man.delv.html revision 9d557856c2a19ec95ee73245f60a92f8675cf5ba
cdb788e4cdc67bf7da6b3b1b3f4f295ef5c25c67Lennart Poettering - Copyright (C) 2004-2015 Internet Systems Consortium, Inc. ("ISC")
12b42c76672a66c2d4ea7212c14f8f1b5a62b78dTom Gundersen - Copyright (C) 2000-2003 Internet Software Consortium.
cdb788e4cdc67bf7da6b3b1b3f4f295ef5c25c67Lennart Poettering - Permission to use, copy, modify, and/or distribute this software for any
cdb788e4cdc67bf7da6b3b1b3f4f295ef5c25c67Lennart Poettering - purpose with or without fee is hereby granted, provided that the above
cdb788e4cdc67bf7da6b3b1b3f4f295ef5c25c67Lennart Poettering - copyright notice and this permission notice appear in all copies.
cdb788e4cdc67bf7da6b3b1b3f4f295ef5c25c67Lennart Poettering - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
cdb788e4cdc67bf7da6b3b1b3f4f295ef5c25c67Lennart Poettering - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
5430f7f2bc7330f3088b894166bf3524a067e3d8Lennart Poettering - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
5430f7f2bc7330f3088b894166bf3524a067e3d8Lennart Poettering - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
cdb788e4cdc67bf7da6b3b1b3f4f295ef5c25c67Lennart Poettering - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
cdb788e4cdc67bf7da6b3b1b3f4f295ef5c25c67Lennart Poettering - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
cdb788e4cdc67bf7da6b3b1b3f4f295ef5c25c67Lennart Poettering - PERFORMANCE OF THIS SOFTWARE.
cdb788e4cdc67bf7da6b3b1b3f4f295ef5c25c67Lennart Poettering<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
cdb788e4cdc67bf7da6b3b1b3f4f295ef5c25c67Lennart Poettering<meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
cdb788e4cdc67bf7da6b3b1b3f4f295ef5c25c67Lennart Poettering<link rel="home" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
cdb788e4cdc67bf7da6b3b1b3f4f295ef5c25c67Lennart Poettering<link rel="up" href="Bv9ARM.ch13.html" title="Manual pages">
cdb788e4cdc67bf7da6b3b1b3f4f295ef5c25c67Lennart Poettering<link rel="prev" href="man.host.html" title="host">
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek<link rel="next" href="man.dnssec-checkds.html" title="dnssec-checkds">
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek<table width="100%" summary="Navigation header">
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek<tr><th colspan="3" align="center">delv</th></tr>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek<a accesskey="p" href="man.host.html">Prev</a>�</td>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek<th width="60%" align="center">Manual pages</th>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek<td width="20%" align="right">�<a accesskey="n" href="man.dnssec-checkds.html">Next</a>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek<a name="man.delv"></a><div class="titlepage"></div>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek<p>delv — DNS lookup and validation utility</p>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek<div class="cmdsynopsis"><p><code class="command">delv</code> [@server] [<code class="option">-4</code>] [<code class="option">-6</code>] [<code class="option">-a <em class="replaceable"><code>anchor-file</code></em></code>] [<code class="option">-b <em class="replaceable"><code>address</code></em></code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-d <em class="replaceable"><code>level</code></em></code>] [<code class="option">-i</code>] [<code class="option">-m</code>] [<code class="option">-p <em class="replaceable"><code>port#</code></em></code>] [<code class="option">-q <em class="replaceable"><code>name</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-x <em class="replaceable"><code>addr</code></em></code>] [name] [type] [class] [queryopt...]</p></div>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek<div class="cmdsynopsis"><p><code class="command">delv</code> [<code class="option">-h</code>]</p></div>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek<div class="cmdsynopsis"><p><code class="command">delv</code> [<code class="option">-v</code>]</p></div>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek<div class="cmdsynopsis"><p><code class="command">delv</code> [queryopt...] [query...]</p></div>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek<a name="id-1.14.4.7"></a><h2>DESCRIPTION</h2>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek<p><span class="command"><strong>delv</strong></span>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek (Domain Entity Lookup & Validation) is a tool for sending
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek DNS queries and validating the results, using the same internal
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek resolver and validator logic as <span class="command"><strong>named</strong></span>.
