delv.docbook revision 23733a9412226ac060a869e8b2c87584d5990159
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek<!DOCTYPE book [
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek<!ENTITY mdash "&#8212;">]>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek<!--
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek - Copyright (C) 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek -
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek - Permission to use, copy, modify, and/or distribute this software for any
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek - purpose with or without fee is hereby granted, provided that the above
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek - copyright notice and this permission notice appear in all copies.
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek -
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek - PERFORMANCE OF THIS SOFTWARE.
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek-->
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek<!-- Converted by db4-upgrade version 1.0 -->
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek<refentry xmlns="http://docbook.org/ns/docbook" version="5.0" xml:id="man.delv">
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <info>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <date>2014-04-23</date>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek </info>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <refentryinfo>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <corpname>ISC</corpname>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <corpauthor>Internet Systems Consortium, Inc.</corpauthor>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek </refentryinfo>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <refmeta>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <refentrytitle>delv</refentrytitle>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <manvolnum>1</manvolnum>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <refmiscinfo>BIND9</refmiscinfo>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek </refmeta>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <refnamediv>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <refname>delv</refname>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <refpurpose>DNS lookup and validation utility</refpurpose>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek </refnamediv>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <docinfo>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <copyright>
fd8595874aa06c8057740001ec465ba76b4af142Jakub Hrozek <year>2014</year>
9a3ba9ca00e73adc3fb17ce8afa532076768023bJakub Hrozek <year>2015</year>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek </copyright>
95cc3f4be93d3cb5bb28bb3787f0aace4edb3124Jakub Hrozek </docinfo>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <refsynopsisdiv>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <cmdsynopsis sepchar=" ">
95cc3f4be93d3cb5bb28bb3787f0aace4edb3124Jakub Hrozek <command>delv</command>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <arg choice="opt" rep="norepeat">@server</arg>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <arg choice="opt" rep="norepeat"><option>-4</option></arg>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <arg choice="opt" rep="norepeat"><option>-6</option></arg>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <arg choice="opt" rep="norepeat"><option>-a <replaceable class="parameter">anchor-file</replaceable></option></arg>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <arg choice="opt" rep="norepeat"><option>-b <replaceable class="parameter">address</replaceable></option></arg>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <arg choice="opt" rep="norepeat"><option>-c <replaceable class="parameter">class</replaceable></option></arg>
95cc3f4be93d3cb5bb28bb3787f0aace4edb3124Jakub Hrozek <arg choice="opt" rep="norepeat"><option>-d <replaceable class="parameter">level</replaceable></option></arg>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <arg choice="opt" rep="norepeat"><option>-i</option></arg>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <arg choice="opt" rep="norepeat"><option>-m</option></arg>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <arg choice="opt" rep="norepeat"><option>-p <replaceable class="parameter">port#</replaceable></option></arg>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <arg choice="opt" rep="norepeat"><option>-q <replaceable class="parameter">name</replaceable></option></arg>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <arg choice="opt" rep="norepeat"><option>-t <replaceable class="parameter">type</replaceable></option></arg>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <arg choice="opt" rep="norepeat"><option>-x <replaceable class="parameter">addr</replaceable></option></arg>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <arg choice="opt" rep="norepeat">name</arg>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <arg choice="opt" rep="norepeat">type</arg>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <arg choice="opt" rep="norepeat">class</arg>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <arg choice="opt" rep="repeat">queryopt</arg>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek </cmdsynopsis>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <cmdsynopsis sepchar=" ">
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <command>delv</command>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <arg choice="opt" rep="norepeat"><option>-h</option></arg>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek </cmdsynopsis>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <cmdsynopsis sepchar=" ">
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <command>delv</command>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <arg choice="opt" rep="norepeat"><option>-v</option></arg>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek </cmdsynopsis>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <cmdsynopsis sepchar=" ">
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <command>delv</command>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <arg choice="opt" rep="repeat">queryopt</arg>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <arg choice="opt" rep="repeat">query</arg>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek </cmdsynopsis>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek </refsynopsisdiv>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <refsection><info><title>DESCRIPTION</title></info>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <para><command>delv</command>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek (Domain Entity Lookup &amp; Validation) is a tool for sending
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek DNS queries and validating the results, using the same internal
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek resolver and validator logic as <command>named</command>.
