zdns - Trickest Platform Documentation

Name:zdns

Category:Recon

Publisher:trickest-mhmdiaa

Created:4/2/2024

Container:quay.io/trickest/zdns:v2.0.5

Output Type:

License:Unknown

Source:View Source

Parameters

tls

boolean

--tlsUse DNS over TLS for lookups, mutually exclusive with --udp-only, --iterative, and --https

nsid

boolean

--nsidRequest NSID.

alexa

boolean

--alexais input file from Alexa Top Million download

class

string

--classDNS class to query. Options: INET, CSNET, CHAOS, HESIOD, NONE, ANY. (default: INET)

https

boolean

--httpsUse DNS over HTTPS for lookups, mutually exclusive with --udp-only, --iterative, and --tls

input

string

Input target

quiet

boolean

--quietdo not print status updates

dnssec

boolean

--dnssecRequests DNSSEC records by setting the DNSSEC OK (DO) bit

module

string

required

module (one command of: A, AAAA, AFSDB, ALOOKUP, AMTRELAY, ANY, APL, ATMA, AVC, AXFR, BINDVERSION, CAA, CDNSKEY, CDS, CERT, CNAME, CSYNC, DHCID, DMARC, DNAME, DNSKEY, DS, EID, EUI48, EUI64, GID, GPOS, HINFO, HIP, HTTPS, IPSECKEY, ISDN, KEY, KX, L32, L64, LOC, LP, MB, MD, MF, MG, MINFO, MR, MULTIPLE, MX, MXLOOKUP, NAPTR, NID, NIMLOC, NINFO, NONE, NS, NSAPPTR, NSEC, NSEC3, NSEC3PARAM, NSLOOKUP, NULL, NXNAME, NXT, OPENPGPKEY, OPT, PTR, PX, RKEY, RP, RRSIG, RT, SIG, SMIMEA, SOA, SPF, SPF, SRV, SSHFP, SVCB, TALINK, TKEY, TLSA, TXT, UID, UINFO, UNSPEC, URI, X25 or ZONEMD)

prefix

string

--prefixname to be prepended to what's passed in (e.g., www.)

retries

string

--retrieshow many times should zdns retry query if timeout or temporary failure (default 3)

threads

string

--threadsnumber of lightweight go threads (default 1000)

timeout

string

--timeouttimeout for resolving an individual name (default 20)

tcp-only

boolean

--tcp-onlyOnly perform lookups over TCP

udp-only

boolean

--udp-onlyOnly perform lookups over UDP

conf-file

file

--conf-fileconfig file for DNS servers (default /etc/resolv.conf)

iterative

boolean

--iterativePerform own iteration instead of relying on recursive resolver

max-depth

string

--max-depthhow deep should we recurse when performing iterative lookups (default 10)

verbosity

string

--verbositylog verbosity: 1 (lowest)--5 (highest) (default 3)

cache-size

string

--cache-sizehow many items can be stored in internal recursive cache (default 10000)

input-file

file

required

Input file

local-addr

string

--local-addrcomma-delimited list of local addresses to use, serve as the source IP for outbound queries

nanoseconds

boolean

--nanosecondsUse nanosecond resolution timestamps

go-processes

string

--go-processesnumber of OS processes to use, GOMAXPROCS if 0 (default: 0)

name-servers

string

--name-serversList of DNS servers to use. Can be passed as comma-delimited string. If no port is specified, defaults to 53. If not provided, defaults to either the default root servers in --iterative or the recursive resolvers specified in /etc/resolv.conf or OS equivalent.

client-subnet

string

--client-subnetClient subnet in CIDR format for EDNS0.

override-name

string

--override-namename overrides all passed in names. Commonly used with --name-server-mode.

root-cas-file

file

--root-cas-filePath to a file containing PEM-encoded root CAs to use for verifying server certificates, required for --verify-server-cert

blacklist-file

file

--blacklist-fileblacklist file for servers to exclude from lookups

include-fields

string

--include-fieldsComma separated list of fields to additionally output beyond result verbosity. Options: class, protocol, ttl, resolver, flags, dnssec

ipv4-transport

boolean

--4utilize IPv4 query transport only, incompatible with --6

ipv6-transport

boolean

--6utilize IPv6 query transport only, incompatible with --4

all-nameservers

boolean

--all-nameserversBehavior is dependent on --iterative. In --iterative, --all-name-servers will query all root servers, then all gtld servers, etc. recording the responses at each layer. In non-iterative mode, the query will be sent to all external resolvers specified in --name-servers.

local-interface

string

--local-interfacelocal interface to use

network-timeout

string

--network-timeouttimeout for round trip network operations, in seconds (default 2)

validate-dnssec

boolean

--validate-dnssecValidate DNSSEC records, only applicable with --iterative

name-server-mode

boolean

--name-server-modeTreats input as nameservers to query with a static query rather than queries to send to a static name server

no-follow-cnames

boolean

--no-follow-cnamesdo not follow CNAMEs/DNAMEs in the lookup process

result-verbosity

string

--result-verbositySets verbosity of each output record. Options: short, normal, long, trace (default: normal)

checking-disabled

boolean

--checking-disabledSends DNS packets with the CD bit set

iteration-timeout

string

--iteration-timeouttimeout for a single iterative step in an iterative query, in seconds. Only applicable with --iterative (default: 8)

multi-config-file

file

--multi-config-fileconfig file path for multiple module configurations

no-recycle-sockets

boolean

--no-recycle-socketsdo not create long-lived unbound UDP socket for each thread at launch and reuse for all (UDP) queries

verify-server-cert

boolean

--verify-server-certVerify the server's certificate when using DNS over TLS or DNS over HTTPS

metadata-passthrough

boolean

--metadata-passthroughif input records have the form 'name,METADATA', METADATA will be propagated to the output

prefer-ipv4-iteration

boolean

--prefer-ipv4-iterationPrefer IPv4/A record lookups during iterative resolution. Ignored unless used with both IPv4 and IPv6 query transport

prefer-ipv6-iteration

boolean

--prefer-ipv6-iterationPrefer IPv6/AAAA record lookups during iterative resolution. Ignored unless used with both IPv4 and IPv6 query transport

Library

Parameters