doc/arm/man.delv.html

	man.delv.html revision 8dcec3cf256105c620d02d5c84c9ccbfe495ca8d
1d882e9533b20c0e0783e9d17fcd3f5466fa422fcilix<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
1d882e9533b20c0e0783e9d17fcd3f5466fa422fcilix<!--
1d882e9533b20c0e0783e9d17fcd3f5466fa422fcilix - Copyright (C) 2000-2016 Internet Systems Consortium, Inc. ("ISC")
1d882e9533b20c0e0783e9d17fcd3f5466fa422fcilix -
1d882e9533b20c0e0783e9d17fcd3f5466fa422fcilix - This Source Code Form is subject to the terms of the Mozilla Public
1d882e9533b20c0e0783e9d17fcd3f5466fa422fcilix - License, v. 2.0. If a copy of the MPL was not distributed with this
3616fc4f881e624b50093cef5f017751ddf51b07cilix - file, You can obtain one at http://mozilla.org/MPL/2.0/.
3616fc4f881e624b50093cef5f017751ddf51b07cilix-->
1d882e9533b20c0e0783e9d17fcd3f5466fa422fcilix<html lang="en">
1d882e9533b20c0e0783e9d17fcd3f5466fa422fcilix<head>
3616fc4f881e624b50093cef5f017751ddf51b07cilix<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
1d882e9533b20c0e0783e9d17fcd3f5466fa422fcilix<title>delv</title>
1d882e9533b20c0e0783e9d17fcd3f5466fa422fcilix<meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
1d882e9533b20c0e0783e9d17fcd3f5466fa422fcilix<link rel="home" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
1d882e9533b20c0e0783e9d17fcd3f5466fa422fcilix<link rel="up" href="Bv9ARM.ch13.html" title="Manual pages">
3616fc4f881e624b50093cef5f017751ddf51b07cilix<link rel="prev" href="man.host.html" title="host">
3616fc4f881e624b50093cef5f017751ddf51b07cilix<link rel="next" href="man.nslookup.html" title="nslookup">
1d882e9533b20c0e0783e9d17fcd3f5466fa422fcilix</head>
833612d1c1e43055c4428afa90dd2b112a439780cilix<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix<div class="navheader">
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix<table width="100%" summary="Navigation header">
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix<tr><th colspan="3" align="center">delv</th></tr>
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix<tr>
1d882e9533b20c0e0783e9d17fcd3f5466fa422fcilix<td width="20%" align="left">
36f768de5093f93de10e3b516a2b6f8b74f41513cilix<a accesskey="p" href="man.host.html">Prev</a>�</td>
36f768de5093f93de10e3b516a2b6f8b74f41513cilix<th width="60%" align="center">Manual pages</th>
1d882e9533b20c0e0783e9d17fcd3f5466fa422fcilix<td width="20%" align="right">�<a accesskey="n" href="man.nslookup.html">Next</a>
1d882e9533b20c0e0783e9d17fcd3f5466fa422fcilix</td>
833612d1c1e43055c4428afa90dd2b112a439780cilix</tr>
833612d1c1e43055c4428afa90dd2b112a439780cilix</table>
833612d1c1e43055c4428afa90dd2b112a439780cilix<hr>
833612d1c1e43055c4428afa90dd2b112a439780cilix</div>
833612d1c1e43055c4428afa90dd2b112a439780cilix<div class="refentry">
833612d1c1e43055c4428afa90dd2b112a439780cilix<a name="man.delv"></a><div class="titlepage"></div>
833612d1c1e43055c4428afa90dd2b112a439780cilix
833612d1c1e43055c4428afa90dd2b112a439780cilix
833612d1c1e43055c4428afa90dd2b112a439780cilix
833612d1c1e43055c4428afa90dd2b112a439780cilix
833612d1c1e43055c4428afa90dd2b112a439780cilix
833612d1c1e43055c4428afa90dd2b112a439780cilix  <div class="refnamediv">
833612d1c1e43055c4428afa90dd2b112a439780cilix<h2>Name</h2>
833612d1c1e43055c4428afa90dd2b112a439780cilix<p>
833612d1c1e43055c4428afa90dd2b112a439780cilix    delv
833612d1c1e43055c4428afa90dd2b112a439780cilix     &#8212; DNS lookup and validation utility
833612d1c1e43055c4428afa90dd2b112a439780cilix  </p>
833612d1c1e43055c4428afa90dd2b112a439780cilix</div>
833612d1c1e43055c4428afa90dd2b112a439780cilix
833612d1c1e43055c4428afa90dd2b112a439780cilix
833612d1c1e43055c4428afa90dd2b112a439780cilix
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix  <div class="refsynopsisdiv">
833612d1c1e43055c4428afa90dd2b112a439780cilix<h2>Synopsis</h2>
833612d1c1e43055c4428afa90dd2b112a439780cilix    <div class="cmdsynopsis"><p>
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix      <code class="command">delv</code>
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix       [@server]
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix       [<code class="option">-4</code>]
833612d1c1e43055c4428afa90dd2b112a439780cilix       [<code class="option">-6</code>]
833612d1c1e43055c4428afa90dd2b112a439780cilix       [<code class="option">-a <em class="replaceable"><code>anchor-file</code></em></code>]
833612d1c1e43055c4428afa90dd2b112a439780cilix       [<code class="option">-b <em class="replaceable"><code>address</code></em></code>]
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix       [<code class="option">-c <em class="replaceable"><code>class</code></em></code>]
833612d1c1e43055c4428afa90dd2b112a439780cilix       [<code class="option">-d <em class="replaceable"><code>level</code></em></code>]
833612d1c1e43055c4428afa90dd2b112a439780cilix       [<code class="option">-i</code>]
36f768de5093f93de10e3b516a2b6f8b74f41513cilix       [<code class="option">-m</code>]
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix       [<code class="option">-p <em class="replaceable"><code>port#</code></em></code>]
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix       [<code class="option">-q <em class="replaceable"><code>name</code></em></code>]
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix       [<code class="option">-t <em class="replaceable"><code>type</code></em></code>]
3616fc4f881e624b50093cef5f017751ddf51b07cilix       [<code class="option">-x <em class="replaceable"><code>addr</code></em></code>]
3616fc4f881e624b50093cef5f017751ddf51b07cilix       [name]
3616fc4f881e624b50093cef5f017751ddf51b07cilix       [type]
3616fc4f881e624b50093cef5f017751ddf51b07cilix       [class]
3616fc4f881e624b50093cef5f017751ddf51b07cilix       [queryopt...]