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek </para>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <para>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <command>delv</command> will send to a specified name server all
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek queries needed to fetch and validate the requested data; this
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek includes the original requested query, subsequent queries to follow
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek CNAME or DNAME chains, and queries for DNSKEY, DS and DLV records
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek to establish a chain of trust for DNSSEC validation.
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek It does not perform iterative resolution, but simulates the
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek behavior of a name server configured for DNSSEC validating and
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek forwarding.
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek </para>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <para>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek By default, responses are validated using built-in DNSSEC trust
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek anchors for the root zone (".") and for the ISC DNSSEC lookaside
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek validation zone ("dlv.isc.org"). Records returned by
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <command>delv</command> are either fully validated or
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek were not signed. If validation fails, an explanation of
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek the failure is included in the output; the validation process
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek can be traced in detail. Because <command>delv</command> does
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek not rely on an external server to carry out validation, it can
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek be used to check the validity of DNS responses in environments
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek where local name servers may not be trustworthy.
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek </para>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <para>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek Unless it is told to query a specific name server,
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <command>delv</command> will try each of the servers listed in
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <filename>/etc/resolv.conf</filename>. If no usable server
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek addresses are found, <command>delv</command> will send
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek queries to the localhost addresses (127.0.0.1 for IPv4, ::1
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek for IPv6).
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek </para>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <para>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek When no command line arguments or options are given,
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <command>delv</command> will perform an NS query for "."
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek (the root zone).
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek </para>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek </refsection>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <refsection><info><title>SIMPLE USAGE</title></info>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <para>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek A typical invocation of <command>delv</command> looks like:
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <programlisting> delv @server name type </programlisting>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek where:
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <variablelist>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <varlistentry>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <term><constant>server</constant></term>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <listitem>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <para>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek is the name or IP address of the name server to query. This
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek can be an IPv4 address in dotted-decimal notation or an IPv6
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek address in colon-delimited notation. When the supplied
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <parameter>server</parameter> argument is a hostname,
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <command>delv</command> resolves that name before
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek querying that name server (note, however, that this
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek initial lookup is <emphasis>not</emphasis> validated
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek by DNSSEC).
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek </para>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <para>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek If no <parameter>server</parameter> argument is
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek provided, <command>delv</command> consults
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <filename>/etc/resolv.conf</filename>; if an
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek address is found there, it queries the name server at
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek that address. If either of the <option>-4</option> or
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <option>-6</option> options are in use, then
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek only addresses for the corresponding transport
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek will be tried. If no usable addresses are found,
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <command>delv</command> will send queries to
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek the localhost addresses (127.0.0.1 for IPv4,
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek ::1 for IPv6).
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek </para>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek </listitem>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek </varlistentry>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <varlistentry>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <term><constant>name</constant></term>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <listitem>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <para>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek is the domain name to be looked up.
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek </para>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek </listitem>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek </varlistentry>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <varlistentry>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <term><constant>type</constant></term>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <listitem>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <para>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek indicates what type of query is required &mdash;
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek ANY, A, MX, etc.
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <parameter>type</parameter> can be any valid query
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek type. If no
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <parameter>type</parameter> argument is supplied,
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <command>delv</command> will perform a lookup for an
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek A record.
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek </para>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek </listitem>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek </varlistentry>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek </variablelist>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek </para>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek </refsection>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek
9a3ba9ca00e73adc3fb17ce8afa532076768023bJakub Hrozek <refsection><info><title>OPTIONS</title></info>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <variablelist>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <varlistentry>
9a3ba9ca00e73adc3fb17ce8afa532076768023bJakub Hrozek <term>-a <replaceable class="parameter">anchor-file</replaceable></term>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <listitem>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <para>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek Specifies a file from which to read DNSSEC trust anchors.
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek The default is <filename>/etc/bind.keys</filename>, which
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek is included with <acronym>BIND</acronym> 9 and contains
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek trust anchors for the root zone (".") and for the ISC
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek DNSSEC lookaside validation zone ("dlv.isc.org").
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek </para>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <para>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek Keys that do not match the root or DLV trust-anchor
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek names are ignored; these key names can be overridden
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek using the <option>+dlv=NAME</option> or
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <option>+root=NAME</option> options.