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <span class="command"><strong>delv</strong></span> will send to a specified name server all
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek queries needed to fetch and validate the requested data; this
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek includes the original requested query, subsequent queries to follow
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek CNAME or DNAME chains, and queries for DNSKEY, DS and DLV records
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek to establish a chain of trust for DNSSEC validation.
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek It does not perform iterative resolution, but simulates the
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek behavior of a name server configured for DNSSEC validating and
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek By default, responses are validated using built-in DNSSEC trust
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek anchors for the root zone (".") and for the ISC DNSSEC lookaside
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek validation zone ("dlv.isc.org"). Records returned by
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <span class="command"><strong>delv</strong></span> are either fully validated or
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek were not signed. If validation fails, an explanation of
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek the failure is included in the output; the validation process
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek can be traced in detail. Because <span class="command"><strong>delv</strong></span> does
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek not rely on an external server to carry out validation, it can
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek be used to check the validity of DNS responses in environments
3ba3a79df4ae094d1008c04a9af8d1ff970124c4Zbigniew Jędrzejewski-Szmek where local name servers may not be trustworthy.
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek Unless it is told to query a specific name server,
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <span class="command"><strong>delv</strong></span> will try each of the servers listed in
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <code class="filename">/etc/resolv.conf</code>. If no usable server
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek addresses are found, <span class="command"><strong>delv</strong></span> will send
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek queries to the localhost addresses (127.0.0.1 for IPv4, ::1
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek When no command line arguments or options are given,
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <span class="command"><strong>delv</strong></span> will perform an NS query for "."
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek (the root zone).
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek<a name="id-1.14.4.8"></a><h2>SIMPLE USAGE</h2>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek A typical invocation of <span class="command"><strong>delv</strong></span> looks like:
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek<pre class="programlisting"> delv @server name type </pre>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek<div class="variablelist"><dl class="variablelist">
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek<dt><span class="term"><code class="constant">server</code></span></dt>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek is the name or IP address of the name server to query. This
c129bd5df3ca08eb352cf69d01d2f374552624aeLennart Poettering can be an IPv4 address in dotted-decimal notation or an IPv6
c129bd5df3ca08eb352cf69d01d2f374552624aeLennart Poettering address in colon-delimited notation. When the supplied
c129bd5df3ca08eb352cf69d01d2f374552624aeLennart Poettering <em class="parameter"><code>server</code></em> argument is a hostname,
c129bd5df3ca08eb352cf69d01d2f374552624aeLennart Poettering <span class="command"><strong>delv</strong></span> resolves that name before
c129bd5df3ca08eb352cf69d01d2f374552624aeLennart Poettering querying that name server (note, however, that this
c129bd5df3ca08eb352cf69d01d2f374552624aeLennart Poettering initial lookup is <span class="emphasis"><em>not</em></span> validated
c129bd5df3ca08eb352cf69d01d2f374552624aeLennart Poettering If no <em class="parameter"><code>server</code></em> argument is
c129bd5df3ca08eb352cf69d01d2f374552624aeLennart Poettering provided, <span class="command"><strong>delv</strong></span> consults
c129bd5df3ca08eb352cf69d01d2f374552624aeLennart Poettering <code class="filename">/etc/resolv.conf</code>; if an
c129bd5df3ca08eb352cf69d01d2f374552624aeLennart Poettering address is found there, it queries the name server at
c129bd5df3ca08eb352cf69d01d2f374552624aeLennart Poettering that address. If either of the <code class="option">-4</code> or
c129bd5df3ca08eb352cf69d01d2f374552624aeLennart Poettering <code class="option">-6</code> options are in use, then
c129bd5df3ca08eb352cf69d01d2f374552624aeLennart Poettering only addresses for the corresponding transport
c129bd5df3ca08eb352cf69d01d2f374552624aeLennart Poettering will be tried. If no usable addresses are found,
c129bd5df3ca08eb352cf69d01d2f374552624aeLennart Poettering <span class="command"><strong>delv</strong></span> will send queries to
c129bd5df3ca08eb352cf69d01d2f374552624aeLennart Poettering the localhost addresses (127.0.0.1 for IPv4,
c129bd5df3ca08eb352cf69d01d2f374552624aeLennart Poettering ::1 for IPv6).
