DNSSEC - Drill for Firefox

Drill is a tool ala dig from BIND. It was designed with DNSSEC in mind and should be a useful debugging/query tool for DNSSEC. A lot of DNS debugging is done with dig, but as dig is made with the same libraries as BIND8/9, what are you actually debugging/testing? Drill has nothing in common with either NSD nor BIND.

Future versions of drill will be based on the general DNSSEC library, called ldns. You can download a prerelease of this new version already.

Documentation

A manual page is included with some examples. Drill acts and looks a lot like dig, so if you know dig, you know drill.

Current status and issues

Everything, except a fully verified top-down trace, works, some highlights:

  • Chasing of signatures (-S)
  • Secure top-down tracing (-TD)
  • Transport switching (-4: ipv4, -6: ipv6)
  • Print DS records for each DNSKEY (-s)
  • No code sharing with BIND. nor NSD. It's completely stand alone

Usage

Compiling drill is done with: 
	./configure && make

Finally, to add the support within the Firefox Browser click here.

When drill is started with no arguments, it will print out a short usage message:


	drill options type name

	 	 @server         use server as nameserver
        	-T, --trace     trace from the root down to 'name'
        	-S, --sigchase  chase signature from 'name'
        	-D, --dnssec    enable dnssec
        	-I              reserved for backwards compatibility
        	-V, --verbose   Verbose mode (give twice for more verbosity hexdump)
        	-4, --ip4       Stay on IPv4
        	-6, --ip6       Stay on IPv6

        	-p port, --port port     use port as port number
        	-b size, --bufsize size  use size is buffer size
        	-q file, --dumpquery file       make a hexdump of the query to file
        	-f file, --fromfile file        read packet from file and send that
        	-i file, --answerinfile file    read packet from file and print it
        	-w file, --answertofile file    write (first) answer to file

        	-k, --key file  use public key from file file as trusted key
        	-x, --reverse   do a reverse (PTR) lookup
        	-c, --tcp       only query in tcp mode (connected)
        	-u, --udp       only query in udp mode (unconnected)
        	-s, --ds        print DS after each DNSKEY
        	-v, --version   show version

Download

This release is dated at: 03-02-2005.

You can download the bzip2 tar file here. It was tested on Linux and FreeBSD.


Gauss Research Laboratory, Inc.
© All Rights Reserved 1986 - 2010