More than host -- a modern, high-performance DNS Swiss Army knife and Rust library.
Features | Quick Start | mdive TUI | Installation | Library API
mhost queries many DNS servers in parallel and aggregates their answers. It supports UDP, TCP, DNS-over-TLS, and DNS-over-HTTPS, understands 20+ record types, and ships with 80+ pre-configured public resolvers. Beyond simple lookups it can profile an entire domain, discover subdomains, trace the delegation chain, validate your DNS configuration, check propagation, diff records across nameservers, and verify live DNS against a zone file -- all from a single binary.
Two binaries, one toolkit: mhost is a powerful CLI for scripts, pipelines, and quick one-liners. mdive is an interactive TUI that lets you explore DNS like a file manager -- drill into subdomains, discover hidden records, and chase references across domains, all without leaving your terminal.
Most DNS tools do one thing. dig does lookups. subfinder discovers subdomains. dnschecker.org checks propagation. dog gives you pretty output. mhost does all of them -- and they compose, because they share the same resolver engine, output formats, and server configurations.
| dig | dog | doggo | q | subfinder | mhost | |
|---|---|---|---|---|---|---|
| Multi-server parallel queries | 80+ built-in | |||||
| UDP, TCP, DoT, DoH | UDP, TCP | DoT, DoH | DoT, DoH, DoQ | DoT, DoH, DoQ | all four | |
| Subdomain discovery | passive | 10+ strategies | ||||
| DNS configuration linting | 13 checks | |||||
| Delegation trace (all servers per hop) | +trace (1/hop) |
parallel, all servers | ||||
| Propagation checking | across 6 providers | |||||
| Diff between nameservers / snapshots | live, file, or mixed | |||||
| Zone file verification (CI-ready) | BIND zone file support | |||||
| Interactive TUI | mdive | |||||
| JSON output | every command | |||||
| Reusable Rust library | async, builder API | |||||
| WHOIS / geolocation | IP-level |
Pro tip: alias host="mhost l" and never look back.
# Install (pick one)
brew install lukaspustina/mhost/mhost # macOS
cargo install --features app mhost # Rust toolchain (CLI only)
cargo install --features tui mhost # Rust toolchain (CLI + TUI)
docker run lukaspustina/mhost:latest mhost l github.com # Try without installing
# Look up github.com using your system nameservers
mhost l github.com
# Add 80+ public resolvers from 6 providers for broader results
mhost -p l github.com
# Get ALL record types + WHOIS info in one shot
mhost -p l --all -w github.com
# Validate your domain's DNS configuration
mhost -p check example.com
# Discover subdomains (CT logs, wordlists, NSEC walking, ...)
mhost -p discover example.com
# Verify live DNS matches your zone file (CI-friendly, non-zero on mismatch)
mhost verify example.com.zone
# Pipe to jq for scripting
mhost -q -p --output json l --all github.com \
| jq '.lookups[] | .result.Response.records[]? | select(.type == "A") | .data.A'
# Or just dive in interactively
mdive github.comDevOps / SRE -- Verify DNS changes landed with mhost verify, check propagation across public resolvers with mhost propagation, diff before/after with JSON snapshots. Non-zero exit codes for CI/CD pipelines.
Security professionals -- Discover subdomains via 10+ strategies (CT logs, NSEC walking, AXFR attempts, wordlists, permutation). Validate DNSSEC chains, detect zone transfer exposure, check for open resolvers.
DNS administrators -- Lint your configuration against 13 best-practice checks. Trace the full delegation chain querying all servers at each hop. Compare records across nameserver sets to catch inconsistencies.
