drill 命令详解

| 选择喜欢的代码风格  

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

drill 命令安装:


-bash/zsh: drill command not found

#Debian
apt-get install ldnsutils

#Ubuntu
apt-get install ldnsutils

#Alpine
apk add ldns

#Arch Linux
pacman -S ldns

#Kali Linux
apt-get install ldnsutils

#CentOS
yum install ldns

#Fedora
dnf install ldns-utils

#OS X
brew install ldns

#Raspbian
apt-get install ldnsutils

#Docker
docker run cmd.cat/drill drill

drill 命令补充说明:


drill 是一种用于从 DNS 中获取各种信息的工具。它专门设计用于 DNS (SEC)。

名字 drill 是一个双关语。使用钻子,您应该可以获得比 dig 挖掘更多的信息。

drill 命令语法:


drill [ OPTIONS ] name [ @server ] [ type ] [ class ]

drill 命令选项:


-D
Enable DNSSEC in the query. When querying for DNSSEC types (DNSKEY, RRSIG, DS and NSEC) this is not automaticly enabled.
-T
Trace name from the root down. When using this option the @server and the type arguments are not used.
-S
Chase the signature(s) of 'name' to a known key or as high up in the tree as possible.
-V level
Be more verbose. Set level to 5 to see the actual query that is sent.
-Q
Quiet mode, this overrules -V.
-f file
Read the query from a file. The query must be dumped with -w.
-i file
read the answer from the file instead from the network. This aids in debugging and can be used to check if a query on disk is valid. If the file contains binary data it is assumed to be a query in network order.
-w file
Write an answer packet to file.
-q file
Write the query packet to file.
-v
Show drill's version.
-h
Show a short help message.

drill 命令查询选项:


-4
Stay on ip4. Only send queries to ip4 enabled nameservers.
-6
Stay on ip6. Only send queries to ip6 enabled nameservers.
-a
Use the resolver structure's fallback mechanism if the answer is truncated (TC=1). If a truncated packet is received and this option is set, drill will first send a new query with EDNS0 buffer size 4096.
If the EDNS0 buffer size was already set to 512+ bytes, or the above retry also results in a truncated answer, the resolver structure will fall back to TCP.

-b size
Use size as the buffer size in the EDNS0 pseudo RR.
-c file
Use file instead of /etc/resolv.conf for nameserver configuration.
-d domain
When tracing (-T), start from this domain instead of the root.
-t
Use TCP/IP when querying a server
-k keyfile
Use this file to read a (trusted) key from. When this options is given drill tries to validate the current answer with this key. No chasing is done. When drill is doing a secure trace, this key will be used as trust anchor. Can contain a DNSKEY or a DS record.
Alternatively, when DNSSEC enabled tracing (-TD) or signature chasing (-S), if -k is not specified, and a default trust anchor (/etc/unbound/root.key) exists and contains a valid DNSKEY or DS record, it will be used as the trust anchor.

-o mnemonic
Use this option to set or unset specific header bits. A bit is set by using the bit mnemonic in CAPITAL letters. A bit is unset when the mnemonic is given in lowercase. The following mnemonics are understood by drill:
QR, qr: set, unset QueRy (default: on)
AA, aa: set, unset Authoritative Answer (default: off)
TC, tc: set, unset TrunCated (default: off)
RD, rd: set, unset Recursion Desired (default: on)
CD, cd: set, unset Checking Disabled (default: off)
RA, ra: set, unset Recursion Available (default: off)
AD, ad: set, unset Authenticated Data (default: off)

Thus: -o CD, will enable Checking Disabled, which instructs the cache to not validate the answers it gives out.

-p port
Use this port instead of the default of 53.
-r file
When tracing (-T), use file as a root servers hint file.
-s
When encountering a DNSKEY print the equivalent DS also.
-u
Use UDP when querying a server. This is the default.
-w file
write the answer to a file. The file will contain a hexadecimal dump of the query. This can be used in conjunction with -f.
-x
Do a reverse loopup. The type argument is not used, it is preset to PTR.
-y <name:key[:algo]>
specify named base64 tsig key, and optional an algorithm (defaults to hmac-md5.sig-alg.reg.int)
-z
don't randomize the nameserver list before sending queries.
Files
/etc/unbound/root.key
The file from which trusted keys are loaded when no -k option is given.

drill 命令参数:


待查询的域名或IP等

drill 命令实例:


drill 查找与主机名关联的 IP(A 记录):

$ drill hexun.com

;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 12973
;; flags: qr rd ra ; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 
;; QUESTION SECTION:
;; hexun.com.   IN      A

;; ANSWER SECTION:
hexun.com.      120     IN      A       42.81.124.69

;; AUTHORITY SECTION:

;; ADDITIONAL SECTION:

;; Query time: 17 msec
;; SERVER: 100.100.2.136
;; WHEN: Mon Oct 19 09:53:14 2020
;; MSG SIZE  rcvd: 43

drill 查找与给定域名(MX 记录)关联的邮件服务器:

$ drill mx mail.hexun.com

;; ->>HEADER<<- opcode: QUERY, rcode: NXDOMAIN, id: 58969
;; flags: qr rd ra ; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 
;; QUESTION SECTION:
;; mail.hexun.com.      IN      MX

