A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
drill
if you can, dig
if you have to, nslookup
if you must..
-bash/zsh: drill command not found #Debian apt-get install ldnsutils #Ubuntu apt-get install ldnsutils #Alpine apk add ldns #Arch Linux pacman -S ldns #Kali Linux apt-get install ldnsutils #CentOS yum install ldns #Fedora dnf install ldns-utils #OS X brew install ldns #Raspbian apt-get install ldnsutils #Docker docker run cmd.cat/drill drill
drill 是一种用于从 DNS 中获取各种信息的工具。它专门设计用于 DNS (SEC)。
名字 drill
是一个双关语。使用钻子,您应该可以获得比 dig
挖掘更多的信息。
drill [ OPTIONS ] name [ @server ] [ type ] [ class ]
-D Enable DNSSEC in the query. When querying for DNSSEC types (DNSKEY, RRSIG, DS and NSEC) this is not automaticly enabled. -T Trace name from the root down. When using this option the @server and the type arguments are not used. -S Chase the signature(s) of 'name' to a known key or as high up in the tree as possible. -V level Be more verbose. Set level to 5 to see the actual query that is sent. -Q Quiet mode, this overrules -V. -f file Read the query from a file. The query must be dumped with -w. -i file read the answer from the file instead from the network. This aids in debugging and can be used to check if a query on disk is valid. If the file contains binary data it is assumed to be a query in network order. -w file Write an answer packet to file. -q file Write the query packet to file. -v Show drill's version. -h Show a short help message.
-4 Stay on ip4. Only send queries to ip4 enabled nameservers. -6 Stay on ip6. Only send queries to ip6 enabled nameservers. -a Use the resolver structure's fallback mechanism if the answer is truncated (TC=1). If a truncated packet is received and this option is set, drill will first send a new query with EDNS0 buffer size 4096. If the EDNS0 buffer size was already set to 512+ bytes, or the above retry also results in a truncated answer, the resolver structure will fall back to TCP. -b size Use size as the buffer size in the EDNS0 pseudo RR. -c file Use file instead of /etc/resolv.conf for nameserver configuration. -d domain When tracing (-T), start from this domain instead of the root. -t Use TCP/IP when querying a server -k keyfile Use this file to read a (trusted) key from. When this options is given drill tries to validate the current answer with this key. No chasing is done. When drill is doing a secure trace, this key will be used as trust anchor. Can contain a DNSKEY or a DS record. Alternatively, when DNSSEC enabled tracing (-TD) or signature chasing (-S), if -k is not specified, and a default trust anchor (/etc/unbound/root.key) exists and contains a valid DNSKEY or DS record, it will be used as the trust anchor. -o mnemonic Use this option to set or unset specific header bits. A bit is set by using the bit mnemonic in CAPITAL letters. A bit is unset when the mnemonic is given in lowercase. The following mnemonics are understood by drill: QR, qr: set, unset QueRy (default: on) AA, aa: set, unset Authoritative Answer (default: off) TC, tc: set, unset TrunCated (default: off) RD, rd: set, unset Recursion Desired (default: on) CD, cd: set, unset Checking Disabled (default: off) RA, ra: set, unset Recursion Available (default: off) AD, ad: set, unset Authenticated Data (default: off) Thus: -o CD, will enable Checking Disabled, which instructs the cache to not validate the answers it gives out. -p port Use this port instead of the default of 53. -r file When tracing (-T), use file as a root servers hint file. -s When encountering a DNSKEY print the equivalent DS also. -u Use UDP when querying a server. This is the default. -w file write the answer to a file. The file will contain a hexadecimal dump of the query. This can be used in conjunction with -f. -x Do a reverse loopup. The type argument is not used, it is preset to PTR. -y <name:key[:algo]> specify named base64 tsig key, and optional an algorithm (defaults to hmac-md5.sig-alg.reg.int) -z don't randomize the nameserver list before sending queries. Files /etc/unbound/root.key The file from which trusted keys are loaded when no -k option is given.
