How to query for DNS over HTTPS/DNS over TLS using command line?

I didn't find a single tool for both the purpose, but I did find ways to use them.

There are two ways to query DoH:

# json
curl -H 'accept: application/dns-json' 'https://cloudflare-dns.com/dns-query?name=example.com&type=A' | jq .
# dns wireformat
curl -H 'accept: application/dns-message' 'https://dns.google/dns-query?dns=q80BAAABAAAAAAAAA3d3dwdleGFtcGxlA2NvbQAAAQAB'  | hexdump -c

For DoT, you can use kdig tool provided by knot. The command line is similar to dig:

apt-get install knot-dnsutils
# For macOS:
# brew install knot
kdig -d @8.8.8.8 +tls-ca +tls-host=dns.google.com example.com

where the 8.8.8.8 is the pre-resolved address of the tls host (dns.google.com).

Update: Here is a tool (https://github.com/ameshkov/dnslookup) that supports all major DNS protocols on its own and is able to produce machine-readable output.

curl has official DoH support since version 7.62.0 (the question is how many of your target endpoints have curl uptodate to this version.)

Use it by utilizing the --doh-url option. Example:

curl --doh-url https://cloudflare-dns.com/dns-query https://www.google.com

See: https://github.com/curl/curl/wiki/DOH-implementation https://daniel.haxx.se/blog/2018/09/06/doh-in-curl/

How to query for DNS over HTTPS/DNS over TLS using command line?

Tags:

Command Line

Dns

Related

Recent Posts