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix    </p></div>
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix
3616fc4f881e624b50093cef5f017751ddf51b07cilix    <div class="cmdsynopsis"><p>
3616fc4f881e624b50093cef5f017751ddf51b07cilix      <code class="command">delv</code>
3616fc4f881e624b50093cef5f017751ddf51b07cilix       [<code class="option">-h</code>]
3616fc4f881e624b50093cef5f017751ddf51b07cilix    </p></div>
3616fc4f881e624b50093cef5f017751ddf51b07cilix
3616fc4f881e624b50093cef5f017751ddf51b07cilix    <div class="cmdsynopsis"><p>
833612d1c1e43055c4428afa90dd2b112a439780cilix      <code class="command">delv</code>
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix       [<code class="option">-v</code>]
833612d1c1e43055c4428afa90dd2b112a439780cilix    </p></div>
833612d1c1e43055c4428afa90dd2b112a439780cilix
3616fc4f881e624b50093cef5f017751ddf51b07cilix    <div class="cmdsynopsis"><p>
833612d1c1e43055c4428afa90dd2b112a439780cilix      <code class="command">delv</code>
833612d1c1e43055c4428afa90dd2b112a439780cilix       [queryopt...]
833612d1c1e43055c4428afa90dd2b112a439780cilix       [query...]
3616fc4f881e624b50093cef5f017751ddf51b07cilix    </p></div>
209527815f6ad1b81d21bb3188947aef3d845010cilix  </div>
3616fc4f881e624b50093cef5f017751ddf51b07cilix
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix  <div class="refsection">
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix<a name="id-1.14.5.7"></a><h2>DESCRIPTION</h2>
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix    <p><span class="command"><strong>delv</strong></span>
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix      (Domain Entity Lookup &amp; Validation) is a tool for sending
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix      DNS queries and validating the results, using the same internal
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix      resolver and validator logic as <span class="command"><strong>named</strong></span>.
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix    </p>
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix    <p>
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix      <span class="command"><strong>delv</strong></span> will send to a specified name server all
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix      queries needed to fetch and validate the requested data; this
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix      includes the original requested query, subsequent queries to follow
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix      CNAME or DNAME chains, and queries for DNSKEY, DS and DLV records
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix      to establish a chain of trust for DNSSEC validation.
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix      It does not perform iterative resolution, but simulates the
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix      behavior of a name server configured for DNSSEC validating and
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix      forwarding.
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix    </p>
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix    <p>
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix      By default, responses are validated using built-in DNSSEC trust
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix      anchors for the root zone (".") and for the ISC DNSSEC lookaside
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix      validation zone ("dlv.isc.org").  Records returned by
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix      <span class="command"><strong>delv</strong></span> are either fully validated or
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix      were not signed.  If validation fails, an explanation of
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix      the failure is included in the output; the validation process
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix      can be traced in detail.  Because <span class="command"><strong>delv</strong></span> does
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix      not rely on an external server to carry out validation, it can
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix      be used to check the validity of DNS responses in environments
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix      where local name servers may not be trustworthy.
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix    </p>
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix    <p>
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix      Unless it is told to query a specific name server,
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix      <span class="command"><strong>delv</strong></span> will try each of the servers listed in
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix      <code class="filename">/etc/resolv.conf</code>. If no usable server
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix      addresses are found, <span class="command"><strong>delv</strong></span> will send
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix      queries to the localhost addresses (127.0.0.1 for IPv4, ::1
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix      for IPv6).
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix    </p>
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix    <p>
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix      When no command line arguments or options are given,
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix      <span class="command"><strong>delv</strong></span> will perform an NS query for "."
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix      (the root zone).
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix    </p>
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix  </div>
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix  <div class="refsection">
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix<a name="id-1.14.5.8"></a><h2>SIMPLE USAGE</h2>
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix    <p>
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix      A typical invocation of <span class="command"><strong>delv</strong></span> looks like:
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix      </p>
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix<pre class="programlisting"> delv @server name type </pre>
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix<p>
3616fc4f881e624b50093cef5f017751ddf51b07cilix      where:
3616fc4f881e624b50093cef5f017751ddf51b07cilix
3616fc4f881e624b50093cef5f017751ddf51b07cilix      </p>
3616fc4f881e624b50093cef5f017751ddf51b07cilix<div class="variablelist"><dl class="variablelist">
3616fc4f881e624b50093cef5f017751ddf51b07cilix<dt><span class="term"><code class="constant">server</code></span></dt>
3616fc4f881e624b50093cef5f017751ddf51b07cilix<dd>
3616fc4f881e624b50093cef5f017751ddf51b07cilix        <p>
3616fc4f881e624b50093cef5f017751ddf51b07cilix          is the name or IP address of the name server to query.  This
3616fc4f881e624b50093cef5f017751ddf51b07cilix          can be an IPv4 address in dotted-decimal notation or an IPv6
3616fc4f881e624b50093cef5f017751ddf51b07cilix          address in colon-delimited notation.  When the supplied
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix          <em class="parameter"><code>server</code></em> argument is a hostname,
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix          <span class="command"><strong>delv</strong></span> resolves that name before
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix          querying that name server (note, however, that this
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix          initial lookup is <span class="emphasis"><em>not</em></span> validated
3616fc4f881e624b50093cef5f017751ddf51b07cilix          by DNSSEC).
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix        </p>
3616fc4f881e624b50093cef5f017751ddf51b07cilix        <p>
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix          If no <em class="parameter"><code>server</code></em> argument is
3616fc4f881e624b50093cef5f017751ddf51b07cilix          provided, <span class="command"><strong>delv</strong></span> consults
3616fc4f881e624b50093cef5f017751ddf51b07cilix          <code class="filename">/etc/resolv.conf</code>; if an
3616fc4f881e624b50093cef5f017751ddf51b07cilix          address is found there, it queries the name server at
3616fc4f881e624b50093cef5f017751ddf51b07cilix          that address. If either of the <code class="option">-4</code> or
3616fc4f881e624b50093cef5f017751ddf51b07cilix          <code class="option">-6</code> options are in use, then
3616fc4f881e624b50093cef5f017751ddf51b07cilix          only addresses for the corresponding transport
3616fc4f881e624b50093cef5f017751ddf51b07cilix          will be tried.  If no usable addresses are found,
3616fc4f881e624b50093cef5f017751ddf51b07cilix          <span class="command"><strong>delv</strong></span> will send queries to
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix          the localhost addresses (127.0.0.1 for IPv4,
3616fc4f881e624b50093cef5f017751ddf51b07cilix          ::1 for IPv6).