待查询的域名或IP等
drill 查找与主机名关联的 IP(A 记录):
$ drill hexun.com ;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 12973 ;; flags: qr rd ra ; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;; hexun.com. IN A ;; ANSWER SECTION: hexun.com. 120 IN A 42.81.124.69 ;; AUTHORITY SECTION: ;; ADDITIONAL SECTION: ;; Query time: 17 msec ;; SERVER: 100.100.2.136 ;; WHEN: Mon Oct 19 09:53:14 2020 ;; MSG SIZE rcvd: 43
drill 查找与给定域名(MX 记录)关联的邮件服务器:
$ drill mx mail.hexun.com ;; ->>HEADER<<- opcode: QUERY, rcode: NXDOMAIN, id: 58969 ;; flags: qr rd ra ; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;; mail.hexun.com. IN MX ;; ANSWER SECTION: ;; AUTHORITY SECTION: hexun.com. 600 IN SOA ns3.hexun.com. dnsadmin.staff.hexun.com. 2020101301 1800 600 1209600 600 ;; ADDITIONAL SECTION: ;; Query time: 31 msec ;; SERVER: 100.100.2.138 ;; WHEN: Mon Oct 19 09:53:41 2020 ;; MSG SIZE rcvd: 87
drill 获取给定域名的所有类型的记录:
$ drill any staff.hexun.com ;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 30274 ;; flags: qr rd ra ; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;; staff.hexun.com. IN ANY ;; ANSWER SECTION: staff.hexun.com. 600 IN A 60.28.250.158 staff.hexun.com. 120 IN MX 10 mx.263.net. staff.hexun.com. 120 IN MX 5 mxw.263.net. staff.hexun.com. 120 IN TXT "v=spf1 include:spf.263.net -all" staff.hexun.com. 120 IN TXT "google-site-verification=BbyilPP_IVL-fAa3cbTRqyV0RNgsmjv0YzHz0aozPBQ" ;; AUTHORITY SECTION: ;; ADDITIONAL SECTION: ;; Query time: 28 msec ;; SERVER: 100.100.2.136 ;; WHEN: Mon Oct 19 09:56:17 2020 ;; MSG SIZE rcvd: 220
drill 指定备用 DNS 服务器进行查询:
drill hostname.com @8.8.8.8
drill 在IP地址(PTR 记录)上执行反向 DNS 查找:
$ drill -x 8.8.8.8 ;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 14789 ;; flags: qr rd ra ; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;; 8.8.8.8.in-addr.arpa. IN PTR ;; ANSWER SECTION: 8.8.8.8.in-addr.arpa. 25553 IN PTR dns.google. ;; AUTHORITY SECTION: ;; ADDITIONAL SECTION: ;; Query time: 0 msec ;; SERVER: 100.100.2.136 ;; WHEN: Mon Oct 19 09:58:36 2020 ;; MSG SIZE rcvd: 62
drill 从根服务器到域名执行 DNSSEC 跟踪:
$ drill -TD hexun.com Warning: No trusted keys were given. Will not be able to verify authenticity! ;; Domain: . ;; Signature ok but no chain to a trusted key or ds record [S] . 172800 IN DNSKEY 256 3 8 ;{id = 26116 (zsk), size = 2048b} . 172800 IN DNSKEY 257 3 8 ;{id = 20326 (ksk), size = 2048b} Checking if signing key is trusted: New key: . 172800 IN DNSKEY 256 3 8 AwEAAfC/6HLClwss6h7rPfoG2cliv4/SPJRd2HPEglRsvKZRbPP2RLfiobeAkczcdqaD5q8loEt14lcTgDqwzOISZ3YvSVkM4JRMFwKzcjukKo5CsDVbMmhTD0C0yxWICRQ1M+Y5/XkZAT7mt4cb3fWcN9xgyq1wEXQX+zdLQHrNEVQSiL5SoA5cOtCSoQ45n8bKDXdw/0jjP9Rw1FVKsdzLVkQSrVMm8k30WUkHm/SK/n/954KENkdQOA6Li2vO9nicQdegyAkDeNJCdPN/p3jEhCTQLyO4AlAmyaPcDHeeo7OXr/VsYu4NTDde9hBuS0zx/rewD+BvSnmnNHNmH2FjUE8= ;{id = 26116 (zsk), size = 2048b} [S] com. 86400 IN DS 30909 8 2 e2d3c916f6deeac73294e8268fb5885044a833fc5459588f4a9184cfc41a5766 ;; Domain: com. ;; Signature ok but no chain to a trusted key or ds record [S] com. 86400 IN DNSKEY 256 3 8 ;{id = 24966 (zsk), size = 1280b} com. 86400 IN DNSKEY 256 3 8 ;{id = 31510 (zsk), size = 1280b} com. 86400 IN DNSKEY 257 3 8 ;{id = 30909 (ksk), size = 2048b} [S] Existence denied: hexun.com. DS ;; No ds record for delegation ;; Domain: hexun.com. ;; No DNSKEY record found for hexun.com. [U] hexun.com. 120 IN A 42.81.124.69 ;;[S] self sig OK; [B] bogus; [T] trusted
drill 显示域名的 DNSKEY 记录:
$ drill -s dnskey hexun.com ;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 55964 ;; flags: qr rd ra ; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;; hexun.com. IN DNSKEY ;; ANSWER SECTION: ;; AUTHORITY SECTION: hexun.com. 600 IN SOA ns3.hexun.com. dnsadmin.staff.hexun.com. 2020101301 1800 600 1209600 600 ;; ADDITIONAL SECTION: ;; Query time: 19 msec ;; SERVER: 100.100.2.136 ;; WHEN: Mon Oct 19 10:00:06 2020 ;; MSG SIZE rcvd: 82