man.delv.html revision ad8f23aed6c75f94f238c1f23f4e17515d28eb55
11e9368a226272085c337e9e74b79808c16fbdbaTinderbox User - Copyright (C) 2004-2015 Internet Systems Consortium, Inc. ("ISC")
75c0816e8295e180f4bc7f10db3d0d880383bc1cMark Andrews - Copyright (C) 2000-2003 Internet Software Consortium.
4a14ce5ba00ab7bc55c99ffdcf59c7a4ab902721Automatic Updater - Permission to use, copy, modify, and/or distribute this software for any
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - purpose with or without fee is hereby granted, provided that the above
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - copyright notice and this permission notice appear in all copies.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - PERFORMANCE OF THIS SOFTWARE.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<!-- $Id$ -->
cd32f419a8a5432fbb139f56ee73cbf68b9350ccTinderbox User<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<link rel="up" href="Bv9ARM.ch13.html" title="Manual pages">
cd32f419a8a5432fbb139f56ee73cbf68b9350ccTinderbox User<link rel="prev" href="man.host.html" title="host">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<link rel="next" href="man.dnssec-checkds.html" title="dnssec-checkds">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
cd32f419a8a5432fbb139f56ee73cbf68b9350ccTinderbox User<table width="100%" summary="Navigation header">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<tr><th colspan="3" align="center">delv</th></tr>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<a accesskey="p" href="man.host.html">Prev</a>�</td>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<th width="60%" align="center">Manual pages</th>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<td width="20%" align="right">�<a accesskey="n" href="man.dnssec-checkds.html">Next</a>
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<a name="man.delv"></a><div class="titlepage"></div>
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<p>delv — DNS lookup and validation utility</p>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<div class="cmdsynopsis"><p><code class="command">delv</code> [@server] [<code class="option">-4</code>] [<code class="option">-6</code>] [<code class="option">-a <em class="replaceable"><code>anchor-file</code></em></code>] [<code class="option">-b <em class="replaceable"><code>address</code></em></code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-d <em class="replaceable"><code>level</code></em></code>] [<code class="option">-i</code>] [<code class="option">-m</code>] [<code class="option">-p <em class="replaceable"><code>port#</code></em></code>] [<code class="option">-q <em class="replaceable"><code>name</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-x <em class="replaceable"><code>addr</code></em></code>] [name] [type] [class] [queryopt...]</p></div>
a1ff871f78b7d907d6fc3a382beea2a640fe8423Tinderbox User<div class="cmdsynopsis"><p><code class="command">delv</code> [<code class="option">-h</code>]</p></div>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<div class="cmdsynopsis"><p><code class="command">delv</code> [<code class="option">-v</code>]</p></div>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<div class="cmdsynopsis"><p><code class="command">delv</code> [queryopt...] [query...]</p></div>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<p><span><strong class="command">delv</strong></span>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt (Domain Entity Lookup & Validation) is a tool for sending
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt DNS queries and validating the results, using the same internal
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt resolver and validator logic as <span><strong class="command">named</strong></span>.
f9ce6280cec79deb16ff6d9807aa493ff23e10d9Tinderbox User <span><strong class="command">delv</strong></span> will send to a specified name server all
a1ff871f78b7d907d6fc3a382beea2a640fe8423Tinderbox User queries needed to fetch and validate the requested data; this
f9ce6280cec79deb16ff6d9807aa493ff23e10d9Tinderbox User includes the original requested query, subsequent queries to follow
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt CNAME or DNAME chains, and queries for DNSKEY, DS and DLV records
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt to establish a chain of trust for DNSSEC validation.
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User It does not perform iterative resolution, but simulates the
46472a450e043434d78fa18edc73bca8c47f3981Tinderbox User behavior of a name server configured for DNSSEC validating and
46472a450e043434d78fa18edc73bca8c47f3981Tinderbox User By default, responses are validated using built-in DNSSEC trust
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt anchors for the root zone (".") and for the ISC DNSSEC lookaside
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User validation zone ("dlv.isc.org"). Records returned by
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User <span><strong class="command">delv</strong></span> are either fully validated or
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt were not signed. If validation fails, an explanation of
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt the failure is included in the output; the validation process
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User can be traced in detail. Because <span><strong class="command">delv</strong></span> does
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt not rely on an external server to carry out validation, it can
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User be used to check the validity of DNS responses in environments
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt where local name servers may not be trustworthy.
