Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Split command line help into sections #43

Open
ximon18 opened this issue Dec 3, 2024 · 0 comments
Open

Split command line help into sections #43

ximon18 opened this issue Dec 3, 2024 · 0 comments
Labels
enhancement New feature or request

Comments

@ximon18
Copy link
Member

ximon18 commented Dec 3, 2024

Currently dnsi query -h prints a lot of different options all mixed together whether they affect connectivity or DNSSEC or something else:

$ dnsi query -h
Query the DNS

Usage: dnsi query [OPTIONS] <QUERY_NAME_OR_ADDR> [QUERY_TYPE]

Arguments:
  <QUERY_NAME_OR_ADDR>  The name of the resource records to look up
  [QUERY_TYPE]          The record type to look up

Options:
  -s, --server <ADDR_OR_HOST>                The server to send the query to. System servers used if missing
  -p, --port <PORT>                          The port of the server to send query to
  -4, --ipv4                                 Use only IPv4 for communication
  -6, --ipv6                                 Use only IPv6 for communication
  -t, --tcp                                  Use only TCP
  -u, --udp                                  Use only UDP
      --tls                                  Use TLS
      --tls-hostname <TLS_HOSTNAME>          The name of the server for SNI and certificate verification
      --timeout <SECONDS>                    Set the timeout for a query
      --retries <RETRIES>                    Set the number of retries over UDP
      --udp-payload-size <UDP_PAYLOAD_SIZE>  Set the advertised UDP payload size
      --ad                                   Set the AD flag in the request
      --no-ad                                Do not set the AD flag in the request
      --cd                                   Set the CD flag in the request
      --no-cd                                Do not set the CD flag in the request
      --do                                   Set the DO flag in the EDNS Opt record in the request
      --no-do                                Do not set the DO flag in the request, avoid creating the EDNS Opt record
      --rd                                   Set the RD flag in the request
      --no-rd                                Do not set the RD flag in the request
  -f, --force                                Disable all sanity checks
      --verify                               Verify the answer against an authoritative server
      --format <FORMAT>                      [default: friendly] [possible values: dig, friendly, table]
  -h, --help                                 Print help (see more with '--help')

Compare this to dnst signzone -h:

$ dnst signzone -h
Sign the zone with the given key(s)

Usage: dnst signzone [OPTIONS] <zonefile> [key]...

Arguments:
  <zonefile>  The zonefile to sign
  [key]...    The keys to sign the zone with

Options:
  -b                      Use layout in signed zone and print comments on DNSSEC records
  -d                      Used keys are not added to the zone
  -e <date>               Expiration date [default: 4 weeks from now]
  -f <file>               Output zone to file [default: <zonefile>.signed]
  -i <date>               Inception date [default: now]
  -o <domain>             Origin for the zone (for zonefiles with relative names and no $ORIGIN)
  -u                      Set SOA serial to the number of seconds since Jan 1st 1970
  -z <[scheme:]hash>      Add a ZONEMD resource record
  -Z                      Allow ZONEMDs to be added without signing
  -A                      
  -U                      
  -n                      Use NSEC3 instead of NSEC
  -H                      Hash only, don't sign
  -M                      Do not require that key names match the apex
  -h, --help              Print help (see more with '--help')

NSEC3 (when using '-n'):
  -a <algorithm>      Hashing algorithm [default: SHA-1]
  -t <number>         Number of hash iterations [default: 0]
  -s <string>         Salt [default: -]
  -p                  Set the opt-out flag on all NSEC3 RRs
  -P                  Set the opt-out flag on all NSEC3 RRs and skip unsigned delegations

Keys must be specified by their base name (usually K<name>+<alg>+<id>), i.e. WITHOUT the .private or .key extension.
If the public part of the key is not present in the zone, the DNSKEY RR will be read from the file called <base name>.key.
A date can be a timestamp (seconds since the epoch), or of the form <YYYYMMdd[hhmmss]>

Note the way that NSEC3 options are grouped separately. Ignore the mess of other options, dnst signzone is still being worked on.

Perhaps this grouping of options is an idea for dnsi?
@ximon18 ximon18 added the enhancement New feature or request label Dec 3, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@ximon18