02 Jul, 2024 - About 2 minutes
Dog
Intro
dog is an open-source DNS client for the command-line. It has colorful output, supports the DoT and DoH protocols, and can emit JSON.
Features
dog supports the new DNS-over-TLS and DNS-over-HTTPS protocols.
Install
It will depend on your distribution for Arch I’m using the traditional pacman command.
sudo pacman -S dog |
Using
Sending queries
To send DNS queries, just pass in the domain you want to query as a command-line argument.
By default, dog will request A records.
dog example.com |
Specifying record types
You can request other types of record, such as MX or AAAA, by including an all-caps argument.
dog example.com MX |
Specifying nameservers
You can specify which DNS server the request should be sent to by prefixing an argument with the “@” character.
dog example.com @8.8.4.4 |
Sending queries over TCP
Using the UDP transport is the default behavior. To send packets over TCP, instead of UDP, pass the -T or --tcp command-line options.
dog example.com --tcp |
One downside of using UDP is that its packets are limited to 4,096 bytes. This is not usually a problem, as a normal response will be hundreds of bytes at most. However, large responses, such as those containing multiple DNSSEC keys, will reach the limit and will not be able to be sent over UDP.
By default, dog will detect if this is happening — a DNS server will send an error response indicating the payload is too large — and will automatically re-send the query using TCP if it’s too big for UDP.
DNS-over-TLS
dog supports the new DoT (DNS-over-TLS) transport system. Queries using DoT will be sent over port 853 by default.
dog example.com --tls @dns.google |
DNS-over-HTTPS
dog supports the new DoH (DNS-over-HTTPS) transport system. Queries using DoH will be sent over port 443, the standard HTTPS port, by default
dog example.com --https @https://cloudflare-dns.com/dns-query |
JSON output
dog can format its output as JSON. If it is being run as part of a script, of if the results are going to be sent to another program, it is preferable to output in a machine-readable language instead of attempting to parse the default output, which is meant to be read by people
dog example.com A AAAA MX TXT --json |
Short mode
A common thing to want to do is to get one answer from one query, skipping the TTLs and Additional and Authoritative sections of the response.
dog example.com --short |
Conclusion
Most of this functionalities are integrated on dig command, however it provides some nice extended functionality like the json output which is easier to integrate with deployment scripts.
If you need to constantly validate infrastructure registers, DNS Caches, or if you manage some web hosting service this is something that could be useful.