c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<html>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<head>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<title>delve</title>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<link rel="up" href="Bv9ARM.ch10.html" title="Manual pages">

dbb012765c735ee0d82dedb116cdc7cf18957814Evan Hunt<link rel="prev" href="man.host.html" title="host">

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<link rel="next" href="man.dnssec-checkds.html" title="dnssec-checkds">

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews</head>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<div class="navheader">

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<table width="100%" summary="Navigation header">

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<tr><th colspan="3" align="center">delve</th></tr>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<tr>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<td width="20%" align="left">

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<a accesskey="p" href="man.host.html">Prev</a>�</td>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<th width="60%" align="center">Manual pages</th>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<td width="20%" align="right">�<a accesskey="n" href="man.dnssec-checkds.html">Next</a>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews</td>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews</tr>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews</table>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<hr>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews</div>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<div class="refentry" lang="en">

2ae159b376dac23870d8005563c585acf85a4b5aEvan Hunt<a name="man.delve"></a><div class="titlepage"></div>

2ae159b376dac23870d8005563c585acf85a4b5aEvan Hunt<div class="refnamediv">

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<h2>Name</h2>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<p>delve &#8212; DNS lookup and validation utility</p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews</div>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<div class="refsynopsisdiv">

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<h2>Synopsis</h2>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<div class="cmdsynopsis"><p><code class="command">delve</code> [@server] [<code class="option">-4</code>] [<code class="option">-6</code>] [<code class="option">-a <em class="replaceable"><code>anchor-file</code></em></code>] [<code class="option">-b <em class="replaceable"><code>address</code></em></code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-d <em class="replaceable"><code>level</code></em></code>] [<code class="option">-i</code>] [<code class="option">-m</code>] [<code class="option">-p <em class="replaceable"><code>port#</code></em></code>] [<code class="option">-q <em class="replaceable"><code>name</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-x <em class="replaceable"><code>addr</code></em></code>] [name] [type] [class] [queryopt...]</p></div>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<div class="cmdsynopsis"><p><code class="command">delve</code> [<code class="option">-h</code>]</p></div>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<div class="cmdsynopsis"><p><code class="command">delve</code> [<code class="option">-v</code>]</p></div>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<div class="cmdsynopsis"><p><code class="command">delve</code> [queryopt...] [query...]</p></div>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews</div>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<div class="refsect1" lang="en">

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<a name="id2615073"></a><h2>DESCRIPTION</h2>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<p><span><strong class="command">delve</strong></span>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews (Domain Entity Lookup &amp; Validation Engine) is a tool for sending

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews DNS queries and validating the results, using the the same internal

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews resolver and validator logic as <span><strong class="command">named</strong></span>.

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews </p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <span><strong class="command">delve</strong></span> will send to a specified name server all

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews queries needed to fetch and validate the requested data; this

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews includes the original requested query, subsequent queries to follow

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews CNAME or DNAME chains, and queries for DNSKEY, DS and DLV records

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews to establish a chain of trust for DNSSEC validation.

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews It does not perform iterative resolution, but simulates the

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews behavior of a name server configured for DNSSEC validating and

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews forwarding.

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews </p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews By default, responses are validated using built-in DNSSEC trust

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews anchors for the root zone (".") and for the ISC DNSSEC lookaside

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews validation zone ("dlv.isc.org"). Records returned by

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <span><strong class="command">delve</strong></span> are either fully validated or

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews were not signed. If validation fails, an explanation of

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews the failure is included in the output; the validation process

ba751492fcc4f161a18b983d4f018a1a52938cb9Evan Hunt can be traced in detail. Because <span><strong class="command">delve</strong></span> does

ba751492fcc4f161a18b983d4f018a1a52938cb9Evan Hunt not rely on an external server to carry out validation, it can

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews be used to check the validity of DNS responses in environments

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews where local name servers may not be trustworthy.

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews </p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews Unless it is told to query a specific name server,

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <span><strong class="command">delve</strong></span> will try each of the servers listed in

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <code class="filename">/etc/resolv.conf</code>. If no usable server

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews addresses are found, <span><strong class="command">delve</strong></span> will send

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews queries to the localhost addresses (127.0.0.1 for IPv4, ::1

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews for IPv6).

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews </p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews When no command line arguments or options are given,

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <span><strong class="command">delve</strong></span> will perform an NS query for "."

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews (the root zone).

