How to use the command 'drill' (with examples)
Drill is a tool designed for performing DNS (Domain Name System) queries. It’s part of the ldns suite, which is developed for managing and analyzing DNS data more effectively. Drill can be used to retrieve various types of DNS records, perform reverse DNS lookups, and even work with DNSSEC (DNS Security Extensions). As such, it is a versatile tool for both network administrators and anyone interested in diagnosing or exploring DNS information. Below are detailed examples of how to use ‘drill’ for different kinds of DNS queries.
Use case 1: Lookup the IP(s) associated with a hostname (A records)
Code:
drill example.com
Motivation:
When you are trying to identify the server or servers hosting a particular website, looking up the A records of the domain can provide you with the necessary IP addresses. This is particularly useful for network diagnostics, setting up server configurations, or troubleshooting connectivity issues.
Explanation:
drill
: Initiates the drill command to perform a DNS query.example.com
: Specifies the domain whose A records you want to look up.
Example output:
;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 12345
;; flags: qr rd ra ; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3
;; QUESTION SECTION:
;; example.com. IN A
;; ANSWER SECTION:
example.com. 299 IN A 93.184.216.34
Use case 2: Lookup the mail server(s) associated with a given domain name (MX record)
Code:
drill mx example.com
Motivation:
Knowing the mail servers handling email for a domain is essential when setting up email services or debugging email delivery problems. By querying MX records, you can quickly determine the path that emails will take to reach their intended recipients.
Explanation:
drill
: Initiates the drill command to perform a DNS query.mx
: Specifies that you want to retrieve the MX (Mail Exchange) records.example.com
: The domain whose mail servers you want to check.
Example output:
;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 4321
;; flags: qr rd ra ; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3
;; QUESTION SECTION:
;; example.com. IN MX
;; ANSWER SECTION:
example.com. 299 IN MX 10 mail.example.com.
Use case 3: Get all types of records for a given domain name
Code:
drill any example.com
Motivation:
To get a comprehensive view of all the available DNS records for a domain, including A, AAAA, MX, TXT, and more, using the any
query type gives an extensive snapshot of the domain’s DNS settings. This is useful for auditing purposes, managing DNS configurations, or understanding the domain’s setup.
Explanation:
drill
: Initiates the drill command.any
: Requests all available DNS resource records for the specified domain.example.com
: The target domain name for which you are querying DNS records.
Example output:
;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 54321
;; flags: qr rd ra ; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1
;; QUESTION SECTION:
;; example.com. IN ANY
;; ANSWER SECTION:
example.com. 299 IN A 93.184.216.34
example.com. 299 IN MX 10 mail.example.com.
example.com. 299 IN TXT "v=spf1 include:_spf.example.com ~all"
example.com. 299 IN AAAA 2606:2800:220:1:248:1893:25c8:1946
Use case 4: Specify an alternate DNS server to query
Code:
drill example.com @8.8.8.8
Motivation:
Sometimes, it is beneficial to query a specific DNS server to see how DNS information is being propagated. Using an alternate DNS server such as Google’s public DNS (8.8.8.8) allows you to compare responses from different DNS infrastructures, diagnose propagation delays, or even bypass local DNS caches.
Explanation:
drill
: Initiates the drill command.example.com
: The domain name you want to query for DNS information.@8.8.8.8
: Tells drill to use 8.8.8.8 as the DNS server for this query.
Example output:
;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 6789
;; flags: qr rd ra ; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3
;; QUESTION SECTION:
;; example.com. IN A
;; ANSWER SECTION:
example.com. 299 IN A 93.184.216.34
Use case 5: Perform a reverse DNS lookup on an IP address (PTR record)
Code:
drill -x 8.8.8.8
Motivation:
A reverse DNS lookup is used to determine the domain name associated with an IP address, which can be crucial for verifying the identity of servers, spam filtering, or logging purposes in network management.
Explanation:
drill
: Initiates the drill command.-x
: Specifies that a reverse lookup is to be performed on the given IP address.8.8.8.8
: The IP address you want to query for its associated domain.
Example output:
;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 9876
;; flags: qr rd ra ; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; QUESTION SECTION:
;; 8.8.8.8.in-addr.arpa. IN PTR
;; ANSWER SECTION:
8.8.8.8.in-addr.arpa. 299 IN PTR google-public-dns-a.google.com.
Use case 6: Perform DNSSEC trace from root servers down to a domain name
Code:
drill -TD example.com
Motivation:
DNS Security Extensions (DNSSEC) provide a layer of security to guarantee the authenticity of DNS responses. Performing a DNSSEC trace from root servers is useful to verify whether DNSSEC is properly configured for a domain, detect misconfigurations, and ensure that domain records haven’t been tampered with.
Explanation:
drill
: Initiates the drill command.-TD
: Instructs drill to perform a DNSSEC trace.example.com
: The domain for which you want to perform a DNSSEC trace.
Example output:
; <<>> DiG 9.11.5-P4-5.1+deb10u3-Debian <<>> +dnssec +trace example.com
;; global options: +cmd
. 518400 IN NS m.root-servers.net.
;; Received 841 bytes from 192.5.5.241#53(192.5.5.241) in 52 ms
com. 172800 IN NS a.gtld-servers.net.
;; Received 1177 bytes from 198.41.0.4#53(a.root-servers.net) in 104 ms
example.com. 86400 IN NS ns1.example.com.
;; Received 496 bytes from 192.5.6.30#53(b.gtld-servers.net) in 67 ms
Use case 7: Show DNSKEY record(s) for a domain name
Code:
drill -s dnskey example.com
Motivation:
DNSKEY records are part of DNSSEC and contain public keys for a domain. These are used in the process of validating DNS responses. Displaying DNSKEY records can help in diagnosing DNSSEC issues, configuring secure zones, or auditing the security of your domain’s DNS setup.
Explanation:
drill
: Initiates the drill command.-s
: Instructs drill to display DNSSEC-related information.dnskey
: Directs drill to show DNSKEY records.example.com
: The domain you are querying for DNSKEY records.
Example output:
;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 13579
;; flags: qr rd ra ; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1
;; QUESTION SECTION:
;; example.com. IN DNSKEY
;; ANSWER SECTION:
example.com. 599 IN DNSKEY 256 3 7 AwEAAa3W9...
Conclusion:
Drill is a robust command-line tool for conducting DNS queries. With its various features, including querying different DNS record types, performing reverse lookups, and utilizing DNSSEC, it serves as a comprehensive utility for anyone dealing with domain and network configurations. Whether for troubleshooting, validating DNS settings, or ensuring the integrity of DNS data, the examples provided demonstrate the essential capabilities of drill in diverse use cases.