doc/arm/man.delv.html

	man.delv.html revision 14a656f94b1fd0ababd84a772228dfa52276ba15
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<!--
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews - Copyright (C) 2004-2015 Internet Systems Consortium, Inc. ("ISC")
a02a0a8a7eb461619931f4a0e896afa247b52c54Mark Andrews - Copyright (C) 2000-2003 Internet Software Consortium.
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews -
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews - Permission to use, copy, modify, and/or distribute this software for any
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews - purpose with or without fee is hereby granted, provided that the above
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews - copyright notice and this permission notice appear in all copies.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington -
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
0756445a735e2df39bf798d8de42ae5dd030aa3bMark Andrews - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews - PERFORMANCE OF THIS SOFTWARE.
f8f37672a57524560fbdde52484e6ae3de1c3354Mark Andrews-->
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews<html>
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews<head>
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
0756445a735e2df39bf798d8de42ae5dd030aa3bMark Andrews<title>delv</title>
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews<meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews<link rel="home" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson<link rel="up" href="Bv9ARM.ch13.html" title="Manual pages">
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson<link rel="prev" href="man.host.html" title="host">
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews<link rel="next" href="man.dnssec-checkds.html" title="dnssec-checkds">
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews</head>
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews<div class="navheader">
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<table width="100%" summary="Navigation header">
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews<tr><th colspan="3" align="center">delv</th></tr>
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews<tr>
bac2ed6ec3fbb5420e6ce69dd1218745d4e02b1eMark Andrews<td width="20%" align="left">
ed178efa9ab8f813538fce4ff603b81ded9f1799Mark Andrews<a accesskey="p" href="man.host.html">Prev</a>�</td>
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews<th width="60%" align="center">Manual pages</th>
bac2ed6ec3fbb5420e6ce69dd1218745d4e02b1eMark Andrews<td width="20%" align="right">�<a accesskey="n" href="man.dnssec-checkds.html">Next</a>
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews</td>
4038ab55037184d76153afd3c469aa8c85adf85dMark Andrews</tr>
ed178efa9ab8f813538fce4ff603b81ded9f1799Mark Andrews</table>
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews<hr>
bac2ed6ec3fbb5420e6ce69dd1218745d4e02b1eMark Andrews</div>
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews<div class="refentry">
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews<a name="man.delv"></a><div class="titlepage"></div>
ed178efa9ab8f813538fce4ff603b81ded9f1799Mark Andrews
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews  <div class="refnamediv">
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson<h2>Name</h2>
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews<p>
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews    delv
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson     &#8212; DNS lookup and validation utility
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews  </p>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington</div>
26a77b80bb7ee886c6fa704348d5e80a011d8811Mark Andrews
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews  <div class="refsynopsisdiv">
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews<h2>Synopsis</h2>
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews    <div class="cmdsynopsis"><p>
eaccf5e805405de257b5a4840256c580fefe00e3Mark Andrews      <code class="command">delv</code>
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews       [@server]
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews       [<code class="option">-4</code>]
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews       [<code class="option">-6</code>]
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews       [<code class="option">-a <em class="replaceable"><code>anchor-file</code></em></code>]
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson       [<code class="option">-b <em class="replaceable"><code>address</code></em></code>]
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson       [<code class="option">-c <em class="replaceable"><code>class</code></em></code>]
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson       [<code class="option">-d <em class="replaceable"><code>level</code></em></code>]
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson       [<code class="option">-i</code>]
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson       [<code class="option">-m</code>]
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson       [<code class="option">-p <em class="replaceable"><code>port#</code></em></code>]
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson       [<code class="option">-q <em class="replaceable"><code>name</code></em></code>]
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson       [<code class="option">-t <em class="replaceable"><code>type</code></em></code>]
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson       [<code class="option">-x <em class="replaceable"><code>addr</code></em></code>]
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson       [name]
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson       [type]
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson       [class]
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson       [queryopt...]
