bin/delv/delv.html

	delv.html revision 9700e6d72c3ba0d0c567969ab97d9eff202656d4
015055b6e23f5c08f6a5b34726f90b62597e9e45Tinderbox User<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater<!--
c78c39caab4cf8b5daefc9c65878f7f5ed3eb7a0Tinderbox User - Copyright (C) 2014-2017 Internet Systems Consortium, Inc. ("ISC")
f536382c59dd492a14667b753816d920f9981f1cTinderbox User -
ab496cc3df1648e9ad992a87c35c2c0870fdc69dTinderbox User - This Source Code Form is subject to the terms of the Mozilla Public
7c1468ed500356839a4a222517364e6ce18cb1a2Tinderbox User - License, v. 2.0. If a copy of the MPL was not distributed with this
c57668a2fbbe558c1bd21652813616f2f517c469Tinderbox User - file, You can obtain one at http://mozilla.org/MPL/2.0/.
a7c412f37cc73d0332887a746e81220cbf09dd00Mark Andrews-->
287a6a8f9040dc43560cd69cddf83bfc0f53b76fTinderbox User<html lang="en">
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews<head>
8de3f14f1c300c3e1ed99084cc03485b42c92bf1Tinderbox User<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
950d203b64f512b85fcc093ee1e9e3e531a1aea3Tinderbox User<title>delv</title>
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User<meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews</head>
e676a596869d8a80a644c99a848afb53d1c5975eMark Andrews<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry">
e676a596869d8a80a644c99a848afb53d1c5975eMark Andrews<a name="man.delv"></a><div class="titlepage"></div>
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews
a7c412f37cc73d0332887a746e81220cbf09dd00Mark Andrews
a7c412f37cc73d0332887a746e81220cbf09dd00Mark Andrews
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews
e676a596869d8a80a644c99a848afb53d1c5975eMark Andrews  <div class="refnamediv">
e676a596869d8a80a644c99a848afb53d1c5975eMark Andrews<h2>Name</h2>
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews<p>
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User    delv
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews     &#8212; DNS lookup and validation utility
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User  </p>
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews</div>
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User
efb0e886f18894a1d2489f1ad74ad14b579e11c7Mark Andrews  <div class="refsynopsisdiv">
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews<h2>Synopsis</h2>
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User    <div class="cmdsynopsis"><p>
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews      <code class="command">delv</code>
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User       [@server]
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews       [
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User    [<code class="option">-4</code>]
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews     |  [<code class="option">-6</code>]
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User      ]
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews       [<code class="option">-a <em class="replaceable"><code>anchor-file</code></em></code>]
015055b6e23f5c08f6a5b34726f90b62597e9e45Tinderbox User       [<code class="option">-b <em class="replaceable"><code>address</code></em></code>]
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews       [<code class="option">-c <em class="replaceable"><code>class</code></em></code>]
aa9c561961e9d877946ebaa8795fa2be054ab7bfEvan Hunt       [<code class="option">-d <em class="replaceable"><code>level</code></em></code>]
dc238a06bffa79de141ee7655765e2df91498a8aTinderbox User       [<code class="option">-i</code>]
0e573cdd111e060e5f6c18249b5ccacbe8abe278Tinderbox User       [<code class="option">-m</code>]
aa9c561961e9d877946ebaa8795fa2be054ab7bfEvan Hunt       [<code class="option">-p <em class="replaceable"><code>port#</code></em></code>]
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater       [<code class="option">-q <em class="replaceable"><code>name</code></em></code>]
16f6050f29b6b0422cee858e609f65e474e70ef2Tinderbox User       [<code class="option">-t <em class="replaceable"><code>type</code></em></code>]
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater       [<code class="option">-x <em class="replaceable"><code>addr</code></em></code>]
aa9c561961e9d877946ebaa8795fa2be054ab7bfEvan Hunt       [name]
dc238a06bffa79de141ee7655765e2df91498a8aTinderbox User       [type]
0e573cdd111e060e5f6c18249b5ccacbe8abe278Tinderbox User       [class]
aa9c561961e9d877946ebaa8795fa2be054ab7bfEvan Hunt       [queryopt...]
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User    </p></div>
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater    <div class="cmdsynopsis"><p>
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater      <code class="command">delv</code>
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews       [<code class="option">-h</code>]
cdfc81e048bd34c1d628380247bda6b80a89e20eAutomatic Updater    </p></div>
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews    <div class="cmdsynopsis"><p>
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews      <code class="command">delv</code>
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews       [<code class="option">-v</code>]
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater    </p></div>
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews    <div class="cmdsynopsis"><p>
16f6050f29b6b0422cee858e609f65e474e70ef2Tinderbox User      <code class="command">delv</code>
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews       [queryopt...]
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater       [query...]
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews    </p></div>
eabc9c3c07cd956d3c436bd7614cb162dabdda76Mark Andrews  </div>
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews  <div class="refsection">
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews<a name="id-1.7"></a><h2>DESCRIPTION</h2>
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews
015055b6e23f5c08f6a5b34726f90b62597e9e45Tinderbox User    <p><span class="command"><strong>delv</strong></span>
2ae159b376dac23870d8005563c585acf85a4b5aEvan Hunt      is a tool for sending
2ae159b376dac23870d8005563c585acf85a4b5aEvan Hunt      DNS queries and validating the results, using the same internal
e40c4e4c17d4df338e2a7db0f84d8dbb3858964cTinderbox User      resolver and validator logic as <span class="command"><strong>named</strong></span>.
