man.delv.html revision 0da3028ccf1172617852a46382146f1e5cabd246
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony - Copyright (C) 2004-2015 Internet Systems Consortium, Inc. ("ISC")
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony - Copyright (C) 2000-2003 Internet Software Consortium.
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony - Permission to use, copy, modify, and/or distribute this software for any
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony - purpose with or without fee is hereby granted, provided that the above
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony - copyright notice and this permission notice appear in all copies.
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony - PERFORMANCE OF THIS SOFTWARE.
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony<!-- $Id$ -->
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony<link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony<link rel="up" href="Bv9ARM.ch13.html" title="Manual pages">
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony<link rel="next" href="man.dnssec-checkds.html" title="dnssec-checkds">
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony<td width="20%" align="right">�<a accesskey="n" href="man.dnssec-checkds.html">Next</a>
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony<div class="cmdsynopsis"><p><code class="command">delv</code> [@server] [<code class="option">-4</code>] [<code class="option">-6</code>] [<code class="option">-a <em class="replaceable"><code>anchor-file</code></em></code>] [<code class="option">-b <em class="replaceable"><code>address</code></em></code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-d <em class="replaceable"><code>level</code></em></code>] [<code class="option">-i</code>] [<code class="option">-m</code>] [<code class="option">-p <em class="replaceable"><code>port#</code></em></code>] [<code class="option">-q <em class="replaceable"><code>name</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-x <em class="replaceable"><code>addr</code></em></code>] [name] [type] [class] [queryopt...]</p></div>
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony<div class="cmdsynopsis"><p><code class="command">delv</code> [<code class="option">-h</code>]</p></div>
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony<div class="cmdsynopsis"><p><code class="command">delv</code> [<code class="option">-v</code>]</p></div>
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony<div class="cmdsynopsis"><p><code class="command">delv</code> [queryopt...] [query...]</p></div>
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony (Domain Entity Lookup & Validation) is a tool for sending
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony DNS queries and validating the results, using the the same internal
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony resolver and validator logic as <span><strong class="command">named</strong></span>.
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony <span><strong class="command">delv</strong></span> will send to a specified name server all
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony queries needed to fetch and validate the requested data; this
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony includes the original requested query, subsequent queries to follow
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony CNAME or DNAME chains, and queries for DNSKEY, DS and DLV records
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony to establish a chain of trust for DNSSEC validation.
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony It does not perform iterative resolution, but simulates the
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony behavior of a name server configured for DNSSEC validating and
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony forwarding.
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony By default, responses are validated using built-in DNSSEC trust
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony anchors for the root zone (".") and for the ISC DNSSEC lookaside
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony validation zone ("dlv.isc.org"). Records returned by
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony <span><strong class="command">delv</strong></span> are either fully validated or
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony were not signed. If validation fails, an explanation of
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony the failure is included in the output; the validation process
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony can be traced in detail. Because <span><strong class="command">delv</strong></span> does
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony not rely on an external server to carry out validation, it can
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony be used to check the validity of DNS responses in environments
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony where local name servers may not be trustworthy.
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony Unless it is told to query a specific name server,
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony <span><strong class="command">delv</strong></span> will try each of the servers listed in
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony <code class="filename">/etc/resolv.conf</code>. If no usable server
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony addresses are found, <span><strong class="command">delv</strong></span> will send
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony queries to the localhost addresses (127.0.0.1 for IPv4, ::1
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony When no command line arguments or options are given,
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony <span><strong class="command">delv</strong></span> will perform an NS query for "."
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony (the root zone).
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony A typical invocation of <span><strong class="command">delv</strong></span> looks like:
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony<pre class="programlisting"> delv @server name type </pre>
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony<dt><span class="term"><code class="constant">server</code></span></dt>
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony is the name or IP address of the name server to query. This
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony can be an IPv4 address in dotted-decimal notation or an IPv6
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony address in colon-delimited notation. When the supplied
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony <em class="parameter"><code>server</code></em> argument is a hostname,
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony <span><strong class="command">delv</strong></span> resolves that name before
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony querying that name server (note, however, that this
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony initial lookup is <span class="emphasis"><em>not</em></span> validated
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony by DNSSEC).
