Login or Register to Ask a Question and Join Our Community

Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

unbound-host(1) [debian man page]

unbound-host(1) 						  unbound 1.4.17						   unbound-host(1)

NAME

       unbound-host - unbound DNS lookup utility

SYNOPSIS

       unbound-host [-vdhr46] [-c class] [-t type] hostname [-y key] [-f keyfile] [-F namedkeyfile] [-C configfile]

DESCRIPTION

       Unbound-host  uses the unbound validating resolver to query for the hostname and display results. With the -v option it displays validation
       status: secure, insecure, bogus (security failure).

       By default it reads no configuration file whatsoever.  It attempts to reach the internet root servers.  With -C an unbound config file  and
       with -r resolv.conf can be read.

       The available options are:

       hostname
	      This name is resolved (looked up in the DNS).  If a IPv4 or IPv6 address is given, a reverse lookup is performed.

       -h     Show the version and commandline option help.

       -v     Enable  verbose output and it shows validation results, on every line.  Secure means that the NXDOMAIN (no such domain name), nodata
	      (no such data) or positive data response validated correctly with one of the keys.  Insecure means that  that  domain  name  has	no
	      security	set  up for it.  Bogus (security failure) means that the response failed one or more checks, it is likely wrong, outdated,
	      tampered with, or broken.

       -d     Enable debug output to stderr. One -d shows what the resolver and validator are doing and may tell you what is going on. More times,
	      -d -d, gives a lot of output, with every packet sent and received.

       -c class
	      Specify the class to lookup for, the default is IN the internet class.

       -t type
	      Specify  the  type  of  data  to lookup. The default looks for IPv4, IPv6 and mail handler data, or domain name pointers for reverse
	      queries.

       -y key Specify a public key to use as trust anchor. This is the base for a chain of trust that is built up from the  trust  anchor  to  the
	      response,  in order to validate the response message. Can be given as a DS or DNSKEY record.  For example -y "example.com DS 31560 5
	      1 1CFED84787E6E19CCF9372C1187325972FE546CD".

       -f keyfile
	      Reads keys from a file. Every line has a DS or DNSKEY record, in the format as for -y. The zone file format, the	same  as  dig  and
	      drill produce.

       -F namedkeyfile
	      Reads keys from a BIND-style named.conf file. Only the trusted-key {}; entries are read.

       -C configfile
	      Uses the specified unbound.conf to prime libunbound(3).

       -r     Read /etc/resolv.conf, and use the forward DNS servers from there (those could have been set by DHCP).  More info in resolv.conf(5).
	      Breaks validation if those servers do not support DNSSEC.

       -4     Use solely the IPv4 network for sending packets.

       -6     Use solely the IPv6 network for sending packets.

EXAMPLES

       Some examples of use. The keys shown below are fakes, thus a security failure is encountered.

       $ unbound-host www.example.com

       $ unbound-host -v -y "example.com DS 31560 5 1 1CFED84787E6E19CCF9372C1187325972FE546CD" www.example.com

       $ unbound-host -v -y "example.com DS 31560 5 1 1CFED84787E6E19CCF9372C1187325972FE546CD" 192.0.2.153

EXIT CODE

       The unbound-host program exits with status code 1 on error, 0 on no error. The data may not be available on exit code 0, exit code 1  means
       the lookup encountered a fatal error.

SEE ALSO

       unbound.conf(5), unbound(8).

NLnet Labs							   May 24, 2012 						   unbound-host(1)

Check Out this Related Man Page

unbound(8)							   unbound 1.5.1							unbound(8)

NAME

       unbound - Unbound DNS validating resolver 1.5.1.

SYNOPSIS

       unbound [-h] [-d] [-v] [-c cfgfile]

DESCRIPTION

       Unbound is a caching DNS resolver.

       It uses a built in list of authoritative nameservers for the root zone (.), the so called root hints.  On receiving a DNS query it will ask
       the root nameservers for an answer and will in almost all cases receive a delegation to a top level domain (TLD) authoritative  nameserver.
       It  will  then  ask  that nameserver for an answer.  It will recursively continue until an answer is found or no answer is available (NXDO-
       MAIN).  For performance and efficiency reasons that answer is cached for a certain time (the answer's time-to-live or TTL).  A second query
       for the same name will then be answered from the cache.	Unbound can also do DNSSEC validation.

       To use a locally running Unbound for resolving put

	     nameserver 127.0.0.1

       into resolv.conf(5).

       If  authoritative  DNS  is needed as well using nsd(8), careful setup is required because authoritative nameservers and resolvers are using
       the same port number (53).

       The available options are:

       -h     Show the version and commandline option help.

       -c cfgfile
	      Set  the	config	file  with  settings  for  unbound  to	read  instead	of   reading   the   file   at	 the   default	 location,
	      /var/unbound/unbound.conf. The syntax is described in unbound.conf(5).

       -d     Debug  flag:  do	not fork into the background, but stay attached to the console.  This flag will also delay writing to the log file
	      until the thread-spawn time, so that most config and setup errors appear on stderr. If given twice or more, logging does not  switch
	      to the log file or to syslog, but the log messages are printed to stderr all the time.

       -v     Increase	verbosity.  If	given  multiple times, more information is logged.  This is in addition to the verbosity (if any) from the
	      config file.

SEE ALSO

       unbound.conf(5), unbound-checkconf(8), nsd(8).

AUTHORS

       Unbound developers are mentioned in the CREDITS file in the distribution.

NLnet Labs							   Dec	8, 2014 							unbound(8)
Man Page