drill man page on RedHat

Man page or keyword search:  
man Server   29550 pages
apropos Keyword Search (all sections)
Output format
RedHat logo
[printable version]

drill(1)							      drill(1)

NAME
       drill - get (debug) information out of DNS(SEC)

SYNOPSIS
       drill [ OPTIONS ] name [ @server ] [ type ] [ class ]

DESCRIPTION
       drill  is a tool to designed to get all sorts of information out of the
       DNS. It is specificly designed to be used with DNSSEC.

       The name drill is a pun on dig. With drill you should be able get  even
       more information than with dig.

       If  no  arguments are given class defaults to 'IN' and type to 'A'. The
       server(s) specified in /etc/resolv.conf are used to query against.

       name Ask for this name.

       @server Send to query to this server. If not specified  use  the	 name‐
       servers from /etc/resolv.conf.

       type  Ask for this RR type. If type is not given on the command line it
       defaults to 'A'. Except when doing to reverse lookup when  it  defaults
       to 'PTR'.

       class Use this class when querying.

SAMPLE USAGE
       drill mx miek.nl Show the MX records of the domain miek.nl

       drill -S jelte.nlnetlabs.nl
	      Chase  any  signatures  in  the  jelte.nlnetlab.nl  domain. This
	      option is only  available	 when  ldns  has  been	compiled  with
	      openssl-support.

       drill -TD www.example.com
	      Do  a  DNSSEC  (-D)  trace  (-T)	from  the  rootservers down to
	      www.example.com.	This option only works when ldns has been com‐
	      piled with openssl support.

       drill -s dnskey jelte.nlnetlabs.nl
	      Show the DNSKEY record(s) for jelte.nlnetlabs.nl. For each found
	      DNSKEY record also print the DS record.

OPTIONS
       -D     Enable DNSSEC in the  query.  When  querying  for	 DNSSEC	 types
	      (DNSKEY, RRSIG, DS and NSEC) this is not automaticly enabled.

       -T     Trace  name  from	 the  root  down.  When	 using this option the
	      @server and the type arguments are not used.

       -S     Chase the signature(s) of 'name' to a known key or as high up in
	      the tree as possible.

       -V level
	      Be  more verbose. Set level to 5 to see the actual query that is
	      sent.

       -Q     Quiet mode, this overrules -V.

       -f file
	      Read the query from a file. The query must be dumped with -w.

       -i file
	      read the answer from the file instead  from  the	network.  This
	      aids in debugging and can be used to check if a query on disk is
	      valid.  If the file contains binary data it is assumed to	 be  a
	      query in network order.

       -w file
	      Write an answer packet to file.

       -q file
	      Write the query packet to file.

       -v     Show drill's version.

       -h     Show a short help message.

   QUERY OPTIONS
       -4     Stay on ip4. Only send queries to ip4 enabled nameservers.

       -6     Stay on ip6. Only send queries to ip6 enabled nameservers.

       -a     Use the resolver structure's fallback mechanism if the answer is
	      truncated (TC=1). If a truncated packet  is  received  and  this
	      option is set, drill will first send a new query with EDNS0 buf‐
	      fer size 4096.

	      If the EDNS0 buffer size was already set to 512+ bytes,  or  the
	      above  retry  also  results  in a truncated answer, the resolver
	      structure will fall back to TCP.

       -b size
	      Use size as the buffer size in the EDNS0 pseudo RR.

       -c file
	      Use file instead of /etc/resolv.conf for	nameserver  configura‐
	      tion.

       -d domain
	      When tracing (-T), start from this domain instead of the root.

       -t     Use TCP/IP when querying a server

       -k keyfile
	      Use this file to read a (trusted) key from. When this options is
	      given drill tries to validate the current answer with this  key.
	      No chasing is done. When drill is doing a secure trace, this key
	      will be used as trust anchor. Can	 contain  a  DNSKEY  or	 a  DS
	      record.

	      Alternatively,  when  DNSSEC  enabled tracing (-TD) or signature
	      chasing (-S), if -k is not specified, and a default trust anchor
	      (/var/lib/unbound/root.key)  exists  and contains a valid DNSKEY
	      or DS record, it will be used as the trust anchor.

       -o mnemonic
	      Use this option to set or unset specific header bits. A  bit  is
	      set by using the bit mnemonic in CAPITAL letters. A bit is unset
	      when the mnemonic is given in lowercase. The following mnemonics
	      are understood by drill:

		      QR, qr: set, unset QueRy (default: on)
		      AA, aa: set, unset Authoritative Answer (default: off)
		      TC, tc: set, unset TrunCated (default: off)
		      RD, rd: set, unset Recursion Desired (default: on)
		      CD, cd: set, unset Checking Disabled  (default: off)
		      RA, ra: set, unset Recursion Available  (default: off)
		      AD, ad: set, unset Authenticated Data (default: off)

	      Thus:  -o CD, will enable Checking Disabled, which instructs the
	      cache to not validate the answers it gives out.

       -p port
	      Use this port instead of the default of 53.

       -r file
	      When tracing (-T), use file as a root servers hint file.

       -s     When encountering a DNSKEY print the equivalent DS also.

       -u     Use UDP when querying a server. This is the default.

       -w file
	      write the answer to a file. The file will contain a  hexadecimal
	      dump of the query. This can be used in conjunction with -f.

       -x     Do a reverse loopup. The type argument is not used, it is preset
	      to PTR.

       -y <name:key[:algo]>
	      specify  named  base64  tsig  key,  and  optional	 an  algorithm
	      (defaults to hmac-md5.sig-alg.reg.int)

       -z     don't randomize the nameserver list before sending queries.

FILES
       /var/lib/unbound/root.key
	      The file from which trusted keys are loaded when no -k option is
	      given.

SEE ALSO
       unbound-anchor(8)

AUTHOR
       Jelte Jansen and Miek Gieben. Both of NLnet Labs.

REPORTING BUGS
       Report bugs to <ldns-team@nlnetlabs.nl>.

BUGS
COPYRIGHT
       Copyright (c) 2004-2008 NLnet Labs.  Licensed  under  the  revised  BSD
       license.	 There is NO warranty; not even for MERCHANTABILITY or FITNESS
       FOR A PARTICULAR PURPOSE.

SEE ALSO
       dig(1), RFC403{3,4,5}.

				  28 May 2006			      drill(1)
[top]

List of man pages available for RedHat

Copyright (c) for man pages and the logo by the respective OS vendor.

For those who want to learn more, the polarhome community provides shell access and support.

[legal] [privacy] [GNU] [policy] [cookies] [netiquette] [sponsors] [FAQ]
Tweet
Polarhome, production since 1999.
Member of Polarhome portal.
Based on Fawad Halim's script.
....................................................................
Vote for polarhome
Free Shell Accounts :: the biggest list on the net