kdig

Examples

DNS over TLS (DoT):

kdig +tls google.com @1.1.1.1

DNS over HTTPS (DoH):

kdig +https google.com @cloudflare-dns.com

DNS over QUIC (DoQ):

kdig +quic google.com @dns.quad9.net

3 (DoH3):

kdig +https +http3 google.com @dns.cloudflare.com

Verify it’s actually Encrypted

sudo tcpdump -i any port 53

• ❌ Plain DNS → you’ll see packets
• ✅ DoH / DoT → nothing shows up