This is the command unbound-host that can be run in the OnWorks free hosting provider using one of our multiple free online workstations such as Ubuntu Online, Fedora Online, Windows online emulator or MAC OS online emulator
PROGRAM:
NAME
unbound-host - unbound DNS lookup utility
SYNOPSIS
unbound-host [-vdhr46D] [-c class] [-t type] hostname [-y key] [-f keyfile] [-F
namedkeyfile] [-C configfile]
DESCRIPTION
Unbound-host uses the unbound validating resolver to query for the hostname and display
results. With the -v option it displays validation status: secure, insecure, bogus
(security failure).
By default it reads no configuration file whatsoever. It attempts to reach the internet
root servers. With -C an unbound config file and with -r resolv.conf can be read.
The available options are:
hostname
This name is resolved (looked up in the DNS). If a IPv4 or IPv6 address is given,
a reverse lookup is performed.
-h Show the version and commandline option help.
-v Enable verbose output and it shows validation results, on every line. Secure means
that the NXDOMAIN (no such domain name), nodata (no such data) or positive data
response validated correctly with one of the keys. Insecure means that that domain
name has no security set up for it. Bogus (security failure) means that the
response failed one or more checks, it is likely wrong, outdated, tampered with, or
broken.
-d Enable debug output to stderr. One -d shows what the resolver and validator are
doing and may tell you what is going on. More times, -d -d, gives a lot of output,
with every packet sent and received.
-c class
Specify the class to lookup for, the default is IN the internet class.
-t type
Specify the type of data to lookup. The default looks for IPv4, IPv6 and mail
handler data, or domain name pointers for reverse queries.
-y key Specify a public key to use as trust anchor. This is the base for a chain of trust
that is built up from the trust anchor to the response, in order to validate the
response message. Can be given as a DS or DNSKEY record. For example -y
"example.com DS 31560 5 1 1CFED84787E6E19CCF9372C1187325972FE546CD".
-D Enables DNSSEC validation. Reads the root anchor from the default configured root
anchor at the default location, /etc/unbound/root.key.
-f keyfile
Reads keys from a file. Every line has a DS or DNSKEY record, in the format as for
-y. The zone file format, the same as dig and drill produce.
-F namedkeyfile
Reads keys from a BIND-style named.conf file. Only the trusted-key {}; entries are
read.
-C configfile
Uses the specified unbound.conf to prime libunbound(3).
-r Read /etc/resolv.conf, and use the forward DNS servers from there (those could have
been set by DHCP). More info in resolv.conf(5). Breaks validation if those
servers do not support DNSSEC.
-4 Use solely the IPv4 network for sending packets.
-6 Use solely the IPv6 network for sending packets.
EXAMPLES
Some examples of use. The keys shown below are fakes, thus a security failure is
encountered.
$ unbound-host www.example.com
$ unbound-host -v -y "example.com DS 31560 5 1 1CFED84787E6E19CCF9372C1187325972FE546CD"
www.example.com
$ unbound-host -v -y "example.com DS 31560 5 1 1CFED84787E6E19CCF9372C1187325972FE546CD"
192.0.2.153
EXIT CODE
The unbound-host program exits with status code 1 on error, 0 on no error. The data may
not be available on exit code 0, exit code 1 means the lookup encountered a fatal error.
Use unbound-host online using onworks.net services