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson    </p></div>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington
c25080dc50542213058c240226c9f342186e6285Mark Andrews    <div class="cmdsynopsis"><p>
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews      <code class="command">delv</code>
413988c8166976498250c0ebb2e3a645d0366bd3Mark Andrews       [<code class="option">-h</code>]
0756445a735e2df39bf798d8de42ae5dd030aa3bMark Andrews    </p></div>
642e0716c8b4ab82ebc8e60f94c9e897ee89f19aMark Andrews
c25080dc50542213058c240226c9f342186e6285Mark Andrews    <div class="cmdsynopsis"><p>
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews      <code class="command">delv</code>
413988c8166976498250c0ebb2e3a645d0366bd3Mark Andrews       [<code class="option">-v</code>]
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews    </p></div>
c25080dc50542213058c240226c9f342186e6285Mark Andrews
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews    <div class="cmdsynopsis"><p>
413988c8166976498250c0ebb2e3a645d0366bd3Mark Andrews      <code class="command">delv</code>
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews       [queryopt...]
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews       [query...]
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews    </p></div>
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews  </div>
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews  <div class="refsection">
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews<a name="id-1.14.4.7"></a><h2>DESCRIPTION</h2>
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews    <p><span class="command"><strong>delv</strong></span>
642e0716c8b4ab82ebc8e60f94c9e897ee89f19aMark Andrews      (Domain Entity Lookup &amp; Validation) is a tool for sending
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews      DNS queries and validating the results, using the same internal
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews      resolver and validator logic as <span class="command"><strong>named</strong></span>.
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews    </p>
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews    <p>
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews      <span class="command"><strong>delv</strong></span> will send to a specified name server all
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews      queries needed to fetch and validate the requested data; this
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews      includes the original requested query, subsequent queries to follow
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews      CNAME or DNAME chains, and queries for DNSKEY, DS and DLV records
c25080dc50542213058c240226c9f342186e6285Mark Andrews      to establish a chain of trust for DNSSEC validation.
413988c8166976498250c0ebb2e3a645d0366bd3Mark Andrews      It does not perform iterative resolution, but simulates the
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews      behavior of a name server configured for DNSSEC validating and
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews      forwarding.
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews    </p>
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews    <p>
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews      By default, responses are validated using built-in DNSSEC trust
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews      anchors for the root zone (".") and for the ISC DNSSEC lookaside
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews      validation zone ("dlv.isc.org").  Records returned by
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews      <span class="command"><strong>delv</strong></span> are either fully validated or
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews      were not signed.  If validation fails, an explanation of
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews      the failure is included in the output; the validation process
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews      can be traced in detail.  Because <span class="command"><strong>delv</strong></span> does
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews      not rely on an external server to carry out validation, it can
ed178efa9ab8f813538fce4ff603b81ded9f1799Mark Andrews      be used to check the validity of DNS responses in environments
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews      where local name servers may not be trustworthy.
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews    </p>
642e0716c8b4ab82ebc8e60f94c9e897ee89f19aMark Andrews    <p>
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews      Unless it is told to query a specific name server,
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews      <span class="command"><strong>delv</strong></span> will try each of the servers listed in
c25080dc50542213058c240226c9f342186e6285Mark Andrews      <code class="filename">/etc/resolv.conf</code>. If no usable server
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews      addresses are found, <span class="command"><strong>delv</strong></span> will send
ed178efa9ab8f813538fce4ff603b81ded9f1799Mark Andrews      queries to the localhost addresses (127.0.0.1 for IPv4, ::1
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews      for IPv6).
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews    </p>
ca12f7f4cf72e2368ee946f3eb4915ab73576cdcMark Andrews    <p>
c25080dc50542213058c240226c9f342186e6285Mark Andrews      When no command line arguments or options are given,
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews      <span class="command"><strong>delv</strong></span> will perform an NS query for "."
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews      (the root zone).
