The goal of ldns is to simplify DNS programming, it supports recent RFCs like the DNSSEC documents, and allows developers to easily create software conforming to current RFCs, and experimental software for current Internet Drafts. A secondary benefit of using ldns is speed; ldns is written in C it should be a lot faster than Perl.

The first major tool to use ldns is drill, from which part of the library was derived. From version 1.0.0 on, drill is included in the ldns release and will not be distributed separately anymore. Its version number will follow that of ldns. The library also includes some other examples and tools to show how it can be used.

ldns depends on OpenSSL for its crypto functions. It can be compiled without OpenSSL, but of course you'll lose the ability to perform any cryptographic functions.

Feature List

  • IPv4 and IPv6 support
  • TSIG support
  • DNSSEC support; signing and verification
  • small size
  • online documentation as well as manual pages


ldns includes the drill tool, which is much like dig from BIND. It was designed with DNSSEC in mind and should be a useful debugging/query tool for DNSSEC.

A lot of DNS debugging is done with dig, but as dig is made with the same libraries as BIND8/9 (the most used DNS server out there), what are you actually debugging/testing? drill has nothing in common with either NSD nor BIND. During the development process we are actually uncovering obscure bugs in NSD and BIND (and in drill itself).