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek </para>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <para>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek Note: When reading the trust anchor file,
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <command>delv</command> treats <option>managed-keys</option>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek statements and <option>trusted-keys</option> statements
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek identically. That is, for a managed key, it is the
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <emphasis>initial</emphasis> key that is trusted; RFC 5011
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek key management is not supported. <command>delv</command>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek will not consult the managed-keys database maintained by
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <command>named</command>. This means that if either of the
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek keys in <filename>/etc/bind.keys</filename> is revoked
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek and rolled over, it will be necessary to update
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <filename>/etc/bind.keys</filename> to use DNSSEC
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek validation in <command>delv</command>.
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek </para>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek </listitem>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek </varlistentry>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek
9a3ba9ca00e73adc3fb17ce8afa532076768023bJakub Hrozek <varlistentry>
9a3ba9ca00e73adc3fb17ce8afa532076768023bJakub Hrozek <term>-b <replaceable class="parameter">address</replaceable></term>
9a3ba9ca00e73adc3fb17ce8afa532076768023bJakub Hrozek <listitem>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <para>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek Sets the source IP address of the query to
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <parameter>address</parameter>. This must be a valid address
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek on one of the host's network interfaces or "0.0.0.0" or "::".
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek An optional source port may be specified by appending
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek "#&lt;port&gt;"
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek </para>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek </listitem>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek </varlistentry>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <varlistentry>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <term>-c <replaceable class="parameter">class</replaceable></term>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <listitem>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <para>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek Sets the query class for the requested data. Currently,
fd8595874aa06c8057740001ec465ba76b4af142Jakub Hrozek only class "IN" is supported in <command>delv</command>
fd8595874aa06c8057740001ec465ba76b4af142Jakub Hrozek and any other value is ignored.
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek </para>
fd8595874aa06c8057740001ec465ba76b4af142Jakub Hrozek </listitem>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek </varlistentry>
9a3ba9ca00e73adc3fb17ce8afa532076768023bJakub Hrozek
9a3ba9ca00e73adc3fb17ce8afa532076768023bJakub Hrozek <varlistentry>
9a3ba9ca00e73adc3fb17ce8afa532076768023bJakub Hrozek <term>-d <replaceable class="parameter">level</replaceable></term>
9a3ba9ca00e73adc3fb17ce8afa532076768023bJakub Hrozek <listitem>
9a3ba9ca00e73adc3fb17ce8afa532076768023bJakub Hrozek <para>
9a3ba9ca00e73adc3fb17ce8afa532076768023bJakub Hrozek Set the systemwide debug level to <option>level</option>.
9a3ba9ca00e73adc3fb17ce8afa532076768023bJakub Hrozek The allowed range is from 0 to 99.
9a3ba9ca00e73adc3fb17ce8afa532076768023bJakub Hrozek The default is 0 (no debugging).
9a3ba9ca00e73adc3fb17ce8afa532076768023bJakub Hrozek Debugging traces from <command>delv</command> become
9a3ba9ca00e73adc3fb17ce8afa532076768023bJakub Hrozek more verbose as the debug level increases.
9a3ba9ca00e73adc3fb17ce8afa532076768023bJakub Hrozek See the <option>+mtrace</option>, <option>+rtrace</option>,
9a3ba9ca00e73adc3fb17ce8afa532076768023bJakub Hrozek and <option>+vtrace</option> options below for additional
9a3ba9ca00e73adc3fb17ce8afa532076768023bJakub Hrozek debugging details.
9a3ba9ca00e73adc3fb17ce8afa532076768023bJakub Hrozek </para>
9a3ba9ca00e73adc3fb17ce8afa532076768023bJakub Hrozek </listitem>
9a3ba9ca00e73adc3fb17ce8afa532076768023bJakub Hrozek </varlistentry>
9a3ba9ca00e73adc3fb17ce8afa532076768023bJakub Hrozek
9a3ba9ca00e73adc3fb17ce8afa532076768023bJakub Hrozek <varlistentry>
9a3ba9ca00e73adc3fb17ce8afa532076768023bJakub Hrozek <term>-h</term>
9a3ba9ca00e73adc3fb17ce8afa532076768023bJakub Hrozek <listitem>
9a3ba9ca00e73adc3fb17ce8afa532076768023bJakub Hrozek <para>
9a3ba9ca00e73adc3fb17ce8afa532076768023bJakub Hrozek Display the <command>delv</command> help usage output and exit.