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews    </p>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington  </div>
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews  <div class="refsection">
642e0716c8b4ab82ebc8e60f94c9e897ee89f19aMark Andrews<a name="id-1.14.4.8"></a><h2>SIMPLE USAGE</h2>
0756445a735e2df39bf798d8de42ae5dd030aa3bMark Andrews
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews    <p>
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews      A typical invocation of <span class="command"><strong>delv</strong></span> looks like:
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson      </p>
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews<pre class="programlisting"> delv @server name type </pre>
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews<p>
ca12f7f4cf72e2368ee946f3eb4915ab73576cdcMark Andrews      where:
7c40ffd67bd1e73907f83a79a6ff8c635f4a4a74Mark Andrews
0756445a735e2df39bf798d8de42ae5dd030aa3bMark Andrews      </p>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<div class="variablelist"><dl class="variablelist">
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews<dt><span class="term"><code class="constant">server</code></span></dt>
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews<dd>
eaccf5e805405de257b5a4840256c580fefe00e3Mark Andrews        <p>
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews          is the name or IP address of the name server to query.  This
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews          can be an IPv4 address in dotted-decimal notation or an IPv6
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson          address in colon-delimited notation.  When the supplied
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson          <em class="parameter"><code>server</code></em> argument is a hostname,
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews          <span class="command"><strong>delv</strong></span> resolves that name before
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington          querying that name server (note, however, that this
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews          initial lookup is <span class="emphasis"><em>not</em></span> validated
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews          by DNSSEC).
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews        </p>
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews        <p>
ed178efa9ab8f813538fce4ff603b81ded9f1799Mark Andrews          If no <em class="parameter"><code>server</code></em> argument is
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews          provided, <span class="command"><strong>delv</strong></span> consults
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews          <code class="filename">/etc/resolv.conf</code>; if an
5752b9e296f14034f103149f18188770c2cc5239Mark Andrews          address is found there, it queries the name server at
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews          that address. If either of the <code class="option">-4</code> or
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews          <code class="option">-6</code> options are in use, then
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews          only addresses for the corresponding transport
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews          will be tried.  If no usable addresses are found,
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews          <span class="command"><strong>delv</strong></span> will send queries to
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews          the localhost addresses (127.0.0.1 for IPv4,
e076d0c88be69de7c190ab924d095e69d2e11f7aAndreas Gustafsson          ::1 for IPv6).
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews        </p>
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews      </dd>
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews<dt><span class="term"><code class="constant">name</code></span></dt>
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews<dd>
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson        <p>
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson          is the domain name to be looked up.
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson        </p>
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews      </dd>
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson<dt><span class="term"><code class="constant">type</code></span></dt>
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson<dd>
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews        <p>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington          indicates what type of query is required &#8212;
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington          ANY, A, MX, etc.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington          <em class="parameter"><code>type</code></em> can be any valid query
eaccf5e805405de257b5a4840256c580fefe00e3Mark Andrews          type.  If no
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews          <em class="parameter"><code>type</code></em> argument is supplied,
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews          <span class="command"><strong>delv</strong></span> will perform a lookup for an
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews          A record.
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews        </p>
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews      </dd>
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews</dl></div>
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews<p>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington    </p>
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington  </div>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington  <div class="refsection">
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<a name="id-1.14.4.9"></a><h2>OPTIONS</h2>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington    <div class="variablelist"><dl class="variablelist">
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<dt><span class="term">-a <em class="replaceable"><code>anchor-file</code></em></span></dt>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<dd>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington      <p>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington        Specifies a file from which to read DNSSEC trust anchors.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington        The default is <code class="filename">/etc/bind.keys</code>, which
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington        is included with <acronym class="acronym">BIND</acronym> 9 and contains
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington        trust anchors for the root zone (".") and for the ISC
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington        DNSSEC lookaside validation zone ("dlv.isc.org").
