1drill(1)                    General Commands Manual                   drill(1)
2
3
4

NAME

6       drill - get (debug) information out of DNS(SEC)
7

SYNOPSIS

9       drill [ OPTIONS ] name [ @server ] [ type ] [ class ]
10
11

DESCRIPTION

13       drill  is a tool to designed to get all sorts of information out of the
14       DNS. It is specificly designed to be used with DNSSEC.
15
16       The name drill is a pun on dig. With drill you should be able get  even
17       more information than with dig.
18
19       If  no  arguments are given class defaults to 'IN' and type to 'A'. The
20       server(s) specified in /etc/resolv.conf are used to query against.
21
22
23       name Ask for this name.
24
25
26       @server Send to query to this server. If not specified  use  the  name‐
27       servers from /etc/resolv.conf.
28
29
30       type  Ask for this RR type. If type is not given on the command line it
31       defaults to 'A'. Except when doing to reverse lookup when  it  defaults
32       to 'PTR'.
33
34
35       class Use this class when querying.
36
37

SAMPLE USAGE

39       drill mx miek.nl Show the MX records of the domain miek.nl
40
41
42       drill -S jelte.nlnetlabs.nl
43              Chase  any  signatures  in  the  jelte.nlnetlab.nl  domain. This
44              option is only  available  when  ldns  has  been  compiled  with
45              openssl-support.
46
47
48       drill -TD www.example.com
49              Do  a  DNSSEC  (-D)  trace  (-T)  from  the  rootservers down to
50              www.example.com.  This option only works when ldns has been com‐
51              piled with openssl support.
52
53
54       drill -s dnskey jelte.nlnetlabs.nl
55              Show the DNSKEY record(s) for jelte.nlnetlabs.nl. For each found
56              DNSKEY record also print the DS record.
57
58

OPTIONS

60       -D     Enable DNSSEC in the  query.  When  querying  for  DNSSEC  types
61              (DNSKEY, RRSIG, DS and NSEC) this is not automaticly enabled.
62
63
64       -T     Trace  name  from  the  root  down.  When  using this option the
65              @server and the type arguments are not used.
66
67
68       -S     Chase the signature(s) of 'name' to a known key or as high up in
69              the tree as possible.
70
71
72       -V level
73              Be  more verbose. Set level to 5 to see the actual query that is
74              sent.
75
76
77       -Q     Quiet mode, this overrules -V.
78
79
80       -f file
81              Read the query from a file. The query must be dumped with -w.
82
83
84       -i file
85              read the answer from the file instead  from  the  network.  This
86              aids in debugging and can be used to check if a query on disk is
87              valid.  If the file contains binary data it is assumed to  be  a
88              query in network order.
89
90
91       -w file
92              Write an answer packet to file.
93
94
95       -q file
96              Write the query packet to file.
97
98
99       -v     Show drill's version.
100
101
102       -h     Show a short help message.
103
104
105   QUERY OPTIONS
106       -4     Stay on ip4. Only send queries to ip4 enabled nameservers.
107
108
109       -6     Stay on ip6. Only send queries to ip6 enabled nameservers.
110
111
112       -a     Use the resolver structure's fallback mechanism if the answer is
113              truncated (TC=1). If a truncated packet  is  received  and  this
114              option is set, drill will first send a new query with EDNS0 buf‐
115              fer size 4096.
116
117              If the EDNS0 buffer size was already set to 512+ bytes,  or  the
118              above  retry  also  results  in a truncated answer, the resolver
119              structure will fall back to TCP.
120
121
122       -b size
123              Use size as the buffer size in the EDNS0 pseudo RR.
124
125
126       -c file
127              Use file instead of /etc/resolv.conf for  nameserver  configura‐
128              tion.
129
130
131       -d domain
132              When tracing (-T), start from this domain instead of the root.
133
134
135       -t     Use TCP/IP when querying a server
136
137
138       -k keyfile
139              Use this file to read a (trusted) key from. When this options is
140              given drill tries to validate the current answer with this  key.
141              No chasing is done. When drill is doing a secure trace, this key
142              will be used as trust anchor. Can  contain  a  DNSKEY  or  a  DS
143              record.
144
145              Alternatively,  when  DNSSEC  enabled tracing (-TD) or signature
146              chasing (-S), if -k is not specified, and a default trust anchor
147              (/var/lib/unbound/root.key)  exists  and contains a valid DNSKEY
148              or DS record, it will be used as the trust anchor.
149
150
151       -o mnemonic
152              Use this option to set or unset specific header bits. A  bit  is
153              set by using the bit mnemonic in CAPITAL letters. A bit is unset
154              when the mnemonic is given in lowercase. The following mnemonics
155              are understood by drill:
156
157                      QR, qr: set, unset QueRy (default: on)
158                      AA, aa: set, unset Authoritative Answer (default: off)
159                      TC, tc: set, unset TrunCated (default: off)
160                      RD, rd: set, unset Recursion Desired (default: on)
161                      CD, cd: set, unset Checking Disabled  (default: off)
162                      RA, ra: set, unset Recursion Available  (default: off)
163                      AD, ad: set, unset Authenticated Data (default: off)
164
165              Thus:  -o CD, will enable Checking Disabled, which instructs the
166              cache to not validate the answers it gives out.
167
168
169       -p port
170              Use this port instead of the default of 53.
171
172
173       -r file
174              When tracing (-T), use file as a root servers hint file.
175
176
177       -s     When encountering a DNSKEY print the equivalent DS also.
178
179
180       -u     Use UDP when querying a server. This is the default.
181
182
183       -w file
184              write the answer to a file. The file will contain a  hexadecimal
185              dump of the query. This can be used in conjunction with -f.
186
187
188       -x     Do a reverse loopup. The type argument is not used, it is preset
189              to PTR.
190
191
192       -y <name:key[:algo]>
193              specify  named  base64  tsig  key,  and  optional  an  algorithm
194              (defaults to hmac-md5.sig-alg.reg.int)
195
196
197       -z     don't randomize the nameserver list before sending queries.
198
199

FILES

201       /var/lib/unbound/root.key
202              The file from which trusted keys are loaded when no -k option is
203              given.
204

SEE ALSO

206       unbound-anchor(8)
207
208

AUTHOR

210       Jelte Jansen and Miek Gieben. Both of NLnet Labs.
211
212

REPORTING BUGS

214       Report bugs to <ldns-team@nlnetlabs.nl>.
215
216

BUGS

219       Copyright (c) 2004-2008 NLnet Labs.  Licensed  under  the  revised  BSD
220       license.  There is NO warranty; not even for MERCHANTABILITY or FITNESS
221       FOR A PARTICULAR PURPOSE.
222
223

SEE ALSO

225       dig(1), RFC403{3,4,5}.
226
227
228
229                                  28 May 2006                         drill(1)
Impressum