95637507c3d47481fbf0a8a8c750a57f944f677fMark Andrews    </p>
2ae159b376dac23870d8005563c585acf85a4b5aEvan Hunt    <p>
2ae159b376dac23870d8005563c585acf85a4b5aEvan Hunt      <span class="command"><strong>delv</strong></span> will send to a specified name server all
2ae159b376dac23870d8005563c585acf85a4b5aEvan Hunt      queries needed to fetch and validate the requested data; this
2ae159b376dac23870d8005563c585acf85a4b5aEvan Hunt      includes the original requested query, subsequent queries to follow
2ae159b376dac23870d8005563c585acf85a4b5aEvan Hunt      CNAME or DNAME chains, and queries for DNSKEY, DS and DLV records
2ae159b376dac23870d8005563c585acf85a4b5aEvan Hunt      to establish a chain of trust for DNSSEC validation.
2ae159b376dac23870d8005563c585acf85a4b5aEvan Hunt      It does not perform iterative resolution, but simulates the
7cc0a5d21ef046bfd630c4769943d896a7d7472cTinderbox User      behavior of a name server configured for DNSSEC validating and
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews      forwarding.
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews    </p>
ee11dfc481f2ef6a032a715454f6290961a722d2Tinderbox User    <p>
ee11dfc481f2ef6a032a715454f6290961a722d2Tinderbox User      By default, responses are validated using built-in DNSSEC trust
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews      anchors for the root zone (".") and for the ISC DNSSEC lookaside
e40c4e4c17d4df338e2a7db0f84d8dbb3858964cTinderbox User      validation zone ("dlv.isc.org").  Records returned by
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews      <span class="command"><strong>delv</strong></span> are either fully validated or
e40c4e4c17d4df338e2a7db0f84d8dbb3858964cTinderbox User      were not signed.  If validation fails, an explanation of
0e573cdd111e060e5f6c18249b5ccacbe8abe278Tinderbox User      the failure is included in the output; the validation process
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews      can be traced in detail.  Because <span class="command"><strong>delv</strong></span> does
e40c4e4c17d4df338e2a7db0f84d8dbb3858964cTinderbox User      not rely on an external server to carry out validation, it can
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews      be used to check the validity of DNS responses in environments
e40c4e4c17d4df338e2a7db0f84d8dbb3858964cTinderbox User      where local name servers may not be trustworthy.
77932ac533c711eca5cd86de4e7eca8d91102b43Tinderbox User    </p>
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews    <p>
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User      Unless it is told to query a specific name server,
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson      <span class="command"><strong>delv</strong></span> will try each of the servers listed in
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User      <code class="filename">/etc/resolv.conf</code>. If no usable server
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews      addresses are found, <span class="command"><strong>delv</strong></span> will send
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User      queries to the localhost addresses (127.0.0.1 for IPv4, ::1
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews      for IPv6).
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User    </p>
efb0e886f18894a1d2489f1ad74ad14b579e11c7Mark Andrews    <p>
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews      When no command line arguments or options are given,
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User      <span class="command"><strong>delv</strong></span> will perform an NS query for "."
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews      (the root zone).
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User    </p>
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson  </div>
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews  <div class="refsection">
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User<a name="id-1.8"></a><h2>SIMPLE USAGE</h2>
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson    <p>
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User      A typical invocation of <span class="command"><strong>delv</strong></span> looks like:
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews      </p>
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User<pre class="programlisting"> delv @server name type </pre>
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews<p>
28a5dd720187fddb16055a0f64b63a7b66f29f64Mark Andrews      where:
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews
78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark Andrews      </p>
e40c4e4c17d4df338e2a7db0f84d8dbb3858964cTinderbox User<div class="variablelist"><dl class="variablelist">
0e573cdd111e060e5f6c18249b5ccacbe8abe278Tinderbox User<dt><span class="term"><code class="constant">server</code></span></dt>
78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark Andrews<dd>
fd972434c29fc1169d66594e4cc7697d33036c2bTinderbox User        <p>
e40c4e4c17d4df338e2a7db0f84d8dbb3858964cTinderbox User          is the name or IP address of the name server to query.  This
37d8e0a4455876fe1e4cca511076cc2c5ab9eedeTinderbox User          can be an IPv4 address in dotted-decimal notation or an IPv6
fd972434c29fc1169d66594e4cc7697d33036c2bTinderbox User          address in colon-delimited notation.  When the supplied
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont          <em class="parameter"><code>server</code></em> argument is a hostname,
e40c4e4c17d4df338e2a7db0f84d8dbb3858964cTinderbox User          <span class="command"><strong>delv</strong></span> resolves that name before
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews          querying that name server (note, however, that this
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont          initial lookup is <span class="emphasis"><em>not</em></span> validated
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews          by DNSSEC).