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington      </p>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington      <p>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington        Keys that do not match the root or DLV trust-anchor
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington        names are ignored; these key names can be overridden
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington        using the <code class="option">+dlv=NAME</code> or
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington        <code class="option">+root=NAME</code> options.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington      </p>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington      <p>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington        Note: When reading the trust anchor file,
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington        <span class="command"><strong>delv</strong></span> treats <code class="option">managed-keys</code>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington        statements and <code class="option">trusted-keys</code> statements
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington        identically.  That is, for a managed key, it is the
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington        <span class="emphasis"><em>initial</em></span> key that is trusted; RFC 5011
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington        key management is not supported. <span class="command"><strong>delv</strong></span>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington        will not consult the managed-keys database maintained by
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington        <span class="command"><strong>named</strong></span>. This means that if either of the
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington        keys in <code class="filename">/etc/bind.keys</code> is revoked
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington        and rolled over, it will be necessary to update
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington        <code class="filename">/etc/bind.keys</code> to use DNSSEC
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington        validation in <span class="command"><strong>delv</strong></span>.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington      </p>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington    </dd>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<dt><span class="term">-b  <em class="replaceable"><code>address</code></em></span></dt>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<dd>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington      <p>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington        Sets the source IP address of the query to
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington        <em class="parameter"><code>address</code></em>.  This must be a valid address
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington        on one of the host's network interfaces or "0.0.0.0" or "::".
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington        An optional source port may be specified by appending
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington        "#&lt;port&gt;"
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington      </p>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington    </dd>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<dt><span class="term">-c <em class="replaceable"><code>class</code></em></span></dt>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<dd>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington      <p>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington        Sets the query class for the requested data. Currently,
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews        only class "IN" is supported in <span class="command"><strong>delv</strong></span>
eaccf5e805405de257b5a4840256c580fefe00e3Mark Andrews        and any other value is ignored.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington      </p>
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington    </dd>
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington<dt><span class="term">-d <em class="replaceable"><code>level</code></em></span></dt>
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington<dd>
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington      <p>
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington        Set the systemwide debug level to <code class="option">level</code>.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington        The allowed range is from 0 to 99.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington        The default is 0 (no debugging).
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington        Debugging traces from <span class="command"><strong>delv</strong></span> become
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington        more verbose as the debug level increases.
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington        See the <code class="option">+mtrace</code>, <code class="option">+rtrace</code>,
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews        and <code class="option">+vtrace</code> options below for additional
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington        debugging details.
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews      </p>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington    </dd>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<dt><span class="term">-h</span></dt>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<dd>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington      <p>
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews        Display the <span class="command"><strong>delv</strong></span> help usage output and exit.
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews      </p>
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews    </dd>
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews<dt><span class="term">-i</span></dt>
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews<dd>
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews      <p>
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews        Insecure mode. This disables internal DNSSEC validation.
eaccf5e805405de257b5a4840256c580fefe00e3Mark Andrews        (Note, however, this does not set the CD bit on upstream
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews        queries. If the server being queried is performing DNSSEC
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews        validation, then it will not return invalid data; this
eaccf5e805405de257b5a4840256c580fefe00e3Mark Andrews        can cause <span class="command"><strong>delv</strong></span> to time out. When it
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews        is necessary to examine invalid data to debug a DNSSEC
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews        problem, use <span class="command"><strong>dig +cd</strong></span>.)
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews      </p>
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews    </dd>
eaccf5e805405de257b5a4840256c580fefe00e3Mark Andrews<dt><span class="term">-m</span></dt>
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews<dd>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington      <p>
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews        Enables memory usage debugging.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington      </p>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington    </dd>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<dt><span class="term">-p <em class="replaceable"><code>port#</code></em></span></dt>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<dd>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington      <p>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington        Specifies a destination port to use for queries instead of
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington        the standard DNS port number 53.  This option would be used
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington        with a name server that has been configured to listen
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington        for queries on a non-standard port number.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington      </p>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington    </dd>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<dt><span class="term">-q <em class="replaceable"><code>name</code></em></span></dt>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<dd>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington      <p>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington        Sets the query name to <em class="parameter"><code>name</code></em>.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington        While the query name can be specified without using the
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington        <code class="option">-q</code>, it is sometimes necessary to disambiguate
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington        names from types or classes (for example, when looking up the
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington        name "ns", which could be misinterpreted as the type NS,
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington        or "ch", which could be misinterpreted as class CH).
