| version 1.3, 2019/02/24 20:01:26 |
version 1.4, 2020/05/24 19:46:11 |
|
|
| .\" $NetBSD$ |
.\" $NetBSD$ |
| .\" |
.\" |
| .\" Copyright (C) 2014-2019 Internet Systems Consortium, Inc. ("ISC") |
.\" Copyright (C) 2014-2020 Internet Systems Consortium, Inc. ("ISC") |
| .\" |
.\" |
| .\" This Source Code Form is subject to the terms of the Mozilla Public |
.\" This Source Code Form is subject to the terms of the Mozilla Public |
| .\" License, v. 2.0. If a copy of the MPL was not distributed with this |
.\" License, v. 2.0. If a copy of the MPL was not distributed with this |
| Line 55 is a tool for sending DNS queries and va |
|
| Line 55 is a tool for sending DNS queries and va |
|
| \fBnamed\fR\&. |
\fBnamed\fR\&. |
| .PP |
.PP |
| \fBdelv\fR |
\fBdelv\fR |
| will send to a specified name server all queries needed to fetch and validate the requested data; this includes the original requested query, subsequent queries to follow CNAME or DNAME chains, and queries for DNSKEY, DS and DLV records to establish a chain of trust for DNSSEC validation\&. It does not perform iterative resolution, but simulates the behavior of a name server configured for DNSSEC validating and forwarding\&. |
will send to a specified name server all queries needed to fetch and validate the requested data; this includes the original requested query, subsequent queries to follow CNAME or DNAME chains, and queries for DNSKEY and DS records to establish a chain of trust for DNSSEC validation\&. It does not perform iterative resolution, but simulates the behavior of a name server configured for DNSSEC validating and forwarding\&. |
| .PP |
.PP |
| By default, responses are validated using built\-in DNSSEC trust anchor for the root zone ("\&.")\&. Records returned by |
By default, responses are validated using built\-in DNSSEC trust anchor for the root zone ("\&.")\&. Records returned by |
| \fBdelv\fR |
\fBdelv\fR |
|
|
| .sp |
.sp |
| Keys that do not match the root zone name are ignored\&. An alternate key name can be specified using the |
Keys that do not match the root zone name are ignored\&. An alternate key name can be specified using the |
| \fB+root=NAME\fR |
\fB+root=NAME\fR |
| options\&. DNSSEC Lookaside Validation can also be turned on by using the |
options\&. |
| \fB+dlv=NAME\fR |
|
| to specify the name of a zone containing DLV records\&. |
|
| .sp |
.sp |
| Note: When reading the trust anchor file, |
Note: When reading the trust anchor file, |
| \fBdelv\fR |
\fBdelv\fR |
| treats |
treats |
| \fBmanaged\-keys\fR |
\fBtrust\-anchors\fR\fBinitial\-key\fR |
| statements and |
and |
| \fBtrusted\-keys\fR |
\fBstatic\-key\fR |
| statements identically\&. That is, for a managed key, it is the |
entries identically\&. That is, even if a key is configured with |
| \fIinitial\fR |
\fBinitial\-key\fR, indicating that it is meant to be used only as an initializing key for RFC 5011 key maintenance, it is still treated by |
| key that is trusted; RFC 5011 key management is not supported\&. |
\fBdelv\fR |
| |
as if it had been configured as a |
| |
\fBstatic\-key\fR\&. |
| \fBdelv\fR |
\fBdelv\fR |
| will not consult the managed\-keys database maintained by |
does not consult the managed keys database maintained by |
| \fBnamed\fR\&. This means that if either of the keys in |
\fBnamed\fR\&. This means that if either of the keys in |
| /etc/bind\&.keys |
/etc/bind\&.keys |
| is revoked and rolled over, it will be necessary to update |
is revoked and rolled over, it will be necessary to update |
| Line 392 output\&. The default is to do so\&. Not |
|
| Line 392 output\&. The default is to do so\&. Not |
|
| control whether to request DNSSEC records or whether to validate them\&. DNSSEC records are always requested, and validation will always occur unless suppressed by the use of |
control whether to request DNSSEC records or whether to validate them\&. DNSSEC records are always requested, and validation will always occur unless suppressed by the use of |
| \fB\-i\fR |
\fB\-i\fR |
| or |
or |
| \fB+noroot\fR |
\fB+noroot\fR\&. |
| and |
|
| \fB+nodlv\fR\&. |
|
| .RE |
.RE |
| .PP |
.PP |
| \fB+[no]root[=ROOT]\fR |
\fB+[no]root[=ROOT]\fR |
| .RS 4 |
.RS 4 |
| Indicates whether to perform conventional (non\-lookaside) DNSSEC validation, and if so, specifies the name of a trust anchor\&. The default is to validate using a trust anchor of "\&." (the root zone), for which there is a built\-in key\&. If specifying a different trust anchor, then |
Indicates whether to perform conventional DNSSEC validation, and if so, specifies the name of a trust anchor\&. The default is to validate using a trust anchor of "\&." (the root zone), for which there is a built\-in key\&. If specifying a different trust anchor, then |
| \fB\-a\fR |
\fB\-a\fR |
| must be used to specify a file containing the key\&. |
must be used to specify a file containing the key\&. |
| .RE |
.RE |
| .PP |
.PP |
| \fB+[no]dlv[=DLV]\fR |
|
| .RS 4 |
|
| Indicates whether to perform DNSSEC lookaside validation, and if so, specifies the name of the DLV trust anchor\&. The |
|
| \fB\-a\fR |
|
| option must also be used to specify a file containing the DLV key\&. |
|
| .RE |
|
| .PP |
|
| \fB+[no]tcp\fR |
\fB+[no]tcp\fR |
| .RS 4 |
.RS 4 |
| Controls whether to use TCP when sending queries\&. The default is to use UDP unless a truncated response has been received\&. |
Controls whether to use TCP when sending queries\&. The default is to use UDP unless a truncated response has been received\&. |
| Line 420 Controls whether to use TCP when sending |
|
| Line 411 Controls whether to use TCP when sending |
|
| .RS 4 |
.RS 4 |
| Print all RDATA in unknown RR type presentation format (RFC 3597)\&. The default is to print RDATA for known types in the type\*(Aqs presentation format\&. |
Print all RDATA in unknown RR type presentation format (RFC 3597)\&. The default is to print RDATA for known types in the type\*(Aqs presentation format\&. |
| .RE |
.RE |
| |
.PP |
| |
\fB+[no]yaml\fR |
| |
.RS 4 |
| |
Print response data in YAML format\&. |
| |
.RE |
| .SH "FILES" |
.SH "FILES" |
| .PP |
.PP |
| /etc/bind\&.keys |
/etc/bind\&.keys |
|
|
| \fBInternet Systems Consortium, Inc\&.\fR |
\fBInternet Systems Consortium, Inc\&.\fR |
| .SH "COPYRIGHT" |
.SH "COPYRIGHT" |
| .br |
.br |
| Copyright \(co 2014-2019 Internet Systems Consortium, Inc. ("ISC") |
Copyright \(co 2014-2020 Internet Systems Consortium, Inc. ("ISC") |
| .br |
.br |
![[BACK]](/icons/back.gif){kind=icon}
Return to delv.1 CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [cvs.NetBSD.org] / src / external / mpl / bind / dist / bin / delv