1drill(1) General Commands Manual drill(1)
2
3
4
6 drill - get (debug) information out of DNS(SEC)
7
9 drill [ OPTION ] name [ @server ] [ type ] [ class ]
10
11
13 drill is a tool to designed to get all sorts of information out of the
14 DNS. It is specificly designed to be used with DNSSEC.
15
16 The name drill is a pun on dig. With drill you should be able get even
17 more information than with dig.
18
19 The arguments to drill may be placed in any order. If no arguments are
20 given class defaults to 'IN' and type to 'A'. The server(s) specified
21 in /etc/resolv.conf are used to query against.
22
23
24 @server Send to query to this server. If not specified use the name‐
25 servers from /etc/resolv.conf.
26
27
28 type Ask for this RR type. If type is not given on the command line it
29 defaults to 'A'. Except when doing to reverse lookup there is defaults
30 to 'PTR'.
31
32
33 name Ask for this name.
34
35
36 class Use this class when querying.
37
38
40 drill mx miek.nl Show the MX records of the domain miek.nl
41
42
43 drill -S jelte.nlnetlabs.nl
44 Chase any signatures a the jelte.nlnetlab.nl domain.
45
46
47 drill -TD www.example.com
48 Do a DNSSEC (-D) trace (-T) from the rootservers down to
49 www.example.com.
50
51
52 drill -s dnskey jelte.nlnetlabs.nl
53 Show the DNSKEY record(s) for jelte.nlnetlabs.nl. For each found
54 DNSKEY record also print the DS record.
55
56
58 -D Enable DNSSEC in the query. When querying for DNSSEC types
59 (DNSKEY, RRSIG, DS and NSEC) this is automaticly enabled.
60
61
62 -S Chase the signature(s) of 'name' to a known key or as high up in
63 the tree as possible.
64
65
66 -T Trace name from the root down. When using this option the
67 @server and the type arguments are not used.
68
69
70 -V Be more verbose. Enable once for more messages on the screen.
71 Enable twice for a hexdump of the packets sent.
72
73
74 -4 Stay on ip4. Only send queries to ip4 enabled nameservers.
75
76
77 -6 Stay on ip6. Only send queries to ip6 enabled nameservers.
78
79
80 -a Don't try the next nameserver on SERVFAIL. The default is to do
81 this.
82
83
84 -b size
85
86
87
88 -c Use TCP/IP when querying a server.
89
90
91
92 -f file
93 Read the query from a file. The query must be dumped with -w.
94
95
96 -i file
97 read the answer from the file instead from the network. This
98 aids in debugging and can be used to check if a query on disk is
99 valid. If the file contains binary data it is assumed to be a
100 query in network order.
101
102
103 -k keyfile
104 Use this file to read a (trusted) key from. When this options is
105 given drill tries to validate the current answer with this key.
106 No chasing is done.
107
108
109 -p port
110 Use this port instead of the DNS default of 53.
111
112
113 -r Don't set the RD bit in the query - the default is yes.
114
115
116 -s When encountering a DNSKEY print the DS also.
117
118
119 -u Use UDP when querying a server. This is the default.
120
121
122 -v
123
124
125 -w file
126 write the answer to a file. The file will contain a hexadecimal
127 dump of the query. This can be used in conjunction with -f.
128
129
130 -x Do a reverse loopup. The type argument is not used, it is preset
131 to PTR.
132
133
135 When calling drill with -S it chases down signatures (RRSIG) to a known
136 key. This uses a bottom-up approach. [Jelte please fill in the blanks
137 here]
138
139 With -TD (trace + DNSSEC) drill will securely trace from the root down.
140 If the optional -k argument is given a genuine chain of trust can be
141 established. [bla bla, Miek please add more]
142
143
145 Jelte Jansen and Miek Gieben. Both of NLnet Labs.
146
147
149 Report bugs to <drill@nlnetlabs.nl>.
150
151
154 None - you can do everything with it, including washing your car.
155
156
158 Copyright (c) 2004 NLnet Labs. Licensed under the revised BSD license.
159 There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
160 PARTICULAR PURPOSE.
161
162
164 dig(1), RFC403{3,4,5}.
165
166
167
168 28 Apr 2005 drill(1)