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt Unless it is told to query a specific name server,
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User <span><strong class="command">delv</strong></span> will try each of the servers listed in
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User <code class="filename">/etc/resolv.conf</code>. If no usable server
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt addresses are found, <span><strong class="command">delv</strong></span> will send
a1ff871f78b7d907d6fc3a382beea2a640fe8423Tinderbox User queries to the localhost addresses (127.0.0.1 for IPv4, ::1
8a48b6b9b6fa8486f24b22d1972b2b6ebb36a4a4Tinderbox User When no command line arguments or options are given,
8a48b6b9b6fa8486f24b22d1972b2b6ebb36a4a4Tinderbox User <span><strong class="command">delv</strong></span> will perform an NS query for "."
8a48b6b9b6fa8486f24b22d1972b2b6ebb36a4a4Tinderbox User (the root zone).
8a48b6b9b6fa8486f24b22d1972b2b6ebb36a4a4Tinderbox User A typical invocation of <span><strong class="command">delv</strong></span> looks like:
a1ff871f78b7d907d6fc3a382beea2a640fe8423Tinderbox User<pre class="programlisting"> delv @server name type </pre>
a1ff871f78b7d907d6fc3a382beea2a640fe8423Tinderbox User<dt><span class="term"><code class="constant">server</code></span></dt>
8a48b6b9b6fa8486f24b22d1972b2b6ebb36a4a4Tinderbox User is the name or IP address of the name server to query. This
8a48b6b9b6fa8486f24b22d1972b2b6ebb36a4a4Tinderbox User can be an IPv4 address in dotted-decimal notation or an IPv6
8a48b6b9b6fa8486f24b22d1972b2b6ebb36a4a4Tinderbox User address in colon-delimited notation. When the supplied
a1ff871f78b7d907d6fc3a382beea2a640fe8423Tinderbox User <em class="parameter"><code>server</code></em> argument is a hostname,
a1ff871f78b7d907d6fc3a382beea2a640fe8423Tinderbox User <span><strong class="command">delv</strong></span> resolves that name before
a1ff871f78b7d907d6fc3a382beea2a640fe8423Tinderbox User querying that name server (note, however, that this
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt initial lookup is <span class="emphasis"><em>not</em></span> validated
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User If no <em class="parameter"><code>server</code></em> argument is
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User provided, <span><strong class="command">delv</strong></span> consults
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt <code class="filename">/etc/resolv.conf</code>; if an
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt address is found there, it queries the name server at
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User that address. If either of the <code class="option">-4</code> or
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User <code class="option">-6</code> options are in use, then
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User only addresses for the corresponding transport
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User will be tried. If no usable addresses are found,
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User <span><strong class="command">delv</strong></span> will send queries to
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User the localhost addresses (127.0.0.1 for IPv4,
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User ::1 for IPv6).
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User<dt><span class="term"><code class="constant">name</code></span></dt>
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User is the domain name to be looked up.
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User<dt><span class="term"><code class="constant">type</code></span></dt>
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User indicates what type of query is required —
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User ANY, A, MX, etc.
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User <em class="parameter"><code>type</code></em> can be any valid query
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User <em class="parameter"><code>type</code></em> argument is supplied,
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User <span><strong class="command">delv</strong></span> will perform a lookup for an
a1ff871f78b7d907d6fc3a382beea2a640fe8423Tinderbox User<dt><span class="term">-a <em class="replaceable"><code>anchor-file</code></em></span></dt>
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User Specifies a file from which to read DNSSEC trust anchors.
3ba1f79ade054aa6a0dc5032502bcdcf357cd7bdTinderbox User The default is <code class="filename">/etc/bind.keys</code>, which
3ba1f79ade054aa6a0dc5032502bcdcf357cd7bdTinderbox User is included with <acronym class="acronym">BIND</acronym> 9 and contains
3ba1f79ade054aa6a0dc5032502bcdcf357cd7bdTinderbox User trust anchors for the root zone (".") and for the ISC
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt DNSSEC lookaside validation zone ("dlv.isc.org").
