DNS

Knot

OpenBSD

KNOT DNS

some information related to knot dns / knot-dnsutils. Tested with ‘knotd (Knot DNS), version 3.3.3’ running on OpenBSD 7.5.

Install Knot

pkg_add knot

Build Config

we’re configure this server as “slave” which get’s it’s config from a Primary Nameserver

# /etc/knot/knot.conf 

server:
    rundir: "/var/run/knot"
    user: _knot:_knot
    automatic-acl: on
    listen: [ xx.xx.xx.xx@53, xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx@53 ]

log:
  - target: syslog
    any: info

database:
    storage: "/var/db/knot"

key:
  - id: mykey
    algorithm: hmac-sha256
    secret: xXxXxXxXxXxXxXxXxXxXxXxXxXxXxXxXxXxXxXxXxXx=

remote:
  - id: primary
    address: [ xx.xx.xx.xx@53, xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx@53 ] # IP Address of Primary Nameserver
    key: mykey

template:
  # default
  - id: default
    storage: "/var/db/knot"
    file: "%s.zone"
    global-module: mod-stats
    semantic-checks: on

zone:

  # Slave Zones
  - domain: your-domain.ch
    master: primary
  - domain: your-other-domain.de
    master: primary
  - domain: your-last-domain.com
    master: primary

enable and start service

rcctl enable knot
rcctl restart knot

zone backup

folder="/tmp/knot"
mkdir $folder
chown -R _knot $folder
knotc zone-backup +backupdir $folder

Build query File

cat ${folder}/zonefiles/stoege.net.zone |awk "{print \$1,\$3}" |grep -E "(NS|DS|A|AAAA|PTR|MX|SOA)$" |\
  sort -u -R > ${folder}/queries.txt

StressTests (from a Debian Box)

apt install knot-dnsutils
cd /tmp
scp [email protected]:/tmp/knot/queries.txt .

5k Queries

kxdpgun -i queries.txt 45.32.159.233

using interface ens18, XDP threads 1, UDP, native mode
thread#00: sent 5010, received 5010
total queries:     5010 (1002 pps)
total replies:     5010 (1002 pps) (100%)
average DNS reply size: 63 B
average Ethernet reply rate: 842459 bps (0.84 Mbps)
responded NOERROR:   5010
duration: 5 s

100k Queries

time kxdpgun -t 20 -Q 5000 -i queries.txt -b 20 -p 8853 45.32.159.233

using interface ens18, XDP threads 1, UDP, native mode
thread#00: sent 100020, received 0
total queries:     100020 (5001 pps)
total replies:     0 (0 pps) (0%)
average DNS reply size: 0 B
average Ethernet reply rate: 24 bps (0.00 Mbps)
duration: 20 s

real	0m22.052s
user	0m0.092s
sys	0m0.183s

khost – Simple DNS lookup utility¶

# khost stoege.net
stoege.net. has IPv4 address 159.69.214.12
stoege.net. has IPv6 address 2a01:4f8:c0c:fff7::2
stoege.net. mail is handled by 10 ideo.noflow.ch.

# khost stoege.net -t SOA
stoege.net. start of authority is ns1.noflow.ch. hostmaster.noflow.ch. 2024052701 3600 900 1209600 1800

kdig – Advanced DNS lookup utility¶

# kdig stoege.net A    
;; ->>HEADER<<- opcode: QUERY; status: NOERROR; id: 57426
;; Flags: qr rd ra; QUERY: 1; ANSWER: 1; AUTHORITY: 0; ADDITIONAL: 0

;; QUESTION SECTION:
;; stoege.net.         		IN	A

;; ANSWER SECTION:
stoege.net.         	1800	IN	A	159.69.214.12

;; Received 44 B
;; Time 2024-07-10 19:27:20 CEST
;; From 108.61.10.10@53(UDP) in 1.4 ms

