man.delv.html revision c0cbdeedb5e119c640f098da1851cb1b9adcc739
11e9368a226272085c337e9e74b79808c16fbdbaTinderbox User - Copyright (C) 2004-2015 Internet Systems Consortium, Inc. ("ISC")
75c0816e8295e180f4bc7f10db3d0d880383bc1cMark Andrews - Copyright (C) 2000-2003 Internet Software Consortium.
4a14ce5ba00ab7bc55c99ffdcf59c7a4ab902721Automatic Updater - Permission to use, copy, modify, and/or distribute this software for any
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - purpose with or without fee is hereby granted, provided that the above
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - copyright notice and this permission notice appear in all copies.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - PERFORMANCE OF THIS SOFTWARE.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<!-- $Id$ -->
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<link rel="up" href="Bv9ARM.ch13.html" title="Manual pages">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<link rel="prev" href="man.host.html" title="host">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<link rel="next" href="man.dnssec-checkds.html" title="dnssec-checkds">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews<table width="100%" summary="Navigation header">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<tr><th colspan="3" align="center">delv</th></tr>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<a accesskey="p" href="man.host.html">Prev</a>�</td>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<td width="20%" align="right">�<a accesskey="n" href="man.dnssec-checkds.html">Next</a>
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<a name="man.delv"></a><div class="titlepage"></div>
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<p>delv — DNS lookup and validation utility</p>
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User<div class="cmdsynopsis"><p><code class="command">delv</code> [@server] [<code class="option">-4</code>] [<code class="option">-6</code>] [<code class="option">-a <em class="replaceable"><code>anchor-file</code></em></code>] [<code class="option">-b <em class="replaceable"><code>address</code></em></code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-d <em class="replaceable"><code>level</code></em></code>] [<code class="option">-i</code>] [<code class="option">-m</code>] [<code class="option">-p <em class="replaceable"><code>port#</code></em></code>] [<code class="option">-q <em class="replaceable"><code>name</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-x <em class="replaceable"><code>addr</code></em></code>] [name] [type] [class] [queryopt...]</p></div>
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User<div class="cmdsynopsis"><p><code class="command">delv</code> [<code class="option">-h</code>]</p></div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<div class="cmdsynopsis"><p><code class="command">delv</code> [<code class="option">-v</code>]</p></div>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<div class="cmdsynopsis"><p><code class="command">delv</code> [queryopt...] [query...]</p></div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<p><span><strong class="command">delv</strong></span>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein (Domain Entity Lookup & Validation) is a tool for sending
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User DNS queries and validating the results, using the same internal
9c6a5d1f22f972232d7a9fd5c5fa64f10bacbdffAutomatic Updater resolver and validator logic as <span><strong class="command">named</strong></span>.
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt <span><strong class="command">delv</strong></span> will send to a specified name server all
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt queries needed to fetch and validate the requested data; this
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt includes the original requested query, subsequent queries to follow
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein CNAME or DNAME chains, and queries for DNSKEY, DS and DLV records
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User to establish a chain of trust for DNSSEC validation.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein It does not perform iterative resolution, but simulates the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein behavior of a name server configured for DNSSEC validating and
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein By default, responses are validated using built-in DNSSEC trust
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein anchors for the root zone (".") and for the ISC DNSSEC lookaside
aa1905addf2f33d90aa020080e4e77a8651e829aTinderbox User validation zone ("dlv.isc.org"). Records returned by
aa1905addf2f33d90aa020080e4e77a8651e829aTinderbox User <span><strong class="command">delv</strong></span> are either fully validated or
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein were not signed. If validation fails, an explanation of
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User the failure is included in the output; the validation process
aa1905addf2f33d90aa020080e4e77a8651e829aTinderbox User can be traced in detail. Because <span><strong class="command">delv</strong></span> does
aa1905addf2f33d90aa020080e4e77a8651e829aTinderbox User not rely on an external server to carry out validation, it can
aa1905addf2f33d90aa020080e4e77a8651e829aTinderbox User be used to check the validity of DNS responses in environments
aa1905addf2f33d90aa020080e4e77a8651e829aTinderbox User where local name servers may not be trustworthy.
aa1905addf2f33d90aa020080e4e77a8651e829aTinderbox User Unless it is told to query a specific name server,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <span><strong class="command">delv</strong></span> will try each of the servers listed in
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <code class="filename">/etc/resolv.conf</code>. If no usable server
ac93437301f55ed69bf85883a497a75598c628f9Automatic Updater addresses are found, <span><strong class="command">delv</strong></span> will send
ac93437301f55ed69bf85883a497a75598c628f9Automatic Updater queries to the localhost addresses (127.0.0.1 for IPv4, ::1
77dccf2a5d9327d16b4374a135cdb99bdd48620eAutomatic Updater When no command line arguments or options are given,
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews <span><strong class="command">delv</strong></span> will perform an NS query for "."