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews </p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews</div>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<div class="refsect1" lang="en">

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<a name="id2615145"></a><h2>SIMPLE USAGE</h2>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews A typical invocation of <span><strong class="command">delve</strong></span> looks like:

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews </p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<pre class="programlisting"> delve @server name type </pre>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews where:

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews </p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<div class="variablelist"><dl>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dt><span class="term"><code class="constant">server</code></span></dt>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dd>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews is the name or IP address of the name server to query. This

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews can be an IPv4 address in dotted-decimal notation or an IPv6

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews address in colon-delimited notation. When the supplied

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <em class="parameter"><code>server</code></em> argument is a hostname,

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <span><strong class="command">delve</strong></span> resolves that name before

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews querying that name server (note, however, that this

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews initial lookup is <span class="emphasis"><em>not</em></span> validated

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews by DNSSEC).

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews </p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews If no <em class="parameter"><code>server</code></em> argument is

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews provided, <span><strong class="command">delve</strong></span> consults

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <code class="filename">/etc/resolv.conf</code>; if an

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews address is found there, it queries the name server at

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews that address. If either of the <code class="option">-4</code> or

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <code class="option">-6</code> options are in use, then

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews only addresses for the corresponding transport

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews will be tried. If no usable addresses are found,

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <span><strong class="command">delve</strong></span> will send queries to

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews the localhost addresses (127.0.0.1 for IPv4,

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews ::1 for IPv6).

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews </p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews</dd>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dt><span class="term"><code class="constant">name</code></span></dt>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dd><p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews is the domain name to be looked up.

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews </p></dd>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dt><span class="term"><code class="constant">type</code></span></dt>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dd><p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews indicates what type of query is required &#8212;

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews ANY, A, MX, etc.

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <em class="parameter"><code>type</code></em> can be any valid query

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews type. If no

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <em class="parameter"><code>type</code></em> argument is supplied,

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <span><strong class="command">delve</strong></span> will perform a lookup for an

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews A record.

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews </p></dd>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews</dl></div>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews </p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews</div>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<div class="refsect1" lang="en">

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<a name="id2616096"></a><h2>OPTIONS</h2>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<div class="variablelist"><dl>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dt><span class="term">-a <em class="replaceable"><code>anchor-file</code></em></span></dt>

98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt<dd>

98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt<p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews Specifies a file from which to read DNSSEC trust anchors.

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews The default is <code class="filename">/etc/bind.keys</code>, which

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews is included with <acronym class="acronym">BIND</acronym> 9 and contains

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews trust anchors for the root zone (".") and for the ISC

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews DNSSEC lookaside validation zone ("dlv.isc.org").

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews </p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews Keys that do not match the root or DLV trust-anchor

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews names are ignored; these key names can be overridden

98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt using the <code class="option">+dlv=NAME</code> or

98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt <code class="option">+root=NAME</code> options.

98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt </p>

98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt<p>

98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt Note: When reading the trust anchor file,

98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt <span><strong class="command">delve</strong></span> treats <code class="option">managed-keys</code>

98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt statements and <code class="option">trusted-keys</code> statements

98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt identically. That is, for a managed key, it is the

98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt <span class="emphasis"><em>initial</em></span> key that is trusted; RFC 5011

98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt key management is not supported. <span><strong class="command">delve</strong></span>

98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt will not consult the managed-keys database maintained by

98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt <span><strong class="command">named</strong></span>. This means that if either of the

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews keys in <code class="filename">/etc/bind.keys</code> is revoked

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews and rolled over, it will be necessary to update

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <code class="filename">/etc/bind.keys</code> to use DNSSEC

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews validation in <span><strong class="command">delve</strong></span>.

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews </p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews</dd>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dt><span class="term">-b <em class="replaceable"><code>address</code></em></span></dt>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dd><p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews Sets the source IP address of the query to

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <em class="parameter"><code>address</code></em>. This must be a valid address

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews on one of the host's network interfaces or "0.0.0.0" or "::".

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews An optional source port may be specified by appending

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews "#&lt;port&gt;"

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews </p></dd>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dt><span class="term">-c <em class="replaceable"><code>class</code></em></span></dt>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dd><p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews Sets the query class for the requested data. Currently,

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews only class "IN" is supported in <span><strong class="command">delve</strong></span>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews and any other value is ignored.

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews </p></dd>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dt><span class="term">-d <em class="replaceable"><code>level</code></em></span></dt>

2ae159b376dac23870d8005563c585acf85a4b5aEvan Hunt<dd><p>

2ae159b376dac23870d8005563c585acf85a4b5aEvan Hunt Set the systemwide debug level to <code class="option">level</code>.

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews The allowed range is from 0 to 99.

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews The default is 0 (no debugging).