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony If no <em class="parameter"><code>server</code></em> argument is
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony provided, <span><strong class="command">delv</strong></span> consults
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony <code class="filename">/etc/resolv.conf</code>; if an
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony address is found there, it queries the name server at
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony that address. If either of the <code class="option">-4</code> or
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony <code class="option">-6</code> options are in use, then
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony only addresses for the corresponding transport
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony will be tried. If no usable addresses are found,
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony <span><strong class="command">delv</strong></span> will send queries to
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony the localhost addresses (127.0.0.1 for IPv4,
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony ::1 for IPv6).
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony<dt><span class="term"><code class="constant">name</code></span></dt>
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony is the domain name to be looked up.
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony<dt><span class="term"><code class="constant">type</code></span></dt>
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony indicates what type of query is required —
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony ANY, A, MX, etc.
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony <em class="parameter"><code>type</code></em> can be any valid query
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony type. If no
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony <em class="parameter"><code>type</code></em> argument is supplied,
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony <span><strong class="command">delv</strong></span> will perform a lookup for an
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony<dt><span class="term">-a <em class="replaceable"><code>anchor-file</code></em></span></dt>
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony Specifies a file from which to read DNSSEC trust anchors.
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony The default is <code class="filename">/etc/bind.keys</code>, which
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony is included with <acronym class="acronym">BIND</acronym> 9 and contains
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony trust anchors for the root zone (".") and for the ISC
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony DNSSEC lookaside validation zone ("dlv.isc.org").
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony Keys that do not match the root or DLV trust-anchor
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony names are ignored; these key names can be overridden
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony Note: When reading the trust anchor file,
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony <span><strong class="command">delv</strong></span> treats <code class="option">managed-keys</code>
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony statements and <code class="option">trusted-keys</code> statements
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony identically. That is, for a managed key, it is the
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony <span class="emphasis"><em>initial</em></span> key that is trusted; RFC 5011
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony key management is not supported. <span><strong class="command">delv</strong></span>
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony will not consult the managed-keys database maintained by
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony <span><strong class="command">named</strong></span>. This means that if either of the
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony keys in <code class="filename">/etc/bind.keys</code> is revoked
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony and rolled over, it will be necessary to update
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony <code class="filename">/etc/bind.keys</code> to use DNSSEC
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony validation in <span><strong class="command">delv</strong></span>.
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony<dt><span class="term">-b <em class="replaceable"><code>address</code></em></span></dt>
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony Sets the source IP address of the query to
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony <em class="parameter"><code>address</code></em>. This must be a valid address
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony on one of the host's network interfaces or "0.0.0.0" or "::".
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony An optional source port may be specified by appending
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony "#<port>"
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony<dt><span class="term">-c <em class="replaceable"><code>class</code></em></span></dt>
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony Sets the query class for the requested data. Currently,
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony only class "IN" is supported in <span><strong class="command">delv</strong></span>
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony and any other value is ignored.
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony<dt><span class="term">-d <em class="replaceable"><code>level</code></em></span></dt>
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony Set the systemwide debug level to <code class="option">level</code>.
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony The allowed range is from 0 to 99.
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony The default is 0 (no debugging).
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony Debugging traces from <span><strong class="command">delv</strong></span> become
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony more verbose as the debug level increases.
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony See the <code class="option">+mtrace</code>, <code class="option">+rtrace</code>,
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony and <code class="option">+vtrace</code> options below for additional
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony debugging details.
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony Display the <span><strong class="command">delv</strong></span> help usage output and exit.
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony Insecure mode. This disables internal DNSSEC validation.
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony (Note, however, this does not set the CD bit on upstream
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony queries. If the server being queried is performing DNSSEC
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony validation, then it will not return invalid data; this
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony can cause <span><strong class="command">delv</strong></span> to time out. When it
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony is necessary to examine invalid data to debug a DNSSEC
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony problem, use <span><strong class="command">dig +cd</strong></span>.)
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony Enables memory usage debugging.
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony<dt><span class="term">-p <em class="replaceable"><code>port#</code></em></span></dt>
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony Specifies a destination port to use for queries instead of
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony the standard DNS port number 53. This option would be used
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony with a name server that has been configured to listen
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony for queries on a non-standard port number.
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony<dt><span class="term">-q <em class="replaceable"><code>name</code></em></span></dt>
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony Sets the query name to <em class="parameter"><code>name</code></em>.
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony While the query name can be specified without using the
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony <code class="option">-q</code>, it is sometimes necessary to disambiguate
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony names from types or classes (for example, when looking up the
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony name "ns", which could be misinterpreted as the type NS,
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony or "ch", which could be misinterpreted as class CH).