47012ae6dbf18a2503d7b33c1c9583dc38625cb7Mark Andrews (the root zone).
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce A typical invocation of <span><strong class="command">delv</strong></span> looks like:
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce<pre class="programlisting"> delv @server name type </pre>
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce<dt><span class="term"><code class="constant">server</code></span></dt>
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce is the name or IP address of the name server to query. This
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce can be an IPv4 address in dotted-decimal notation or an IPv6
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein address in colon-delimited notation. When the supplied
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User <em class="parameter"><code>server</code></em> argument is a hostname,
aa1905addf2f33d90aa020080e4e77a8651e829aTinderbox User <span><strong class="command">delv</strong></span> resolves that name before
aa1905addf2f33d90aa020080e4e77a8651e829aTinderbox User querying that name server (note, however, that this
aa1905addf2f33d90aa020080e4e77a8651e829aTinderbox User initial lookup is <span class="emphasis"><em>not</em></span> validated
aa1905addf2f33d90aa020080e4e77a8651e829aTinderbox User If no <em class="parameter"><code>server</code></em> argument is
aa1905addf2f33d90aa020080e4e77a8651e829aTinderbox User provided, <span><strong class="command">delv</strong></span> consults
aa1905addf2f33d90aa020080e4e77a8651e829aTinderbox User <code class="filename">/etc/resolv.conf</code>; if an
aa1905addf2f33d90aa020080e4e77a8651e829aTinderbox User address is found there, it queries the name server at
aa1905addf2f33d90aa020080e4e77a8651e829aTinderbox User that address. If either of the <code class="option">-4</code> or
aa1905addf2f33d90aa020080e4e77a8651e829aTinderbox User <code class="option">-6</code> options are in use, then
aa1905addf2f33d90aa020080e4e77a8651e829aTinderbox User only addresses for the corresponding transport
aa1905addf2f33d90aa020080e4e77a8651e829aTinderbox User will be tried. If no usable addresses are found,
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User <span><strong class="command">delv</strong></span> will send queries to
aa1905addf2f33d90aa020080e4e77a8651e829aTinderbox User the localhost addresses (127.0.0.1 for IPv4,
aa1905addf2f33d90aa020080e4e77a8651e829aTinderbox User ::1 for IPv6).
aa1905addf2f33d90aa020080e4e77a8651e829aTinderbox User<dt><span class="term"><code class="constant">name</code></span></dt>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt is the domain name to be looked up.
aa1905addf2f33d90aa020080e4e77a8651e829aTinderbox User<dt><span class="term"><code class="constant">type</code></span></dt>
aa1905addf2f33d90aa020080e4e77a8651e829aTinderbox User indicates what type of query is required —
aa1905addf2f33d90aa020080e4e77a8651e829aTinderbox User ANY, A, MX, etc.
aa1905addf2f33d90aa020080e4e77a8651e829aTinderbox User <em class="parameter"><code>type</code></em> can be any valid query
aa1905addf2f33d90aa020080e4e77a8651e829aTinderbox User <em class="parameter"><code>type</code></em> argument is supplied,
aa1905addf2f33d90aa020080e4e77a8651e829aTinderbox User <span><strong class="command">delv</strong></span> will perform a lookup for an
aa1905addf2f33d90aa020080e4e77a8651e829aTinderbox User<dt><span class="term">-a <em class="replaceable"><code>anchor-file</code></em></span></dt>
aa1905addf2f33d90aa020080e4e77a8651e829aTinderbox User Specifies a file from which to read DNSSEC trust anchors.
