SYNOPSIS
drill [ OPTION ] name [ @server ] [ type ] [ class ]
DESCRIPTION
drill is a tool to designed to get all sorts of information out of the
DNS. It is specificly designed to be used with DNSSEC.
The name drill is a pun on dig. With drill you should be able get even
more information than with dig.
The arguments to drill may be placed in any order. If no arguments are
given class defaults to 'IN' and type to 'A'. The server(s) specified
in /etc/resolv.conf are used to query against.
@server Send to query to this server. If not specified use the name-
servers from /etc/resolv.conf.
type Ask for this RR type. If type is not given on the command line it
defaults to 'A'. Except when doing to reverse lookup when it defaults
to 'PTR'.
name Ask for this name.
class Use this class when querying.
SAMPLE USAGE
drill mx miek.nl Show the MX records of the domain miek.nl
drill -S jelte.nlnetlabs.nl
Chase any signatures in the jelte.nlnetlab.nl domain.
drill -TD www.example.com
Do a DNSSEC (-D) trace (-T) from the rootservers down to
www.example.com.
drill -s dnskey jelte.nlnetlabs.nl
Show the DNSKEY record(s) for jelte.nlnetlabs.nl. For each found
DNSKEY record also print the DS record.
OPTIONS
-D Enable DNSSEC in the query. When querying for DNSSEC types
(DNSKEY, RRSIG, DS and NSEC) this is not automaticly enabled.
-Q Quiet mode, this overrules -V.
-f file
Read the query from a file. The query must be dumped with -w.
-i file
read the answer from the file instead from the network. This
aids in debugging and can be used to check if a query on disk is
valid. If the file contains binary data it is assumed to be a
query in network order.
-w file
Write an answer packet to file.
-q file
Write the query packet to file.
-v Show drill's version.
-h Show a short help message.
QUERY OPTIONS
-4 Stay on ip4. Only send queries to ip4 enabled nameservers.
-6 Stay on ip6. Only send queries to ip6 enabled nameservers.
-a Don't try the next nameserver on SERVFAIL. The default is to do
this.
-b size
Use size as the buffer size in the EDNS0 pseudo RR.
-c Use TCP/IP when querying a server, 'c' stands for connected.
-k keyfile
Use this file to read a (trusted) key from. When this options is
given drill tries to validate the current answer with this key.
No chasing is done. When drill is doing a secure trace, this key
will be used as trust anchor.
Thus: -o CD, will enable Checking Disabled, which instructs the
cache to not validate the answers it gives out.
-p port
Use this port instead of the default of 53.
-s When encountering a DNSKEY print the equivalent DS also.
-u Use UDP when querying a server. This is the default.
-w file
write the answer to a file. The file will contain a hexadecimal
dump of the query. This can be used in conjunction with -f.
-x Do a reverse loopup. The type argument is not used, it is preset
to PTR.
AUTHOR
Jelte Jansen and Miek Gieben. Both of NLnet Labs.
REPORTING BUGS
Report bugs to <ldns-team@nlnetlabs.nl>.
BUGS
COPYRIGHT
Copyright (c) 2004-2006 NLnet Labs. Licensed under the revised BSD
license. There is NO warranty; not even for MERCHANTABILITY or FITNESS
FOR A PARTICULAR PURPOSE.
SEE ALSO
dig(1), RFC403{3,4,5}.
28 May 2006 drill(1)
Man(1) output converted with
man2html