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews Debugging traces from <span><strong class="command">delve</strong></span> become

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews more verbose as the debug level increases.

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews See the <code class="option">+mtrace</code>, <code class="option">+rtrace</code>,

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews and <code class="option">+vtrace</code> options below for additional

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews debugging details.

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews </p></dd>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dt><span class="term">-h</span></dt>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dd><p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews Display the <span><strong class="command">delve</strong></span> help usage output and exit.

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews </p></dd>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dt><span class="term">-i</span></dt>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dd><p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews Insecure mode. This disables internal DNSSEC validation.

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews (Note, however, this does not set the CD bit on upstream

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews queries. If the server being queried is performing DNSSEC

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews validation, then it will not return invalid data; this

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews can cause <span><strong class="command">delve</strong></span> to time out. When it

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews is necessary to examine invalid data to debug a DNSSEC

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews problem, use <span><strong class="command">dig +cd</strong></span>.)

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews </p></dd>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dt><span class="term">-m</span></dt>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dd><p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews Enables memory usage debugging.

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews </p></dd>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dt><span class="term">-p <em class="replaceable"><code>port#</code></em></span></dt>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dd><p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews Specifies a destination port to use for queries instead of

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews the standard DNS port number 53. This option would be used

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews with a name server that has been configured to listen

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews for queries on a non-standard port number.

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews </p></dd>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dt><span class="term">-q <em class="replaceable"><code>name</code></em></span></dt>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dd><p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews Sets the query name to <em class="parameter"><code>name</code></em>.

ba751492fcc4f161a18b983d4f018a1a52938cb9Evan Hunt While the query name can be specified without using the

ba751492fcc4f161a18b983d4f018a1a52938cb9Evan Hunt <code class="option">-q</code>, it is sometimes necessary to disambiguate

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews names from types or classes (for example, when looking up the

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews name "ns", which could be misinterpreted as the type NS,

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews or "ch", which could be misinterpreted as class CH).

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews </p></dd>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dt><span class="term">-t <em class="replaceable"><code>type</code></em></span></dt>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dd>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews Sets the query type to <em class="parameter"><code>type</code></em>, which

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews can be any valid query type supported in BIND 9 except

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews for zone transfer types AXFR and IXFR. As with

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <code class="option">-q</code>, this is useful to distinguish

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews query name type or class when they are ambiguous.

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews it is sometimes necessary to disambiguate names from types.

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews </p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews The default query type is "A", unless the <code class="option">-x</code>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews option is supplied to indicate a reverse lookup, in which case

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews it is "PTR".

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews </p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews</dd>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dt><span class="term">-v</span></dt>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dd><p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews Print the <span><strong class="command">delve</strong></span> version and exit.

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews </p></dd>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dt><span class="term">-x <em class="replaceable"><code>addr</code></em></span></dt>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dd><p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews Performs a reverse lookup, mapping an addresses to

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews a name. <em class="parameter"><code>addr</code></em> is an IPv4 address in

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews dotted-decimal notation, or a colon-delimited IPv6 address.

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews When <code class="option">-x</code> is used, there is no need to provide

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews the <em class="parameter"><code>name</code></em> or <em class="parameter"><code>type</code></em>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews arguments. <span><strong class="command">delve</strong></span> automatically performs a

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews lookup for a name like <code class="literal">11.12.13.10.in-addr.arpa</code>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews and sets the query type to PTR. IPv6 addresses are looked up

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews using nibble format under the IP6.ARPA domain.

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews </p></dd>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dt><span class="term">-4</span></dt>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dd><p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews Forces <span><strong class="command">delve</strong></span> to only use IPv4.

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews </p></dd>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dt><span class="term">-6</span></dt>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dd><p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews Forces <span><strong class="command">delve</strong></span> to only use IPv6.

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews </p></dd>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews</dl></div>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews</div>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<div class="refsect1" lang="en">

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<a name="id2671053"></a><h2>QUERY OPTIONS</h2>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<p><span><strong class="command">delve</strong></span>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews provides a number of query options which affect the way results are

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews displayed, and in some cases the way lookups are performed.

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews </p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews Each query option is identified by a keyword preceded by a plus sign

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews (<code class="literal">+</code>). Some keywords set or reset an

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews option. These may be preceded by the string

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <code class="literal">no</code> to negate the meaning of that keyword.

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews Other keywords assign values to options like the timeout interval.

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews They have the form <code class="option">+keyword=value</code>.