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony<dt><span class="term">-t <em class="replaceable"><code>type</code></em></span></dt>
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony Sets the query type to <em class="parameter"><code>type</code></em>, which
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony can be any valid query type supported in BIND 9 except
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony for zone transfer types AXFR and IXFR. As with
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony <code class="option">-q</code>, this is useful to distinguish
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony query name type or class when they are ambiguous.
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony it is sometimes necessary to disambiguate names from types.
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony The default query type is "A", unless the <code class="option">-x</code>
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony option is supplied to indicate a reverse lookup, in which case
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony it is "PTR".
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony Print the <span><strong class="command">delv</strong></span> version and exit.
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony<dt><span class="term">-x <em class="replaceable"><code>addr</code></em></span></dt>
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony Performs a reverse lookup, mapping an addresses to
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony a name. <em class="parameter"><code>addr</code></em> is an IPv4 address in
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony dotted-decimal notation, or a colon-delimited IPv6 address.
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony When <code class="option">-x</code> is used, there is no need to provide
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony the <em class="parameter"><code>name</code></em> or <em class="parameter"><code>type</code></em>
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony arguments. <span><strong class="command">delv</strong></span> automatically performs a
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony lookup for a name like <code class="literal">11.12.13.10.in-addr.arpa</code>
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony and sets the query type to PTR. IPv6 addresses are looked up
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony using nibble format under the IP6.ARPA domain.
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony Forces <span><strong class="command">delv</strong></span> to only use IPv4.
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony Forces <span><strong class="command">delv</strong></span> to only use IPv6.
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony provides a number of query options which affect the way results are
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony displayed, and in some cases the way lookups are performed.
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony Each query option is identified by a keyword preceded by a plus sign
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony (<code class="literal">+</code>). Some keywords set or reset an
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony option. These may be preceded by the string
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony <code class="literal">no</code> to negate the meaning of that keyword.
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony Other keywords assign values to options like the timeout interval.
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony They have the form <code class="option">+keyword=value</code>.
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony The query options are:
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony<dt><span class="term"><code class="option">+[no]cdflag</code></span></dt>
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony Controls whether to set the CD (checking disabled) bit in
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony queries sent by <span><strong class="command">delv</strong></span>. This may be useful
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony when troubleshooting DNSSEC problems from behind a validating
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony resolver. A validating resolver will block invalid responses,
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony making it difficult to retrieve them for analysis. Setting
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony the CD flag on queries will cause the resolver to return
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony invalid responses, which <span><strong class="command">delv</strong></span> can then
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony validate internally and report the errors in detail.
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony<dt><span class="term"><code class="option">+[no]class</code></span></dt>
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony Controls whether to display the CLASS when printing
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony a record. The default is to display the CLASS.
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony<dt><span class="term"><code class="option">+[no]ttl</code></span></dt>
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony Controls whether to display the TTL when printing
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony a record. The default is to display the TTL.
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony<dt><span class="term"><code class="option">+[no]rtrace</code></span></dt>
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony Toggle resolver fetch logging. This reports the
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony name and type of each query sent by <span><strong class="command">delv</strong></span>
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony in the process of carrying out the resolution and validation
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony process: this includes including the original query and
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony all subsequent queries to follow CNAMEs and to establish a
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony chain of trust for DNSSEC validation.
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony This is equivalent to setting the debug level to 1 in
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony the "resolver" logging category. Setting the systemwide
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony debug level to 1 using the <code class="option">-d</code> option will
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony product the same output (but will affect other logging
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony categories as well).
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony<dt><span class="term"><code class="option">+[no]mtrace</code></span></dt>
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony Toggle message logging. This produces a detailed dump of
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony the responses received by <span><strong class="command">delv</strong></span> in the
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony process of carrying out the resolution and validation process.
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony This is equivalent to setting the debug level to 10
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony for the the "packets" module of the "resolver" logging
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony category. Setting the systemwide debug level to 10 using
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony the <code class="option">-d</code> option will produce the same output
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony (but will affect other logging categories as well).
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony<dt><span class="term"><code class="option">+[no]vtrace</code></span></dt>
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony Toggle validation logging. This shows the internal
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony process of the validator as it determines whether an
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony answer is validly signed, unsigned, or invalid.
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony This is equivalent to setting the debug level to 3
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony for the the "validator" module of the "dnssec" logging
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony category. Setting the systemwide debug level to 3 using
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony the <code class="option">-d</code> option will produce the same output
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony (but will affect other logging categories as well).