aa1905addf2f33d90aa020080e4e77a8651e829aTinderbox User The default is <code class="filename">/etc/bind.keys</code>, which
aa1905addf2f33d90aa020080e4e77a8651e829aTinderbox User is included with <acronym class="acronym">BIND</acronym> 9 and contains
aa1905addf2f33d90aa020080e4e77a8651e829aTinderbox User trust anchors for the root zone (".") and for the ISC
aa1905addf2f33d90aa020080e4e77a8651e829aTinderbox User DNSSEC lookaside validation zone ("dlv.isc.org").
aa1905addf2f33d90aa020080e4e77a8651e829aTinderbox User Keys that do not match the root or DLV trust-anchor
aa1905addf2f33d90aa020080e4e77a8651e829aTinderbox User names are ignored; these key names can be overridden
aa1905addf2f33d90aa020080e4e77a8651e829aTinderbox User using the <code class="option">+dlv=NAME</code> or
aa1905addf2f33d90aa020080e4e77a8651e829aTinderbox User <code class="option">+root=NAME</code> options.
aa1905addf2f33d90aa020080e4e77a8651e829aTinderbox User Note: When reading the trust anchor file,
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User <span><strong class="command">delv</strong></span> treats <code class="option">managed-keys</code>
aa1905addf2f33d90aa020080e4e77a8651e829aTinderbox User statements and <code class="option">trusted-keys</code> statements
aa1905addf2f33d90aa020080e4e77a8651e829aTinderbox User identically. That is, for a managed key, it is the
aa1905addf2f33d90aa020080e4e77a8651e829aTinderbox User <span class="emphasis"><em>initial</em></span> key that is trusted; RFC 5011
aa1905addf2f33d90aa020080e4e77a8651e829aTinderbox User key management is not supported. <span><strong class="command">delv</strong></span>
aa1905addf2f33d90aa020080e4e77a8651e829aTinderbox User will not consult the managed-keys database maintained by
aa1905addf2f33d90aa020080e4e77a8651e829aTinderbox User <span><strong class="command">named</strong></span>. This means that if either of the
aa1905addf2f33d90aa020080e4e77a8651e829aTinderbox User keys in <code class="filename">/etc/bind.keys</code> is revoked
aa1905addf2f33d90aa020080e4e77a8651e829aTinderbox User and rolled over, it will be necessary to update
aa1905addf2f33d90aa020080e4e77a8651e829aTinderbox User <code class="filename">/etc/bind.keys</code> to use DNSSEC
aa1905addf2f33d90aa020080e4e77a8651e829aTinderbox User validation in <span><strong class="command">delv</strong></span>.
aa1905addf2f33d90aa020080e4e77a8651e829aTinderbox User<dt><span class="term">-b <em class="replaceable"><code>address</code></em></span></dt>
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User Sets the source IP address of the query to
aa1905addf2f33d90aa020080e4e77a8651e829aTinderbox User <em class="parameter"><code>address</code></em>. This must be a valid address
aa1905addf2f33d90aa020080e4e77a8651e829aTinderbox User on one of the host's network interfaces or "0.0.0.0" or "::".
aa1905addf2f33d90aa020080e4e77a8651e829aTinderbox User An optional source port may be specified by appending
aa1905addf2f33d90aa020080e4e77a8651e829aTinderbox User "#<port>"
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<dt><span class="term">-c <em class="replaceable"><code>class</code></em></span></dt>
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User Sets the query class for the requested data. Currently,
aa1905addf2f33d90aa020080e4e77a8651e829aTinderbox User only class "IN" is supported in <span><strong class="command">delv</strong></span>
aa1905addf2f33d90aa020080e4e77a8651e829aTinderbox User and any other value is ignored.
aa1905addf2f33d90aa020080e4e77a8651e829aTinderbox User<dt><span class="term">-d <em class="replaceable"><code>level</code></em></span></dt>
aa1905addf2f33d90aa020080e4e77a8651e829aTinderbox User Set the systemwide debug level to <code class="option">level</code>.
aa1905addf2f33d90aa020080e4e77a8651e829aTinderbox User The allowed range is from 0 to 99.
aa1905addf2f33d90aa020080e4e77a8651e829aTinderbox User The default is 0 (no debugging).
aa1905addf2f33d90aa020080e4e77a8651e829aTinderbox User Debugging traces from <span><strong class="command">delv</strong></span> become
aa1905addf2f33d90aa020080e4e77a8651e829aTinderbox User more verbose as the debug level increases.