c129bd5df3ca08eb352cf69d01d2f374552624aeLennart Poettering<dt><span class="term"><code class="constant">name</code></span></dt>
c129bd5df3ca08eb352cf69d01d2f374552624aeLennart Poettering is the domain name to be looked up.
c129bd5df3ca08eb352cf69d01d2f374552624aeLennart Poettering<dt><span class="term"><code class="constant">type</code></span></dt>
c129bd5df3ca08eb352cf69d01d2f374552624aeLennart Poettering indicates what type of query is required —
c129bd5df3ca08eb352cf69d01d2f374552624aeLennart Poettering ANY, A, MX, etc.
c129bd5df3ca08eb352cf69d01d2f374552624aeLennart Poettering <em class="parameter"><code>type</code></em> can be any valid query
c129bd5df3ca08eb352cf69d01d2f374552624aeLennart Poettering <em class="parameter"><code>type</code></em> argument is supplied,
c129bd5df3ca08eb352cf69d01d2f374552624aeLennart Poettering <span class="command"><strong>delv</strong></span> will perform a lookup for an
c129bd5df3ca08eb352cf69d01d2f374552624aeLennart Poettering<a name="id-1.14.4.9"></a><h2>OPTIONS</h2>
c129bd5df3ca08eb352cf69d01d2f374552624aeLennart Poettering<div class="variablelist"><dl class="variablelist">
c129bd5df3ca08eb352cf69d01d2f374552624aeLennart Poettering<dt><span class="term">-a <em class="replaceable"><code>anchor-file</code></em></span></dt>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek Specifies a file from which to read DNSSEC trust anchors.
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek The default is <code class="filename">/etc/bind.keys</code>, which
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek is included with <acronym class="acronym">BIND</acronym> 9 and contains
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek trust anchors for the root zone (".") and for the ISC
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek DNSSEC lookaside validation zone ("dlv.isc.org").
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek Keys that do not match the root or DLV trust-anchor
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek names are ignored; these key names can be overridden
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek using the <code class="option">+dlv=NAME</code> or
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <code class="option">+root=NAME</code> options.
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek Note: When reading the trust anchor file,
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <span class="command"><strong>delv</strong></span> treats <code class="option">managed-keys</code>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek statements and <code class="option">trusted-keys</code> statements
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek identically. That is, for a managed key, it is the
c129bd5df3ca08eb352cf69d01d2f374552624aeLennart Poettering <span class="emphasis"><em>initial</em></span> key that is trusted; RFC 5011
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek key management is not supported. <span class="command"><strong>delv</strong></span>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek will not consult the managed-keys database maintained by
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <span class="command"><strong>named</strong></span>. This means that if either of the
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek keys in <code class="filename">/etc/bind.keys</code> is revoked
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek and rolled over, it will be necessary to update
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <code class="filename">/etc/bind.keys</code> to use DNSSEC
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek validation in <span class="command"><strong>delv</strong></span>.
3519d230c8bafe834b2dac26ace49fcfba139823Karel Zak<dt><span class="term">-b <em class="replaceable"><code>address</code></em></span></dt>
3519d230c8bafe834b2dac26ace49fcfba139823Karel Zak Sets the source IP address of the query to
3519d230c8bafe834b2dac26ace49fcfba139823Karel Zak <em class="parameter"><code>address</code></em>. This must be a valid address
3519d230c8bafe834b2dac26ace49fcfba139823Karel Zak on one of the host's network interfaces or "0.0.0.0" or "::".