e40c4e4c17d4df338e2a7db0f84d8dbb3858964cTinderbox User        </p>
5747235bf35e7398984fd6b4632743396895ea7aTinderbox User        <p>
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews          If no <em class="parameter"><code>server</code></em> argument is
78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark Andrews          provided, <span class="command"><strong>delv</strong></span> consults
a03cb08d0c4f1ca5fbc121d2f02bdffa7eb52286Mark Andrews          <code class="filename">/etc/resolv.conf</code>; if an
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews          address is found there, it queries the name server at
78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark Andrews          that address. If either of the <code class="option">-4</code> or
78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark Andrews          <code class="option">-6</code> options are in use, then
e40c4e4c17d4df338e2a7db0f84d8dbb3858964cTinderbox User          only addresses for the corresponding transport
5747235bf35e7398984fd6b4632743396895ea7aTinderbox User          will be tried.  If no usable addresses are found,
78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark Andrews          <span class="command"><strong>delv</strong></span> will send queries to
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews          the localhost addresses (127.0.0.1 for IPv4,
e40c4e4c17d4df338e2a7db0f84d8dbb3858964cTinderbox User          ::1 for IPv6).
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews        </p>
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews      </dd>
e20788e1216ed720aefa84f3295f7899d9f28c22Mark Andrews<dt><span class="term"><code class="constant">name</code></span></dt>
e40c4e4c17d4df338e2a7db0f84d8dbb3858964cTinderbox User<dd>
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews        <p>
01a5c5503482fb3ba52088bf0178a7213273bf96Mark Andrews          is the domain name to be looked up.
e40c4e4c17d4df338e2a7db0f84d8dbb3858964cTinderbox User        </p>
e40c4e4c17d4df338e2a7db0f84d8dbb3858964cTinderbox User      </dd>
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User<dt><span class="term"><code class="constant">type</code></span></dt>
cdfc81e048bd34c1d628380247bda6b80a89e20eAutomatic Updater<dd>
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews        <p>
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User          indicates what type of query is required &#8212;
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews          ANY, A, MX, etc.
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User          <em class="parameter"><code>type</code></em> can be any valid query
fe80a4909bf62b602feaf246866e9d29f7654194Automatic Updater          type.  If no
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User          <em class="parameter"><code>type</code></em> argument is supplied,
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews          <span class="command"><strong>delv</strong></span> will perform a lookup for an
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User          A record.
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews        </p>
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User      </dd>
fa0326cc2cf428f67575b6ba3b97b528a31b0010Tinderbox User</dl></div>
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User<p>
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews    </p>
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews  </div>
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User
fe80a4909bf62b602feaf246866e9d29f7654194Automatic Updater  <div class="refsection">
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User<a name="id-1.9"></a><h2>OPTIONS</h2>
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User    <div class="variablelist"><dl class="variablelist">
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews<dt><span class="term">-a <em class="replaceable"><code>anchor-file</code></em></span></dt>
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User<dd>
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson      <p>
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User        Specifies a file from which to read DNSSEC trust anchors.
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews        The default is <code class="filename">/etc/bind.keys</code>, which
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User        is included with <acronym class="acronym">BIND</acronym> 9 and contains
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews        trust anchors for the root zone (".") and for the ISC
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User        DNSSEC lookaside validation zone ("dlv.isc.org").
dd65eb1efb40b1c47d57963192bfc54873b219beAutomatic Updater      </p>
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User      <p>
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews        Keys that do not match the root or DLV trust-anchor
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User        names are ignored; these key names can be overridden
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews        using the <code class="option">+dlv=NAME</code> or
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User        <code class="option">+root=NAME</code> options.
133e6d43fa82e80d3798be4de00f4540f485ec6cAutomatic Updater      </p>
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User      <p>
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews        Note: When reading the trust anchor file,
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User        <span class="command"><strong>delv</strong></span> treats <code class="option">managed-keys</code>
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews        statements and <code class="option">trusted-keys</code> statements
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User        identically.  That is, for a managed key, it is the
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson        <span class="emphasis"><em>initial</em></span> key that is trusted; RFC 5011
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User        key management is not supported. <span class="command"><strong>delv</strong></span>
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews        will not consult the managed-keys database maintained by
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User        <span class="command"><strong>named</strong></span>. This means that if either of the
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews        keys in <code class="filename">/etc/bind.keys</code> is revoked
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User        and rolled over, it will be necessary to update
5f7586ddbd3edd11272cdd30ed613d936129328bTinderbox User        <code class="filename">/etc/bind.keys</code> to use DNSSEC
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User        validation in <span class="command"><strong>delv</strong></span>.
