$OpenBSD: patch-bin_dig_dig_c,v 1.5 2018/03/15 00:59:18 sthen Exp $
Index: bin/dig/dig.c
--- bin/dig/dig.c.orig
+++ bin/dig/dig.c
@@ -2182,6 +2182,11 @@ void dig_setup(int argc, char **argv)
 	ISC_LIST_INIT(server_list);
 	ISC_LIST_INIT(search_list);
 
+	if (pledge("stdio rpath inet unix dns", NULL) == -1) {
+		perror("pledge");
+		exit(1);
+	}
+
 	debug("dig_setup()");
 
 	/* setup dighost callbacks */
@@ -2209,6 +2214,13 @@ void dig_query_setup(isc_boolean_t is_batchfile, isc_b
 	debug("dig_query_setup");
 
 	parse_args(is_batchfile, config_only, argc, argv);
+
+	/* inet for network connections, dns for resolv.conf */
+	if (pledge("stdio inet dns", NULL) == -1) {
+		perror("pledge");
+		exit(1);
+	}
+
 	if (keyfile[0] != 0)
 		setup_file_key();
 	else if (keysecret[0] != 0)