;; ANSWER SECTION:

;; AUTHORITY SECTION:
hexun.com.      600     IN      SOA     ns3.hexun.com. dnsadmin.staff.hexun.com. 2020101301 1800 600 1209600 600

;; ADDITIONAL SECTION:

;; Query time: 31 msec
;; SERVER: 100.100.2.138
;; WHEN: Mon Oct 19 09:53:41 2020
;; MSG SIZE  rcvd: 87

drill 获取给定域名的所有类型的记录:

$ drill any staff.hexun.com

;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 30274
;; flags: qr rd ra ; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 0 
;; QUESTION SECTION:
;; staff.hexun.com.     IN      ANY

;; ANSWER SECTION:
staff.hexun.com.        600     IN      A       60.28.250.158
staff.hexun.com.        120     IN      MX      10 mx.263.net.
staff.hexun.com.        120     IN      MX      5 mxw.263.net.
staff.hexun.com.        120     IN      TXT     "v=spf1 include:spf.263.net -all"
staff.hexun.com.        120     IN      TXT     "google-site-verification=BbyilPP_IVL-fAa3cbTRqyV0RNgsmjv0YzHz0aozPBQ"

;; AUTHORITY SECTION:

;; ADDITIONAL SECTION:

;; Query time: 28 msec
;; SERVER: 100.100.2.136
;; WHEN: Mon Oct 19 09:56:17 2020
;; MSG SIZE  rcvd: 220

drill 指定备用 DNS 服务器进行查询:

drill hostname.com @8.8.8.8

drill 在IP地址(PTR 记录)上执行反向 DNS 查找:

$ drill -x 8.8.8.8

;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 14789
;; flags: qr rd ra ; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 
;; QUESTION SECTION:
;; 8.8.8.8.in-addr.arpa.        IN      PTR

;; ANSWER SECTION:
8.8.8.8.in-addr.arpa.   25553   IN      PTR     dns.google.

;; AUTHORITY SECTION:

;; ADDITIONAL SECTION:

;; Query time: 0 msec
;; SERVER: 100.100.2.136
;; WHEN: Mon Oct 19 09:58:36 2020
;; MSG SIZE  rcvd: 62

drill 从根服务器到域名执行 DNSSEC 跟踪:

$ drill -TD hexun.com

Warning: No trusted keys were given. Will not be able to verify authenticity!
;; Domain: .
;; Signature ok but no chain to a trusted key or ds record
[S] . 172800 IN DNSKEY 256 3 8 ;{id = 26116 (zsk), size = 2048b}
. 172800 IN DNSKEY 257 3 8 ;{id = 20326 (ksk), size = 2048b}
Checking if signing key is trusted:
New key: .      172800  IN      DNSKEY  256 3 8 AwEAAfC/6HLClwss6h7rPfoG2cliv4/SPJRd2HPEglRsvKZRbPP2RLfiobeAkczcdqaD5q8loEt14lcTgDqwzOISZ3YvSVkM4JRMFwKzcjukKo5CsDVbMmhTD0C0yxWICRQ1M+Y5/XkZAT7mt4cb3fWcN9xgyq1wEXQX+zdLQHrNEVQSiL5SoA5cOtCSoQ45n8bKDXdw/0jjP9Rw1FVKsdzLVkQSrVMm8k30WUkHm/SK/n/954KENkdQOA6Li2vO9nicQdegyAkDeNJCdPN/p3jEhCTQLyO4AlAmyaPcDHeeo7OXr/VsYu4NTDde9hBuS0zx/rewD+BvSnmnNHNmH2FjUE8= ;{id = 26116 (zsk), size = 2048b}
[S] com. 86400 IN DS 30909 8 2 e2d3c916f6deeac73294e8268fb5885044a833fc5459588f4a9184cfc41a5766 
;; Domain: com.
;; Signature ok but no chain to a trusted key or ds record
[S] com. 86400 IN DNSKEY 256 3 8 ;{id = 24966 (zsk), size = 1280b}
com. 86400 IN DNSKEY 256 3 8 ;{id = 31510 (zsk), size = 1280b}
com. 86400 IN DNSKEY 257 3 8 ;{id = 30909 (ksk), size = 2048b}
[S] Existence denied: hexun.com. DS
;; No ds record for delegation
;; Domain: hexun.com.
;; No DNSKEY record found for hexun.com.
[U] hexun.com.  120     IN      A       42.81.124.69
;;[S] self sig OK; [B] bogus; [T] trusted

drill 显示域名的 DNSKEY 记录:

$ drill -s dnskey hexun.com

;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 55964
;; flags: qr rd ra ; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 
;; QUESTION SECTION:
;; hexun.com.   IN      DNSKEY

;; ANSWER SECTION:

;; AUTHORITY SECTION:
hexun.com.      600     IN      SOA     ns3.hexun.com. dnsadmin.staff.hexun.com. 2020101301 1800 600 1209600 600

;; ADDITIONAL SECTION:

;; Query time: 19 msec
;; SERVER: 100.100.2.136
;; WHEN: Mon Oct 19 10:00:06 2020
;; MSG SIZE  rcvd: 82

drill 命令扩展阅读:




drill 命令评论