Split command line help into sections #43
Description
Currently dnsi query -h prints a lot of different options all mixed together whether they affect connectivity or DNSSEC or something else:
$ dnsi query -h
Query the DNS
Usage: dnsi query [OPTIONS] <QUERY_NAME_OR_ADDR> [QUERY_TYPE]
Arguments:
<QUERY_NAME_OR_ADDR> The name of the resource records to look up
[QUERY_TYPE] The record type to look up
Options:
-s, --server <ADDR_OR_HOST> The server to send the query to. System servers used if missing
-p, --port <PORT> The port of the server to send query to
-4, --ipv4 Use only IPv4 for communication
-6, --ipv6 Use only IPv6 for communication
-t, --tcp Use only TCP
-u, --udp Use only UDP
--tls Use TLS
--tls-hostname <TLS_HOSTNAME> The name of the server for SNI and certificate verification
--timeout <SECONDS> Set the timeout for a query
--retries <RETRIES> Set the number of retries over UDP
--udp-payload-size <UDP_PAYLOAD_SIZE> Set the advertised UDP payload size
--ad Set the AD flag in the request
--no-ad Do not set the AD flag in the request
--cd Set the CD flag in the request
--no-cd Do not set the CD flag in the request
--do Set the DO flag in the EDNS Opt record in the request
--no-do Do not set the DO flag in the request, avoid creating the EDNS Opt record
--rd Set the RD flag in the request
--no-rd Do not set the RD flag in the request
-f, --force Disable all sanity checks
--verify Verify the answer against an authoritative server
--format <FORMAT> [default: friendly] [possible values: dig, friendly, table]
-h, --help Print help (see more with '--help')
Compare this to dnst signzone -h:
$ dnst signzone -h
Sign the zone with the given key(s)
Usage: dnst signzone [OPTIONS] <zonefile> [key]...
Arguments:
<zonefile> The zonefile to sign
[key]... The keys to sign the zone with
Options:
-b Use layout in signed zone and print comments on DNSSEC records
-d Used keys are not added to the zone
-e <date> Expiration date [default: 4 weeks from now]
-f <file> Output zone to file [default: <zonefile>.signed]
-i <date> Inception date [default: now]
-o <domain> Origin for the zone (for zonefiles with relative names and no $ORIGIN)
-u Set SOA serial to the number of seconds since Jan 1st 1970
-z <[scheme:]hash> Add a ZONEMD resource record
-Z Allow ZONEMDs to be added without signing
-A
-U
-n Use NSEC3 instead of NSEC
-H Hash only, don't sign
-M Do not require that key names match the apex
-h, --help Print help (see more with '--help')
NSEC3 (when using '-n'):
-a <algorithm> Hashing algorithm [default: SHA-1]
-t <number> Number of hash iterations [default: 0]
-s <string> Salt [default: -]
-p Set the opt-out flag on all NSEC3 RRs
-P Set the opt-out flag on all NSEC3 RRs and skip unsigned delegations
Keys must be specified by their base name (usually K<name>+<alg>+<id>), i.e. WITHOUT the .private or .key extension.
If the public part of the key is not present in the zone, the DNSKEY RR will be read from the file called <base name>.key.
A date can be a timestamp (seconds since the epoch), or of the form <YYYYMMdd[hhmmss]>
Note the way that NSEC3 options are grouped separately. Ignore the mess of other options, dnst signzone is still being worked on.
Perhaps this grouping of options is an idea for dnsi?