3616fc4f881e624b50093cef5f017751ddf51b07cilix        </p>
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix      </dd>
3616fc4f881e624b50093cef5f017751ddf51b07cilix<dt><span class="term"><code class="constant">name</code></span></dt>
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix<dd>
b9314c4c1c56471487e07aa368f0e311d29bee58cilix        <p>
3616fc4f881e624b50093cef5f017751ddf51b07cilix          is the domain name to be looked up.
36f768de5093f93de10e3b516a2b6f8b74f41513cilix        </p>
36f768de5093f93de10e3b516a2b6f8b74f41513cilix      </dd>
3616fc4f881e624b50093cef5f017751ddf51b07cilix<dt><span class="term"><code class="constant">type</code></span></dt>
3616fc4f881e624b50093cef5f017751ddf51b07cilix<dd>
3616fc4f881e624b50093cef5f017751ddf51b07cilix        <p>
3616fc4f881e624b50093cef5f017751ddf51b07cilix          indicates what type of query is required &#8212;
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix          ANY, A, MX, etc.
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix          <em class="parameter"><code>type</code></em> can be any valid query
3616fc4f881e624b50093cef5f017751ddf51b07cilix          type.  If no
3616fc4f881e624b50093cef5f017751ddf51b07cilix          <em class="parameter"><code>type</code></em> argument is supplied,
3616fc4f881e624b50093cef5f017751ddf51b07cilix          <span class="command"><strong>delv</strong></span> will perform a lookup for an
3616fc4f881e624b50093cef5f017751ddf51b07cilix          A record.
3616fc4f881e624b50093cef5f017751ddf51b07cilix        </p>
3616fc4f881e624b50093cef5f017751ddf51b07cilix      </dd>
833612d1c1e43055c4428afa90dd2b112a439780cilix</dl></div>
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix<p>
3616fc4f881e624b50093cef5f017751ddf51b07cilix    </p>
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix  </div>
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix  <div class="refsection">
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix<a name="id-1.14.5.9"></a><h2>OPTIONS</h2>
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix
833612d1c1e43055c4428afa90dd2b112a439780cilix    <div class="variablelist"><dl class="variablelist">
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix<dt><span class="term">-a <em class="replaceable"><code>anchor-file</code></em></span></dt>
833612d1c1e43055c4428afa90dd2b112a439780cilix<dd>
833612d1c1e43055c4428afa90dd2b112a439780cilix      <p>
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix        Specifies a file from which to read DNSSEC trust anchors.
833612d1c1e43055c4428afa90dd2b112a439780cilix        The default is <code class="filename">/etc/bind.keys</code>, which
3616fc4f881e624b50093cef5f017751ddf51b07cilix        is included with <acronym class="acronym">BIND</acronym> 9 and contains
3616fc4f881e624b50093cef5f017751ddf51b07cilix        trust anchors for the root zone (".") and for the ISC
3616fc4f881e624b50093cef5f017751ddf51b07cilix        DNSSEC lookaside validation zone ("dlv.isc.org").
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix      </p>
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix      <p>
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix        Keys that do not match the root or DLV trust-anchor
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix        names are ignored; these key names can be overridden
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix        using the <code class="option">+dlv=NAME</code> or
3616fc4f881e624b50093cef5f017751ddf51b07cilix        <code class="option">+root=NAME</code> options.
3616fc4f881e624b50093cef5f017751ddf51b07cilix      </p>
3616fc4f881e624b50093cef5f017751ddf51b07cilix      <p>
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix        Note: When reading the trust anchor file,
833612d1c1e43055c4428afa90dd2b112a439780cilix        <span class="command"><strong>delv</strong></span> treats <code class="option">managed-keys</code>
833612d1c1e43055c4428afa90dd2b112a439780cilix        statements and <code class="option">trusted-keys</code> statements
3616fc4f881e624b50093cef5f017751ddf51b07cilix        identically.  That is, for a managed key, it is the
833612d1c1e43055c4428afa90dd2b112a439780cilix        <span class="emphasis"><em>initial</em></span> key that is trusted; RFC 5011
bedbeec8a0241f2d83052b4c9e3f40510b1edb73cilix        key management is not supported. <span class="command"><strong>delv</strong></span>
833612d1c1e43055c4428afa90dd2b112a439780cilix        will not consult the managed-keys database maintained by
833612d1c1e43055c4428afa90dd2b112a439780cilix        <span class="command"><strong>named</strong></span>. This means that if either of the
833612d1c1e43055c4428afa90dd2b112a439780cilix        keys in <code class="filename">/etc/bind.keys</code> is revoked
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix        and rolled over, it will be necessary to update
833612d1c1e43055c4428afa90dd2b112a439780cilix        <code class="filename">/etc/bind.keys</code> to use DNSSEC
833612d1c1e43055c4428afa90dd2b112a439780cilix        validation in <span class="command"><strong>delv</strong></span>.
833612d1c1e43055c4428afa90dd2b112a439780cilix      </p>
833612d1c1e43055c4428afa90dd2b112a439780cilix    </dd>
833612d1c1e43055c4428afa90dd2b112a439780cilix<dt><span class="term">-b  <em class="replaceable"><code>address</code></em></span></dt>
833612d1c1e43055c4428afa90dd2b112a439780cilix<dd>
833612d1c1e43055c4428afa90dd2b112a439780cilix      <p>
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix        Sets the source IP address of the query to
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix        <em class="parameter"><code>address</code></em>.  This must be a valid address
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix        on one of the host's network interfaces or "0.0.0.0" or "::".