short answer

# kdig +short stoege.net AAAA
2a01:4f8:c0c:fff7::2

output in json

# kdig +json stoege.net AAAA
{
  "dateString": "2024-07-10T19:28:01+0200",
  "dateSeconds": 1720632481,
  "msgLength": 56,
  "ID": 27609,
  "QR": 1,
  "Opcode": 0,
  "AA": 0,
  "TC": 0,
  "RD": 1,
  "RA": 1,
  "AD": 0,
  "CD": 0,
  "RCODE": 0,
  "QDCOUNT": 1,
  "ANCOUNT": 1,
  "NSCOUNT": 0,
  "ARCOUNT": 0,
  "QNAME": "stoege.net.",
  "QTYPE": 28,
  "QTYPEname": "AAAA",
  "QCLASS": 1,
  "QCLASSname": "IN",
  "answerRRs": [
    {
      "NAME": "stoege.net.",
      "TYPE": 28,
      "TYPEname": "AAAA",
      "CLASS": 1,
      "CLASSname": "IN",
      "TTL": 1800,
      "rdataAAAA": "2a01:4f8:c0c:fff7::2",
      "RDLENGTH": 16,
      "RDATAHEX": "2A0104F80C0CFFF70000000000000002"
    }
  ]
}
Any Comments ?

sha256: 4034db839fb307e487b0188f378a9bc142ededf7de783788811c270f126f03f5

SOA Checker

OpenBSD

Intro

this is a little script which reads the Name Servers for a given Domain, and then asks the NameServer for the SOA of this Domain.

Script

cat << 'EOF' > soachecker.sh
#!/usr/bin/env bash

# Little SOA & Serial Checker, v0.1, @stoege

tmpfile=$(mktemp)

# Check Args
echo
if [ $# -eq 0 ]; then
  d="stoege.net"
  echo -e "No argument provided. use \033[1m'${d}'\033[0m"
elif [ $# -eq 1 ]; then
  d="$1"
  echo -e "Domain \033[1m'${d}'\033[0m provided"
else
  echo -e "\033[1mmore than one arguments provided. Exit 1.\033[0m"
  exit 1
fi

# Build File
for i in $(dig +short NS ${d} |tr '\n' ' '); do
  echo -e "\ndig +short SOA \033[1m@${i}\033[0m ${d}"
  dig +short SOA @${i} ${d} |tee -a ${tmpfile}
done

# uniq & count
echo
cat ${tmpfile} |sort |uniq -c |awk '{ printf "%d x Serial: %s\n", $1,$4 }'

# cleanup
rm ${tmpfile}

echo
exit 0
EOF
chmod u+x soachecker.sh

Run it

$ ./soachecker.sh stoege.net

Domain 'stoege.net' provided

echo dig +short SOA @ns3.noflow.ch. stoege.net
ns1.noflow.ch. hostmaster.noflow.ch. 2023050124 3600 900 1209600 1800

echo dig +short SOA @ns1.noflow.ch. stoege.net
ns1.noflow.ch. hostmaster.noflow.ch. 2023050124 3600 900 1209600 1800

echo dig +short SOA @ns2.nolink.ch. stoege.net
ns1.noflow.ch. hostmaster.noflow.ch. 2023050124 3600 900 1209600 1800

3 x Serial: 2023050124

let me know if you like this !

acme.sh

Security

Certificate Management with ‘acme.sh’

I like to manage my certificates on my own. If you work with Wildcard Certs, acme.sh is a nice and flexible ACME Client, purely written in Shell.

It’s probably the easiest & smartest shell script to automatically issue & renew the free certificates.

Basic Handling

Get Version

acme.sh --version

run it

# acme.sh --version
https://github.com/acmesh-official/acme.sh
v3.0.6

Upgrade Self

are we up2date ?

acme.sh --upgrade

run it

# acme.sh --upgrade
[Mon May  1 11:35:55 CEST 2023] Already uptodate!
[Mon May  1 11:35:55 CEST 2023] Upgrade success!

Info

General Info about the Setup

Acme-DNS

Web

A simplified DNS server with a RESTful HTTP API to provide a simple way to automate ACME DNS challenges. Sounds promising, right ? Let’s give try ;)

Setup

fireup a new OpenBSD VM

  • let’s do it in London.
  • ip: 100.10.20.30

patch, update, add go

doas su -
syspatch
pkg_add -Vu
pkg_add go

clone repo and build acme-dns

cd /root
git clone https://github.com/joohoi/acme-dns
cd acme-dns
export GOPATH=/tmp/acme-dns
go build
cp acme-dns /usr/local/sbin/

Create Selfsign Cert

the RESTful API need’s a Cert. Let’s use a selfsigned Cert for this demonstration.