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt Keys that do not match the root or DLV trust-anchor
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt names are ignored; these key names can be overridden
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt using the <code class="option">+dlv=NAME</code> or
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt Note: When reading the trust anchor file,
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt <span><strong class="command">delv</strong></span> treats <code class="option">managed-keys</code>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt statements and <code class="option">trusted-keys</code> statements
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt identically. That is, for a managed key, it is the
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt <span class="emphasis"><em>initial</em></span> key that is trusted; RFC 5011
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt key management is not supported. <span><strong class="command">delv</strong></span>
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User will not consult the managed-keys database maintained by
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt <span><strong class="command">named</strong></span>. This means that if either of the
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt keys in <code class="filename">/etc/bind.keys</code> is revoked
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt and rolled over, it will be necessary to update
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt <code class="filename">/etc/bind.keys</code> to use DNSSEC
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt validation in <span><strong class="command">delv</strong></span>.
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<dt><span class="term">-b <em class="replaceable"><code>address</code></em></span></dt>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt Sets the source IP address of the query to
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt <em class="parameter"><code>address</code></em>. This must be a valid address
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt on one of the host's network interfaces or "0.0.0.0" or "::".
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt An optional source port may be specified by appending
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt "#<port>"
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<dt><span class="term">-c <em class="replaceable"><code>class</code></em></span></dt>
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User Sets the query class for the requested data. Currently,
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User only class "IN" is supported in <span><strong class="command">delv</strong></span>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt and any other value is ignored.
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<dt><span class="term">-d <em class="replaceable"><code>level</code></em></span></dt>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt Set the systemwide debug level to <code class="option">level</code>.
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt The allowed range is from 0 to 99.
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt The default is 0 (no debugging).
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User Debugging traces from <span><strong class="command">delv</strong></span> become
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User more verbose as the debug level increases.
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt See the <code class="option">+mtrace</code>, <code class="option">+rtrace</code>,
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt and <code class="option">+vtrace</code> options below for additional
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt debugging details.
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User Display the <span><strong class="command">delv</strong></span> help usage output and exit.
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User Insecure mode. This disables internal DNSSEC validation.
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt (Note, however, this does not set the CD bit on upstream
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User queries. If the server being queried is performing DNSSEC
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt validation, then it will not return invalid data; this
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt can cause <span><strong class="command">delv</strong></span> to time out. When it
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt is necessary to examine invalid data to debug a DNSSEC
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt problem, use <span><strong class="command">dig +cd</strong></span>.)
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt Enables memory usage debugging.
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<dt><span class="term">-p <em class="replaceable"><code>port#</code></em></span></dt>
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User Specifies a destination port to use for queries instead of
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt the standard DNS port number 53. This option would be used
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt with a name server that has been configured to listen
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt for queries on a non-standard port number.
76cf91b5df7a1bc450afcb9ce7585c61bb87de68Tinderbox User<dt><span class="term">-q <em class="replaceable"><code>name</code></em></span></dt>
76cf91b5df7a1bc450afcb9ce7585c61bb87de68Tinderbox User Sets the query name to <em class="parameter"><code>name</code></em>.
76cf91b5df7a1bc450afcb9ce7585c61bb87de68Tinderbox User While the query name can be specified without using the
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User <code class="option">-q</code>, it is sometimes necessary to disambiguate
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt names from types or classes (for example, when looking up the
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User name "ns", which could be misinterpreted as the type NS,
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt or "ch", which could be misinterpreted as class CH).
a1ff871f78b7d907d6fc3a382beea2a640fe8423Tinderbox User<dt><span class="term">-t <em class="replaceable"><code>type</code></em></span></dt>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt Sets the query type to <em class="parameter"><code>type</code></em>, which
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt can be any valid query type supported in BIND 9 except
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt for zone transfer types AXFR and IXFR. As with
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt <code class="option">-q</code>, this is useful to distinguish
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt query name type or class when they are ambiguous.
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt it is sometimes necessary to disambiguate names from types.
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User The default query type is "A", unless the <code class="option">-x</code>
a1ff871f78b7d907d6fc3a382beea2a640fe8423Tinderbox User option is supplied to indicate a reverse lookup, in which case
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User Print the <span><strong class="command">delv</strong></span> version and exit.
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User<dt><span class="term">-x <em class="replaceable"><code>addr</code></em></span></dt>
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User Performs a reverse lookup, mapping an addresses to
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User a name. <em class="parameter"><code>addr</code></em> is an IPv4 address in
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User dotted-decimal notation, or a colon-delimited IPv6 address.
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User When <code class="option">-x</code> is used, there is no need to provide
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User the <em class="parameter"><code>name</code></em> or <em class="parameter"><code>type</code></em>
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User arguments. <span><strong class="command">delv</strong></span> automatically performs a
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User lookup for a name like <code class="literal">11.12.13.10.in-addr.arpa</code>
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User and sets the query type to PTR. IPv6 addresses are looked up
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User using nibble format under the IP6.ARPA domain.