9a3ba9ca00e73adc3fb17ce8afa532076768023bJakub Hrozek </para>
9a3ba9ca00e73adc3fb17ce8afa532076768023bJakub Hrozek </listitem>
9a3ba9ca00e73adc3fb17ce8afa532076768023bJakub Hrozek </varlistentry>
9a3ba9ca00e73adc3fb17ce8afa532076768023bJakub Hrozek
9a3ba9ca00e73adc3fb17ce8afa532076768023bJakub Hrozek <varlistentry>
9a3ba9ca00e73adc3fb17ce8afa532076768023bJakub Hrozek <term>-i</term>
9a3ba9ca00e73adc3fb17ce8afa532076768023bJakub Hrozek <listitem>
9a3ba9ca00e73adc3fb17ce8afa532076768023bJakub Hrozek <para>
9a3ba9ca00e73adc3fb17ce8afa532076768023bJakub Hrozek Insecure mode. This disables internal DNSSEC validation.
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek (Note, however, this does not set the CD bit on upstream
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek queries. If the server being queried is performing DNSSEC
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek validation, then it will not return invalid data; this
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek can cause <command>delv</command> to time out. When it
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek is necessary to examine invalid data to debug a DNSSEC
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek problem, use <command>dig +cd</command>.)
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek </para>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek </listitem>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek </varlistentry>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <varlistentry>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <term>-m</term>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <listitem>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <para>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek Enables memory usage debugging.
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek </para>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek </listitem>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek </varlistentry>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <varlistentry>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <term>-p <replaceable class="parameter">port#</replaceable></term>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <listitem>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <para>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek Specifies a destination port to use for queries instead of
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek the standard DNS port number 53. This option would be used
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek with a name server that has been configured to listen
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek for queries on a non-standard port number.
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek </para>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek </listitem>
95cc3f4be93d3cb5bb28bb3787f0aace4edb3124Jakub Hrozek </varlistentry>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <varlistentry>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <term>-q <replaceable class="parameter">name</replaceable></term>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <listitem>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <para>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek Sets the query name to <parameter>name</parameter>.
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek While the query name can be specified without using the
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <option>-q</option>, it is sometimes necessary to disambiguate
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek names from types or classes (for example, when looking up the
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek name "ns", which could be misinterpreted as the type NS,
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek or "ch", which could be misinterpreted as class CH).
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek </para>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek </listitem>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek </varlistentry>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <varlistentry>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <term>-t <replaceable class="parameter">type</replaceable></term>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <listitem>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <para>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek Sets the query type to <parameter>type</parameter>, which
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek can be any valid query type supported in BIND 9 except
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek for zone transfer types AXFR and IXFR. As with
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <option>-q</option>, this is useful to distinguish
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek query name type or class when they are ambiguous.
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek it is sometimes necessary to disambiguate names from types.
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek </para>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <para>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek The default query type is "A", unless the <option>-x</option>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek option is supplied to indicate a reverse lookup, in which case
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek it is "PTR".
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek </para>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek </listitem>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek </varlistentry>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <varlistentry>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <term>-v</term>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <listitem>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <para>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek Print the <command>delv</command> version and exit.
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek </para>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek </listitem>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek </varlistentry>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <varlistentry>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <term>-x <replaceable class="parameter">addr</replaceable></term>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <listitem>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <para>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek Performs a reverse lookup, mapping an addresses to
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek a name. <parameter>addr</parameter> is an IPv4 address in
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek dotted-decimal notation, or a colon-delimited IPv6 address.
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek When <option>-x</option> is used, there is no need to provide
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek the <parameter>name</parameter> or <parameter>type</parameter>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek arguments. <command>delv</command> automatically performs a
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek lookup for a name like <literal>11.12.13.10.in-addr.arpa</literal>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek and sets the query type to PTR. IPv6 addresses are looked up
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek using nibble format under the IP6.ARPA domain.