DNSSEC - OARC Size Tester

DNS, Security

Talk from @mwl at BSDCAN 2022

https://www.youtube.com/watch?v=1n62VZj-CKI

OARC Reply Size Tester

dig +short rs.dns-oarc.net TXT

Host1 - good :)

# dig +short rs.dns-oarc.net TXT
rst.x4090.rs.dns-oarc.net.
rst.x4058.x4090.rs.dns-oarc.net.
rst.x4064.x4058.x4090.rs.dns-oarc.net.
"45.15.80.80 DNS reply size limit is at least 4090"
"45.15.80.80 sent EDNS buffer size 4096"

Host2 - bad :(

# dig +short rs.dns-oarc.net TXT
rst.x1196.rs.dns-oarc.net.
rst.x1206.x1196.rs.dns-oarc.net.
rst.x1204.x1206.x1196.rs.dns-oarc.net.
"74.63.25.240 DNS reply size limit is at least 1206"
"74.63.25.240 sent EDNS buffer size 1232"
Any Comments ?

sha256: 110b220f93eff767b7e4d488294b00ede4f4509258d0148704b145df79fa9821

IPv6 Reverse DNS

OpenBSD

IPv6 is fun, if you know how to handle it ! As a “sponsor LIR”, i got my own AS and a small /44 IP Space. So, as we all do “forward” DNS with our Domains, i’d like to have Reverse DNS as well. And as i don’t have a legacy IP Range, i like todo it with my v6 Space. Special thanks to Christian for his remote Hands/Tips. Appreciate it!

PowerDNS on OpenBSD

OpenBSD

Run PowerDNS on OpenBSD

I’m mostly happy with NSD as Authoritative Nameserver. But why not look over the fence and have a look at PowerDNS ? At least the API looks promising to me …

Install Package

doas pkg_add powerdns--

Create Folder, DB and set Permission

doas mkdir /var/db/pdns
doas sqlite3 /var/db/pdns/pdns.sql < /usr/local/share/doc/pdns/schema.sqlite3.sql
doas chown -R _powerdns:wheel /var/db/pdns/

Update Config File /etc/pdns/pdns.conf

# DB
gsqlite3-database=/var/db/pdns/pdns.sql
launch=gsqlite3
setuid=_powerdns

# Tuning & Protection
max-queue-length=5000
overload-queue-length=2500

# Webserver
webserver=yes
webserver-address=ip-of-your-nameserver
webserver-allow-from=127.0.0.1,::1,my-remote-ip-address

Enable and Start Service

doas rcctl enable pdns_server
doas rcctl restart pdns_server

Import Data from NSD

If you have an existing NSD Setup, you can easily import the zones into the sqlite db.

Dog

OpenBSD

Dog (echo dig |sed ’s/i/o/')

you know nslookup, dig, hosts, getenv and all the commans for the cli. but have you ever tried dog ?

Website: https://dns.lookup.dog/

and their Doku: https://dns.lookup.dog/dns-in-five-minutes

dog is an open-source DNS client for the command-line. It has colourful output, supports the DoT and DoH protocols, and can emit JSON.

Install Package

$ doas pkg_add dog

Examples

DNS over TLS

$ dog example.com --tls @dns.google

DNS Request over HTTPS

$ dog -H @https://dns.google/dns-query lookup.dog
A lookup.dog. 18m08s   51.159.26.255

Json Support

$ dog bsago.me --json | jq .responses[0].answers[0]
{
  "address": "138.68.117.94",
  "class": "IN",
  "name": "bsago.me.",
  "ttl": 7111,
  "type": "A"
}

Full Help File

$ dog --help
dog ● command-line DNS client

Usage:
  dog [OPTIONS] [--] <arguments>

Examples:
  dog example.net                          Query a domain using default settings
  dog example.net MX                       ...looking up MX records instead
  dog example.net MX @1.1.1.1              ...using a specific nameserver instead
  dog example.net MX @1.1.1.1 -T           ...using TCP rather than UDP
  dog -q example.net -t MX -n 1.1.1.1 -T   As above, but using explicit arguments

Query options:
  <arguments>              Human-readable host names, nameservers, types, or classes
  -q, --query=HOST         Host name or IP address to query
  -t, --type=TYPE          Type of the DNS record being queried (A, MX, NS...)
  -n, --nameserver=ADDR    Address of the nameserver to send packets to
  --class=CLASS            Network class of the DNS record being queried (IN, CH, HS)

Sending options:
  --edns=SETTING           Whether to OPT in to EDNS (disable, hide, show)
  --txid=NUMBER            Set the transaction ID to a specific value
  -Z=TWEAKS                Set uncommon protocol-level tweaks