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington      </p>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington    </dd>
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews<dt><span class="term">-t <em class="replaceable"><code>type</code></em></span></dt>
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews<dd>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington      <p>
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews        Sets the query type to <em class="parameter"><code>type</code></em>, which
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews        can be any valid query type supported in BIND 9 except
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews        for zone transfer types AXFR and IXFR. As with
eaccf5e805405de257b5a4840256c580fefe00e3Mark Andrews        <code class="option">-q</code>, this is useful to distinguish
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews        query name type or class when they are ambiguous.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington        it is sometimes necessary to disambiguate names from types.
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews      </p>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington      <p>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington        The default query type is "A", unless the <code class="option">-x</code>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington        option is supplied to indicate a reverse lookup, in which case
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington        it is "PTR".
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington      </p>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington    </dd>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<dt><span class="term">-v</span></dt>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<dd>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington      <p>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington        Print the <span class="command"><strong>delv</strong></span> version and exit.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington      </p>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington    </dd>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<dt><span class="term">-x <em class="replaceable"><code>addr</code></em></span></dt>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<dd>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington      <p>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington        Performs a reverse lookup, mapping an addresses to
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington        a name.  <em class="parameter"><code>addr</code></em> is an IPv4 address in
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington        dotted-decimal notation, or a colon-delimited IPv6 address.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington        When <code class="option">-x</code> is used, there is no need to provide
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington        the <em class="parameter"><code>name</code></em> or <em class="parameter"><code>type</code></em>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington        arguments.  <span class="command"><strong>delv</strong></span> automatically performs a
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington        lookup for a name like <code class="literal">11.12.13.10.in-addr.arpa</code>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington        and sets the query type to PTR.  IPv6 addresses are looked up
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington        using nibble format under the IP6.ARPA domain.
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews      </p>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington    </dd>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<dt><span class="term">-4</span></dt>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<dd>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington      <p>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington        Forces <span class="command"><strong>delv</strong></span> to only use IPv4.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington      </p>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington    </dd>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<dt><span class="term">-6</span></dt>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<dd>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington      <p>
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews        Forces <span class="command"><strong>delv</strong></span> to only use IPv6.
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews      </p>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington    </dd>
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews</dl></div>
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews  </div>
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews  <div class="refsection">
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews<a name="id-1.14.4.10"></a><h2>QUERY OPTIONS</h2>
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews    <p><span class="command"><strong>delv</strong></span>
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews      provides a number of query options which affect the way results are
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews      displayed, and in some cases the way lookups are performed.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington    </p>
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington    <p>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington      Each query option is identified by a keyword preceded by a plus sign
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington      (<code class="literal">+</code>).  Some keywords set or reset an
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington      option.  These may be preceded by the string
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington      <code class="literal">no</code> to negate the meaning of that keyword.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington      Other keywords assign values to options like the timeout interval.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington      They have the form <code class="option">+keyword=value</code>.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington      The query options are:
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington      </p>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<div class="variablelist"><dl class="variablelist">
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<dt><span class="term"><code class="option">+[no]cdflag</code></span></dt>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<dd>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington        <p>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington          Controls whether to set the CD (checking disabled) bit in
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington          queries sent by <span class="command"><strong>delv</strong></span>. This may be useful
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington          when troubleshooting DNSSEC problems from behind a validating
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington          resolver. A validating resolver will block invalid responses,
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington          making it difficult to retrieve them for analysis. Setting
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington          the CD flag on queries will cause the resolver to return
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington          invalid responses, which <span class="command"><strong>delv</strong></span> can then
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington          validate internally and report the errors in detail.
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews        </p>
eaccf5e805405de257b5a4840256c580fefe00e3Mark Andrews      </dd>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<dt><span class="term"><code class="option">+[no]class</code></span></dt>
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews<dd>
eaccf5e805405de257b5a4840256c580fefe00e3Mark Andrews        <p>
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews          Controls whether to display the CLASS when printing
eaccf5e805405de257b5a4840256c580fefe00e3Mark Andrews          a record. The default is to display the CLASS.