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony<dt><span class="term"><code class="option">+[no]short</code></span></dt>
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony Provide a terse answer. The default is to print the answer in a
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony verbose form.
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony<dt><span class="term"><code class="option">+[no]comments</code></span></dt>
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony Toggle the display of comment lines in the output. The default
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony is to print comments.
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony<dt><span class="term"><code class="option">+[no]rrcomments</code></span></dt>
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony Toggle the display of per-record comments in the output (for
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony example, human-readable key information about DNSKEY records).
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony The default is to print per-record comments.
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony<dt><span class="term"><code class="option">+[no]crypto</code></span></dt>
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony Toggle the display of cryptographic fields in DNSSEC records.
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony The contents of these field are unnecessary to debug most DNSSEC
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony validation failures and removing them makes it easier to see
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony the common failures. The default is to display the fields.
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony When omitted they are replaced by the string "[omitted]" or
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony in the DNSKEY case the key id is displayed as the replacement,
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony e.g. "[ key id = value ]".
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony<dt><span class="term"><code class="option">+[no]trust</code></span></dt>
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony Controls whether to display the trust level when printing
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony a record. The default is to display the trust level.
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony<dt><span class="term"><code class="option">+[no]split[=W]</code></span></dt>
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony Split long hex- or base64-formatted fields in resource
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony records into chunks of <em class="parameter"><code>W</code></em> characters
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony (where <em class="parameter"><code>W</code></em> is rounded up to the nearest
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony multiple of 4).
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony <em class="parameter"><code>+split=0</code></em> causes fields not to be
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony split at all. The default is 56 characters, or 44 characters
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony when multiline mode is active.
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony<dt><span class="term"><code class="option">+[no]all</code></span></dt>
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony Set or clear the display options
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony<dt><span class="term"><code class="option">+[no]multiline</code></span></dt>
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony Print long records (such as RRSIG, DNSKEY, and SOA records)
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony in a verbose multi-line format with human-readable comments.
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony The default is to print each record on a single line, to
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony facilitate machine parsing of the <span><strong class="command">delv</strong></span>
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony<dt><span class="term"><code class="option">+[no]dnssec</code></span></dt>
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony Indicates whether to display RRSIG records in the
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony <span><strong class="command">delv</strong></span> output. The default is to
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony do so. Note that (unlike in <span><strong class="command">dig</strong></span>)
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony this does <span class="emphasis"><em>not</em></span> control whether to
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony request DNSSEC records or whether to validate them.
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony DNSSEC records are always requested, and validation
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony will always occur unless suppressed by the use of
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony <code class="option">-i</code> or <code class="option">+noroot</code> and
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony<dt><span class="term"><code class="option">+[no]root[=ROOT]</code></span></dt>
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony Indicates whether to perform conventional (non-lookaside)
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony DNSSEC validation, and if so, specifies the
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony name of a trust anchor. The default is to validate using
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony a trust anchor of "." (the root zone), for which there is
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony a built-in key. If specifying a different trust anchor,
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony then <code class="option">-a</code> must be used to specify a file
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony containing the key.
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony<dt><span class="term"><code class="option">+[no]dlv[=DLV]</code></span></dt>
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony Indicates whether to perform DNSSEC lookaside validation,
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony and if so, specifies the name of the DLV trust anchor.
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony The default is to perform lookaside validation using
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony a trust anchor of "dlv.isc.org", for which there is a
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony built-in key. If specifying a different name, then
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony <code class="option">-a</code> must be used to specify a file
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony containing the DLV key.
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony<dt><span class="term"><code class="option">+[no]tcp</code></span></dt>
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony Controls whether to use TCP when sending queries.
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony The default is to use UDP unless a truncated
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony response has been received.
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony<p><span class="citerefentry"><span class="refentrytitle">dig</span>(1)</span>,
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony <span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony<td width="20%" align="center"><a accesskey="u" href="Bv9ARM.ch13.html">Up</a></td>
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony<td width="40%" align="right">�<a accesskey="n" href="man.dnssec-checkds.html">Next</a>
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony<td width="20%" align="center"><a accesskey="h" href="Bv9ARM.html">Home</a></td>
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony<td width="40%" align="right" valign="top">�<span class="application">dnssec-checkds</span>
4a7be288e6fc28a6cb940e26542dbf574bc907b9pctony<p style="text-align: center;">BIND 9.11.0pre-alpha</p>