Protocol options:
  -U, --udp                Use the DNS protocol over UDP
  -T, --tcp                Use the DNS protocol over TCP
  -S, --tls                Use the DNS-over-TLS protocol
  -H, --https              Use the DNS-over-HTTPS protocol

Output options:
  -1, --short              Short mode: display nothing but the first result
  -J, --json               Display the output as JSON
  --color, --colour=WHEN   When to colourise the output (always, automatic, never)
  --seconds                Do not format durations, display them as seconds
  --time                   Print how long the response took to arrive

Meta options:
  -?, --help               Print list of command-line options
  -v, --version            Print version information

Happy Dog !

Gluerecords

DNS

https://serverfault.com/questions/142344/how-to-test-dns-glue-record

Check GlueRecords

host:~ $ dig +short ch. NS
c.nic.ch.
a.nic.ch.
h.nic.ch.
f.nic.ch.
g.nic.ch.
b.nic.ch.
e.nic.ch.

host:~ $ dig +norec @a.nic.ch. noflow.ch. NS

; <<>> DiG 9.10.6 <<>> +norec @a.nic.ch. noflow.ch. NS
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29211
;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 3, ADDITIONAL: 4

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;noflow.ch. IN  NS

;; AUTHORITY SECTION:
noflow.ch.  3600  IN  NS  ns3.noflow.ch.
noflow.ch.  3600  IN  NS  ns2.noflow.ch.
noflow.ch.  3600  IN  NS  ns1.noflow.ch.

;; ADDITIONAL SECTION:
ns3.noflow.ch.  3600  IN  A 45.32.159.233
ns2.noflow.ch.  3600  IN  A 193.36.36.130
ns1.noflow.ch.  3600  IN  A 45.15.80.202

;; Query time: 12 msec
;; SERVER: 2001:620:0:ff::56#53(2001:620:0:ff::56)
;; WHEN: Wed Aug 26 23:09:52 CEST 2020
;; MSG SIZE  rcvd: 140

you can see, there are three gluerecords with (A) and none with (AAAA). need to talk with my domain hosting provider as i’d like to have AAAA as well …

Dig Dns Whois

Blog

whois egal.com

user@erde$ whois egal.com
   Domain Name: EGAL.COM
   Registry Domain ID: 1979745_DOMAIN_COM-VRSN
   Registrar WHOIS Server: whois.name.com
   Registrar URL: http://www.name.com
   Updated Date: 2019-09-25T20:43:47Z
   Creation Date: 1996-03-25T05:00:00Z
   Registry Expiry Date: 2022-03-26T04:00:00Z
   Registrar: Name.com, Inc.
   Registrar IANA ID: 625
   Registrar Abuse Contact Email: [email protected]
   Registrar Abuse Contact Phone: 7202492374
   Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
   Name Server: NS1CNY.NAME.COM
   Name Server: NS2KRY.NAME.COM
   Name Server: NS3DKZ.NAME.COM
   Name Server: NS4BHT.NAME.COM
   DNSSEC: unsigned
   URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of whois database: 2019-10-28T12:57:34Z <<<

For more information on Whois status codes, please visit https://icann.org/epp

NOTICE: The expiration date displayed in this record is the date the
registrar's sponsorship of the domain name registration in the registry is
currently set to expire. This date does not necessarily reflect the expiration
date of the domain name registrant's agreement with the sponsoring
registrar.  Users may consult the sponsoring registrar's Whois database to
view the registrar's reported date of expiration for this registration.

TERMS OF USE: You are not authorized to access or query our Whois
database through the use of electronic processes that are high-volume and
automated except as reasonably necessary to register domain names or
modify existing registrations; the Data in VeriSign Global Registry
Services' ("VeriSign") Whois database is provided by VeriSign for
information purposes only, and to assist persons in obtaining information
about or related to a domain name registration record. VeriSign does not
guarantee its accuracy. By submitting a Whois query, you agree to abide
by the following terms of use: You agree that you may use this Data only
for lawful purposes and that under no circumstances will you use this Data
to: (1) allow, enable, or otherwise support the transmission of mass
unsolicited, commercial advertising or solicitations via e-mail, telephone,
or facsimile; or (2) enable high volume, automated, electronic processes
that apply to VeriSign (or its computer systems). The compilation,
repackaging, dissemination or other use of this Data is expressly
prohibited without the prior written consent of VeriSign. You agree not to
use electronic processes that are automated and high-volume to access or
query the Whois database except as reasonably necessary to register
domain names or modify existing registrations. VeriSign reserves the right
to restrict your access to the Whois database in its sole discretion to ensure
operational stability.  VeriSign may restrict or terminate your access to the
Whois database for failure to abide by these terms of use. VeriSign
reserves the right to modify these terms at any time.