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix        An optional source port may be specified by appending
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix        "#&lt;port&gt;"
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix      </p>
833612d1c1e43055c4428afa90dd2b112a439780cilix    </dd>
833612d1c1e43055c4428afa90dd2b112a439780cilix<dt><span class="term">-c <em class="replaceable"><code>class</code></em></span></dt>
833612d1c1e43055c4428afa90dd2b112a439780cilix<dd>
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix      <p>
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix        Sets the query class for the requested data. Currently,
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix        only class "IN" is supported in <span class="command"><strong>delv</strong></span>
833612d1c1e43055c4428afa90dd2b112a439780cilix        and any other value is ignored.
833612d1c1e43055c4428afa90dd2b112a439780cilix      </p>
833612d1c1e43055c4428afa90dd2b112a439780cilix    </dd>
bedbeec8a0241f2d83052b4c9e3f40510b1edb73cilix<dt><span class="term">-d <em class="replaceable"><code>level</code></em></span></dt>
bedbeec8a0241f2d83052b4c9e3f40510b1edb73cilix<dd>
833612d1c1e43055c4428afa90dd2b112a439780cilix      <p>
bedbeec8a0241f2d83052b4c9e3f40510b1edb73cilix        Set the systemwide debug level to <code class="option">level</code>.
bedbeec8a0241f2d83052b4c9e3f40510b1edb73cilix        The allowed range is from 0 to 99.
bedbeec8a0241f2d83052b4c9e3f40510b1edb73cilix        The default is 0 (no debugging).
bedbeec8a0241f2d83052b4c9e3f40510b1edb73cilix        Debugging traces from <span class="command"><strong>delv</strong></span> become
833612d1c1e43055c4428afa90dd2b112a439780cilix        more verbose as the debug level increases.
833612d1c1e43055c4428afa90dd2b112a439780cilix        See the <code class="option">+mtrace</code>, <code class="option">+rtrace</code>,
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix        and <code class="option">+vtrace</code> options below for additional
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix        debugging details.
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix      </p>
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix    </dd>
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix<dt><span class="term">-h</span></dt>
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix<dd>
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix      <p>
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix        Display the <span class="command"><strong>delv</strong></span> help usage output and exit.
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix      </p>
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix    </dd>
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix<dt><span class="term">-i</span></dt>
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix<dd>
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix      <p>
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix        Insecure mode. This disables internal DNSSEC validation.
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix        (Note, however, this does not set the CD bit on upstream
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix        queries. If the server being queried is performing DNSSEC
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix        validation, then it will not return invalid data; this
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix        can cause <span class="command"><strong>delv</strong></span> to time out. When it
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix        is necessary to examine invalid data to debug a DNSSEC
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix        problem, use <span class="command"><strong>dig +cd</strong></span>.)
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix      </p>
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix    </dd>
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix<dt><span class="term">-m</span></dt>
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix<dd>
833612d1c1e43055c4428afa90dd2b112a439780cilix      <p>
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix        Enables memory usage debugging.
833612d1c1e43055c4428afa90dd2b112a439780cilix      </p>
833612d1c1e43055c4428afa90dd2b112a439780cilix    </dd>
833612d1c1e43055c4428afa90dd2b112a439780cilix<dt><span class="term">-p <em class="replaceable"><code>port#</code></em></span></dt>
833612d1c1e43055c4428afa90dd2b112a439780cilix<dd>
833612d1c1e43055c4428afa90dd2b112a439780cilix      <p>
833612d1c1e43055c4428afa90dd2b112a439780cilix        Specifies a destination port to use for queries instead of
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix        the standard DNS port number 53.  This option would be used
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix        with a name server that has been configured to listen
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix        for queries on a non-standard port number.
fbdfd8486b6e079ebac503d948d77131bffaa600cilix      </p>
fbdfd8486b6e079ebac503d948d77131bffaa600cilix    </dd>
fbdfd8486b6e079ebac503d948d77131bffaa600cilix<dt><span class="term">-q <em class="replaceable"><code>name</code></em></span></dt>
fbdfd8486b6e079ebac503d948d77131bffaa600cilix<dd>
fbdfd8486b6e079ebac503d948d77131bffaa600cilix      <p>
fbdfd8486b6e079ebac503d948d77131bffaa600cilix        Sets the query name to <em class="parameter"><code>name</code></em>.
fbdfd8486b6e079ebac503d948d77131bffaa600cilix        While the query name can be specified without using the
fbdfd8486b6e079ebac503d948d77131bffaa600cilix        <code class="option">-q</code>, it is sometimes necessary to disambiguate
fbdfd8486b6e079ebac503d948d77131bffaa600cilix        names from types or classes (for example, when looking up the
fbdfd8486b6e079ebac503d948d77131bffaa600cilix        name "ns", which could be misinterpreted as the type NS,
fbdfd8486b6e079ebac503d948d77131bffaa600cilix        or "ch", which could be misinterpreted as class CH).
fbdfd8486b6e079ebac503d948d77131bffaa600cilix      </p>
fbdfd8486b6e079ebac503d948d77131bffaa600cilix    </dd>
fbdfd8486b6e079ebac503d948d77131bffaa600cilix<dt><span class="term">-t <em class="replaceable"><code>type</code></em></span></dt>
fbdfd8486b6e079ebac503d948d77131bffaa600cilix<dd>
fbdfd8486b6e079ebac503d948d77131bffaa600cilix      <p>
fbdfd8486b6e079ebac503d948d77131bffaa600cilix        Sets the query type to <em class="parameter"><code>type</code></em>, which
fbdfd8486b6e079ebac503d948d77131bffaa600cilix        can be any valid query type supported in BIND 9 except
fbdfd8486b6e079ebac503d948d77131bffaa600cilix        for zone transfer types AXFR and IXFR. As with
fbdfd8486b6e079ebac503d948d77131bffaa600cilix        <code class="option">-q</code>, this is useful to distinguish
fbdfd8486b6e079ebac503d948d77131bffaa600cilix        query name type or class when they are ambiguous.
fbdfd8486b6e079ebac503d948d77131bffaa600cilix        it is sometimes necessary to disambiguate names from types.
fbdfd8486b6e079ebac503d948d77131bffaa600cilix      </p>
fbdfd8486b6e079ebac503d948d77131bffaa600cilix      <p>
833612d1c1e43055c4428afa90dd2b112a439780cilix        The default query type is "A", unless the <code class="option">-x</code>
833612d1c1e43055c4428afa90dd2b112a439780cilix        option is supplied to indicate a reverse lookup, in which case
833612d1c1e43055c4428afa90dd2b112a439780cilix        it is "PTR".
833612d1c1e43055c4428afa90dd2b112a439780cilix      </p>
833612d1c1e43055c4428afa90dd2b112a439780cilix    </dd>
833612d1c1e43055c4428afa90dd2b112a439780cilix<dt><span class="term">-v</span></dt>
833612d1c1e43055c4428afa90dd2b112a439780cilix<dd>
833612d1c1e43055c4428afa90dd2b112a439780cilix      <p>
833612d1c1e43055c4428afa90dd2b112a439780cilix        Print the <span class="command"><strong>delv</strong></span> version and exit.
833612d1c1e43055c4428afa90dd2b112a439780cilix      </p>
833612d1c1e43055c4428afa90dd2b112a439780cilix    </dd>
833612d1c1e43055c4428afa90dd2b112a439780cilix<dt><span class="term">-x <em class="replaceable"><code>addr</code></em></span></dt>
833612d1c1e43055c4428afa90dd2b112a439780cilix<dd>
833612d1c1e43055c4428afa90dd2b112a439780cilix      <p>
833612d1c1e43055c4428afa90dd2b112a439780cilix        Performs a reverse lookup, mapping an addresses to
833612d1c1e43055c4428afa90dd2b112a439780cilix        a name.  <em class="parameter"><code>addr</code></em> is an IPv4 address in
833612d1c1e43055c4428afa90dd2b112a439780cilix        dotted-decimal notation, or a colon-delimited IPv6 address.
833612d1c1e43055c4428afa90dd2b112a439780cilix        When <code class="option">-x</code> is used, there is no need to provide
833612d1c1e43055c4428afa90dd2b112a439780cilix        the <em class="parameter"><code>name</code></em> or <em class="parameter"><code>type</code></em>
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix        arguments.  <span class="command"><strong>delv</strong></span> automatically performs a
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix        lookup for a name like <code class="literal">11.12.13.10.in-addr.arpa</code>
833612d1c1e43055c4428afa90dd2b112a439780cilix        and sets the query type to PTR.  IPv6 addresses are looked up
833612d1c1e43055c4428afa90dd2b112a439780cilix        using nibble format under the IP6.ARPA domain.
e243dcc81f91e3c087610302fc55562d5749e5d8cilix      </p>
e243dcc81f91e3c087610302fc55562d5749e5d8cilix    </dd>
e243dcc81f91e3c087610302fc55562d5749e5d8cilix<dt><span class="term">-4</span></dt>
e243dcc81f91e3c087610302fc55562d5749e5d8cilix<dd>
e243dcc81f91e3c087610302fc55562d5749e5d8cilix      <p>
e243dcc81f91e3c087610302fc55562d5749e5d8cilix        Forces <span class="command"><strong>delv</strong></span> to only use IPv4.
e243dcc81f91e3c087610302fc55562d5749e5d8cilix      </p>
e243dcc81f91e3c087610302fc55562d5749e5d8cilix    </dd>
e243dcc81f91e3c087610302fc55562d5749e5d8cilix<dt><span class="term">-6</span></dt>
e243dcc81f91e3c087610302fc55562d5749e5d8cilix<dd>
e243dcc81f91e3c087610302fc55562d5749e5d8cilix      <p>
e243dcc81f91e3c087610302fc55562d5749e5d8cilix        Forces <span class="command"><strong>delv</strong></span> to only use IPv6.
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix      </p>
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix    </dd>
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix</dl></div>
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix  </div>
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix  <div class="refsection">
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix<a name="id-1.14.5.10"></a><h2>QUERY OPTIONS</h2>
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix    <p><span class="command"><strong>delv</strong></span>
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix      provides a number of query options which affect the way results are
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix      displayed, and in some cases the way lookups are performed.
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix    </p>
e243dcc81f91e3c087610302fc55562d5749e5d8cilix
e243dcc81f91e3c087610302fc55562d5749e5d8cilix    <p>
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix      Each query option is identified by a keyword preceded by a plus sign
e243dcc81f91e3c087610302fc55562d5749e5d8cilix      (<code class="literal">+</code>).  Some keywords set or reset an
e243dcc81f91e3c087610302fc55562d5749e5d8cilix      option.  These may be preceded by the string
e243dcc81f91e3c087610302fc55562d5749e5d8cilix      <code class="literal">no</code> to negate the meaning of that keyword.
e243dcc81f91e3c087610302fc55562d5749e5d8cilix      Other keywords assign values to options like the timeout interval.
e243dcc81f91e3c087610302fc55562d5749e5d8cilix      They have the form <code class="option">+keyword=value</code>.
e243dcc81f91e3c087610302fc55562d5749e5d8cilix      The query options are:
e243dcc81f91e3c087610302fc55562d5749e5d8cilix
e243dcc81f91e3c087610302fc55562d5749e5d8cilix      </p>
e243dcc81f91e3c087610302fc55562d5749e5d8cilix<div class="variablelist"><dl class="variablelist">
e243dcc81f91e3c087610302fc55562d5749e5d8cilix<dt><span class="term"><code class="option">+[no]cdflag</code></span></dt>
e243dcc81f91e3c087610302fc55562d5749e5d8cilix<dd>
833612d1c1e43055c4428afa90dd2b112a439780cilix        <p>
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix          Controls whether to set the CD (checking disabled) bit in
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix          queries sent by <span class="command"><strong>delv</strong></span>. This may be useful
833612d1c1e43055c4428afa90dd2b112a439780cilix          when troubleshooting DNSSEC problems from behind a validating
833612d1c1e43055c4428afa90dd2b112a439780cilix          resolver. A validating resolver will block invalid responses,
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix          making it difficult to retrieve them for analysis. Setting
833612d1c1e43055c4428afa90dd2b112a439780cilix          the CD flag on queries will cause the resolver to return
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix          invalid responses, which <span class="command"><strong>delv</strong></span> can then
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix          validate internally and report the errors in detail.
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix        </p>
3616fc4f881e624b50093cef5f017751ddf51b07cilix      </dd>
3616fc4f881e624b50093cef5f017751ddf51b07cilix<dt><span class="term"><code class="option">+[no]class</code></span></dt>
3616fc4f881e624b50093cef5f017751ddf51b07cilix<dd>
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix        <p>
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix          Controls whether to display the CLASS when printing
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix          a record. The default is to display the CLASS.