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews The query options are:

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews </p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<div class="variablelist"><dl>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dt><span class="term"><code class="option">+[no]cdflag</code></span></dt>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dd><p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews Controls whether to set the CD (checking disabled) bit in

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews queries sent by <span><strong class="command">delve</strong></span>. This may be useful

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews when troubleshooting DNSSEC problems from behind a validating

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews resolver. A validating resolver will block invalid responses,

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews making it difficult to retrieve them for analysis. Setting

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews the CD flag on queries will cause the resolver to return

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews invalid responses, which <span><strong class="command">delve</strong></span> can then

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews validate internally and report the errors in detail.

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews </p></dd>

98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt<dt><span class="term"><code class="option">+[no]class</code></span></dt>

98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt<dd><p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews Controls whether to display the CLASS when printing

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews a record. The default is to display the CLASS.

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews </p></dd>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dt><span class="term"><code class="option">+[no]ttl</code></span></dt>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dd><p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews Controls whether to display the TTL when printing

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews a record. The default is to display the TTL.

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews </p></dd>

98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt<dt><span class="term"><code class="option">+[no]rtrace</code></span></dt>

98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt<dd>

98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt<p>

98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt Toggle resolver fetch logging. This reports the

98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt name and type of each query sent by <span><strong class="command">delve</strong></span>

98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt in the process of carrying out the resolution and validation

98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt process: this includes including the original query and

98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt all subsequent queries to follow CNAMEs and to establish a

98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt chain of trust for DNSSEC validation.

98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt </p>

98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt<p>

98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt This is equivalent to setting the debug level to 1 in

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews the "resolver" logging category. Setting the systemwide

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews debug level to 1 using the <code class="option">-d</code> option will

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews product the same output (but will affect other logging

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews categories as well).

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews </p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews</dd>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dt><span class="term"><code class="option">+[no]mtrace</code></span></dt>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dd>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews Toggle message logging. This produces a detailed dump of

98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt the responses received by <span><strong class="command">delve</strong></span> in the

98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt process of carrying out the resolution and validation process.

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews </p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews This is equivalent to setting the debug level to 10

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews for the the "packets" module of the "resolver" logging

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews category. Setting the systemwide debug level to 10 using

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews the <code class="option">-d</code> option will produce the same output

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews (but will affect other logging categories as well).

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews </p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews</dd>

98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt<dt><span class="term"><code class="option">+[no]vtrace</code></span></dt>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dd>

98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt<p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews Toggle validation logging. This shows the internal

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews process of the validator as it determines whether an

98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt answer is validly signed, unsigned, or invalid.

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews </p>

ba751492fcc4f161a18b983d4f018a1a52938cb9Evan Hunt<p>

ba751492fcc4f161a18b983d4f018a1a52938cb9Evan Hunt This is equivalent to setting the debug level to 3

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews for the the "validator" module of the "dnssec" logging

98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt category. Setting the systemwide debug level to 3 using

98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt the <code class="option">-d</code> option will produce the same output

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews (but will affect other logging categories as well).

12bf5d4796505b4c20680531da96a31e6c2c1144Evan Hunt </p>

98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt</dd>

98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt<dt><span class="term"><code class="option">+[no]short</code></span></dt>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dd><p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews Provide a terse answer. The default is to print the answer in a

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews verbose form.

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews </p></dd>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dt><span class="term"><code class="option">+[no]comments</code></span></dt>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dd><p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews Toggle the display of comment lines in the output. The default

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews is to print comments.

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews </p></dd>

1bb2f53b9f74a8ca9812cbe9243ef41190b4da14Evan Hunt<dt><span class="term"><code class="option">+[no]rrcomments</code></span></dt>

98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt<dd><p>

98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt Toggle the display of per-record comments in the output (for

98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt example, human-readable key information about DNSKEY records).

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews The default is to print per-record comments.

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews </p></dd>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dt><span class="term"><code class="option">+[no]crypto</code></span></dt>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dd><p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews Toggle the display of cryptographic fields in DNSSEC records.

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews The contents of these field are unnecessary to debug most DNSSEC

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews validation failures and removing them makes it easier to see

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews the common failures. The default is to display the fields.

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews When omitted they are replaced by the string "[omitted]" or

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews in the DNSKEY case the key id is displayed as the replacement,

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews e.g. "[ key id = value ]".

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews </p></dd>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dt><span class="term"><code class="option">+[no]trust</code></span></dt>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dd><p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews Controls whether to display the trust level when printing

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews a record. The default is to display the trust level.