3519d230c8bafe834b2dac26ace49fcfba139823Karel Zak An optional source port may be specified by appending
3519d230c8bafe834b2dac26ace49fcfba139823Karel Zak "#<port>"
3519d230c8bafe834b2dac26ace49fcfba139823Karel Zak<dt><span class="term">-c <em class="replaceable"><code>class</code></em></span></dt>
3519d230c8bafe834b2dac26ace49fcfba139823Karel Zak Sets the query class for the requested data. Currently,
3519d230c8bafe834b2dac26ace49fcfba139823Karel Zak only class "IN" is supported in <span class="command"><strong>delv</strong></span>
3519d230c8bafe834b2dac26ace49fcfba139823Karel Zak and any other value is ignored.
3519d230c8bafe834b2dac26ace49fcfba139823Karel Zak<dt><span class="term">-d <em class="replaceable"><code>level</code></em></span></dt>
3519d230c8bafe834b2dac26ace49fcfba139823Karel Zak Set the systemwide debug level to <code class="option">level</code>.
3519d230c8bafe834b2dac26ace49fcfba139823Karel Zak The allowed range is from 0 to 99.
3519d230c8bafe834b2dac26ace49fcfba139823Karel Zak The default is 0 (no debugging).
3519d230c8bafe834b2dac26ace49fcfba139823Karel Zak Debugging traces from <span class="command"><strong>delv</strong></span> become
3519d230c8bafe834b2dac26ace49fcfba139823Karel Zak more verbose as the debug level increases.
3519d230c8bafe834b2dac26ace49fcfba139823Karel Zak See the <code class="option">+mtrace</code>, <code class="option">+rtrace</code>,
3519d230c8bafe834b2dac26ace49fcfba139823Karel Zak and <code class="option">+vtrace</code> options below for additional
3519d230c8bafe834b2dac26ace49fcfba139823Karel Zak debugging details.
3519d230c8bafe834b2dac26ace49fcfba139823Karel Zak Display the <span class="command"><strong>delv</strong></span> help usage output and exit.
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek<dt><span class="term">-i</span></dt>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek Insecure mode. This disables internal DNSSEC validation.
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek (Note, however, this does not set the CD bit on upstream
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek queries. If the server being queried is performing DNSSEC
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek validation, then it will not return invalid data; this
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek can cause <span class="command"><strong>delv</strong></span> to time out. When it
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek is necessary to examine invalid data to debug a DNSSEC
deb0a77cf0b409141c4b116ae30becb3d878e1adMichael Olbrich problem, use <span class="command"><strong>dig +cd</strong></span>.)
deb0a77cf0b409141c4b116ae30becb3d878e1adMichael Olbrich Enables memory usage debugging.
deb0a77cf0b409141c4b116ae30becb3d878e1adMichael Olbrich<dt><span class="term">-p <em class="replaceable"><code>port#</code></em></span></dt>
deb0a77cf0b409141c4b116ae30becb3d878e1adMichael Olbrich Specifies a destination port to use for queries instead of
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek the standard DNS port number 53. This option would be used
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek with a name server that has been configured to listen
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek for queries on a non-standard port number.
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek<dt><span class="term">-q <em class="replaceable"><code>name</code></em></span></dt>
a8eaaee72a2f06e0fb64fb71de3b71ecba31dafbJan Engelhardt Sets the query name to <em class="parameter"><code>name</code></em>.
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek While the query name can be specified without using the
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <code class="option">-q</code>, it is sometimes necessary to disambiguate
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek names from types or classes (for example, when looking up the
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek name "ns", which could be misinterpreted as the type NS,
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek or "ch", which could be misinterpreted as class CH).