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews      </p>
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User    </dd>
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews<dt><span class="term">-b  <em class="replaceable"><code>address</code></em></span></dt>
015055b6e23f5c08f6a5b34726f90b62597e9e45Tinderbox User<dd>
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews      <p>
a7c412f37cc73d0332887a746e81220cbf09dd00Mark Andrews        Sets the source IP address of the query to
a7c412f37cc73d0332887a746e81220cbf09dd00Mark Andrews        <em class="parameter"><code>address</code></em>.  This must be a valid address
dc238a06bffa79de141ee7655765e2df91498a8aTinderbox User        on one of the host's network interfaces or "0.0.0.0" or "::".
e40c4e4c17d4df338e2a7db0f84d8dbb3858964cTinderbox User        An optional source port may be specified by appending
bac4435d473c9a0281507524f084480c34aa942aTinderbox User        "#&lt;port&gt;"
933799f3641f4f78445d015008bad0038900a82aTinderbox User      </p>
dc238a06bffa79de141ee7655765e2df91498a8aTinderbox User    </dd>
a7c412f37cc73d0332887a746e81220cbf09dd00Mark Andrews<dt><span class="term">-c <em class="replaceable"><code>class</code></em></span></dt>
7ca715ad1587a68a531ea1cdea07515d7232567eTinderbox User<dd>
015055b6e23f5c08f6a5b34726f90b62597e9e45Tinderbox User      <p>
8711e5c73ca872d59810760af0332194cbdd619bAutomatic Updater        Sets the query class for the requested data. Currently,
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater        only class "IN" is supported in <span class="command"><strong>delv</strong></span>
bac4435d473c9a0281507524f084480c34aa942aTinderbox User        and any other value is ignored.
91d187ce035f39073f0732ff2a401a45c3c955fbMark Andrews      </p>
933799f3641f4f78445d015008bad0038900a82aTinderbox User    </dd>
8e5fce1f9ceba17dd7e3ff0eb287e1e999c14249Mark Andrews<dt><span class="term">-d <em class="replaceable"><code>level</code></em></span></dt>
933799f3641f4f78445d015008bad0038900a82aTinderbox User<dd>
4151211e6649332f7b5a55870cbe37128bcc7b29Tinderbox User      <p>
91d187ce035f39073f0732ff2a401a45c3c955fbMark Andrews        Set the systemwide debug level to <code class="option">level</code>.
bc0a53583d92309bebcf93c408e2f3247ebd3d3cAutomatic Updater        The allowed range is from 0 to 99.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater        The default is 0 (no debugging).
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater        Debugging traces from <span class="command"><strong>delv</strong></span> become
59528addd704f8d5757b54e540520f74e588a7c7Automatic Updater        more verbose as the debug level increases.
b02be031b9ff37b042adc8e68e36b8bbc1f672b7Tinderbox User        See the <code class="option">+mtrace</code>, <code class="option">+rtrace</code>,
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater        and <code class="option">+vtrace</code> options below for additional
ba8b771c371967dd1254c7fa82ebe4158ee04b24Tinderbox User        debugging details.
59528addd704f8d5757b54e540520f74e588a7c7Automatic Updater      </p>
3ec8f7777ea2b04fc1ebb63077f0916f63b1011aTinderbox User    </dd>
d7d105151a78d35afb4233d2a6dbd47b7ec0d9a5Tinderbox User<dt><span class="term">-h</span></dt>
b02be031b9ff37b042adc8e68e36b8bbc1f672b7Tinderbox User<dd>
933799f3641f4f78445d015008bad0038900a82aTinderbox User      <p>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater        Display the <span class="command"><strong>delv</strong></span> help usage output and exit.
19b3dc94bce93fa76bd7e066f9298630dbc9dcb4Automatic Updater      </p>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater    </dd>
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater<dt><span class="term">-i</span></dt>
7f94d9a8162c9a96b56e66176702b66e79d8e1a2Automatic Updater<dd>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater      <p>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater        Insecure mode. This disables internal DNSSEC validation.
bac4435d473c9a0281507524f084480c34aa942aTinderbox User        (Note, however, this does not set the CD bit on upstream
39ae0eafed076ef769fef5c18b22a8051df5c93aTinderbox User        queries. If the server being queried is performing DNSSEC
91d187ce035f39073f0732ff2a401a45c3c955fbMark Andrews        validation, then it will not return invalid data; this
c2abd6efeb9affa70aabb63da2acb23e135cf7f2Mark Andrews        can cause <span class="command"><strong>delv</strong></span> to time out. When it
e21f41f6504b3381be86cbe7f457f9ee1fff947bTinderbox User        is necessary to examine invalid data to debug a DNSSEC
dc238a06bffa79de141ee7655765e2df91498a8aTinderbox User        problem, use <span class="command"><strong>dig +cd</strong></span>.)
96ea71632887c58a9d00f47eb318bf76b35903c3Mark Andrews      </p>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater    </dd>
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater<dt><span class="term">-m</span></dt>
dc238a06bffa79de141ee7655765e2df91498a8aTinderbox User<dd>
dc238a06bffa79de141ee7655765e2df91498a8aTinderbox User      <p>
4cda4fd158d6ded5586bacea8c388445d99611eaAutomatic Updater        Enables memory usage debugging.
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews      </p>
b02be031b9ff37b042adc8e68e36b8bbc1f672b7Tinderbox User    </dd>
0e573cdd111e060e5f6c18249b5ccacbe8abe278Tinderbox User<dt><span class="term">-p <em class="replaceable"><code>port#</code></em></span></dt>
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews<dd>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater      <p>
e08cdffb3ae4ad409f37e3e5a218fe4b7e0e3904Tinderbox User        Specifies a destination port to use for queries instead of
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews        the standard DNS port number 53.  This option would be used
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews        with a name server that has been configured to listen
bac4435d473c9a0281507524f084480c34aa942aTinderbox User        for queries on a non-standard port number.