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix        </p>
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix      </dd>
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix<dt><span class="term"><code class="option">+[no]ttl</code></span></dt>
833612d1c1e43055c4428afa90dd2b112a439780cilix<dd>
e243dcc81f91e3c087610302fc55562d5749e5d8cilix        <p>
833612d1c1e43055c4428afa90dd2b112a439780cilix          Controls whether to display the TTL when printing
833612d1c1e43055c4428afa90dd2b112a439780cilix          a record. The default is to display the TTL.
833612d1c1e43055c4428afa90dd2b112a439780cilix        </p>
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix      </dd>
833612d1c1e43055c4428afa90dd2b112a439780cilix<dt><span class="term"><code class="option">+[no]rtrace</code></span></dt>
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix<dd>
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix        <p>
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix          Toggle resolver fetch logging. This reports the
833612d1c1e43055c4428afa90dd2b112a439780cilix          name and type of each query sent by <span class="command"><strong>delv</strong></span>
e243dcc81f91e3c087610302fc55562d5749e5d8cilix          in the process of carrying out the resolution and validation
833612d1c1e43055c4428afa90dd2b112a439780cilix          process: this includes including the original query and
833612d1c1e43055c4428afa90dd2b112a439780cilix          all subsequent queries to follow CNAMEs and to establish a
3616fc4f881e624b50093cef5f017751ddf51b07cilix          chain of trust for DNSSEC validation.
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix        </p>
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix        <p>
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix          This is equivalent to setting the debug level to 1 in
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix          the "resolver" logging category. Setting the systemwide
3616fc4f881e624b50093cef5f017751ddf51b07cilix          debug level to 1 using the <code class="option">-d</code> option will
3616fc4f881e624b50093cef5f017751ddf51b07cilix          product the same output (but will affect other logging
3616fc4f881e624b50093cef5f017751ddf51b07cilix          categories as well).
3616fc4f881e624b50093cef5f017751ddf51b07cilix        </p>
3616fc4f881e624b50093cef5f017751ddf51b07cilix      </dd>
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix<dt><span class="term"><code class="option">+[no]mtrace</code></span></dt>
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix<dd>
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix        <p>
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix          Toggle message logging. This produces a detailed dump of
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix          the responses received by <span class="command"><strong>delv</strong></span> in the
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix          process of carrying out the resolution and validation process.
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix        </p>
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix        <p>
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix          This is equivalent to setting the debug level to 10
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix          for the "packets" module of the "resolver" logging
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix          category. Setting the systemwide debug level to 10 using
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix          the <code class="option">-d</code> option will produce the same output
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix          (but will affect other logging categories as well).
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix        </p>
3616fc4f881e624b50093cef5f017751ddf51b07cilix      </dd>
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix<dt><span class="term"><code class="option">+[no]vtrace</code></span></dt>
3616fc4f881e624b50093cef5f017751ddf51b07cilix<dd>
3616fc4f881e624b50093cef5f017751ddf51b07cilix        <p>
3616fc4f881e624b50093cef5f017751ddf51b07cilix          Toggle validation logging. This shows the internal
3616fc4f881e624b50093cef5f017751ddf51b07cilix          process of the validator as it determines whether an
3616fc4f881e624b50093cef5f017751ddf51b07cilix          answer is validly signed, unsigned, or invalid.
3616fc4f881e624b50093cef5f017751ddf51b07cilix        </p>
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix        <p>
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix          This is equivalent to setting the debug level to 3
3616fc4f881e624b50093cef5f017751ddf51b07cilix          for the "validator" module of the "dnssec" logging
3616fc4f881e624b50093cef5f017751ddf51b07cilix          category. Setting the systemwide debug level to 3 using
3616fc4f881e624b50093cef5f017751ddf51b07cilix          the <code class="option">-d</code> option will produce the same output
3616fc4f881e624b50093cef5f017751ddf51b07cilix          (but will affect other logging categories as well).
3616fc4f881e624b50093cef5f017751ddf51b07cilix        </p>
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix      </dd>
3616fc4f881e624b50093cef5f017751ddf51b07cilix<dt><span class="term"><code class="option">+[no]short</code></span></dt>
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix<dd>
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix        <p>
3616fc4f881e624b50093cef5f017751ddf51b07cilix          Provide a terse answer.  The default is to print the answer in a
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix          verbose form.
3616fc4f881e624b50093cef5f017751ddf51b07cilix        </p>
3616fc4f881e624b50093cef5f017751ddf51b07cilix      </dd>
3616fc4f881e624b50093cef5f017751ddf51b07cilix<dt><span class="term"><code class="option">+[no]comments</code></span></dt>
3616fc4f881e624b50093cef5f017751ddf51b07cilix<dd>
3616fc4f881e624b50093cef5f017751ddf51b07cilix        <p>
3616fc4f881e624b50093cef5f017751ddf51b07cilix          Toggle the display of comment lines in the output.  The default
3616fc4f881e624b50093cef5f017751ddf51b07cilix          is to print comments.
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix        </p>
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix      </dd>
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix<dt><span class="term"><code class="option">+[no]rrcomments</code></span></dt>
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix<dd>
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix        <p>
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix          Toggle the display of per-record comments in the output (for
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix          example, human-readable key information about DNSKEY records).
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix          The default is to print per-record comments.
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix        </p>
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix      </dd>
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix<dt><span class="term"><code class="option">+[no]crypto</code></span></dt>
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix<dd>
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix        <p>
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix          Toggle the display of cryptographic fields in DNSSEC records.
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix          The contents of these field are unnecessary to debug most DNSSEC
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix          validation failures and removing them makes it easier to see
3616fc4f881e624b50093cef5f017751ddf51b07cilix          the common failures.  The default is to display the fields.
3616fc4f881e624b50093cef5f017751ddf51b07cilix          When omitted they are replaced by the string "[omitted]" or
3616fc4f881e624b50093cef5f017751ddf51b07cilix          in the DNSKEY case the key id is displayed as the replacement,
3616fc4f881e624b50093cef5f017751ddf51b07cilix          e.g. "[ key id = value ]".