aa1905addf2f33d90aa020080e4e77a8651e829aTinderbox User See the <code class="option">+mtrace</code>, <code class="option">+rtrace</code>,
aa1905addf2f33d90aa020080e4e77a8651e829aTinderbox User and <code class="option">+vtrace</code> options below for additional
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User debugging details.
aa1905addf2f33d90aa020080e4e77a8651e829aTinderbox User Display the <span><strong class="command">delv</strong></span> help usage output and exit.
aa1905addf2f33d90aa020080e4e77a8651e829aTinderbox User Insecure mode. This disables internal DNSSEC validation.
aa1905addf2f33d90aa020080e4e77a8651e829aTinderbox User (Note, however, this does not set the CD bit on upstream
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User queries. If the server being queried is performing DNSSEC
aa1905addf2f33d90aa020080e4e77a8651e829aTinderbox User validation, then it will not return invalid data; this
aa1905addf2f33d90aa020080e4e77a8651e829aTinderbox User can cause <span><strong class="command">delv</strong></span> to time out. When it
aa1905addf2f33d90aa020080e4e77a8651e829aTinderbox User is necessary to examine invalid data to debug a DNSSEC
aa1905addf2f33d90aa020080e4e77a8651e829aTinderbox User problem, use <span><strong class="command">dig +cd</strong></span>.)
aa1905addf2f33d90aa020080e4e77a8651e829aTinderbox User Enables memory usage debugging.
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<dt><span class="term">-p <em class="replaceable"><code>port#</code></em></span></dt>
aa1905addf2f33d90aa020080e4e77a8651e829aTinderbox User Specifies a destination port to use for queries instead of
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User the standard DNS port number 53. This option would be used
aa1905addf2f33d90aa020080e4e77a8651e829aTinderbox User with a name server that has been configured to listen
aa1905addf2f33d90aa020080e4e77a8651e829aTinderbox User for queries on a non-standard port number.
aa1905addf2f33d90aa020080e4e77a8651e829aTinderbox User<dt><span class="term">-q <em class="replaceable"><code>name</code></em></span></dt>
aa1905addf2f33d90aa020080e4e77a8651e829aTinderbox User Sets the query name to <em class="parameter"><code>name</code></em>.
aa1905addf2f33d90aa020080e4e77a8651e829aTinderbox User While the query name can be specified without using the
aa1905addf2f33d90aa020080e4e77a8651e829aTinderbox User <code class="option">-q</code>, it is sometimes necessary to disambiguate
aa1905addf2f33d90aa020080e4e77a8651e829aTinderbox User names from types or classes (for example, when looking up the
aa1905addf2f33d90aa020080e4e77a8651e829aTinderbox User name "ns", which could be misinterpreted as the type NS,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein or "ch", which could be misinterpreted as class CH).
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<dt><span class="term">-t <em class="replaceable"><code>type</code></em></span></dt>
4abdfc917e6635a7c81d1f931a0c79227e72d025Mark Andrews Sets the query type to <em class="parameter"><code>type</code></em>, which
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User can be any valid query type supported in BIND 9 except
9c6a5d1f22f972232d7a9fd5c5fa64f10bacbdffAutomatic Updater for zone transfer types AXFR and IXFR. As with
9c6a5d1f22f972232d7a9fd5c5fa64f10bacbdffAutomatic Updater <code class="option">-q</code>, this is useful to distinguish
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt query name type or class when they are ambiguous.
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt it is sometimes necessary to disambiguate names from types.
9c6a5d1f22f972232d7a9fd5c5fa64f10bacbdffAutomatic Updater The default query type is "A", unless the <code class="option">-x</code>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein option is supplied to indicate a reverse lookup, in which case
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User Print the <span><strong class="command">delv</strong></span> version and exit.