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews </p></dd>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dt><span class="term"><code class="option">+[no]split[=W]</code></span></dt>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dd><p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews Split long hex- or base64-formatted fields in resource

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews records into chunks of <em class="parameter"><code>W</code></em> characters

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews (where <em class="parameter"><code>W</code></em> is rounded up to the nearest

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews multiple of 4).

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <em class="parameter"><code>+nosplit</code></em> or

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <em class="parameter"><code>+split=0</code></em> causes fields not to be

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews split at all. The default is 56 characters, or 44 characters

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews when multiline mode is active.

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews </p></dd>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dt><span class="term"><code class="option">+[no]all</code></span></dt>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dd><p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews Set or clear the display options

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <code class="option">+[no]comments</code>,

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <code class="option">+[no]rrcomments</code>, and

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <code class="option">+[no]trust</code> as a group.

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews </p></dd>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dt><span class="term"><code class="option">+[no]multiline</code></span></dt>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dd><p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews Print long records (such as RRSIG, DNSKEY, and SOA records)

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews in a verbose multi-line format with human-readable comments.

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews The default is to print each record on a single line, to

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews facilitate machine parsing of the <span><strong class="command">delve</strong></span>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews output.

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews </p></dd>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dt><span class="term"><code class="option">+[no]dnssec</code></span></dt>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dd><p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews Indicates whether to display RRSIG records in the

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <span><strong class="command">delve</strong></span> output. The default is to

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews do so. Note that (unlike in <span><strong class="command">dig</strong></span>)

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews this does <span class="emphasis"><em>not</em></span> control whether to

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews request DNSSEC records or whether to validate them.

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews DNSSEC records are always requested, and validation

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews will always occur unless suppressed by the use of

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <code class="option">-i</code> or <code class="option">+noroot</code> and

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <code class="option">+nodlv</code>.

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews </p></dd>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dt><span class="term"><code class="option">+[no]root[=ROOT]</code></span></dt>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dd><p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews Indicates whether to perform conventional (non-lookaside)

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews DNSSEC validation, and if so, specifies the

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews name of a trust anchor. The default is to validate using

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews a trust anchor of "." (the root zone), for which there is

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews a built-in key. If specifying a different trust anchor,

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews then <code class="option">-a</code> must be used to specify a file

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews containing the key.

ba751492fcc4f161a18b983d4f018a1a52938cb9Evan Hunt </p></dd>

ba751492fcc4f161a18b983d4f018a1a52938cb9Evan Hunt<dt><span class="term"><code class="option">+[no]dlv[=DLV]</code></span></dt>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<dd><p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews Indicates whether to perform DNSSEC lookaside validation,

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews and if so, specifies the name of the DLV trust anchor.

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews The default is to perform lookaside validation using

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews a trust anchor of "dlv.isc.org", for which there is a

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews built-in key. If specifying a different name, then

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <code class="option">-a</code> must be used to specify a file

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews containing the DLV key.

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews </p></dd>

98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt</dl></div>

98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt<p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews </p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews</div>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<div class="refsect1" lang="en">

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<a name="id2671501"></a><h2>FILES</h2>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<p><code class="filename">/etc/bind.keys</code></p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<p><code class="filename">/etc/resolv.conf</code></p>

98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt</div>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<div class="refsect1" lang="en">

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<a name="id2671521"></a><h2>SEE ALSO</h2>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<p><span class="citerefentry"><span class="refentrytitle">dig</span>(1)</span>,

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <em class="citetitle">RFC4034</em>,

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <em class="citetitle">RFC4035</em>,

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <em class="citetitle">RFC4431</em>,

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <em class="citetitle">RFC5074</em>,

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews <em class="citetitle">RFC5155</em>.

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews </p>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews</div>

ba751492fcc4f161a18b983d4f018a1a52938cb9Evan Hunt</div>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<div class="navfooter">

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<hr>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<table width="100%" summary="Navigation footer">

98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt<tr>

98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt<td width="40%" align="left">

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<a accesskey="p" href="man.host.html">Prev</a>�</td>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<td width="20%" align="center"><a accesskey="u" href="Bv9ARM.ch10.html">Up</a></td>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<td width="40%" align="right">�<a accesskey="n" href="man.dnssec-checkds.html">Next</a>

98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt</td>

98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt</tr>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<tr>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<td width="40%" align="left" valign="top">host�</td>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<td width="20%" align="center"><a accesskey="h" href="Bv9ARM.html">Home</a></td>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews<td width="40%" align="right" valign="top">�<span class="application">dnssec-checkds</span>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews</td>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews</tr>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews</table>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews</div>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews</body>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews</html>

c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews