[getdns-users] Questions about getdns_query

Sara Dickinson sara at sinodun.com
Wed May 9 12:28:00 UTC 2018

> On 8 May 2018, at 19:49, Puneet Sood <psood74 at gmail.com> wrote:
> Hello,
> Some basic questions that I could not find answers to on the website.
> 1. When doing a query from the command-line, is there a way to get debug
> info like what transports (udp, tcp, tls) are being tried?
> $ getdns_query @ www.wikipedia.org <http://www.wikipedia.org/>


If you add ‘+return_call_reporting' you will see an extra section in the response dict that shows what transport was eventually used for the query. If you want very detailed debugging of each transport tried and fallback conditions then you can compile getdns with the '—enabled-debug-stub' flag (but beware, this debug output is verbose).

Also note that the query above will use getdns in the default recursive mode (not in stub mode) which does not support TLS (since no recursive resolver does). 
[Unless you built getdns with the ‘--enable-stub-only- flag which disables recursive mode so the default is stub]

> 2. When attempting to use TLS (only), it's unclear what the right
> invocation is and the error message is not helpful. What is the right way
> to do a TLS only query?

getdns_query -s -L @ www.wikipedia.org <http://www.wikipedia.org/>

-s switches to stub mode
-L specfies TLS as the only transport
-m requires authentication of the upstream so for Cloudflare use 

getdns_query -s -L -m @  www.wikipedia.org <http://www.wikipedia.org/>
> $ getdns_query -L @ www.wikipedia.org A
> An error occurred: 301 'The context has internal deficiencies'
> All done.

This is (as mentioned above) because recursive mode doesn’t support TLS. This is on the webpage but rather hidden:
But I also agree the error message is distinctly unhelpful here and this issue should be clearer in the usage!

The usage does contain descriptions of all the parameters but I think this page:
https://getdnsapi.net/blog/getdns_query/ <https://getdnsapi.net/blog/getdns_query/>
could do with some update :-)


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.getdnsapi.net/pipermail/users/attachments/20180509/064d1e4c/attachment.htm>

More information about the Users mailing list