Developers -- Use mhost as a Rust library with an ergonomic async builder API. JSON output on every command for scripting. 80+ built-in resolvers so you never have to hardcode IPs.
| Command | Alias | What it does |
|---|---|---|
lookup |
l |
Look up DNS records for a domain, IP address, or CIDR block |
domain-lookup |
domain |
Profile a domain -- apex + 68 well-known subdomains in one operation |
discover |
d |
Find subdomains using 10+ strategies (wordlists, CT logs, AXFR, NSEC walking, ...) |
check |
c |
Validate DNS configuration against 13 lints (SOA, NS, SPF, DMARC, DNSSEC, ...) |
trace |
t |
Trace the delegation path from root servers, querying all servers at each hop |
dnssec |
-- | Visualize the DNSSEC trust chain from root to target domain |
propagation |
prop |
Check whether a DNS change has propagated across public resolvers |
verify |
v |
Verify live DNS matches a BIND zone file -- catch drift before it bites |
diff |
-- | Compare DNS records between nameservers or JSON snapshots |
info |
-- | Built-in reference for record types, TXT sub-types, and well-known subdomains |
server-lists |
-- | Download public nameserver lists for large-scale queries |
completions |
-- | Generate shell completions (bash, zsh, fish) |
While mhost is built for scripts and one-liners, mdive is built for humans. It's an interactive terminal UI that turns DNS exploration into something that actually feels good -- think "file manager for DNS." Type a domain, watch records stream in from multiple servers in real time, then drill into anything interesting.
mdive example.com # Dive right in
mdive -p example.com # Use 80+ public resolvers for broader coverage
mdive -s 8.8.8.8 -s 1.1.1.1 example.com # Pick your own nameservers
A live, sortable record table. All DNS records for a domain -- apex plus dozens of well-known subdomains across 10 categories (email auth, TLS/DANE, SRV services, infrastructure, and more). Results stream in progressively as servers respond, with a real-time progress bar in the status line. Toggle between raw DNS wire format and human-readable values with a single keypress.
Drill-down navigation. See a CNAME pointing somewhere interesting? Press l to follow it. Found a subdomain in the results? Hit Enter to dive in. Every query is pushed onto a history stack, so Backspace takes you right back. It's like cd and cd .. but for DNS.
Five discovery strategies, one keypress away. Press d to open the discovery panel, then launch any combination:
| Key | Strategy | What it does |
|---|---|---|
c |
CT Logs | Search Certificate Transparency logs via crt.sh |
w |
Wordlist | Brute-force 424 common subdomain names (with automatic wildcard filtering) |
s |
SRV Probing | Probe 22 well-known SRV service records |
t |
TXT Mining | Extract referenced domains from SPF includes and DMARC URIs |
p |
Permutation | Generate variations of already-discovered labels (dev-, staging-, -prod, ...) |
a |
All | Run everything at once |
Discovered subdomains appear in the main table as they're found. Wildcard detection runs automatically to filter false positives.
Built-in DNS health checks. Press c to run best-practice lints against the current domain -- CNAME-at-apex detection, NS redundancy, SPF/DMARC validation, DNSSEC chain verification, HTTPS/SVCB mode checks, CAA coverage, TTL sanity, and more. Each result shows pass/warning/fail with a clear explanation.
WHOIS and geolocation. Press w and mdive fetches WHOIS data for every IP in your results -- AS numbers, network prefixes, organizations, countries, and geolocations. Handy for understanding where a domain's infrastructure actually lives.
Server response dashboard. Press s to see every nameserver that responded, sorted by latency -- protocol, response counts, error counts, and min/avg/max timing. The stats panel (S) shows a compact summary right in the status bar: record type distribution, query health, DNSSEC status, and response time ranges.
Regex filtering. Press / and type a pattern. Matches against record names, types, and values in real time. Quickly zero in on that one TXT record in a sea of results.