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews      </p>
ba8b771c371967dd1254c7fa82ebe4158ee04b24Tinderbox User    </dd>
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews<dt><span class="term">-q <em class="replaceable"><code>name</code></em></span></dt>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<dd>
e40c4e4c17d4df338e2a7db0f84d8dbb3858964cTinderbox User      <p>
933799f3641f4f78445d015008bad0038900a82aTinderbox User        Sets the query name to <em class="parameter"><code>name</code></em>.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater        While the query name can be specified without using the
e64202536ea72d8f371dd0df9fc763f8d70bf886Tinderbox User        <code class="option">-q</code>, it is sometimes necessary to disambiguate
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews        names from types or classes (for example, when looking up the
da59e63e7af147a8bcef985b98b04443e04c3a0eTinderbox User        name "ns", which could be misinterpreted as the type NS,
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User        or "ch", which could be misinterpreted as class CH).
757ff043760e4743dda1a10e7d58349275934902Tinderbox User      </p>
ae454ec746d1d4db8d04e107d4d25ff13158c37fMark Andrews    </dd>
f520803b46dc189fdaf84adc87ef327d3587b435Mark Andrews<dt><span class="term">-t <em class="replaceable"><code>type</code></em></span></dt>
a03cb08d0c4f1ca5fbc121d2f02bdffa7eb52286Mark Andrews<dd>
757ff043760e4743dda1a10e7d58349275934902Tinderbox User      <p>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater        Sets the query type to <em class="parameter"><code>type</code></em>, which
ae454ec746d1d4db8d04e107d4d25ff13158c37fMark Andrews        can be any valid query type supported in BIND 9 except
1bcc3273a80c256f11d9098a00ba2c041939e233Mark Andrews        for zone transfer types AXFR and IXFR. As with
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson        <code class="option">-q</code>, this is useful to distinguish
1bcc3273a80c256f11d9098a00ba2c041939e233Mark Andrews        query name type or class when they are ambiguous.
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews        it is sometimes necessary to disambiguate names from types.
1bcc3273a80c256f11d9098a00ba2c041939e233Mark Andrews      </p>
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews      <p>
ba8b771c371967dd1254c7fa82ebe4158ee04b24Tinderbox User        The default query type is "A", unless the <code class="option">-x</code>
bac4435d473c9a0281507524f084480c34aa942aTinderbox User        option is supplied to indicate a reverse lookup, in which case
f520803b46dc189fdaf84adc87ef327d3587b435Mark Andrews        it is "PTR".
e40c4e4c17d4df338e2a7db0f84d8dbb3858964cTinderbox User      </p>
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User    </dd>
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews<dt><span class="term">-v</span></dt>
3857cb6fcabeb79d85de4b3e3e4ab99912b701f8Mark Andrews<dd>
e40c4e4c17d4df338e2a7db0f84d8dbb3858964cTinderbox User      <p>
e64202536ea72d8f371dd0df9fc763f8d70bf886Tinderbox User        Print the <span class="command"><strong>delv</strong></span> version and exit.
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews      </p>
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User    </dd>
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson<dt><span class="term">-x <em class="replaceable"><code>addr</code></em></span></dt>
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User<dd>
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews      <p>
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User        Performs a reverse lookup, mapping an addresses to
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews        a name.  <em class="parameter"><code>addr</code></em> is an IPv4 address in
015055b6e23f5c08f6a5b34726f90b62597e9e45Tinderbox User        dotted-decimal notation, or a colon-delimited IPv6 address.
ebdf202f2198158ab4d30f22c370a9c63760d071Tinderbox User        When <code class="option">-x</code> is used, there is no need to provide
8292deab031e7599cd7622aa7675fbe139ca6095Mark Andrews        the <em class="parameter"><code>name</code></em> or <em class="parameter"><code>type</code></em>
caaff35375fba833f156f952aeca689e5bc7cddfFrancis Dupont        arguments.  <span class="command"><strong>delv</strong></span> automatically performs a
caaff35375fba833f156f952aeca689e5bc7cddfFrancis Dupont        lookup for a name like <code class="literal">11.12.13.10.in-addr.arpa</code>
caaff35375fba833f156f952aeca689e5bc7cddfFrancis Dupont        and sets the query type to PTR.  IPv6 addresses are looked up
78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark Andrews        using nibble format under the IP6.ARPA domain.
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews      </p>
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews    </dd>
78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark Andrews<dt><span class="term">-4</span></dt>
78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark Andrews<dd>
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews      <p>
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews        Forces <span class="command"><strong>delv</strong></span> to only use IPv4.
78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark Andrews      </p>
78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark Andrews    </dd>
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews<dt><span class="term">-6</span></dt>
0e573cdd111e060e5f6c18249b5ccacbe8abe278Tinderbox User<dd>
78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark Andrews      <p>
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews        Forces <span class="command"><strong>delv</strong></span> to only use IPv6.
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews      </p>
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews    </dd>
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews</dl></div>
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews  </div>
e8fc8c884b44371784805e1e0d3100da403dd3f1Automatic Updater
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews  <div class="refsection">
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews<a name="id-1.10"></a><h2>QUERY OPTIONS</h2>
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews    <p><span class="command"><strong>delv</strong></span>
e8fc8c884b44371784805e1e0d3100da403dd3f1Automatic Updater      provides a number of query options which affect the way results are
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews      displayed, and in some cases the way lookups are performed.
