              31560 5 1 1CFED84787E6E19CCF9372C1187325972FE546CD".

       -f keyfile
              Reads keys from a file. Every line has a DS or DNSKEY record, in
              the format as for -y. The zone file format, the same as dig  and
              drill produce.

       -F namedkeyfile
              Reads   keys   from  a  BIND-style  named.conf  file.  Only  the
              trusted-key {}; entries are read.

       -C configfile
              Uses the specified unbound.conf to prime libunbound(3).

       -r     Read /etc/resolv.conf, and use  the  forward  DNS  servers  from
              there  (those  could  have  been  set  by  DHCP).   More info in
              resolv.conf(5).  Breaks  validation  if  those  servers  do  not
              support DNSSEC.

       -4     Use solely the IPv4 network for sending packets.

       -6     Use solely the IPv6 network for sending packets.

EXAMPLES

       Some  examples  of use. The keys shown below are fakes, thus a security
       failure is encountered.

       $ unbound-host www.example.com

       $    unbound-host    -v    -y    "example.com    DS    31560    5     1
       1CFED84787E6E19CCF9372C1187325972FE546CD" www.example.com

       $     unbound-host    -v    -y    "example.com    DS    31560    5    1
       1CFED84787E6E19CCF9372C1187325972FE546CD" 192.0.2.153

EXIT CODE

       The unbound-host program exits with status code 1 on  error,  0  on  no
       error.  The data may not be available on exit code 0, exit code 1 means
       the lookup encountered a fatal error.

SEE ALSO

       unbound.conf(5), unbound(8).