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek </para>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek </listitem>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek </varlistentry>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <varlistentry>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <term>-4</term>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <listitem>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <para>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek Forces <command>delv</command> to only use IPv4.
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek </para>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek </listitem>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek </varlistentry>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <varlistentry>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <term>-6</term>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <listitem>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <para>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek Forces <command>delv</command> to only use IPv6.
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek </para>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek </listitem>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek </varlistentry>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek </variablelist>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek </refsection>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <refsection><info><title>QUERY OPTIONS</title></info>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <para><command>delv</command>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek provides a number of query options which affect the way results are
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek displayed, and in some cases the way lookups are performed.
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek </para>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <para>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek Each query option is identified by a keyword preceded by a plus sign
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek (<literal>+</literal>). Some keywords set or reset an
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek option. These may be preceded by the string
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <literal>no</literal> to negate the meaning of that keyword.
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek Other keywords assign values to options like the timeout interval.
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek They have the form <option>+keyword=value</option>.
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek The query options are:
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <variablelist>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <varlistentry>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <term><option>+[no]cdflag</option></term>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <listitem>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <para>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek Controls whether to set the CD (checking disabled) bit in
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek queries sent by <command>delv</command>. This may be useful
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek when troubleshooting DNSSEC problems from behind a validating
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek resolver. A validating resolver will block invalid responses,
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek making it difficult to retrieve them for analysis. Setting
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek the CD flag on queries will cause the resolver to return
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek invalid responses, which <command>delv</command> can then
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek validate internally and report the errors in detail.
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek </para>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek </listitem>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek </varlistentry>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <varlistentry>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <term><option>+[no]class</option></term>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <listitem>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <para>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek Controls whether to display the CLASS when printing
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek a record. The default is to display the CLASS.
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek </para>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek </listitem>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek </varlistentry>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <varlistentry>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <term><option>+[no]ttl</option></term>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <listitem>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <para>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek Controls whether to display the TTL when printing
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek a record. The default is to display the TTL.
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek </para>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek </listitem>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek </varlistentry>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <varlistentry>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <term><option>+[no]rtrace</option></term>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <listitem>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <para>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek Toggle resolver fetch logging. This reports the
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek name and type of each query sent by <command>delv</command>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek in the process of carrying out the resolution and validation
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek process: this includes including the original query and
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek all subsequent queries to follow CNAMEs and to establish a
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek chain of trust for DNSSEC validation.
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek </para>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <para>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek This is equivalent to setting the debug level to 1 in
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek the "resolver" logging category. Setting the systemwide
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek debug level to 1 using the <option>-d</option> option will
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek product the same output (but will affect other logging
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek categories as well).
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek </para>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek </listitem>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek </varlistentry>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <varlistentry>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <term><option>+[no]mtrace</option></term>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <listitem>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <para>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek Toggle message logging. This produces a detailed dump of
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek the responses received by <command>delv</command> in the
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek process of carrying out the resolution and validation process.
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek </para>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <para>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek This is equivalent to setting the debug level to 10
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek for the "packets" module of the "resolver" logging
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek category. Setting the systemwide debug level to 10 using
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek the <option>-d</option> option will produce the same output
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek (but will affect other logging categories as well).
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek </para>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek </listitem>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek </varlistentry>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <varlistentry>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <term><option>+[no]vtrace</option></term>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <listitem>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <para>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek Toggle validation logging. This shows the internal
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek process of the validator as it determines whether an
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek answer is validly signed, unsigned, or invalid.
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek </para>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <para>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek This is equivalent to setting the debug level to 3
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek for the "validator" module of the "dnssec" logging
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek category. Setting the systemwide debug level to 3 using
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek the <option>-d</option> option will produce the same output
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek (but will affect other logging categories as well).
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek </para>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek </listitem>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek </varlistentry>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <varlistentry>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <term><option>+[no]short</option></term>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <listitem>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <para>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek Provide a terse answer. The default is to print the answer in a
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek verbose form.
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek </para>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek </listitem>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek </varlistentry>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <varlistentry>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <term><option>+[no]comments</option></term>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <listitem>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <para>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek Toggle the display of comment lines in the output. The default
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek is to print comments.
