LinuxCommandLibrary

drill

Query DNS records

TLDR

Lookup the IP(s) associated with a hostname (A records)

$ drill [example.com]
copy

Lookup the mail server(s) associated with a given domain name (MX record)
$ drill mx [example.com]
copy

Get all types of records for a given domain name
$ drill any [example.com]
copy

Specify an alternate DNS server to query
$ drill [example.com] @[8.8.8.8]
copy

Perform a reverse DNS lookup on an IP address (PTR record)
$ drill -x [8.8.8.8]
copy

Perform DNSSEC trace from root servers down to a domain name
$ drill -TD [example.com]
copy

Show DNSKEY record(s) for a domain name
$ drill -s dnskey [example.com]
copy

SYNOPSIS

drill [options] [@server] name [type] [class]

PARAMETERS

-4
    Use IPv4 transport only

-6
    Use IPv6 transport only

-a, --answer
    Show only answer section

-A, --additional
    Show only additional section

-b, --best
    Use fastest responding nameserver

-c class
    Set query class (default: IN)

-C
    Enable DNSSEC validation

-D, --debug
    Enable debug output

-h, --help
    Show help and exit

-i
    Use IP6.INT reverse notation

-k keyfile
    Specify TSIG key file

-n, --no-tcp
    Do not fall back to TCP

-q queryname
    Set query name

-S bits
    Set EDNS0 buffer size

-t type
    Set query type (default: A)

-T
    Always use TCP transport

-u, --unique
    Set RD bit (non-recursive)

-V, --version
    Show version and exit

-x
    Reverse lookup (PTR query)

-y name:secret
    Direct TSIG key specification

--yaml
    Output in YAML format

DESCRIPTION

Drill is a powerful DNS querying tool from the ldns package, designed as a user-friendly alternative to dig. It performs DNS lookups with high flexibility, supporting recursive and iterative queries, multiple transport protocols (UDP, TCP, TLS), and various output formats including YAML and JSON.

Key features include automatic selection of the fastest nameserver, support for DNSSEC validation, EDNS options, and detailed control over query sections like authority and additional records. It excels in scripting due to structured outputs and is ideal for debugging DNS issues, testing resolvers, or bulk queries. Unlike traditional tools, drill emphasizes simplicity in syntax while offering advanced capabilities like key-based authentication and chaos class queries.

Primarily used by network administrators and DNS developers, it requires the ldns-utils package on most Linux distributions.

CAVEATS

Not installed by default; install via ldns-utils package. Limited Windows support. Some advanced DNSSEC features require additional configuration.

BASIC EXAMPLE

drill example.com or drill @8.8.8.8 MX google.com

YAML OUTPUT

drill --yaml A www.example.com for structured parsing in scripts.

HISTORY

Developed by NLnet Labs as part of the ldns library (first release ~2006). Evolved to support modern DNS features like DNSSEC (2010s) and DoT/DoH. Actively maintained for DNS research and tooling.

SEE ALSO

dig(1), host(1), nslookup(1), ldns-walk(1), ldns-chaos(1)

Copied to clipboard