The Registry database contains ONLY .COM, .NET, .EDU domains and
Registrars.
Domain Name: EGAL.COM
Registry Domain ID: 1979745_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.name.com
Registrar URL: http://www.name.com
Updated Date: 2019-09-25T20:43:47Z
Creation Date: 1996-03-25T05:00:00Z
Registrar Registration Expiration Date: 2022-03-26T04:00:00Z
Registrar: Name.com, Inc.
Registrar IANA ID: 625
Reseller:
Domain Status: clientTransferProhibited https://www.icann.org/epp#clientTransferProhibited
Registry Registrant ID: Not Available From Registry
Registrant Name: Domain Manager
Registrant Organization: Affordable Webhosting, Inc., Customers
Registrant Street: PO Box 1508
Registrant City: Manzanita
Registrant State/Province: OR
Registrant Postal Code: 97130-1508
Registrant Country: US
Registrant Phone: +1.8773593385
Registrant Email: [email protected]
Registry Admin ID: Not Available From Registry
Admin Name: Domain Manager
Admin Organization: Affordable Webhosting, Inc., Customers
Admin Street: PO Box 1508
Admin City: Manzanita
Admin State/Province: OR
Admin Postal Code: 97130-1508
Admin Country: US
Admin Phone: +1.8773593385
Admin Email: [email protected]
Registry Tech ID: Not Available From Registry
Tech Name: Domain Manager
Tech Organization: Affordable Webhosting, Inc., Customers
Tech Street: PO Box 1508
Tech City: Manzanita
Tech State/Province: OR
Tech Postal Code: 97130-1508
Tech Country: US
Tech Phone: +1.8773593385
Tech Email: [email protected]
Name Server: ns1cny.name.com
Name Server: ns2kry.name.com
Name Server: ns3dkz.name.com
Name Server: ns4bht.name.com
DNSSEC: unSigned
Registrar Abuse Contact Email: [email protected]
Registrar Abuse Contact Phone: +1.7203101849
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2019-10-28T12:57:49Z <<<

For more information on Whois status codes, please visit https://icann.org/epp

dig egal.com

user@erde$ dig egal.com

; <<>> DiG 9.4.2-P2 <<>> egal.com
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40487
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;egal.com.                      IN      A

;; ANSWER SECTION:
egal.com.               185     IN      A       75.126.102.240

;; Query time: 0 msec
;; SERVER: 192.168.108.211#53(192.168.108.211)
;; WHEN: Mon Oct 28 13:59:27 2019
;; MSG SIZE  rcvd: 42

dig -t SOA egal.com

user@erde$ dig -t SOA egal.com

; <<>> DiG 9.4.2-P2 <<>> -t SOA egal.com
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8267
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;egal.com.                      IN      SOA

;; ANSWER SECTION:
egal.com.               300     IN      SOA     ns1cny.name.com. support.name.com. 1571875200 10800 3600 604800 3600

;; Query time: 246 msec
;; SERVER: 192.168.108.211#53(192.168.108.211)
;; WHEN: Mon Oct 28 14:00:11 2019
;; MSG SIZE  rcvd: 82

dig -t SOA @ns1cny.name.com egal.com

user@erde$ dig -t SOA @ns1cny.name.com. egal.com.

; <<>> DiG 9.4.2-P2 <<>> -t SOA @ns1cny.name.com. egal.com.
; (2 servers found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13194
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;egal.com.                      IN      SOA

;; ANSWER SECTION:
egal.com.               300     IN      SOA     ns1cny.name.com. support.name.com. 1571875200 10800 3600 604800 3600

