drill if you can, dig if you have to, nslookup if you must

Although it has been 2+ years since the DNS lookup tool chain migration in archlinux. Many distributions still use the DNS utilities from bind which itself was a bad idea.

ldns which provides drill(1) is a fast DNS library supporting recent RFCs written in C.

Here’s an interesting introduce from man page of drill(1):

The name drill is a pun on dig. With drill you should be able to get even more information than with dig.

Coming some of the use case of dig with the exact implements on drill:

Lookup A record(line wrapped within double underscore is difference)

dig

$ dig djh.im
__;; <<>> DiG 9.9.5-3ubuntu0.5-Ubuntu <<>> djh.im__
__;; global options: +cmd__
__;; Got answer:__
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28907
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

__;; OPT PSEUDOSECTION:__
__; EDNS: version: 0, flags:; udp: 512__
;; QUESTION SECTION:
;djh.im.				IN	A

;; ANSWER SECTION:
djh.im.			1799	IN	A	192.241.224.130

;; Query time: 270 msec
__;; SERVER: 8.8.8.8#53(8.8.8.8)__
;; WHEN: Wed Oct 07 02:08:36 EDT 2015
;; MSG SIZE  rcvd: __51__

drill

$ drill djh.im
;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 61329
;; flags: qr rd ra ; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 
;; QUESTION SECTION:
;; djh.im.	IN	A

;; ANSWER SECTION:
djh.im.	1799	IN	A	192.241.224.130

__;; AUTHORITY SECTION:__

__;; ADDITIONAL SECTION:__

;; Query time: 271 msec
;; SERVER: 8.8.8.8
;; WHEN: Wed Oct  7 02:10:13 2015
;; MSG SIZE  rcvd: 40

Lookup MX record

dig

$ dig mx djh.im  # or dig -t MX djh.im

drill

$ drill mx djh.im  # not allowed with -t options

Trace DNS lookup

dig

$ dig +trace djh.im  # with trace option, +dnssec is set
;; global options: +cmd
.			6185	IN	NS	m.root-servers.net.
.			6185	IN	NS	d.root-servers.net.
.			6185	IN	NS	i.root-servers.net.
.			6185	IN	NS	f.root-servers.net.
.			6185	IN	NS	b.root-servers.net.
.			6185	IN	NS	e.root-servers.net.
.			6185	IN	NS	h.root-servers.net.
.			6185	IN	NS	a.root-servers.net.
.			6185	IN	NS	k.root-servers.net.
.			6185	IN	NS	j.root-servers.net.
.			6185	IN	NS	c.root-servers.net.
.			6185	IN	NS	g.root-servers.net.
.			6185	IN	NS	l.root-servers.net.
.			6185	IN	RRSIG	NS 8 0 518400 20151016170000 20151006160000 62530 . how17EVioeNLHfnTfqCf+QwLlO9umhZgJq4wNA92dmIFdWFzYJ4dyllL ZII91G0p/xJIXBcbZJA9vwTBGl9iBPTj5kX70jJnTd9zGbuz9skgeeFy 5XCb0h5p+hgv5PfTwR5mcbPTOgyHenJlMLZY9Ol0Y1v3O7LcIliu90xz cI8=
;; Received 397 bytes from 8.8.8.8#53(8.8.8.8) in 58 ms

im.			172800	IN	NS	ns4.ja.net.
im.                     172800  IN      NS      barney.advsys.co.uk.
im.                     172800  IN      NS      hoppy.iom.com.
im.                     172800  IN      NS      pebbles.iom.com.
im.                     86400   IN      NSEC    immo. NS RRSIG NSEC
im.                     86400   IN      RRSIG   NSEC 8 1 86400 20151016170000 20151006160000 62530 . jjXuJc13+ymC9Kz6YL7xqx9hMVx5Bq7oIi4DBB43qYWudZVtJ9/+vkcR N5jue9G/R3FjGhUXL2WKJzOCSAE2MrXuBDR1KSnQwcCRWYfCctg8YBVm 5FAfJhaE4VEj33X2eiJcsMYHNFY2MXuCb3708PZ/q/2lX5LSYkFUTQ2W KMU=
;; Received 418 bytes from 202.12.27.33#53(m.root-servers.net) in 181 ms

djh.im.                 259200  IN      NS      ns2.digitalocean.com.
djh.im.                 259200  IN      NS      ns3.digitalocean.com.
djh.im.                 259200  IN      NS      ns1.digitalocean.com.
;; Received 105 bytes from 193.62.157.66#53(ns4.ja.net) in 151 ms

djh.im.                 1800    IN      A       192.241.224.130
;; Received 51 bytes from 198.41.222.173#53(ns3.digitalocean.com) in 68 ms

drill(with DNSSEC enabled)