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek </para>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek </listitem>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek </varlistentry>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <varlistentry>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <term><option>+[no]rrcomments</option></term>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <listitem>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <para>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek Toggle the display of per-record comments in the output (for
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek example, human-readable key information about DNSKEY records).
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek The default is to print per-record comments.
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek </para>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek </listitem>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek </varlistentry>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <varlistentry>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <term><option>+[no]crypto</option></term>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <listitem>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek <para>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek Toggle the display of cryptographic fields in DNSSEC records.
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek The contents of these field are unnecessary to debug most DNSSEC
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek validation failures and removing them makes it easier to see
fd8595874aa06c8057740001ec465ba76b4af142Jakub Hrozek the common failures. The default is to display the fields.
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek When omitted they are replaced by the string "[omitted]" or
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek in the DNSKEY case the key id is displayed as the replacement,
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek e.g. "[ key id = value ]".
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek </para>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek </listitem>
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek </varlistentry>
<varlistentry>
<term><option>+[no]trust</option></term>
<listitem>
<para>
Controls whether to display the trust level when printing
a record. The default is to display the trust level.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><option>+[no]split[=W]</option></term>
<listitem>
<para>
Split long hex- or base64-formatted fields in resource
records into chunks of <parameter>W</parameter> characters
(where <parameter>W</parameter> is rounded up to the nearest
multiple of 4).
<parameter>+nosplit</parameter> or
<parameter>+split=0</parameter> causes fields not to be
split at all. The default is 56 characters, or 44 characters
when multiline mode is active.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><option>+[no]all</option></term>
<listitem>
<para>
Set or clear the display options
<option>+[no]comments</option>,
<option>+[no]rrcomments</option>, and
<option>+[no]trust</option> as a group.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><option>+[no]multiline</option></term>
<listitem>
<para>
Print long records (such as RRSIG, DNSKEY, and SOA records)
in a verbose multi-line format with human-readable comments.
The default is to print each record on a single line, to
facilitate machine parsing of the <command>delv</command>
output.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><option>+[no]dnssec</option></term>
<listitem>
<para>
Indicates whether to display RRSIG records in the
<command>delv</command> output. The default is to
do so. Note that (unlike in <command>dig</command>)
this does <emphasis>not</emphasis> control whether to
request DNSSEC records or whether to validate them.
DNSSEC records are always requested, and validation
will always occur unless suppressed by the use of
<option>-i</option> or <option>+noroot</option> and
<option>+nodlv</option>.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><option>+[no]root[=ROOT]</option></term>
<listitem>
<para>
Indicates whether to perform conventional (non-lookaside)
DNSSEC validation, and if so, specifies the
name of a trust anchor. The default is to validate using
a trust anchor of "." (the root zone), for which there is
a built-in key. If specifying a different trust anchor,
then <option>-a</option> must be used to specify a file
containing the key.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><option>+[no]dlv[=DLV]</option></term>
<listitem>
<para>
Indicates whether to perform DNSSEC lookaside validation,
and if so, specifies the name of the DLV trust anchor.
The default is to perform lookaside validation using
a trust anchor of "dlv.isc.org", for which there is a
built-in key. If specifying a different name, then
<option>-a</option> must be used to specify a file
containing the DLV key.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><option>+[no]tcp</option></term>
<listitem>
<para>
Controls whether to use TCP when sending queries.
The default is to use UDP unless a truncated
response has been received.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><option>+[no]unknownformat</option></term>
<listitem>
<para>
Print all RDATA in unknown RR type presentation format
(RFC 3597). The default is to print RDATA for known types
in the type's presentation format.
</para>
</listitem>
</varlistentry>
</variablelist>
</para>
</refsection>
<refsection><info><title>FILES</title></info>
<para><filename>/etc/bind.keys</filename></para>
<para><filename>/etc/resolv.conf</filename></para>
</refsection>
<refsection><info><title>SEE ALSO</title></info>
<para><citerefentry>
<refentrytitle>dig</refentrytitle><manvolnum>1</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>named</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>,
<citetitle>RFC4034</citetitle>,
<citetitle>RFC4035</citetitle>,
<citetitle>RFC4431</citetitle>,
<citetitle>RFC5074</citetitle>,
<citetitle>RFC5155</citetitle>.
</para>
</refsection>
</refentry>