Keybindings
mdive uses vi-style navigation with a few extras:
| Key | Action | Key | Action |
|---|---|---|---|
j/k |
Move down/up | i |
Enter domain query |
gg/G |
First/last row | / |
Filter (regex) |
22gg |
Jump to line 22 | C |
Clear filter |
| PgUp/PgDn | Scroll by 10 | r |
Re-run query |
| Enter | Drill into subdomain | h |
Toggle human view |
l/Right |
Follow value target | S |
Toggle stats |
| Left/BS | Go back in history | Tab | Cycle grouping |
1-0 |
Toggle categories | a/n |
All/none categories |
o |
Record detail popup | ? |
Help |
Category Toggles
Records are organized into 10 categories. Toggle any with number keys, or press a for all / n for none:
| Key | Category | Key | Category |
|---|---|---|---|
1 |
Email Auth (DMARC, SPF, ...) | 6 |
Infrastructure (LDAP, Kerberos) |
2 |
Email Services (IMAP, SMTP) | 7 |
Modern Protocols (STUN, TURN) |
3 |
TLS / DANE | 8 |
Verification & Metadata |
4 |
Communication (SIP, XMPP, Matrix) | 9 |
Legacy |
5 |
Calendar & Contacts (CalDAV) | 0 |
Gaming |
Cycle the grouping mode with Tab: Category (default) -> Record Type -> Name -> Server.
mdive CLI Options
mdive [OPTIONS] [DOMAIN]
Options:
-s, --nameserver <SPEC> Add a nameserver (repeatable)
-p, --predefined Add predefined public nameservers
--predefined-filter <PROTO> Filter predefined by protocol [udp, tcp, tls, https]
-S, --no-system-lookups Skip system nameservers
-t, --timeout <SECS> Query timeout [default: 5] (1-30)
-4, --ipv4-only IPv4 only
-6, --ipv6-only IPv6 only
-h, --help Print help
Building mdive
mdive lives behind the tui feature flag to keep the default build lean:
cargo build --features tui # Build both mhost and mdive
cargo run --bin mdive --features tui -- example.commhost l github.com
This uses your system nameservers and queries the default record types (A, AAAA, CNAME, MX).
mhost -p l github.com
-p adds mhost's predefined public nameservers from Cloudflare, Google, Quad9, Mullvad, Wikimedia, and DNS4EU. More servers means more confidence that you're seeing the full picture.
mhost server-lists public-dns -o servers.txt
mhost --limit 6000 --max-concurrent-servers 1000 --timeout 1 -f servers.txt l www.github.com
Download a community-maintained list of public resolvers, then fire queries at all of them. These settings are intentionally aggressive -- mhost defaults are much more cautious.
mhost \
-s 1.1.1.1 \
-s tcp:1.1.1.1 \
-s tls:1.1.1.1:853,tls_auth_name=cloudflare-dns.com \
-s https:1.1.1.1:443,tls_auth_name=cloudflare-dns.com,name=Cloudflare \
l github.com
Nameserver spec format: protocol:host:port,tls_auth_name=hostname,name=label
mhost -p domain-lookup example.com # ~42 well-known entries
mhost -p domain-lookup --all example.com # ~68 entries (extended set)One command queries the apex plus dozens of well-known subdomains: email auth (DMARC, MTA-STS, BIMI, TLS-RPT), SRV services (IMAP, SMTP, CalDAV, XMPP, Matrix, ...), DANE/TLSA records, and more.
mhost -p d github.com
mhost chains 10+ discovery strategies automatically:
- Standard DNS record lookups
- Certificate Transparency logs (crt.sh)
- TXT record mining for referenced domains
- SRV service probing
- Wildcard detection via random subdomain probes
- Zone transfer (AXFR) attempts
- NSEC walking
- Wordlist brute force (424 built-in entries, or supply your own with
-w) - Subdomain permutation on discovered names
- Recursive discovery on found subdomains (
--depth 1..3) - Reverse DNS lookups on discovered IPs
You can also explore a domain's autonomous systems:
mhost -p l --all -w github.com
mhost -p l --all 140.82.121.0/24
mhost -p c github.com
The check command runs 13 lints against a domain's DNS records:
| Lint | What it checks |
|---|---|
| SOA | Start of Authority record validity |
| NS | NS delegation, lame delegation, network diversity |
| CNAME | CNAME usage rules |
| MX | Null MX, duplicate preferences, target resolution |
| SPF | SPF record syntax and policy |
| DMARC | DMARC policy validation |
| CAA | Certificate Authority Authorization tags |
| TTL | TTL consistency across records |
| DNSSEC | DNSSEC presence and configuration |
| HTTPS/SVCB | Service binding record well-formedness |
| AXFR | Zone transfer exposure |
| Open Resolver | Open resolver detection |
| Delegation | Delegation consistency |
Disable any lint individually: --no-soa, --no-spf, --no-dnssec, etc.
