$OpenBSD: patch-bin_dig_dig_c,v 1.10 2019/03/01 17:17:08 sthen Exp $
Index: bin/dig/dig.c
--- bin/dig/dig.c.orig
+++ bin/dig/dig.c
@@ -2244,6 +2244,11 @@ void dig_setup(int argc, char **argv)
 	ISC_LIST_INIT(server_list);
 	ISC_LIST_INIT(search_list);
 
+	if (pledge("stdio rpath inet unix dns", NULL) == -1) {
+		perror("pledge");
+		exit(1);
+	}
+
 	debug("dig_setup()");
 
 	/* setup dighost callbacks */
@@ -2271,6 +2276,13 @@ void dig_query_setup(bool is_batchfile, bool config_on
 	debug("dig_query_setup");
 
 	parse_args(is_batchfile, config_only, argc, argv);
+
+	/* inet for network connections, dns for resolv.conf, rpath for charset conversion */
+	if (pledge("stdio rpath inet dns", NULL) == -1) {
+		perror("pledge");
+		exit(1);
+	}
+
 	if (keyfile[0] != 0)
 		setup_file_key();
 	else if (keysecret[0] != 0)