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews        </p>
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews      </dd>
eaccf5e805405de257b5a4840256c580fefe00e3Mark Andrews<dt><span class="term"><code class="option">+[no]ttl</code></span></dt>
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews<dd>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington        <p>
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews          Controls whether to display the TTL when printing
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews          a record. The default is to display the TTL.
eaccf5e805405de257b5a4840256c580fefe00e3Mark Andrews        </p>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington      </dd>
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews<dt><span class="term"><code class="option">+[no]rtrace</code></span></dt>
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews<dd>
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews        <p>
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington          Toggle resolver fetch logging. This reports the
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington          name and type of each query sent by <span class="command"><strong>delv</strong></span>
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington          in the process of carrying out the resolution and validation
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews          process: this includes including the original query and
83a810eba60ae87341a2d177ff60d834e26d7a90Mark Andrews          all subsequent queries to follow CNAMEs and to establish a
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington          chain of trust for DNSSEC validation.
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews        </p>
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews        <p>
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews          This is equivalent to setting the debug level to 1 in
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews          the "resolver" logging category. Setting the systemwide
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews          debug level to 1 using the <code class="option">-d</code> option will
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews          product the same output (but will affect other logging
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews          categories as well).
83a810eba60ae87341a2d177ff60d834e26d7a90Mark Andrews        </p>
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews      </dd>
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews<dt><span class="term"><code class="option">+[no]mtrace</code></span></dt>
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews<dd>
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews        <p>
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews          Toggle message logging. This produces a detailed dump of
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews          the responses received by <span class="command"><strong>delv</strong></span> in the
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews          process of carrying out the resolution and validation process.
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews        </p>
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews        <p>
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews          This is equivalent to setting the debug level to 10
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews          for the "packets" module of the "resolver" logging
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews          category. Setting the systemwide debug level to 10 using
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews          the <code class="option">-d</code> option will produce the same output
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews          (but will affect other logging categories as well).
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington        </p>
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews      </dd>
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews<dt><span class="term"><code class="option">+[no]vtrace</code></span></dt>
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews<dd>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington        <p>
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews          Toggle validation logging. This shows the internal
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews          process of the validator as it determines whether an
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington          answer is validly signed, unsigned, or invalid.
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews        </p>
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews        <p>
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews          This is equivalent to setting the debug level to 3
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews          for the "validator" module of the "dnssec" logging
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews          category. Setting the systemwide debug level to 3 using
6fac7ff1f9ec9c3873d3b55c5079fa79aba1f146Mark Andrews          the <code class="option">-d</code> option will produce the same output
6fac7ff1f9ec9c3873d3b55c5079fa79aba1f146Mark Andrews          (but will affect other logging categories as well).
6fac7ff1f9ec9c3873d3b55c5079fa79aba1f146Mark Andrews        </p>
6fac7ff1f9ec9c3873d3b55c5079fa79aba1f146Mark Andrews      </dd>
6fac7ff1f9ec9c3873d3b55c5079fa79aba1f146Mark Andrews<dt><span class="term"><code class="option">+[no]short</code></span></dt>
6fac7ff1f9ec9c3873d3b55c5079fa79aba1f146Mark Andrews<dd>
6fac7ff1f9ec9c3873d3b55c5079fa79aba1f146Mark Andrews        <p>
6fac7ff1f9ec9c3873d3b55c5079fa79aba1f146Mark Andrews          Provide a terse answer.  The default is to print the answer in a
6fac7ff1f9ec9c3873d3b55c5079fa79aba1f146Mark Andrews          verbose form.
6fac7ff1f9ec9c3873d3b55c5079fa79aba1f146Mark Andrews        </p>
6fac7ff1f9ec9c3873d3b55c5079fa79aba1f146Mark Andrews      </dd>
6fac7ff1f9ec9c3873d3b55c5079fa79aba1f146Mark Andrews<dt><span class="term"><code class="option">+[no]comments</code></span></dt>
6fac7ff1f9ec9c3873d3b55c5079fa79aba1f146Mark Andrews<dd>
6fac7ff1f9ec9c3873d3b55c5079fa79aba1f146Mark Andrews        <p>
6fac7ff1f9ec9c3873d3b55c5079fa79aba1f146Mark Andrews          Toggle the display of comment lines in the output.  The default
6fac7ff1f9ec9c3873d3b55c5079fa79aba1f146Mark Andrews          is to print comments.