3616fc4f881e624b50093cef5f017751ddf51b07cilix        </p>
833612d1c1e43055c4428afa90dd2b112a439780cilix      </dd>
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix<dt><span class="term"><code class="option">+[no]trust</code></span></dt>
833612d1c1e43055c4428afa90dd2b112a439780cilix<dd>
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix        <p>
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix          Controls whether to display the trust level when printing
833612d1c1e43055c4428afa90dd2b112a439780cilix          a record. The default is to display the trust level.
833612d1c1e43055c4428afa90dd2b112a439780cilix        </p>
833612d1c1e43055c4428afa90dd2b112a439780cilix      </dd>
833612d1c1e43055c4428afa90dd2b112a439780cilix<dt><span class="term"><code class="option">+[no]split[=W]</code></span></dt>
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix<dd>
833612d1c1e43055c4428afa90dd2b112a439780cilix        <p>
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix          Split long hex- or base64-formatted fields in resource
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix          records into chunks of <em class="parameter"><code>W</code></em> characters
833612d1c1e43055c4428afa90dd2b112a439780cilix          (where <em class="parameter"><code>W</code></em> is rounded up to the nearest
833612d1c1e43055c4428afa90dd2b112a439780cilix          multiple of 4).
833612d1c1e43055c4428afa90dd2b112a439780cilix          <em class="parameter"><code>+nosplit</code></em> or
b9314c4c1c56471487e07aa368f0e311d29bee58cilix          <em class="parameter"><code>+split=0</code></em> causes fields not to be
b9314c4c1c56471487e07aa368f0e311d29bee58cilix          split at all.  The default is 56 characters, or 44 characters
b9314c4c1c56471487e07aa368f0e311d29bee58cilix          when multiline mode is active.
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix        </p>
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix      </dd>
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix<dt><span class="term"><code class="option">+[no]all</code></span></dt>
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix<dd>
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix        <p>
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix          Set or clear the display options
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix          <code class="option">+[no]comments</code>,
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix          <code class="option">+[no]rrcomments</code>, and
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix          <code class="option">+[no]trust</code> as a group.
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix        </p>
b9314c4c1c56471487e07aa368f0e311d29bee58cilix      </dd>
b9314c4c1c56471487e07aa368f0e311d29bee58cilix<dt><span class="term"><code class="option">+[no]multiline</code></span></dt>
b9314c4c1c56471487e07aa368f0e311d29bee58cilix<dd>
209527815f6ad1b81d21bb3188947aef3d845010cilix        <p>
833612d1c1e43055c4428afa90dd2b112a439780cilix          Print long records (such as RRSIG, DNSKEY, and SOA records)
209527815f6ad1b81d21bb3188947aef3d845010cilix          in a verbose multi-line format with human-readable comments.
209527815f6ad1b81d21bb3188947aef3d845010cilix          The default is to print each record on a single line, to
833612d1c1e43055c4428afa90dd2b112a439780cilix          facilitate machine parsing of the <span class="command"><strong>delv</strong></span>
36f768de5093f93de10e3b516a2b6f8b74f41513cilix          output.
36f768de5093f93de10e3b516a2b6f8b74f41513cilix        </p>
36f768de5093f93de10e3b516a2b6f8b74f41513cilix      </dd>
36f768de5093f93de10e3b516a2b6f8b74f41513cilix<dt><span class="term"><code class="option">+[no]dnssec</code></span></dt>
36f768de5093f93de10e3b516a2b6f8b74f41513cilix<dd>
36f768de5093f93de10e3b516a2b6f8b74f41513cilix        <p>
bedbeec8a0241f2d83052b4c9e3f40510b1edb73cilix          Indicates whether to display RRSIG records in the
36f768de5093f93de10e3b516a2b6f8b74f41513cilix          <span class="command"><strong>delv</strong></span> output.  The default is to
833612d1c1e43055c4428afa90dd2b112a439780cilix          do so.  Note that (unlike in <span class="command"><strong>dig</strong></span>)
833612d1c1e43055c4428afa90dd2b112a439780cilix          this does <span class="emphasis"><em>not</em></span> control whether to
833612d1c1e43055c4428afa90dd2b112a439780cilix          request DNSSEC records or whether to validate them.
833612d1c1e43055c4428afa90dd2b112a439780cilix          DNSSEC records are always requested, and validation
833612d1c1e43055c4428afa90dd2b112a439780cilix          will always occur unless suppressed by the use of
833612d1c1e43055c4428afa90dd2b112a439780cilix          <code class="option">-i</code> or <code class="option">+noroot</code> and
833612d1c1e43055c4428afa90dd2b112a439780cilix          <code class="option">+nodlv</code>.
833612d1c1e43055c4428afa90dd2b112a439780cilix        </p>
833612d1c1e43055c4428afa90dd2b112a439780cilix      </dd>
833612d1c1e43055c4428afa90dd2b112a439780cilix<dt><span class="term"><code class="option">+[no]root[=ROOT]</code></span></dt>
833612d1c1e43055c4428afa90dd2b112a439780cilix<dd>
833612d1c1e43055c4428afa90dd2b112a439780cilix        <p>
833612d1c1e43055c4428afa90dd2b112a439780cilix          Indicates whether to perform conventional (non-lookaside)
36f768de5093f93de10e3b516a2b6f8b74f41513cilix          DNSSEC validation, and if so, specifies the
833612d1c1e43055c4428afa90dd2b112a439780cilix          name of a trust anchor.  The default is to validate using
833612d1c1e43055c4428afa90dd2b112a439780cilix          a trust anchor of "." (the root zone), for which there is
833612d1c1e43055c4428afa90dd2b112a439780cilix          a built-in key.  If specifying a different trust anchor,
833612d1c1e43055c4428afa90dd2b112a439780cilix          then <code class="option">-a</code> must be used to specify a file
833612d1c1e43055c4428afa90dd2b112a439780cilix          containing the key.
833612d1c1e43055c4428afa90dd2b112a439780cilix        </p>
833612d1c1e43055c4428afa90dd2b112a439780cilix      </dd>
833612d1c1e43055c4428afa90dd2b112a439780cilix<dt><span class="term"><code class="option">+[no]dlv[=DLV]</code></span></dt>
833612d1c1e43055c4428afa90dd2b112a439780cilix<dd>
833612d1c1e43055c4428afa90dd2b112a439780cilix        <p>
833612d1c1e43055c4428afa90dd2b112a439780cilix          Indicates whether to perform DNSSEC lookaside validation,
833612d1c1e43055c4428afa90dd2b112a439780cilix          and if so, specifies the name of the DLV trust anchor.