mhost trace example.com
mhost trace -t AAAA --show-all-servers example.com
Unlike dig +trace which queries one server per hop, mhost's trace command queries all nameservers at each delegation level in parallel. It detects referral divergence (where different root/TLD servers disagree), reports per-server latency, and resolves missing glue records automatically.
mhost -p propagation example.com
mhost -p prop --all example.com
After making a DNS change, check whether it has reached all the major public resolvers. Uses the predefined nameserver set (Cloudflare, Google, Quad9, Mullvad, Wikimedia, DNS4EU).
mhost diff --left 8.8.8.8 --right 1.1.1.1 example.com
mhost diff --left 8.8.8.8 --right 1.1.1.1 --all example.comCompare what two different nameserver sets return for the same domain. Useful for debugging inconsistencies or verifying migrations.
You can also diff against saved JSON snapshots for migration validation and change tracking:
# Save a snapshot
mhost lookup -s 8.8.8.8 -q -t A,AAAA,MX example.com --output json > before.json
# Later, diff snapshot against live DNS
mhost diff --left-from-file before.json --right 1.1.1.1 example.com
# Or compare two snapshots offline
mhost diff --left-from-file before.json --right-from-file after.json example.commhost verify example.com.zonePushed a DNS change and wondering if it actually landed? verify reads a BIND zone file -- the most widely used format for DNS zone specification -- compares every record against live DNS, and tells you exactly what matches, what's missing, and what showed up unexpectedly. Non-zero exit code on mismatch, so it drops straight into CI pipelines.
# Verify against your authoritative nameserver
mhost -s ns1.example.com verify example.com.zone
# Check propagation to public resolvers
mhost -p verify example.com.zone
# Strict mode: also flag TTL differences
mhost verify --strict example.com.zone
# Only check mail-related records
mhost verify --only-type MX,TXT example.com.zone
# CI one-liner
mhost verify zones/example.com.zone || notify_team "DNS drift detected"Don't have a zone file? BIND zone format is the universal lingua franca of DNS -- almost every DNS provider can export to it, and tools like dig, nsd, and BIND itself all speak it natively. If your DNS lives in Terraform, Pulumi, CloudFormation, or any other IaC tool, just ask an LLM to convert the state to a BIND zone file. For example, feed terraform show -json output to your favorite LLM and ask for a zone file -- it takes seconds and gives you a portable, version-controllable source of truth you can verify against at any time.
mhost info # List all supported types
mhost info MX # Details about MX records
mhost info SPF # Details about SPF TXT sub-type
mhost info _dmarc # Details about the _dmarc well-known subdomainBuilt-in reference with summaries, details, and RFC references for every supported record type, TXT sub-type, and well-known subdomain.
brew install lukaspustina/mhost/mhostdocker run lukaspustina/mhost:latest mhost l example.comDownload the .deb from the latest GitHub Release:
dpkg -i mhost.debDownload the .rpm from the latest GitHub Release:
rpm -i mhost.rpmcargo install --features app mhost # CLI only
cargo install --features tui mhost # CLI + interactive TUI (mdive)git clone https://github.com/lukaspustina/mhost
cd mhost
make install # CLI only
cargo install --features tui --path . # CLI + TUImhost is also a reusable library. Build without the CLI:
cargo build --lib # no CLI dependenciesuse mhost::resolver::{ResolverGroupBuilder, MultiQuery};
use mhost::resolver::lookup::Uniquify;
use mhost::nameserver::predefined::PredefinedProvider;
use mhost::RecordType;
use std::time::Duration;
#[tokio::main]
async fn main() -> Result<(), Box<dyn std::error::Error>> {
let resolvers = ResolverGroupBuilder::new()
.system()
.predefined(PredefinedProvider::Google)
.timeout(Duration::from_secs(3))
.build()
.await?;
let query = MultiQuery::multi_record(
"example.com",
vec![RecordType::A, RecordType::AAAA],
)?;
let lookups = resolvers.lookup(query).await?;
let a_records = lookups.a().unique().to_owned();
println!("A records: {:?}", a_records);
Ok(())
}use mhost::nameserver::NameServerConfig;
use mhost::resolver::{MultiQuery, Resolver, ResolverConfig, ResolverGroup};
use mhost::resolver::lookup::Uniquify;
use mhost::RecordType;
use std::net::SocketAddr;
#[tokio::main]
async fn main() -> Result<(), Box<dyn std::error::Error>> {
let mut resolvers = ResolverGroup::from_system_config(Default::default()).await?;
let sock_addr: SocketAddr = "8.8.8.8:53".parse()?;
let config = ResolverConfig::new(NameServerConfig::udp(sock_addr));
let google = Resolver::new(config, Default::default()).await?;
resolvers.add(google);
let query = MultiQuery::multi_record(
"example.com",
vec![RecordType::A, RecordType::AAAA, RecordType::TXT],
)?;
let lookups = resolvers.lookup(query).await?;
let a_records = lookups.a().unique().to_owned();
println!("A records: {:?}", a_records);
Ok(())
}The core library includes 9 pure lint checks (CAA, CNAME, DMARC, DNSSEC, HTTPS/SVCB, MX, NS, SPF, TTL) that analyse Lookups results for common misconfigurations — no app-* features required:
use mhost::resolver::{ResolverGroupBuilder, MultiQuery};
use mhost::lints::{check_spf, check_caa, CheckResult};
use mhost::RecordType;
use std::time::Duration;
#[tokio::main]
async fn main() -> Result<(), Box<dyn std::error::Error>> {
let resolvers = ResolverGroupBuilder::new()
.system()
.timeout(Duration::from_secs(3))
.build()
.await?;
let query = MultiQuery::multi_record(
"example.com",
vec![RecordType::TXT, RecordType::CAA],
)?;
let lookups = resolvers.lookup(query).await?;
for result in check_spf(&lookups).iter().chain(check_caa(&lookups).iter()) {
match result {
CheckResult::Ok(msg) => println!(" OK: {}", msg),
CheckResult::Warning(msg) => println!(" WARN: {}", msg),
CheckResult::Failed(msg) => println!(" FAIL: {}", msg),
CheckResult::NotFound() => println!(" (not found)"),
}
}
Ok(())
}See docs.rs/mhost for the full API documentation.
Every command supports --output json for machine-readable output. Combine with -q (quiet) to suppress status messages:
mhost -q --output json l --all example.com | jq .
mhost -q --output json trace example.com | jq '.hops[] | .zone_name'
mhost -q --output json c example.com | jq '.results[] | select(.status != "Ok")'Global Options
mhost has a rich set of options that apply to all commands:
Nameserver selection:
-s, --nameserver <SPEC> Add a nameserver (IP, or protocol:host:port,...)
-p, --predefined Add predefined public nameservers
--predefined-filter <PROTO> Filter predefined by protocol [udp, tcp, tls, https]
--list-predefined Show all predefined nameservers
-f, --nameservers-from-file <F> Load nameservers from file
--no-system-nameservers Skip /etc/resolv.conf nameservers
-S, --no-system-lookups Skip system nameservers for lookups
IP version filtering:
-4, --ipv4-only Only use IPv4 nameservers and return IPv4 results
-6, --ipv6-only Only use IPv6 nameservers and return IPv6 results
Concurrency & resilience:
--limit <N> Max nameservers to query [default: 100] (1-10000)
--max-concurrent-servers <N> Max concurrent nameservers [default: 10] (1-100)
--max-concurrent-requests <N> Max concurrent requests per server [default: 5] (1-50)
--retries <N> Retries per server [default: 0] (0-10)
--timeout <SECS> Response timeout [default: 5] (1-300)
--continue-on-error Continue on server errors
--continue-on-timeout Continue on server timeouts
--wait-multiple-responses Wait for additional responses until timeout
Output:
-o, --output <FORMAT> Output format: summary or json [default: summary]
-q, --quiet Only print results (no status messages)
--no-color Disable colored output
--ascii ASCII-only output (no Unicode symbols)
--show-errors Show error counts
-v Increase verbosity (repeat for more)
Command Reference
mhost l [OPTIONS] <DOMAIN | IP | CIDR | SERVICE SPEC> -t, --record-type <TYPE> Record types [default: A,AAAA,CNAME,MX]
--all Query all record types
-s, --service Parse argument as SRV service spec
-w, --whois Include WHOIS information for A/AAAA/PTR results
Accepts domain names, IPv4/IPv6 addresses, CIDR blocks (reverse lookup of all IPs in range), and SRV service specs (smtp:tcp:example.com or dns:udp:example.com).
mhost domain-lookup [OPTIONS] <DOMAIN> --all Include extended well-known subdomains (~68 total)
-p, --show-partial-results Show results incrementally
Queries the apex plus well-known subdomains covering:
- Apex: A, AAAA, MX, NS, SOA, CAA, HTTPS, TXT, CNAME, SVCB, NAPTR, SSHFP
- Email auth: DMARC, MTA-STS, TLS-RPT, BIMI
- Email services: submission, IMAP, POP3, autodiscover (SRV)
- TLS/DANE: TLSA for ports 443, 25, 587, 993, etc.
- Communication: SIP, XMPP, Matrix (SRV)
- Calendar/Contacts: CalDAV, CardDAV (SRV)
- Infrastructure: LDAP, Kerberos (SRV)
- Modern protocols: STUN, TURN (SRV)
- Verification: ACME challenge, AT Protocol, DNSLink, domain verification TXT records
mhost d [OPTIONS] <DOMAIN> -s, --subdomains-only Show only subdomains
-w, --wordlist-from-file <F> Custom wordlist file
--no-ct-logs Skip Certificate Transparency queries
--depth <N> Recursive discovery depth [default: 0] (0-3)
--rnd-names-number <N> Random names for wildcard check [default: 3] (1-20)
--rnd-names-len <N> Random name length [default: 32] (8-128)
-p, --show-partial-results Show results incrementally
mhost c [OPTIONS] <DOMAIN> -p, --show-partial-results Show results after each lint
-i, --show-intermediate-lookups Show all DNS lookups made during checks
--no-soa Disable SOA check
--no-ns Disable NS delegation check
--no-cnames Disable CNAME lint
--no-mx Disable MX check
--no-spf Disable SPF check
--no-dmarc Disable DMARC check
--no-caa Disable CAA check
--no-ttl Disable TTL check
--no-dnssec Disable DNSSEC check
--no-https-svcb Disable HTTPS/SVCB check
--no-axfr Disable AXFR check
--no-open-resolver Disable open resolver check
--no-delegation Disable delegation check
mhost trace [OPTIONS] <DOMAIN> -t, --record-type <TYPE> Record type to query [default: A]
--max-hops <N> Maximum delegation hops [default: 10] (1-20)
--show-all-servers Show per-server details (IP, latency, outcome)
-p, --show-partial-results Show each hop as it completes
mhost -p propagation [OPTIONS] <DOMAIN> -t, --record-type <TYPE> Record types [default: A,AAAA,CNAME,MX]
--all Check all record types
-p, --show-partial-results Show results incrementally
mhost diff [OPTIONS] <DOMAIN> --left <SERVER> Left nameserver(s) (repeatable)
--right <SERVER> Right nameserver(s) (repeatable)
--left-from-file <FILE> Load left side from a JSON snapshot file (from lookup --output json)
--right-from-file <FILE> Load right side from a JSON snapshot file (from lookup --output json)
-t, --record-type <TYPE> Record types [default: A,AAAA,CNAME,MX,NS,SOA,TXT]
--all Compare all record types
Each side requires either --left/--right (live query) or --left-from-file/--right-from-file (snapshot). You can mix: one side live, the other from file.
mhost verify [OPTIONS] <ZONE_FILE> <ZONE_FILE> Path to BIND zone file (required)
--origin <NAME> Override zone origin ($ORIGIN)
--strict Report TTL differences as mismatches
--only-type <TYPE> Only verify these record types (repeatable, comma-delimited)
--ignore-type <TYPE> Skip these record types (repeatable, comma-delimited)
--ignore-extra Suppress extra-record reporting (live records not in zone file)
--ignore-soa Skip SOA serial comparison
By default, SOA, DNSSEC records (RRSIG, DNSKEY, DS, NSEC, NSEC3, NSEC3PARAM), and apex NS records are skipped. Wildcard records are reported as skipped since they can't be verified via simple lookups. Exit code 0 means all records verified; non-zero means mismatches or missing records.
mhost dnssec [OPTIONS] <DOMAIN> --max-hops <N> Maximum delegation hops [default: 10] (1-20)
-p, --show-partial-results Show each delegation level as it completes
Walks the DNS delegation chain from root servers to the target domain, querying DNSKEY, DS, and RRSIG records at each level. Renders a color-coded trust chain tree showing key roles (KSK/ZSK), algorithm strength, signature expiry, and DS-to-DNSKEY linkage.
Predefined Nameservers
mhost ships with 84 configurations across 6 providers. All use unfiltered endpoints (no content filtering or blocking). Each provider is available over UDP, TCP, DoT, and DoH.
| Provider | Primary IPv4 | Secondary IPv4 | IPv6 | TLS/HTTPS Hostname |
|---|---|---|---|---|
| Cloudflare | 1.1.1.1 | 1.0.0.1 | 2606:4700:4700::1111 / ::1001 | cloudflare-dns.com |
| 8.8.8.8 | 8.8.4.4 | 2001:4860:4860::8888 / ::8844 | dns.google | |
| Quad9 | 9.9.9.10 | 149.112.112.10 | 2620:fe::10 / ::fe:10 | dns10.quad9.net |
| Mullvad | 194.242.2.2 | 193.19.108.2 | 2a07:e340::2 | dns.mullvad.net |
| Wikimedia | 185.71.138.138 | 185.71.139.139 | 2001:67c:930::1 / ::2 | wikimedia-dns.org |
| DNS4EU | 185.134.197.54 | 185.134.196.54 | -- | unfiltered.joindns4.eu |
Use mhost --list-predefined to see every configuration.
Supported Record Types
| Type | Description | Type | Description |
|---|---|---|---|
| A | IPv4 address | NS | Name server |
| AAAA | IPv6 address | OPENPGPKEY | OpenPGP public key |
| ANAME | ANAME / ALIAS | PTR | Pointer (reverse DNS) |
| ANY | Query all types | SOA | Start of Authority |
| CAA | CA Authorization | SRV | Service locator |
| CNAME | Canonical name | SSHFP | SSH fingerprint |
| HINFO | Host information | SVCB | Service binding |
| HTTPS | HTTPS service binding | TLSA | TLS/DANE certificate |
| MX | Mail exchange | TXT | Text record |
| NAPTR | Naming Authority Pointer | DNSSEC | DNSKEY, DS, RRSIG, NSEC, ... |
See the CHANGELOG for a full release history.
- Only DNS class
INis supported.
The docs/adr/ directory contains Architecture Decision Records for the project.
Thanks to Benjamin Fry for Hickory DNS (formerly Trust-DNS), which does all the heavy DNS lifting.
MIT or Apache-2.0, at your option.
You're free to use mhost. If you find it useful, I would highly appreciate you sending me a postcard from your hometown mentioning how you use mhost. My work address is
Lukas Pustina
CenterDevice GmbH
Rheinwerkallee 3
53227 Bonn
Germany