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<dt><span class="term">-x <em class="replaceable"><code>addr</code></em></span></dt>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Performs a reverse lookup, mapping an addresses to
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User a name. <em class="parameter"><code>addr</code></em> is an IPv4 address in
9c6a5d1f22f972232d7a9fd5c5fa64f10bacbdffAutomatic Updater dotted-decimal notation, or a colon-delimited IPv6 address.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein When <code class="option">-x</code> is used, there is no need to provide
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User the <em class="parameter"><code>name</code></em> or <em class="parameter"><code>type</code></em>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein arguments. <span><strong class="command">delv</strong></span> automatically performs a
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User lookup for a name like <code class="literal">11.12.13.10.in-addr.arpa</code>
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User and sets the query type to PTR. IPv6 addresses are looked up
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt using nibble format under the IP6.ARPA domain.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Forces <span><strong class="command">delv</strong></span> to only use IPv4.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Forces <span><strong class="command">delv</strong></span> to only use IPv6.
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<p><span><strong class="command">delv</strong></span>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein provides a number of query options which affect the way results are
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein displayed, and in some cases the way lookups are performed.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Each query option is identified by a keyword preceded by a plus sign
47012ae6dbf18a2503d7b33c1c9583dc38625cb7Mark Andrews (<code class="literal">+</code>). Some keywords set or reset an
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein option. These may be preceded by the string
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <code class="literal">no</code> to negate the meaning of that keyword.
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User Other keywords assign values to options like the timeout interval.
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User They have the form <code class="option">+keyword=value</code>.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein The query options are:
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dt><span class="term"><code class="option">+[no]cdflag</code></span></dt>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Controls whether to set the CD (checking disabled) bit in
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt queries sent by <span><strong class="command">delv</strong></span>. This may be useful
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein when troubleshooting DNSSEC problems from behind a validating
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein resolver. A validating resolver will block invalid responses,
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews making it difficult to retrieve them for analysis. Setting
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews the CD flag on queries will cause the resolver to return
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein invalid responses, which <span><strong class="command">delv</strong></span> can then
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User validate internally and report the errors in detail.
dec590a3deb8e87380a8bd3a77d535dba3729bf6Tinderbox User<dt><span class="term"><code class="option">+[no]class</code></span></dt>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews Controls whether to display the CLASS when printing
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews a record. The default is to display the CLASS.
dec590a3deb8e87380a8bd3a77d535dba3729bf6Tinderbox User<dt><span class="term"><code class="option">+[no]ttl</code></span></dt>
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User Controls whether to display the TTL when printing
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User a record. The default is to display the TTL.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dt><span class="term"><code class="option">+[no]rtrace</code></span></dt>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Toggle resolver fetch logging. This reports the
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews name and type of each query sent by <span><strong class="command">delv</strong></span>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein in the process of carrying out the resolution and validation
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein process: this includes including the original query and
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein all subsequent queries to follow CNAMEs and to establish a
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt chain of trust for DNSSEC validation.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein This is equivalent to setting the debug level to 1 in
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein the "resolver" logging category. Setting the systemwide
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt debug level to 1 using the <code class="option">-d</code> option will
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein product the same output (but will affect other logging
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein categories as well).
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dt><span class="term"><code class="option">+[no]mtrace</code></span></dt>
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User Toggle message logging. This produces a detailed dump of
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein the responses received by <span><strong class="command">delv</strong></span> in the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein process of carrying out the resolution and validation process.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein This is equivalent to setting the debug level to 10
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt for the "packets" module of the "resolver" logging
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein category. Setting the systemwide debug level to 10 using
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein the <code class="option">-d</code> option will produce the same output
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User (but will affect other logging categories as well).
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dt><span class="term"><code class="option">+[no]vtrace</code></span></dt>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Toggle validation logging. This shows the internal
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein process of the validator as it determines whether an
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User answer is validly signed, unsigned, or invalid.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein This is equivalent to setting the debug level to 3
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein for the "validator" module of the "dnssec" logging
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein category. Setting the systemwide debug level to 3 using
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein the <code class="option">-d</code> option will produce the same output
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein (but will affect other logging categories as well).
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dt><span class="term"><code class="option">+[no]short</code></span></dt>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Provide a terse answer. The default is to print the answer in a
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews verbose form.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dt><span class="term"><code class="option">+[no]comments</code></span></dt>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Toggle the display of comment lines in the output. The default
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein is to print comments.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dt><span class="term"><code class="option">+[no]rrcomments</code></span></dt>
e.g. "[ key id = value ]".
a trust anchor of "dlv.isc.org", for which there is a