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek<dt><span class="term">-t <em class="replaceable"><code>type</code></em></span></dt>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek Sets the query type to <em class="parameter"><code>type</code></em>, which
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek can be any valid query type supported in BIND 9 except
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek for zone transfer types AXFR and IXFR. As with
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <code class="option">-q</code>, this is useful to distinguish
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek query name type or class when they are ambiguous.
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek it is sometimes necessary to disambiguate names from types.
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek The default query type is "A", unless the <code class="option">-x</code>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek option is supplied to indicate a reverse lookup, in which case
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek<dt><span class="term">-v</span></dt>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek Print the <span class="command"><strong>delv</strong></span> version and exit.
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek<dt><span class="term">-x <em class="replaceable"><code>addr</code></em></span></dt>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek Performs a reverse lookup, mapping an addresses to
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek a name. <em class="parameter"><code>addr</code></em> is an IPv4 address in
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek dotted-decimal notation, or a colon-delimited IPv6 address.
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek When <code class="option">-x</code> is used, there is no need to provide
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek the <em class="parameter"><code>name</code></em> or <em class="parameter"><code>type</code></em>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek arguments. <span class="command"><strong>delv</strong></span> automatically performs a
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek lookup for a name like <code class="literal">11.12.13.10.in-addr.arpa</code>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek and sets the query type to PTR. IPv6 addresses are looked up
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek using nibble format under the IP6.ARPA domain.
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek<dt><span class="term">-4</span></dt>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek Forces <span class="command"><strong>delv</strong></span> to only use IPv4.
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek<dt><span class="term">-6</span></dt>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek Forces <span class="command"><strong>delv</strong></span> to only use IPv6.
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek<a name="id-1.14.4.10"></a><h2>QUERY OPTIONS</h2>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek<p><span class="command"><strong>delv</strong></span>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek provides a number of query options which affect the way results are
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek displayed, and in some cases the way lookups are performed.
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek Each query option is identified by a keyword preceded by a plus sign
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek (<code class="literal">+</code>). Some keywords set or reset an
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek option. These may be preceded by the string
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <code class="literal">no</code> to negate the meaning of that keyword.
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek Other keywords assign values to options like the timeout interval.
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek They have the form <code class="option">+keyword=value</code>.
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek The query options are:
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek<div class="variablelist"><dl class="variablelist">
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek<dt><span class="term"><code class="option">+[no]cdflag</code></span></dt>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek Controls whether to set the CD (checking disabled) bit in
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek queries sent by <span class="command"><strong>delv</strong></span>. This may be useful
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek when troubleshooting DNSSEC problems from behind a validating
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek resolver. A validating resolver will block invalid responses,
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek making it difficult to retrieve them for analysis. Setting
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek the CD flag on queries will cause the resolver to return
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek invalid responses, which <span class="command"><strong>delv</strong></span> can then
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek validate internally and report the errors in detail.
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek<dt><span class="term"><code class="option">+[no]class</code></span></dt>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek Controls whether to display the CLASS when printing
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek a record. The default is to display the CLASS.
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek<dt><span class="term"><code class="option">+[no]ttl</code></span></dt>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek Controls whether to display the TTL when printing
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek a record. The default is to display the TTL.
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek<dt><span class="term"><code class="option">+[no]rtrace</code></span></dt>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek Toggle resolver fetch logging. This reports the
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek name and type of each query sent by <span class="command"><strong>delv</strong></span>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek in the process of carrying out the resolution and validation
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek process: this includes including the original query and
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek all subsequent queries to follow CNAMEs and to establish a
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek chain of trust for DNSSEC validation.
3ba3a79df4ae094d1008c04a9af8d1ff970124c4Zbigniew Jędrzejewski-Szmek This is equivalent to setting the debug level to 1 in
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek the "resolver" logging category. Setting the systemwide
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek debug level to 1 using the <code class="option">-d</code> option will
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek product the same output (but will affect other logging
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek categories as well).
