$OpenBSD: patch-bin_dig_host_c,v 1.4 2018/07/12 10:12:30 sthen Exp $
Index: bin/dig/host.c
--- bin/dig/host.c.orig
+++ bin/dig/host.c
@@ -896,6 +896,11 @@ main(int argc, char **argv) {
 	dighost_trying = trying;
 	dighost_shutdown = host_shutdown;
 
+	if (pledge("stdio rpath inet unix dns", NULL) == -1) {
+		perror("pledge");
+		exit(1);
+	}
+
 	debug("main()");
 	progname = argv[0];
 	pre_parse_args(argc, argv);
@@ -904,6 +909,13 @@ main(int argc, char **argv) {
 	setup_libs();
 	setup_system(ipv4only, ipv6only);
 	parse_args(ISC_FALSE, argc, argv);
+
+	/* inet for network connections, dns for resolv.conf */
+	if (pledge("stdio inet dns", NULL) == -1) {
+		perror("pledge");
+		exit(1);
+	}
+
 	if (keyfile[0] != 0)
 		setup_file_key();
 	else if (keysecret[0] != 0)