;; Query time: 31 msec
;; SERVER: 162.88.61.47#53(162.88.61.47)
;; WHEN: Mon Oct 28 14:01:25 2019
;; MSG SIZE  rcvd: 82

dig +trace @8.8.8.8 egal.com

user@erde$ dig +trace egal.com

; <<>> DiG 9.4.2-P2 <<>> +trace egal.com
;; global options:  printcmd
;; Received 17 bytes from 192.168.108.211#53(192.168.108.211) in 1 ms

user@erde$ dig +trace @8.8.8.8 egal.com

; <<>> DiG 9.4.2-P2 <<>> +trace @8.8.8.8 egal.com
; (1 server found)
;; global options:  printcmd
.                       12203   IN      NS      a.root-servers.net.
.                       12203   IN      NS      b.root-servers.net.
.                       12203   IN      NS      c.root-servers.net.
.                       12203   IN      NS      d.root-servers.net.
.                       12203   IN      NS      e.root-servers.net.
.                       12203   IN      NS      f.root-servers.net.
.                       12203   IN      NS      g.root-servers.net.
.                       12203   IN      NS      h.root-servers.net.
.                       12203   IN      NS      i.root-servers.net.
.                       12203   IN      NS      j.root-servers.net.
.                       12203   IN      NS      k.root-servers.net.
.                       12203   IN      NS      l.root-servers.net.
.                       12203   IN      NS      m.root-servers.net.
;; Received 228 bytes from 8.8.8.8#53(8.8.8.8) in 9 ms

com.                    172800  IN      NS      a.gtld-servers.net.
com.                    172800  IN      NS      b.gtld-servers.net.
com.                    172800  IN      NS      c.gtld-servers.net.
com.                    172800  IN      NS      d.gtld-servers.net.
com.                    172800  IN      NS      e.gtld-servers.net.
com.                    172800  IN      NS      f.gtld-servers.net.
com.                    172800  IN      NS      g.gtld-servers.net.
com.                    172800  IN      NS      h.gtld-servers.net.
com.                    172800  IN      NS      i.gtld-servers.net.
com.                    172800  IN      NS      j.gtld-servers.net.
com.                    172800  IN      NS      k.gtld-servers.net.
com.                    172800  IN      NS      l.gtld-servers.net.
com.                    172800  IN      NS      m.gtld-servers.net.
;; Received 486 bytes from 198.97.190.53#53(h.root-servers.net) in 116 ms

egal.com.               172800  IN      NS      ns1cny.name.com.
egal.com.               172800  IN      NS      ns2kry.name.com.
egal.com.               172800  IN      NS      ns3dkz.name.com.
egal.com.               172800  IN      NS      ns4bht.name.com.
;; Received 291 bytes from 192.35.51.30#53(f.gtld-servers.net) in 17 ms

egal.com.               300     IN      A       75.126.102.240
;; Received 42 bytes from 162.88.61.49#53(ns3dkz.name.com) in 23 ms

Dig +noall +answer

user@erde$ dig +noall +answer egal.com
egal.com.		267	IN	A	75.126.102.240

Reverse Lookup

user@erde$ dig +noall +answer +short -x 8.8.8.8
dns.google.

getent

user@erde$ getent hosts egal.com
75.126.102.240                          egal.com

Long vs Short

IPv4 Long

user@erde$ dig A dns.google

; <<>> dig 9.10.8-P1 <<>> A dns.google
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57107
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;dns.google.			IN	A

;; ANSWER SECTION:
dns.google.		169	IN	A	8.8.4.4
dns.google.		169	IN	A	8.8.8.8

;; Query time: 0 msec
;; SERVER: 213.133.98.98#53(213.133.98.98)
;; WHEN: Tue May 18 19:25:15 CEST 2021
;; MSG SIZE  rcvd: 71

IPv4 Short

user@erde$ dig A dns.google +short
8.8.8.8
8.8.4.4

IPv6 Long

user@erde$ dig AAAA dns.google

; <<>> dig 9.10.8-P1 <<>> AAAA dns.google
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39920
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;dns.google.			IN	AAAA

;; ANSWER SECTION:
dns.google.		606	IN	AAAA	2001:4860:4860::8888
dns.google.		606	IN	AAAA	2001:4860:4860::8844

;; Query time: 0 msec
;; SERVER: 213.133.98.98#53(213.133.98.98)
;; WHEN: Tue May 18 19:25:23 CEST 2021
;; MSG SIZE  rcvd: 95

IPv6 Short

user@erde$ dig AAAA dns.google +short
2001:4860:4860::8844
2001:4860:4860::8888
Any Comments ?

sha256: 8fab0f8e6ec050002d9ed0890062d2139691794613d0229b9d12bdfa5bc65db0