Package ldns-utils

DNS(SEC) utilities for querying dns

Collection of tools to get, check or alter DNS(SEC) data.

General Commands (Section 1)
drill is a tool to designed to get all sorts of information out of the DNS. It is specificly designed to be used with DNSSEC. The name drill is a pun on dig...
ldns-chaos retrieves all the addresses of the nameserver and then queries each address for its version.bind and hostname.bind. ldns-chaos is a bit more complex...
ldns-compare-zones reads two DNS zone files and prints number of differences.
When writing programs using ldns, you have to tell the compiler where to look for include files and what libraries from which location to link to. ldns-config...
ldnsd is a simple daemon that answers queries for a zone. This is NOT a full-fledged authoritative nameserver!
In the first form: A TLS connection to name:port is established. The TLSA resource record(s) for name are used to authenticate the connection. In the second...
dpa is used to analyze dns packets in trace files. It has 3 main options: count, filter, and count uniques (i.e. count all different occurences).
ldns-gen-zone reads a DNS zone file and prints it. It is build for speed, not for a nice formatting. The output has one resource record per line and no...
ldns-key2ds is used to transform a public DNSKEY RR to a DS RR. When run it will read file with a DNSKEY RR in it and it will create a .ds file with the DS RR...
ldns-keyfetcher is used to retrieve the DNSKEYs of a zone. First it finds all authoritative nameservers of the zone by tracing it from the root down. All...
ldns-keygen is used to generate a private/public keypair. When run, it will create 3 files; a .key file with the public DNSKEY, a .private file with the private...
ldns-mx is used to print out mx information of a domain.
ldns-notify sends a NOTIFY message to DNS servers. This tells them that an updated zone is available at the master servers. It can perform TSIG signatures and...
ldns-nsec3-hash is used to print out the NSEC3 hash for the given domain name.
ldns-read-zone reads a DNS zone file and prints it. The output has 1 resource record per line, and no pretty-printing makeup.
ldns-resolver tries to create a resolver from a resolv.conf file. This is only useful to test the library for robusteness with input data.
ldns-revoke is used to revoke a public DNSKEY RR. When run it will read file with a DNSKEY RR in it, sets the revoke bit and write back the output to file .
ldns-rrsig is used to print the expiration and inception date of a RRSIG. The first argument is a domain name. ldns-rrsig will query the authoritative servers...
ldns-signzone is used to generate a DNSSEC signed zone. When run it will create a new zonefile that contains RRSIG and NSEC resource records, as specified in...
ldns-test-edns tests a DNS cache and checks if it supports EDNS0 and DNSSEC types so that it can be used as a dnssec-enabled DNS cache. It sends two queries to...
ldns-testns can be used to provide answers to DNS queries for testing. The answers are premade, and can be tailored to testing needs. The answers can be wildly...
ldns-update is used to send a dynamic update packet.
ldns-verify-zone reads a DNS zone file and verifies it. RRSIG resource records are checked against the DNSKEY set at the zone apex. Each name is checked for an...
ldns-version is used to print out version information of the ldns library and tools
ldns-walk is used to retrieve the contents of a DNSSEC signed zone. It does this through NSEC-walking (following the chain of NSEC records) and 'guessing' the...
ldns-zcat will read in a bunch of (z)split up zonefiles and creates a new larger zone file. The SOA record in the first part is used as the SOA record in the...
ldns-zsplit [ Options ] zonefile