$ drill -TD djh.im  # to compare with dig, we use -D switch by hand
Warning: No trusted keys were given. Will not be able to verify authenticity!
;; Domain: .
;; Signature ok but no chain to a trusted key or ds record
[S] . 172800 IN DNSKEY 256 3 8 ;{id = 1518 (zsk), size = 1024b}
. 172800 IN DNSKEY 257 3 8 ;{id = 19036 (ksk), size = 2048b}
. 172800 IN DNSKEY 256 3 8 ;{id = 62530 (zsk), size = 1024b}
[S] Existence denied: im. DS
;; No ds record for delegation
;; Domain: im.
;; No DNSKEY record found for im.
;; No DS for djh.im.;; No ds record for delegation

drill(without DNSSEC)

$ drill -T djh.im
im.	172800	IN	NS	ns4.ja.net.
im.	172800	IN	NS	hoppy.iom.com.
im.	172800	IN	NS	barney.advsys.co.uk.
im.	172800	IN	NS	pebbles.iom.com.
djh.im.	259200	IN	NS	ns3.digitalocean.com.
djh.im.	259200	IN	NS	ns1.digitalocean.com.
djh.im.	259200	IN	NS	ns2.digitalocean.com.
djh.im.	259200	IN	NS	ns3.digitalocean.com.
djh.im.	259200	IN	NS	ns1.digitalocean.com.
djh.im.	259200	IN	NS	ns2.digitalocean.com.
ns3.digitalocean.com.djh.im.	259200	IN	NS	ns3.digitalocean.com.
djh.im.	259200	IN	NS	ns1.digitalocean.com.
djh.im.	259200	IN	NS	ns2.digitalocean.com.
ns1.digitalocean.com.djh.im.	259200	IN	NS	ns3.digitalocean.com.
djh.im.	259200	IN	NS	ns1.digitalocean.com.
djh.im.	259200	IN	NS	ns2.digitalocean.com.
ns2.digitalocean.com.djh.im.	1800	IN	A	192.241.224.130

Query using tcp and specified server port(line wrapped within double underscore is difference)

dig

$ dig +tcp -p 443 djh.im @208.67.220.220
__; <<>> DiG 9.9.5-3ubuntu0.5-Ubuntu <<>> +tcp -p 443 djh.im @208.67.220.220__
__;; global options: +cmd__
__;; Got answer:__
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61923
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL:
__1__

__;; OPT PSEUDOSECTION:__
__; EDNS: version: 0, flags:; udp: 16384__
;; QUESTION SECTION:
;djh.im.                IN  A

;; ANSWER SECTION:
djh.im.         1800    IN  A   192.241.224.130

;; Query time: 367 msec
;; SERVER: 208.67.220.220__#443(208.67.220.220)__
;; WHEN: Wed Oct 07 03:43:25 EDT 2015
;; MSG SIZE  rcvd: __51__

drill

$ drill -t -p 443 djh.im @208.67.220.220
;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 8561
;; flags: qr rd ra ; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL:
0 
;; QUESTION SECTION:
;; djh.im.  IN  A

;; ANSWER SECTION:
djh.im. 1800    IN  A   192.241.224.130

__;; AUTHORITY SECTION:__

__;; ADDITIONAL SECTION:__

;; Query time: 367 msec
;; SERVER: 208.67.220.220
;; WHEN: Wed Oct  7 03:42:31 2015
;; MSG SIZE  rcvd: 40

Reverse query an IP and get minified answer

dig

$ dig +short -x 192.29.160.249
djh.im.

drill(drill has no implement in script embed options yet)

$ drill -x 192.241.224.130 | grep PTR | tac | head -n 1 | cut -d '	' -f5

Sum up

drill yet not a good replace on devops daily tool chain. It offers less verbose output by default(but failed to dismiss empty authorization and addition sections). It got less options which make it useful to operators. The other side of coin is that drill offers better CLI interface which is simple, with dig, you have to put query option before other options which is quite annoying for beginners. drill also has smaller MSG SIZE(~50 vs ~40) to send