$OpenBSD: patch-bin_dig_nslookup_c,v 1.5 2018/07/12 10:12:30 sthen Exp $
Index: bin/dig/nslookup.c
--- bin/dig/nslookup.c.orig
+++ bin/dig/nslookup.c
@@ -1002,8 +1002,19 @@ main(int argc, char **argv) {
 	result = isc_app_start();
 	check_result(result, "isc_app_start");
 
+	if (pledge("stdio rpath inet unix dns", NULL) == -1) {
+		perror("pledge");
+		exit(1);
+	}
+
 	setup_libs();
 	progname = argv[0];
+
+	/* inet for network connections, dns for resolv.conf */
+	if (pledge("stdio inet dns", NULL) == -1) {
+		perror("pledge");
+		exit(1);
+	}
 
 	setup_system(ISC_FALSE, ISC_FALSE);
 	parse_args(argc, argv);