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews    </p>
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews    <p>
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews      Each query option is identified by a keyword preceded by a plus sign
e8fc8c884b44371784805e1e0d3100da403dd3f1Automatic Updater      (<code class="literal">+</code>).  Some keywords set or reset an
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews      option.  These may be preceded by the string
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews      <code class="literal">no</code> to negate the meaning of that keyword.
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews      Other keywords assign values to options like the timeout interval.
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews      They have the form <code class="option">+keyword=value</code>.
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews      The query options are:
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews      </p>
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews<div class="variablelist"><dl class="variablelist">
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews<dt><span class="term"><code class="option">+[no]cdflag</code></span></dt>
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews<dd>
b30ec46fec40a1b246f7965fbcd341fc6cfd1cc1Mark Andrews        <p>
39cad8fb7d7ff3436bb24ce761354afcb80d295aMark Andrews          Controls whether to set the CD (checking disabled) bit in
c5a97a549c89d562e999d4f906b882c5a2a474e1Tinderbox User          queries sent by <span class="command"><strong>delv</strong></span>. This may be useful
0e573cdd111e060e5f6c18249b5ccacbe8abe278Tinderbox User          when troubleshooting DNSSEC problems from behind a validating
01a5c5503482fb3ba52088bf0178a7213273bf96Mark Andrews          resolver. A validating resolver will block invalid responses,
95c3a5e116c1da135f669c3f15398172fac6279dMark Andrews          making it difficult to retrieve them for analysis. Setting
d7d105151a78d35afb4233d2a6dbd47b7ec0d9a5Tinderbox User          the CD flag on queries will cause the resolver to return
d585233c52e283d9a8849f16f04f452419a2484eTinderbox User          invalid responses, which <span class="command"><strong>delv</strong></span> can then
d7d105151a78d35afb4233d2a6dbd47b7ec0d9a5Tinderbox User          validate internally and report the errors in detail.
e64202536ea72d8f371dd0df9fc763f8d70bf886Tinderbox User        </p>
015055b6e23f5c08f6a5b34726f90b62597e9e45Tinderbox User      </dd>
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews<dt><span class="term"><code class="option">+[no]class</code></span></dt>
59528addd704f8d5757b54e540520f74e588a7c7Automatic Updater<dd>
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews        <p>
e40c4e4c17d4df338e2a7db0f84d8dbb3858964cTinderbox User          Controls whether to display the CLASS when printing
757ff043760e4743dda1a10e7d58349275934902Tinderbox User          a record. The default is to display the CLASS.
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews        </p>
0e573cdd111e060e5f6c18249b5ccacbe8abe278Tinderbox User      </dd>
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews<dt><span class="term"><code class="option">+[no]ttl</code></span></dt>
933799f3641f4f78445d015008bad0038900a82aTinderbox User<dd>
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews        <p>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater          Controls whether to display the TTL when printing
7f79131f9a8e804b93c57f3c679065cce878b726Automatic Updater          a record. The default is to display the TTL.
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews        </p>
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson      </dd>
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews<dt><span class="term"><code class="option">+[no]rtrace</code></span></dt>
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews<dd>
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews        <p>
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews          Toggle resolver fetch logging. This reports the
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews          name and type of each query sent by <span class="command"><strong>delv</strong></span>
efb0e886f18894a1d2489f1ad74ad14b579e11c7Mark Andrews          in the process of carrying out the resolution and validation
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews          process: this includes including the original query and
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews          all subsequent queries to follow CNAMEs and to establish a
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews          chain of trust for DNSSEC validation.
3a988722ad9e209ba4064604d482dc4efe0e19ebTinderbox User        </p>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington        <p>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington          This is equivalent to setting the debug level to 1 in
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews          the "resolver" logging category. Setting the systemwide
91d187ce035f39073f0732ff2a401a45c3c955fbMark Andrews          debug level to 1 using the <code class="option">-d</code> option will
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews          product the same output (but will affect other logging
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews          categories as well).
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews        </p>
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews      </dd>
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews<dt><span class="term"><code class="option">+[no]mtrace</code></span></dt>
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews<dd>
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews        <p>
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews          Toggle message logging. This produces a detailed dump of
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User          the responses received by <span class="command"><strong>delv</strong></span> in the
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User          process of carrying out the resolution and validation process.