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User Forces <span><strong class="command">delv</strong></span> to only use IPv4.
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User Forces <span><strong class="command">delv</strong></span> to only use IPv6.
a1ff871f78b7d907d6fc3a382beea2a640fe8423Tinderbox User<a name="id2676118"></a><h2>QUERY OPTIONS</h2>
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User<p><span><strong class="command">delv</strong></span>
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User provides a number of query options which affect the way results are
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User displayed, and in some cases the way lookups are performed.
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User Each query option is identified by a keyword preceded by a plus sign
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User (<code class="literal">+</code>). Some keywords set or reset an
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt option. These may be preceded by the string
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt <code class="literal">no</code> to negate the meaning of that keyword.
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt Other keywords assign values to options like the timeout interval.
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt They have the form <code class="option">+keyword=value</code>.
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt The query options are:
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<dt><span class="term"><code class="option">+[no]cdflag</code></span></dt>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt Controls whether to set the CD (checking disabled) bit in
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt queries sent by <span><strong class="command">delv</strong></span>. This may be useful
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt when troubleshooting DNSSEC problems from behind a validating
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt resolver. A validating resolver will block invalid responses,
8a48b6b9b6fa8486f24b22d1972b2b6ebb36a4a4Tinderbox User making it difficult to retrieve them for analysis. Setting
e2b184f84e846bbcb764b6f0aef5dcd583d3d7a1Tinderbox User the CD flag on queries will cause the resolver to return
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt invalid responses, which <span><strong class="command">delv</strong></span> can then
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User validate internally and report the errors in detail.
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<dt><span class="term"><code class="option">+[no]class</code></span></dt>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt Controls whether to display the CLASS when printing
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt a record. The default is to display the CLASS.
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<dt><span class="term"><code class="option">+[no]ttl</code></span></dt>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt Controls whether to display the TTL when printing
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt a record. The default is to display the TTL.
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<dt><span class="term"><code class="option">+[no]rtrace</code></span></dt>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt Toggle resolver fetch logging. This reports the
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt name and type of each query sent by <span><strong class="command">delv</strong></span>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt in the process of carrying out the resolution and validation
6b7cba2b10d6cb5363d94b434b0d22ecfb33a6f3Tinderbox User process: this includes including the original query and
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt all subsequent queries to follow CNAMEs and to establish a
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt chain of trust for DNSSEC validation.
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt This is equivalent to setting the debug level to 1 in
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt the "resolver" logging category. Setting the systemwide
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt debug level to 1 using the <code class="option">-d</code> option will
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt product the same output (but will affect other logging
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User categories as well).
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<dt><span class="term"><code class="option">+[no]mtrace</code></span></dt>
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User Toggle message logging. This produces a detailed dump of
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User the responses received by <span><strong class="command">delv</strong></span> in the
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt process of carrying out the resolution and validation process.
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User This is equivalent to setting the debug level to 10
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt for the "packets" module of the "resolver" logging
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt category. Setting the systemwide debug level to 10 using
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User the <code class="option">-d</code> option will produce the same output
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User (but will affect other logging categories as well).
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<dt><span class="term"><code class="option">+[no]vtrace</code></span></dt>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt Toggle validation logging. This shows the internal
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User process of the validator as it determines whether an
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User answer is validly signed, unsigned, or invalid.
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt This is equivalent to setting the debug level to 3
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User for the "validator" module of the "dnssec" logging
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User category. Setting the systemwide debug level to 3 using
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt the <code class="option">-d</code> option will produce the same output
6b7cba2b10d6cb5363d94b434b0d22ecfb33a6f3Tinderbox User (but will affect other logging categories as well).
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<dt><span class="term"><code class="option">+[no]short</code></span></dt>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt Provide a terse answer. The default is to print the answer in a
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User verbose form.
0226754d9e537fd56b690d5890cfe215a6c59f89Tinderbox User<dt><span class="term"><code class="option">+[no]comments</code></span></dt>
0226754d9e537fd56b690d5890cfe215a6c59f89Tinderbox User Toggle the display of comment lines in the output. The default
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User is to print comments.
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<dt><span class="term"><code class="option">+[no]rrcomments</code></span></dt>
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User Toggle the display of per-record comments in the output (for
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User example, human-readable key information about DNSKEY records).