6fac7ff1f9ec9c3873d3b55c5079fa79aba1f146Mark Andrews        </p>
48b492d73ae5328c5efef4b9e0f22063e0ab058aMark Andrews      </dd>
48b492d73ae5328c5efef4b9e0f22063e0ab058aMark Andrews<dt><span class="term"><code class="option">+[no]rrcomments</code></span></dt>
48b492d73ae5328c5efef4b9e0f22063e0ab058aMark Andrews<dd>
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews        <p>
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews          Toggle the display of per-record comments in the output (for
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews          example, human-readable key information about DNSKEY records).
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington          The default is to print per-record comments.
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews        </p>
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews      </dd>
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews<dt><span class="term"><code class="option">+[no]crypto</code></span></dt>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<dd>
ca9a8f6d0b0f2a400a96f868193471510364336fMark Andrews        <p>
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews          Toggle the display of cryptographic fields in DNSSEC records.
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews          The contents of these field are unnecessary to debug most DNSSEC
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews          validation failures and removing them makes it easier to see
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews          the common failures.  The default is to display the fields.
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews          When omitted they are replaced by the string "[omitted]" or
854b0d831e45a90211917e3a49f40d10c4a2ee79Mark Andrews          in the DNSKEY case the key id is displayed as the replacement,
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews          e.g. "[ key id = value ]".
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington        </p>
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews      </dd>
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews<dt><span class="term"><code class="option">+[no]trust</code></span></dt>
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews<dd>
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews        <p>
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews          Controls whether to display the trust level when printing
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews          a record. The default is to display the trust level.
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews        </p>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington      </dd>
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews<dt><span class="term"><code class="option">+[no]split[=W]</code></span></dt>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<dd>
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews        <p>
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews          Split long hex- or base64-formatted fields in resource
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews          records into chunks of <em class="parameter"><code>W</code></em> characters
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews          (where <em class="parameter"><code>W</code></em> is rounded up to the nearest
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews          multiple of 4).
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews          <em class="parameter"><code>+nosplit</code></em> or
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews          <em class="parameter"><code>+split=0</code></em> causes fields not to be
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington          split at all.  The default is 56 characters, or 44 characters
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington          when multiline mode is active.
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews        </p>
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews      </dd>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<dt><span class="term"><code class="option">+[no]all</code></span></dt>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<dd>
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews        <p>
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews          Set or clear the display options
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington          <code class="option">+[no]comments</code>,
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews          <code class="option">+[no]rrcomments</code>, and
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews          <code class="option">+[no]trust</code> as a group.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington        </p>
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews      </dd>
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews<dt><span class="term"><code class="option">+[no]multiline</code></span></dt>
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews<dd>
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews        <p>
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews          Print long records (such as RRSIG, DNSKEY, and SOA records)
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington          in a verbose multi-line format with human-readable comments.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington          The default is to print each record on a single line, to
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington          facilitate machine parsing of the <span class="command"><strong>delv</strong></span>
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews          output.
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews        </p>
83a810eba60ae87341a2d177ff60d834e26d7a90Mark Andrews      </dd>
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews<dt><span class="term"><code class="option">+[no]dnssec</code></span></dt>
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews<dd>
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews        <p>
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews          Indicates whether to display RRSIG records in the
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews          <span class="command"><strong>delv</strong></span> output.  The default is to
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington          do so.  Note that (unlike in <span class="command"><strong>dig</strong></span>)
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington          this does <span class="emphasis"><em>not</em></span> control whether to
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews          request DNSSEC records or whether to validate them.