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews        </p>
a5636b773fa05a272b6876afd99309c0b3090e2fMark Andrews        <p>
a5636b773fa05a272b6876afd99309c0b3090e2fMark Andrews          This is equivalent to setting the debug level to 10
a5636b773fa05a272b6876afd99309c0b3090e2fMark Andrews          for the "packets" module of the "resolver" logging
a5636b773fa05a272b6876afd99309c0b3090e2fMark Andrews          category. Setting the systemwide debug level to 10 using
a5636b773fa05a272b6876afd99309c0b3090e2fMark Andrews          the <code class="option">-d</code> option will produce the same output
f7369b2881b5e63d69600adcedc8ba938303d30cTinderbox User          (but will affect other logging categories as well).
f7369b2881b5e63d69600adcedc8ba938303d30cTinderbox User        </p>
d6317350b1180aa4517f2e8a92fa8fbcbf904ad8Automatic Updater      </dd>
bc0a4c01beede169df81a3ee5b614ed9e82339dbAutomatic Updater<dt><span class="term"><code class="option">+[no]vtrace</code></span></dt>
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews<dd>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington        <p>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington          Toggle validation logging. This shows the internal
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington          process of the validator as it determines whether an
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington          answer is validly signed, unsigned, or invalid.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington        </p>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington        <p>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington          This is equivalent to setting the debug level to 3
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington          for the "validator" module of the "dnssec" logging
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington          category. Setting the systemwide debug level to 3 using
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington          the <code class="option">-d</code> option will produce the same output
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington          (but will affect other logging categories as well).
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington        </p>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington      </dd>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<dt><span class="term"><code class="option">+[no]short</code></span></dt>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<dd>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington        <p>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington          Provide a terse answer.  The default is to print the answer in a
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington          verbose form.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington        </p>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington      </dd>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<dt><span class="term"><code class="option">+[no]comments</code></span></dt>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<dd>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington        <p>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington          Toggle the display of comment lines in the output.  The default
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington          is to print comments.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington        </p>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington      </dd>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<dt><span class="term"><code class="option">+[no]rrcomments</code></span></dt>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<dd>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington        <p>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington          Toggle the display of per-record comments in the output (for
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington          example, human-readable key information about DNSKEY records).
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington          The default is to print per-record comments.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington        </p>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington      </dd>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<dt><span class="term"><code class="option">+[no]crypto</code></span></dt>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<dd>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington        <p>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington          Toggle the display of cryptographic fields in DNSSEC records.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington          The contents of these field are unnecessary to debug most DNSSEC
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington          validation failures and removing them makes it easier to see
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington          the common failures.  The default is to display the fields.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington          When omitted they are replaced by the string "[omitted]" or
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington          in the DNSKEY case the key id is displayed as the replacement,
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington          e.g. "[ key id = value ]".
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington        </p>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington      </dd>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<dt><span class="term"><code class="option">+[no]trust</code></span></dt>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<dd>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington        <p>
f520803b46dc189fdaf84adc87ef327d3587b435Mark Andrews          Controls whether to display the trust level when printing
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews          a record. The default is to display the trust level.
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews        </p>
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews      </dd>
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews<dt><span class="term"><code class="option">+[no]split[=W]</code></span></dt>
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews<dd>
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews        <p>
22d32791e5daa0bc80335a0f10ab2de95f41ccdbTinderbox User          Split long hex- or base64-formatted fields in resource
ae7e54b14c946e0984c191554db9abb4893f9349Automatic Updater          records into chunks of <em class="parameter"><code>W</code></em> characters
ae7e54b14c946e0984c191554db9abb4893f9349Automatic Updater          (where <em class="parameter"><code>W</code></em> is rounded up to the nearest
ae7e54b14c946e0984c191554db9abb4893f9349Automatic Updater          multiple of 4).
ae7e54b14c946e0984c191554db9abb4893f9349Automatic Updater          <em class="parameter"><code>+nosplit</code></em> or
ae7e54b14c946e0984c191554db9abb4893f9349Automatic Updater          <em class="parameter"><code>+split=0</code></em> causes fields not to be
ae7e54b14c946e0984c191554db9abb4893f9349Automatic Updater          split at all.  The default is 56 characters, or 44 characters
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User          when multiline mode is active.
ae7e54b14c946e0984c191554db9abb4893f9349Automatic Updater        </p>
ae7e54b14c946e0984c191554db9abb4893f9349Automatic Updater      </dd>
ae7e54b14c946e0984c191554db9abb4893f9349Automatic Updater<dt><span class="term"><code class="option">+[no]all</code></span></dt>
ae7e54b14c946e0984c191554db9abb4893f9349Automatic Updater<dd>
ae7e54b14c946e0984c191554db9abb4893f9349Automatic Updater        <p>
ae7e54b14c946e0984c191554db9abb4893f9349Automatic Updater          Set or clear the display options
ae7e54b14c946e0984c191554db9abb4893f9349Automatic Updater          <code class="option">+[no]comments</code>,
ae7e54b14c946e0984c191554db9abb4893f9349Automatic Updater          <code class="option">+[no]rrcomments</code>, and
b30ec46fec40a1b246f7965fbcd341fc6cfd1cc1Mark Andrews          <code class="option">+[no]trust</code> as a group.
c11c7b47726c02eb05e29ff7be56a3343146e396Tinderbox User        </p>
c11c7b47726c02eb05e29ff7be56a3343146e396Tinderbox User      </dd>
c11c7b47726c02eb05e29ff7be56a3343146e396Tinderbox User<dt><span class="term"><code class="option">+[no]multiline</code></span></dt>
c11c7b47726c02eb05e29ff7be56a3343146e396Tinderbox User<dd>
c11c7b47726c02eb05e29ff7be56a3343146e396Tinderbox User        <p>
c11c7b47726c02eb05e29ff7be56a3343146e396Tinderbox User          Print long records (such as RRSIG, DNSKEY, and SOA records)
c11c7b47726c02eb05e29ff7be56a3343146e396Tinderbox User          in a verbose multi-line format with human-readable comments.
c11c7b47726c02eb05e29ff7be56a3343146e396Tinderbox User          The default is to print each record on a single line, to
c11c7b47726c02eb05e29ff7be56a3343146e396Tinderbox User          facilitate machine parsing of the <span class="command"><strong>delv</strong></span>
c11c7b47726c02eb05e29ff7be56a3343146e396Tinderbox User          output.