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek<dt><span class="term"><code class="option">+[no]mtrace</code></span></dt>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek Toggle message logging. This produces a detailed dump of
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek the responses received by <span class="command"><strong>delv</strong></span> in the
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek process of carrying out the resolution and validation process.
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek This is equivalent to setting the debug level to 10
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek for the "packets" module of the "resolver" logging
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek category. Setting the systemwide debug level to 10 using
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek the <code class="option">-d</code> option will produce the same output
3ba3a79df4ae094d1008c04a9af8d1ff970124c4Zbigniew Jędrzejewski-Szmek (but will affect other logging categories as well).
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek<dt><span class="term"><code class="option">+[no]vtrace</code></span></dt>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek Toggle validation logging. This shows the internal
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek process of the validator as it determines whether an
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek answer is validly signed, unsigned, or invalid.
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek This is equivalent to setting the debug level to 3
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek for the "validator" module of the "dnssec" logging
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek category. Setting the systemwide debug level to 3 using
46a01abae985024572ec860bd02ca7f1fe458096Sangjung Woo the <code class="option">-d</code> option will produce the same output
7cb48925dc9d6c74edcf800b447c6c0c6955687dLennart Poettering (but will affect other logging categories as well).
a8eaaee72a2f06e0fb64fb71de3b71ecba31dafbJan Engelhardt<dt><span class="term"><code class="option">+[no]short</code></span></dt>
a8eaaee72a2f06e0fb64fb71de3b71ecba31dafbJan Engelhardt Provide a terse answer. The default is to print the answer in a
46a01abae985024572ec860bd02ca7f1fe458096Sangjung Woo verbose form.
46a01abae985024572ec860bd02ca7f1fe458096Sangjung Woo<dt><span class="term"><code class="option">+[no]comments</code></span></dt>
46a01abae985024572ec860bd02ca7f1fe458096Sangjung Woo Toggle the display of comment lines in the output. The default
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek is to print comments.
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek<dt><span class="term"><code class="option">+[no]rrcomments</code></span></dt>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek Toggle the display of per-record comments in the output (for
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek example, human-readable key information about DNSKEY records).
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek The default is to print per-record comments.
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek<dt><span class="term"><code class="option">+[no]crypto</code></span></dt>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek Toggle the display of cryptographic fields in DNSSEC records.
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek The contents of these field are unnecessary to debug most DNSSEC
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek validation failures and removing them makes it easier to see
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek the common failures. The default is to display the fields.
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek When omitted they are replaced by the string "[omitted]" or
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek in the DNSKEY case the key id is displayed as the replacement,
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek e.g. "[ key id = value ]".
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek<dt><span class="term"><code class="option">+[no]trust</code></span></dt>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek Controls whether to display the trust level when printing
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek a record. The default is to display the trust level.
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek<dt><span class="term"><code class="option">+[no]split[=W]</code></span></dt>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek Split long hex- or base64-formatted fields in resource
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek records into chunks of <em class="parameter"><code>W</code></em> characters
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek (where <em class="parameter"><code>W</code></em> is rounded up to the nearest
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <em class="parameter"><code>+nosplit</code></em> or
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <em class="parameter"><code>+split=0</code></em> causes fields not to be
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek split at all. The default is 56 characters, or 44 characters
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek when multiline mode is active.
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek<dt><span class="term"><code class="option">+[no]all</code></span></dt>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek Set or clear the display options
3ba3a79df4ae094d1008c04a9af8d1ff970124c4Zbigniew Jędrzejewski-Szmek <code class="option">+[no]comments</code>,
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <code class="option">+[no]rrcomments</code>, and
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <code class="option">+[no]trust</code> as a group.
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek<dt><span class="term"><code class="option">+[no]multiline</code></span></dt>
cdb788e4cdc67bf7da6b3b1b3f4f295ef5c25c67Lennart Poettering Print long records (such as RRSIG, DNSKEY, and SOA records)
a trust anchor of "dlv.isc.org", for which there is a