7a6ad11e0185a73984410f3252f3c49c3a301dbdBrian Wellington          DNSSEC records are always requested, and validation
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews          will always occur unless suppressed by the use of
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews          <code class="option">-i</code> or <code class="option">+noroot</code> and
7a6ad11e0185a73984410f3252f3c49c3a301dbdBrian Wellington          <code class="option">+nodlv</code>.
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews        </p>
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews      </dd>
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews<dt><span class="term"><code class="option">+[no]root[=ROOT]</code></span></dt>
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews<dd>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington        <p>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington          Indicates whether to perform conventional (non-lookaside)
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington          DNSSEC validation, and if so, specifies the
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington          name of a trust anchor.  The default is to validate using
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington          a trust anchor of "." (the root zone), for which there is
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington          a built-in key.  If specifying a different trust anchor,
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews          then <code class="option">-a</code> must be used to specify a file
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews          containing the key.
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews        </p>
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews      </dd>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<dt><span class="term"><code class="option">+[no]dlv[=DLV]</code></span></dt>
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews<dd>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington        <p>
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews          Indicates whether to perform DNSSEC lookaside validation,
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews          and if so, specifies the name of the DLV trust anchor.
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews          The default is to perform lookaside validation using
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington          a trust anchor of "dlv.isc.org", for which there is a
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews          built-in key.  If specifying a different name, then
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews          <code class="option">-a</code> must be used to specify a file
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews          containing the DLV key.
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews        </p>
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews      </dd>
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews<dt><span class="term"><code class="option">+[no]tcp</code></span></dt>
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews<dd>
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews        <p>
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews          Controls whether to use TCP when sending queries.
e076d0c88be69de7c190ab924d095e69d2e11f7aAndreas Gustafsson          The default is to use UDP unless a truncated
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews          response has been received.
e076d0c88be69de7c190ab924d095e69d2e11f7aAndreas Gustafsson        </p>
e076d0c88be69de7c190ab924d095e69d2e11f7aAndreas Gustafsson      </dd>
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews</dl></div>
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews<p>
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews    </p>
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews  </div>
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews  <div class="refsection">
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<a name="id-1.14.4.11"></a><h2>FILES</h2>
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews    <p><code class="filename">/etc/bind.keys</code></p>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington    <p><code class="filename">/etc/resolv.conf</code></p>
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews  </div>
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews  <div class="refsection">
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews<a name="id-1.14.4.12"></a><h2>SEE ALSO</h2>
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington    <p><span class="citerefentry">
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews    <span class="refentrytitle">dig</span>(1)
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews      </span>,
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews      <span class="citerefentry">
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington    <span class="refentrytitle">named</span>(8)
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews      </span>,
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington      <em class="citetitle">RFC4034</em>,
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington      <em class="citetitle">RFC4035</em>,
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington      <em class="citetitle">RFC4431</em>,
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington      <em class="citetitle">RFC5074</em>,
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews      <em class="citetitle">RFC5155</em>.
49ef9cb60f37eb190986b750db57a194c8f7321cMark Andrews    </p>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington  </div>
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews</div>
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews<div class="navfooter">
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews<hr>
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews<table width="100%" summary="Navigation footer">
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews<tr>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<td width="40%" align="left">
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews<a accesskey="p" href="man.host.html">Prev</a>�</td>
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews<td width="20%" align="center"><a accesskey="u" href="Bv9ARM.ch13.html">Up</a></td>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<td width="40%" align="right">�<a accesskey="n" href="man.dnssec-checkds.html">Next</a>
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews</td>
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews</tr>
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews<tr>
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews<td width="40%" align="left" valign="top">host�</td>
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews<td width="20%" align="center"><a accesskey="h" href="Bv9ARM.html">Home</a></td>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<td width="40%" align="right" valign="top">�<span class="application">dnssec-checkds</span>
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews</td>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington</tr>
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews</table>
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews</div>
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.0pre-alpha</p>
53aed64e0f8553762fc0c380ee41cb42f514c7d5Brian Wellington</body>
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews</html>
53aed64e0f8553762fc0c380ee41cb42f514c7d5Brian Wellington