36f768de5093f93de10e3b516a2b6f8b74f41513cilix          The default is to perform lookaside validation using
36f768de5093f93de10e3b516a2b6f8b74f41513cilix          a trust anchor of "dlv.isc.org", for which there is a
36f768de5093f93de10e3b516a2b6f8b74f41513cilix          built-in key.  If specifying a different name, then
36f768de5093f93de10e3b516a2b6f8b74f41513cilix          <code class="option">-a</code> must be used to specify a file
36f768de5093f93de10e3b516a2b6f8b74f41513cilix          containing the DLV key.
36f768de5093f93de10e3b516a2b6f8b74f41513cilix        </p>
833612d1c1e43055c4428afa90dd2b112a439780cilix      </dd>
833612d1c1e43055c4428afa90dd2b112a439780cilix<dt><span class="term"><code class="option">+[no]tcp</code></span></dt>
833612d1c1e43055c4428afa90dd2b112a439780cilix<dd>
833612d1c1e43055c4428afa90dd2b112a439780cilix        <p>
833612d1c1e43055c4428afa90dd2b112a439780cilix          Controls whether to use TCP when sending queries.
833612d1c1e43055c4428afa90dd2b112a439780cilix          The default is to use UDP unless a truncated
833612d1c1e43055c4428afa90dd2b112a439780cilix          response has been received.
833612d1c1e43055c4428afa90dd2b112a439780cilix        </p>
833612d1c1e43055c4428afa90dd2b112a439780cilix      </dd>
833612d1c1e43055c4428afa90dd2b112a439780cilix<dt><span class="term"><code class="option">+[no]unknownformat</code></span></dt>
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix<dd>
833612d1c1e43055c4428afa90dd2b112a439780cilix        <p>
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix          Print all RDATA in unknown RR type presentation format
833612d1c1e43055c4428afa90dd2b112a439780cilix          (RFC 3597). The default is to print RDATA for known types
833612d1c1e43055c4428afa90dd2b112a439780cilix          in the type's presentation format.
833612d1c1e43055c4428afa90dd2b112a439780cilix        </p>
833612d1c1e43055c4428afa90dd2b112a439780cilix      </dd>
833612d1c1e43055c4428afa90dd2b112a439780cilix</dl></div>
833612d1c1e43055c4428afa90dd2b112a439780cilix<p>
833612d1c1e43055c4428afa90dd2b112a439780cilix
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix    </p>
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix  </div>
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix  <div class="refsection">
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix<a name="id-1.14.5.11"></a><h2>FILES</h2>
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix    <p><code class="filename">/etc/bind.keys</code></p>
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix    <p><code class="filename">/etc/resolv.conf</code></p>
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix  </div>
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix  <div class="refsection">
833612d1c1e43055c4428afa90dd2b112a439780cilix<a name="id-1.14.5.12"></a><h2>SEE ALSO</h2>
833612d1c1e43055c4428afa90dd2b112a439780cilix
833612d1c1e43055c4428afa90dd2b112a439780cilix    <p><span class="citerefentry">
833612d1c1e43055c4428afa90dd2b112a439780cilix    <span class="refentrytitle">dig</span>(1)
833612d1c1e43055c4428afa90dd2b112a439780cilix      </span>,
833612d1c1e43055c4428afa90dd2b112a439780cilix      <span class="citerefentry">
bedbeec8a0241f2d83052b4c9e3f40510b1edb73cilix    <span class="refentrytitle">named</span>(8)
bedbeec8a0241f2d83052b4c9e3f40510b1edb73cilix      </span>,
833612d1c1e43055c4428afa90dd2b112a439780cilix      <em class="citetitle">RFC4034</em>,
833612d1c1e43055c4428afa90dd2b112a439780cilix      <em class="citetitle">RFC4035</em>,
833612d1c1e43055c4428afa90dd2b112a439780cilix      <em class="citetitle">RFC4431</em>,
833612d1c1e43055c4428afa90dd2b112a439780cilix      <em class="citetitle">RFC5074</em>,
833612d1c1e43055c4428afa90dd2b112a439780cilix      <em class="citetitle">RFC5155</em>.
833612d1c1e43055c4428afa90dd2b112a439780cilix    </p>
833612d1c1e43055c4428afa90dd2b112a439780cilix  </div>
833612d1c1e43055c4428afa90dd2b112a439780cilix
833612d1c1e43055c4428afa90dd2b112a439780cilix</div>
833612d1c1e43055c4428afa90dd2b112a439780cilix<div class="navfooter">
833612d1c1e43055c4428afa90dd2b112a439780cilix<hr>
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix<table width="100%" summary="Navigation footer">
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix<tr>
833612d1c1e43055c4428afa90dd2b112a439780cilix<td width="40%" align="left">
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix<a accesskey="p" href="man.host.html">Prev</a>�</td>
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix<td width="20%" align="center"><a accesskey="u" href="Bv9ARM.ch13.html">Up</a></td>
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix<td width="40%" align="right">�<a accesskey="n" href="man.nslookup.html">Next</a>
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix</td>
4358ff6156766a315e38e72a5c3c83d6d5f7486bcilix</tr>
833612d1c1e43055c4428afa90dd2b112a439780cilix<tr>
833612d1c1e43055c4428afa90dd2b112a439780cilix<td width="40%" align="left" valign="top">host�</td>
833612d1c1e43055c4428afa90dd2b112a439780cilix<td width="20%" align="center"><a accesskey="h" href="Bv9ARM.html">Home</a></td>
36f768de5093f93de10e3b516a2b6f8b74f41513cilix<td width="40%" align="right" valign="top">�nslookup</td>
36f768de5093f93de10e3b516a2b6f8b74f41513cilix</tr>
36f768de5093f93de10e3b516a2b6f8b74f41513cilix</table>
36f768de5093f93de10e3b516a2b6f8b74f41513cilix</div>
36f768de5093f93de10e3b516a2b6f8b74f41513cilix<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.1rc2</p>
36f768de5093f93de10e3b516a2b6f8b74f41513cilix</body>
36f768de5093f93de10e3b516a2b6f8b74f41513cilix</html>
36f768de5093f93de10e3b516a2b6f8b74f41513cilix