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt The default is to print per-record comments.
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<dt><span class="term"><code class="option">+[no]crypto</code></span></dt>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt Toggle the display of cryptographic fields in DNSSEC records.
6b7cba2b10d6cb5363d94b434b0d22ecfb33a6f3Tinderbox User The contents of these field are unnecessary to debug most DNSSEC
6b7cba2b10d6cb5363d94b434b0d22ecfb33a6f3Tinderbox User validation failures and removing them makes it easier to see
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User the common failures. The default is to display the fields.
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User When omitted they are replaced by the string "[omitted]" or
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt in the DNSKEY case the key id is displayed as the replacement,
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt e.g. "[ key id = value ]".
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<dt><span class="term"><code class="option">+[no]trust</code></span></dt>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt Controls whether to display the trust level when printing
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt a record. The default is to display the trust level.
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<dt><span class="term"><code class="option">+[no]split[=W]</code></span></dt>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt Split long hex- or base64-formatted fields in resource
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt records into chunks of <em class="parameter"><code>W</code></em> characters
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt (where <em class="parameter"><code>W</code></em> is rounded up to the nearest
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt multiple of 4).
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User <em class="parameter"><code>+nosplit</code></em> or
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User <em class="parameter"><code>+split=0</code></em> causes fields not to be
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt split at all. The default is 56 characters, or 44 characters
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt when multiline mode is active.
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<dt><span class="term"><code class="option">+[no]all</code></span></dt>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt Set or clear the display options
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User <code class="option">+[no]rrcomments</code>, and
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt <code class="option">+[no]trust</code> as a group.
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<dt><span class="term"><code class="option">+[no]multiline</code></span></dt>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt Print long records (such as RRSIG, DNSKEY, and SOA records)
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt in a verbose multi-line format with human-readable comments.
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt The default is to print each record on a single line, to
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt facilitate machine parsing of the <span><strong class="command">delv</strong></span>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<dt><span class="term"><code class="option">+[no]dnssec</code></span></dt>
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User Indicates whether to display RRSIG records in the
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt <span><strong class="command">delv</strong></span> output. The default is to
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt do so. Note that (unlike in <span><strong class="command">dig</strong></span>)
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt this does <span class="emphasis"><em>not</em></span> control whether to
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt request DNSSEC records or whether to validate them.
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt DNSSEC records are always requested, and validation
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt will always occur unless suppressed by the use of
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt <code class="option">-i</code> or <code class="option">+noroot</code> and
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<dt><span class="term"><code class="option">+[no]root[=ROOT]</code></span></dt>
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User Indicates whether to perform conventional (non-lookaside)
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User DNSSEC validation, and if so, specifies the
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt name of a trust anchor. The default is to validate using
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt a trust anchor of "." (the root zone), for which there is
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User a built-in key. If specifying a different trust anchor,
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt then <code class="option">-a</code> must be used to specify a file
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User containing the key.
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<dt><span class="term"><code class="option">+[no]dlv[=DLV]</code></span></dt>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt Indicates whether to perform DNSSEC lookaside validation,
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt and if so, specifies the name of the DLV trust anchor.
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt The default is to perform lookaside validation using
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User a trust anchor of "dlv.isc.org", for which there is a
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt built-in key. If specifying a different name, then
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt <code class="option">-a</code> must be used to specify a file
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt containing the DLV key.
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<dt><span class="term"><code class="option">+[no]tcp</code></span></dt>
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User Controls whether to use TCP when sending queries.
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt The default is to use UDP unless a truncated
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt response has been received.
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<p><code class="filename">/etc/bind.keys</code></p>
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<p><code class="filename">/etc/resolv.conf</code></p>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<p><span class="citerefentry"><span class="refentrytitle">dig</span>(1)</span>,
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt <span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<a accesskey="p" href="man.host.html">Prev</a>�</td>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<td width="20%" align="center"><a accesskey="u" href="Bv9ARM.ch13.html">Up</a></td>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<td width="40%" align="right">�<a accesskey="n" href="man.dnssec-checkds.html">Next</a>
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<td width="40%" align="left" valign="top">host�</td>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<td width="20%" align="center"><a accesskey="h" href="Bv9ARM.html">Home</a></td>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<td width="40%" align="right" valign="top">�<span class="application">dnssec-checkds</span>
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User<p style="text-align: center;">BIND 9.11.0pre-alpha</p>