Those command line features are now obsolete and has been removed from the dig command. Instead, use delv command. I will update my page later when I am free.
What is a delv command on Linux or Unix?
The delv is a command-line tool for sending DNS queries and validating the results, using the same internal resolver and validator logic as named.
The delv command will send to a specified name server all queries needed to fetch and validate the requested data; this includes the original requested query, subsequent queries to follow CNAME or DNAME chains, and queries for DNSKEY and DS records to establish a chain of trust for DNSSEC validation. It does not perform iterative resolution, but simulates the behavior of a name server configured for DNSSEC validating and forwarding.
By default, responses are validated using built-in DNSSEC trust anchor for the root zone (“.”). Records returned by delv are either fully validated or were not signed. If validation fails, an explanation of the failure is included in the output; the validation process can be traced in detail. Because delv does not rely on an external server to carry out validation, it can be used to check the validity of DNS responses in environments where local name servers may not be trustworthy.
Syntax
delv @dns-server name type
where:
server - The name or IP address of the name server to query. This can be an IPv4 address in dotted decimal notation (e.g. @8.8.8.8) or an IPv6 address in colon-delimited notation. If no server argument is provided, delv consults /etc/resolv.conf file
name - Is the domain name to be looked up such as google.com
type - Indicates what type of query is required - ANY, A, MX, AAAA, TXT etc. Type can be any valid dns query type. If no type argument is supplied, delv will perform a lookup for an A record.
You no longer needs that with the delv. The default is to perform lookaside validation using a trust anchor of “dlv.isc.org”, for which there is a built-in key. If specifying a different name, then -a must be used to specify a file containing the DLV key. The syntax for that is
delv -a anchor-file-name
From the man page:
Keys that do not match the root or DLV trust-anchor names are ignored; these key names can be overridden using the +dlv=NAME or +root=NAME options.
Example:
delv @172.0.0.2 -a /tmp/your-trusted.key +root=your-example-com your-example-com. SOA +multiline