. . .nr rst2man-indent-level 0 . \\$1 \\n[an-margin] level \\n[rst2man-indent-level] level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] - \\n[rst2man-indent0] \\n[rst2man-indent1] \\n[rst2man-indent2] .. .rstReportMargin pre:
. RS \\$1 . nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin] . nr rst2man-indent-level +1 .rstReportMargin post:
.. . RE indent \\n[an-margin]
old: \\n[rst2man-indent\\n[rst2man-indent-level]]
.nr rst2man-indent-level -1 new: \\n[rst2man-indent\\n[rst2man-indent-level]]
..
hostname This name is resolved (looked up in the DNS). If a IPv4 or IPv6 address is given, a reverse lookup is performed. NINDENT NDENT 0.0
-h Show the version and commandline option help. NINDENT NDENT 0.0
-v Enable verbose output and it shows validation results, on every line. Secure means that the NXDOMAIN (no such domain name), nodata (no such data) or positive data response validated correctly with one of the keys. Insecure means that that domain name has no security set up for it. Bogus (security failure) means that the response failed one or more checks, it is likely wrong, outdated, tampered with, or broken. NINDENT NDENT 0.0
-d Enable debug output to stderr. One \%-d shows what the resolver and validator are doing and may tell you what is going on. More times, \%-d \%-d, gives a lot of output, with every packet sent and received. NINDENT NDENT 0.0
-c <class> Specify the class to lookup for, the default is IN the internet class. NINDENT NDENT 0.0
-t <type> Specify the type of data to lookup. The default looks for IPv4, IPv6 and mail handler data, or domain name pointers for reverse queries. NINDENT NDENT 0.0
-y <key> Specify a public key to use as trust anchor. This is the base for a chain of trust that is built up from the trust anchor to the response, in order to validate the response message. Can be given as a DS or DNSKEY record. For example: NDENT 7.0 NDENT 3.5
-y \(dqexample.com DS 31560 5 1 1CFED84787E6E19CCF9372C1187325972FE546CD\(dqNINDENT NINDENT NINDENT NDENT 0.0
-D Enables DNSSEC validation. Reads the root anchor from the default configured root anchor at the default location, @UNBOUND_ROOTKEY_FILE@. NINDENT NDENT 0.0
-f <keyfile> Reads keys from a file. Every line has a DS or DNSKEY record, in the format as for \%-y. The zone file format, the same as dig and drill produce. NINDENT NDENT 0.0
-F <namedkeyfile> Reads keys from a BIND-style named.conf file. Only the trusted-key {}; entries are read. NINDENT NDENT 0.0
-C <configfile> Uses the specified unbound.conf to prime \%libunbound(3). Pass it as first argument if you want to override some options from the config file with further arguments on the commandline. NINDENT NDENT 0.0
-r Read /etc/resolv.conf, and use the forward DNS servers from there (those could have been set by DHCP). More info in resolv.conf(5). Breaks validation if those servers do not support DNSSEC. NINDENT NDENT 0.0
-4 Use solely the IPv4 network for sending packets. NINDENT NDENT 0.0
-6 Use solely the IPv6 network for sending packets. NINDENT
$ unbound-host www.example.com $ unbound-host -v -y \(dqexample.com DS 31560 5 1 1CFED84787E6E19CCF9372C1187325972FE546CD\(dq www.example.com $ unbound-host -v -y \(dqexample.com DS 31560 5 1 1CFED84787E6E19CCF9372C1187325972FE546CD\(dq 192.0.2.153NINDENT NINDENT
.