Usage

Flags, examples, and output format reference.

SYNOPSIS
proc-trace-dns [-cfjqQt] [-d PATTERN] [-n NAME[,NAME,...]] [-o FILE] [-p PID[,PID,...]] [-T TYPE[,TYPE,...]]
FlagArgumentDescription
๐ŸŽจ-cForce-enable ANSI color output. Auto-detected when stdout is a tty; NO_COLOR=1 disables it.
๐ŸŒ-dPATTERNOnly show queries matching the domain pattern (substring or glob). E.g. -d amazonaws.com.
โฌœ-fFlat output โ€” one line per query, no column alignment. Useful when piping to grep or awk.
๐Ÿ“„-jJSON output โ€” one JSON object per line (ndjson). Includes all fields: pid, name, type, query, answers, latency_ms.
๐Ÿ”‡-QSuppress error messages and warnings. Useful for long-running background use.
๐Ÿคซ-qQuiet โ€” show only the queried hostname, one per line. Useful for piping into sort | uniq.
โฑ๏ธ-tShow timestamp for each query (RFC3339 format). Useful for correlating with other logs.
๐ŸŽฏ-nNAME[,NAME,...]Only show queries from processes matching these names. Comma-separated or repeatable.
๐Ÿ“-oFILEAppend output to FILE instead of stdout. Colors are disabled for file output unless -c is also set.
๐ŸŽฏ-pPID[,PID,...]Only show queries from the given PIDs. Comma-separated list or repeatable.
๐Ÿ”ค-TTYPE[,TYPE,...]Filter by record type. E.g. -T A,AAAA or -T MX. Default: all types.
OUTPUT FORMAT

Anatomy of an output line

Each DNS query/response produces one line. Fields are space-aligned for readability (use -f for flat output).

12345 PID โ€” process ID in amber
curl process name in bright cyan
A DNS record type in violet (A, AAAA, MX, CNAME, TXT, PTR, SRV, โ€ฆ)
api.github.com queried hostname in green
โ†’ 140.82.121.6 resolved address(es) in blue; multiple answers space-separated
โ†’ NXDOMAIN failed lookup โ€” NXDOMAIN, SERVFAIL, or TIMEOUT in red
1.4ms query round-trip latency in dim grey
EXAMPLES

Watch all DNS queries system-wide

No flags โ€” shows every DNS query made by every process on the machine.

system-wide
$ sudo proc-trace-dns
12341  curl      A      api.github.com          โ†’ 140.82.121.6       1.4ms
12342  python3   AAAA   api.openai.com          โ†’ 2606:4700::6812   2.1ms
12343  node      A      registry.npmjs.org      โ†’ 104.16.0.35       1.7ms
12344  apt       A      deb.debian.org          โ†’ NXDOMAIN          0.5ms

Filter by process name

Use -n to watch only a specific process. Accepts comma-separated names.

filter by name
$ sudo proc-trace-dns -n curl,wget
19201  curl  A  example.com        โ†’ 93.184.216.34  1.2ms
19205  wget  A  releases.ubuntu.com  โ†’ 185.125.190.36 0.9ms

Filter by domain pattern

Use -d to surface only queries to a specific domain or subdomain.

domain filter
$ sudo proc-trace-dns -d amazonaws.com
19305  python3  A  s3.amazonaws.com       โ†’ 52.216.8.176   1.8ms
19307  java     A  kinesis.us-east-1.amazonaws.com โ†’ 52.94.0.15 2.4ms

Watch only NXDOMAIN failures

Pipe through grep to isolate failed lookups โ€” useful for finding misconfigured services.

failure hunting
$ sudo proc-trace-dns -Qf | grep NXDOMAIN

JSON output for log ingestion

Use -j to emit ndjson โ€” pipe to jq, ship to Elasticsearch, or feed into any log pipeline.

json mode
$ sudo proc-trace-dns -j | jq .
{
  "pid": 12341,
  "name": "curl",
  "type": "A",
  "query": "api.github.com",
  "answers": ["140.82.121.6"],
  "latency_ms": 1.4
}

Audit an install script

Run a command and capture every DNS resolution it makes โ€” see exactly what it calls home to.

audit installer
$ sudo proc-trace-dns -q -- bash install.sh 2>/dev/null | sort -u
api.github.com
cdn.segment.com
objects.githubusercontent.com
telemetry.vendor.io

Log everything to a file

Run in the background and log all queries for offline analysis.

background logger
$ sudo proc-trace-dns -Qt -o /var/log/dns-queries.log &
[1] 9991