Patch to use pledge on OpenBSD.
locale is needed for idn2.

Index: bin/dig/host.c
--- bin/dig/host.c.orig
+++ bin/dig/host.c
@@ -18,6 +18,7 @@
 #include <locale.h>
 #include <stdbool.h>
 #include <stdlib.h>
+#include <unistd.h>
 
 #include <isc/app.h>
 #include <isc/attributes.h>
@@ -908,6 +909,15 @@ main(int argc, char **argv) {
 	dighost_trying = trying;
 	dighost_shutdown = host_shutdown;
 
+	/*
+	 * unix: needed for startup check, isc_net_probeunix.
+	 * (unix sockets used in controlconf).
+	 */
+	if (pledge("stdio rpath inet unix dns unveil", NULL) == -1) {
+		perror("pledge");
+		exit(1);
+	}
+
 	debug("main()");
 	progname = argv[0];
 	pre_parse_args(argc, argv);
@@ -921,6 +931,21 @@ main(int argc, char **argv) {
 	} else if (keysecret[0] != 0) {
 		setup_text_key();
 	}
+
+	if (unveil("/usr/share/locale", "r") == -1) {
+		perror("unveil /usr/share/locale");
+		exit(1);
+	}
+	/*
+	 * dns:   resolv.conf, also allows port 53 sockets
+	 * inet:  needed if we query on port != 53
+	 * rpath: locale
+	 */
+	if (pledge("stdio rpath inet dns", NULL) == -1) {
+		perror("pledge");
+		exit(1);
+	}
+
 	result = isc_app_onrun(mctx, global_task, onrun_callback, NULL);
 	check_result(result, "isc_app_onrun");
 	isc_app_run();