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews        </p>
c11c7b47726c02eb05e29ff7be56a3343146e396Tinderbox User      </dd>
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews<dt><span class="term"><code class="option">+[no]dnssec</code></span></dt>
0accdb26ead1fe520a9820b52efbea64bdf564e3Tinderbox User<dd>
c11c7b47726c02eb05e29ff7be56a3343146e396Tinderbox User        <p>
c11c7b47726c02eb05e29ff7be56a3343146e396Tinderbox User          Indicates whether to display RRSIG records in the
c11c7b47726c02eb05e29ff7be56a3343146e396Tinderbox User          <span class="command"><strong>delv</strong></span> output.  The default is to
c11c7b47726c02eb05e29ff7be56a3343146e396Tinderbox User          do so.  Note that (unlike in <span class="command"><strong>dig</strong></span>)
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews          this does <span class="emphasis"><em>not</em></span> control whether to
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews          request DNSSEC records or whether to validate them.
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews          DNSSEC records are always requested, and validation
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews          will always occur unless suppressed by the use of
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews          <code class="option">-i</code> or <code class="option">+noroot</code> and
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews          <code class="option">+nodlv</code>.
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews        </p>
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews      </dd>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<dt><span class="term"><code class="option">+[no]root[=ROOT]</code></span></dt>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater<dd>
febbdb34a7f7759922e239655e7429d78d3a8d26Tinderbox User        <p>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater          Indicates whether to perform conventional (non-lookaside)
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater          DNSSEC validation, and if so, specifies the
dc238a06bffa79de141ee7655765e2df91498a8aTinderbox User          name of a trust anchor.  The default is to validate using
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews          a trust anchor of "." (the root zone), for which there is
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews          a built-in key.  If specifying a different trust anchor,
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews          then <code class="option">-a</code> must be used to specify a file
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews          containing the key.
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews        </p>
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews      </dd>
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews<dt><span class="term"><code class="option">+[no]dlv[=DLV]</code></span></dt>
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews<dd>
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User        <p>
c01dec514a81ecf8c17ca3ef8c3ba95e437295ebAutomatic Updater          Indicates whether to perform DNSSEC lookaside validation,
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater          and if so, specifies the name of the DLV trust anchor.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater          The default is to perform lookaside validation using
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater          a trust anchor of "dlv.isc.org", for which there is a
e8c42d50cdaf3a3b841074d8bf72b40ffbae2a4bTinderbox User          built-in key.  If specifying a different name, then
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater          <code class="option">-a</code> must be used to specify a file
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater          containing the DLV key.
e20309353e6246485c521278131d3fced73d7957Tinderbox User        </p>
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews      </dd>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<dt><span class="term"><code class="option">+[no]tcp</code></span></dt>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<dd>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington        <p>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington          Controls whether to use TCP when sending queries.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington          The default is to use UDP unless a truncated
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington          response has been received.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington        </p>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington      </dd>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<dt><span class="term"><code class="option">+[no]unknownformat</code></span></dt>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<dd>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington        <p>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington          Print all RDATA in unknown RR type presentation format
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington          (RFC 3597). The default is to print RDATA for known types
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington          in the type's presentation format.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington        </p>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington      </dd>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington</dl></div>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<p>
7adcb4de92bf4383a4c5624c4ed256736d02bc6dMark Andrews
7adcb4de92bf4383a4c5624c4ed256736d02bc6dMark Andrews    </p>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington  </div>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews  <div class="refsection">
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews<a name="id-1.11"></a><h2>FILES</h2>
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews    <p><code class="filename">/etc/bind.keys</code></p>
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews    <p><code class="filename">/etc/resolv.conf</code></p>
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews  </div>
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater  <div class="refsection">
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews<a name="id-1.12"></a><h2>SEE ALSO</h2>
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews    <p><span class="citerefentry">
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews    <span class="refentrytitle">dig</span>(1)
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews      </span>,
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews      <span class="citerefentry">
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews    <span class="refentrytitle">named</span>(8)
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews      </span>,
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater      <em class="citetitle">RFC4034</em>,
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater      <em class="citetitle">RFC4035</em>,
bac4435d473c9a0281507524f084480c34aa942aTinderbox User      <em class="citetitle">RFC4431</em>,
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews      <em class="citetitle">RFC5074</em>,
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington      <em class="citetitle">RFC5155</em>.
7adcb4de92bf4383a4c5624c4ed256736d02bc6dMark Andrews    </p>
7adcb4de92bf4383a4c5624c4ed256736d02bc6dMark Andrews  </div>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington</div></body>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington</html>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington