Start DIG Query (STRDIGQRY)
Where allowed to run: All environments (*ALL) Threadsafe: No |
Parameters Examples Error messages |
The Start DIG Query (STRDIGQRY) command, or its alias DIG, starts the Domain Information Groper tool.
DIG is a powerful query tool that allows you to retrieve information from or test the response of a Domain Name System (DNS) server. You can verify that a DNS server is responding correctly before you configure your system to use it. You can also retrieve DNS information about hosts, domains, and other DNS servers.
Unless it is told to query a specific name server, DIG will try each of the servers listed in CHGTCPDMN.
Restrictions:
- You must have execute (*X) authority to the directories in the path of the batch input file.
- You must have read (*R) authority to the batch input file.
- You must have execute (*X) authority to the directories in the path of the key file.
- You must have read (*R) authority to the key file.
- You must have execute (*X) authority to the directories in the path of the trusted keys file.
- You must have read (*R) authority to the trusted keys file.
- You must have execute (*X) authority to the directories in the path of the output file.
- You must have write (*W) authority to the output file if it already exists.
- You must have read, write and execute (*RWX) authority to the output file's parent directory if the output file does not already exist.
Top |
Parameters
Keyword | Description | Choices | Notes |
---|---|---|---|
HOSTNAME | Query name | Character value, *DFT | Optional, Positional 1 |
TYPE | Query type | *A, *AAAA, *ANY, *AXFR, *CNAME, *MX, *NS, *PTR, *SOA, *SRV, *TXT | Optional, Positional 2 |
CLASS | Query class | *IN, *CH, *HS, *ANY | Optional |
REVERSE | Reverse lookup | *NO, *YES, *IP6INT | Optional |
DMNNAMSVR | Domain name server | Character value, *CFG | Optional |
PORT | Domain name server port | 1-65535, 53 | Optional |
TIMEOUT | Query timeout | 1-100, 5 | Optional |
USEDMNSCHL | Use domain search list | *YES, *NO | Optional |
DMNSCHLIST | Domain search list | Character value, *CFG, *NONE | Optional |
SRCADR | Source address | Character value, *DFT, *ANY4, *LOOPBACK4, *ANY6, *LOOPBACK6 | Optional |
BCHFILE | Batch input file | Path name, *NONE | Optional |
IPVSN | IP Version | *ALL, *IPV4ONLY, *IPV6ONLY | Optional |
PROTOCOL | Network protocol | *UDP, *TCP | Optional |
SETRDFLAG | Recursion desired | *YES, *NO | Optional |
SETAAFLAG | Authoritative answers only | Character value, *NO, *YES | Optional |
SETADFLAG | Authentic data | *NO, *YES | Optional |
SETCDFLAG | Disable DNSSEC checking | *NO, *YES | Optional |
MULTILINE | Print multiple lines | *NO, *YES | Optional |
SHORT | Print short answer | *NO, *YES | Optional |
IDENTIFY | Print server in short answer | *NO, *YES | Optional |
PRTQRY | Print query | *NO, *YES | Optional |
PRTCLASS | Print RR class | *YES, *NO | Optional |
PRTTTL | Print RR TTL | *YES, *NO | Optional |
PRTALL | Print all query detail | *YES, *NO | Optional |
CMD | Print query command | *DFT, *YES, *NO | Optional |
COMMENTS | Print query comments | *DFT, *YES, *NO | Optional |
STATS | Print query statistics | *DFT, *YES, *NO | Optional |
QUESTION | Print question section | *DFT, *YES, *NO | Optional |
ANSWER | Print answer section | *DFT, *YES, *NO | Optional |
AUTHORITY | Print authority section | *DFT, *YES, *NO | Optional |
ADDITIONAL | Print additional section | *DFT, *YES, *NO | Optional |
KEYFILE | Key file | Path name, *NONE | Optional |
KEYNAME | Key name | Character value, *NONE | Optional |
STOPFAIL | Stop on SERVFAIL | *YES, *NO | Optional |
UDPTRUNC | Ignore truncated responses | *RETRY, *IGNORE | Optional |
NSSCH | List authoritative servers | *NO, *YES | Optional |
TRACE | Trace delegation path | *NO, *YES | Optional |
UDPTRIES | Times to try UDP query | 1-100, 3 | Optional |
UDPNBRRTY | UDP retry | 0-100, 2 | Optional |
NBRDOTS | Number of dots | 0-10, 1 | Optional |
BUFSIZE | UDP buffer size for EDNS | 0-65535, 0 | Optional |
EDNS | Set EDNS version | 0-255, 0 | Optional |
NOEDNS | Clear EDNS version | *NO, *YES | Optional |
BESTEFFORT | Best effort display | *NO, *YES | Optional |
DNSSEC | Request DNSSEC records | *NO, *YES | Optional |
SIGCHASE | Chase DNSSEC chains | *NO, *YES | Optional |
TRUSTEDKEY | Trusted keys file | Path name, *NONE | Optional |
TOPDOWN | DNSSEC top down validation | *NO, *YES | Optional |
EDNSIDRQS | Include EDNS ID request | *NO, *YES | Optional |
TOSTMF | Output file | Path name, *STDOUT | Optional |
Top |
Query name (HOSTNAME)
Specifies the name that you want the Domain Name System (DNS) server to supply information about. You can use either a name or an IP address to identify the resource record. For example, a name could be 'mycomputer.mycompany.com' An IP address could be an IPv4 address like '10.0.1.100' or an IPv6 address like '2001:D88::1'. You can use either the name to obtain the address, or the address to obtain the name.
- *DFT
- Query the root '.' servers.
- domain-name
- Specify the name to use for the DNS server query. This is usually a hostname (like mycomputer.mycompany.com) or domain (like mycompany.com) that you want to query.
- internet-address
- Specify the IPv4 address in dotted-decimal notation or a colon-delimited IPv6 address. If you use an IP address, consider using the REVERSE(*YES) parameter to simplify PTR (pointer) type queries. See the examples for this command for more information.
Top |
Query type (TYPE)
Specifies the type of the query. The default type is *A. The list of supported query types changes with time, and not all servers support all the types that exist. This list provides some common query types for convenience and is not a complete list. If you do not see a query type you want in this list, you can still type in a character string that represents that query type. If the type is unknown by this BIND version, the query will default to an *A query with any corresponding results.
- *A
- IPv4 Address record. This is the character string 'a'.
- *AAAA
- IPv6 address record. This is the character string 'aaaa'.
- *ANY
- Any resource record. This is the character string 'any'.
- *AXFR
- Zone transfer. This is the character string 'axfr'.
- *CNAME
- Canonical name record. Returns a list of aliases for the true (canonical) host name, if any exist. This is the character string 'cname'.
- *MX
- Mail exchange record. This is the character string 'mx'.
- *NS
- Name server (DNS server) information for the zone. This is the character string 'ns'.
- *PTR
- Pointer record. Returns a name for an IP address. This is the character string 'ptr'.
- *SOA
- Start of authority record. This is the character string 'soa'.
- *SRV
- Services location selection. This is the character string 'srv'.
- *TXT
- Text record. This is the character string 'txt'.
Top |
Query class (CLASS)
Specifies the protocol group of the information.
- *IN
- The Internet class.
- *CH
- The CHAOS class. The server provides some helpful diagnostic information through a number of built-in zones under the CHAOS class.
- version
- If your BIND server named.conf has the 'version' option configured, then you can query for it using the CHAOS class. This is the version the server should report via a query of the name 'version.bind' with type TXT, class CHAOS. The default is the real version number of this server.
DIG HOSTNAME('version.bind') TYPE(*TXT) CLASS(*CH)
- hostname
- If your BIND server named.conf has the 'hostname' option configured, then you can query for it using the CHAOS class. This is the hostname the server should report via a query of the name 'hostname.bind' with type TXT, class CHAOS. This defaults to the hostname of the machine hosting the name server. The primary purpose of such queries is to identify which of a group of anycast servers is actually answering your queries.
DIG HOSTNAME('hostname.bind') TYPE(*TXT) CLASS(*CH)
- server-id
- If your BIND server named.conf has the 'server-id' option configured, then you can query for it using the CHAOS class. This is the ID of the server should report via a query of the name 'ID.SERVER' with type TXT, class CHAOS. The primary purpose of such queries is to identify which of a group of anycast servers is actually answering your queries. The default server-id is none.
DIG HOSTNAME('ID.SERVER') TYPE(*TXT) CLASS(*CH)
- *HS
- Specifies the MIT Athena Hesiod class. Hesiod, developed by MIT Project Athena, is an information service built upon BIND. Its intent is to furnish information about users, groups, network-accessible file systems, printcaps, and mail service throughout an installation. In other words, it holds arbitrary data stored as text strings. Queries that use the HS class retrieve data stored as TXT Resource Records. You cannot specify root servers for the Hesiod class (generally the ones at MIT) in your list of root name servers.
- *ANY
- This says to query any class, and is a wildcard query.
Top |
Reverse lookup (REVERSE)
Specifies if the value specified for the Query name (HOSTNAME) parameter is to be used as part of a reverse (PTR) query. A reverse lookup is when you map an IPv4 address in dotted-decimal notation or a colon-delimited IPv6 address to a name. Reverse lookups require the name to be in either the 'in-addr.arpa' (IPv4) or 'ip6.arpa' (IPv6) zone.
Reverse lookups are simplified by this option as there is no need format the NAME parameter or provide the TYPE and CLASS parameters. For an IPv4 address like 10.0.1.100, DIG will reverse the IP address using byte (8-bit) format and sets the NAME parameter to 100.1.0.10.in-addr.arpa. DIG also sets the TYPE and CLASS parameters to *PTR and *IN, respectively.
By default, IPv6 addresses are queried using nibble (4-bit) format under the zone ip6.arpa (and not zone ip6.int). Thus, for an IPv6 address like 2001:D88::1, DIG will set the NAME parameter to 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.8.d.0.1.0.0.2.ip6.arpa. DIG also sets the TYPE and CLASS parameters to *PTR and *IN, respectively.
Note: For IPv4, a reverse lookup name is normally the IP address written in reverse order, separated by a dot at every 8-bit boundary (a 'byte' boundary) and it is delegated within the zone in-addr.arpa (i.e. 100.1.0.10.in-addr.arpa.). The notation for IPv6 is a bit different, it is also the IP address written backwards with dots as separators, but it is separated at every 4-bit boundary (a 'nibble' boundary) and the delegation is done within the zone ip6.arpa. (e.g. 8.8.d.0.1.0.0.2.ip6.arpa.). In the past, the delegation for IPv6 addresses was done in the zone ip6.int, therefore today it might still be common and often necessary to query a delegation like 8.8.d.0.1.0.0.2.ip6.int.
- *NO
- No reverse lookup will be performed.
- *YES
- A reverse lookup will be performed.
- *IP6INT
- An IPv6 address reverse lookup in the zone ip6.int will be performed. This zone is deprecated, but may still be required to query IPv6 backbone prefixes.
Top |
Domain name server (DMNNAMSVR)
Specifies the name or the IP address of the DNS server that DIG will use as its current server for the query session. You can specify any DNS server to which your TCP/IP network has access.
DIG retrieves information from DNS servers. It needs an active DNS server to send its queries to. If you do not specify a DNS server with DMNNAMSVR when you start the tool, it will attempt to set one of the following as its default DNS server for the session:
- DNS server your system is configured to use (*CFG), or
- The DNS server that is running on your local system.
- *CFG
- Try all the DNS servers currently designated for use by this system. These server internet addresses can be seen by prompting the Change TCP/IP Domain (CHGTCPDMN) command and looking at the values shown for the INTNETADR parameter.
- server-domain-name
- Specify the name of a DNS server.
- server-internet-address
- Specify the IP address of a DNS server.
Top |
Domain name server port (PORT)
Specifies the default TCP/UDP name server port to use.
- 53
- The default port is 53.
- 1-65535
- Specify a valid port number.
Top |
Query timeout (TIMEOUT)
Specifies the timeout interval, in seconds, to wait for a response.
- 5
- A timeout value of 5 seconds is used.
- 1-100
- Specify a valid timeout value in seconds.
Top |
Use domain search list (USEDMNSCHL)
Specifies whether or not to use the search list defined by the Domain search list (DMNSCHLIST) parameter. The search list is not used by default.
- *NO
- Do not use a search list.
- *YES
- Use the search list specified by the DMNSCHLIST parameter.
Top |
Domain search list (DMNSCHLIST)
Specifies the domains for the search list.
If DMNSCHLIST is specified, USEDMNSCHL(*YES) must also be specified.
- *CFG
- Use the domains specified by the DMNSCHLIST parameter in the CHGTCPDMN command.
- *NONE
- Do not specify a search list.
- character-value
- Specify a valid domain name string to use. Only one domain name can be specified.
Top |
Source address (SRCADR)
Specifies the source IP address to use when sending the query. Some DNS servers are configured to only allow queries from certain source addresses. This parameter allows you use a specific source address if your system has multiple network interfaces.
- *DFT
- Uses the default supplied by the stack.
- *ANY4
- Any IPv4 address, or '0.0.0.0'.
- *LOOPBACK4
- IPv4 loopback, or '127.0.0.1'.
- *ANY6
- Any IPv6 address, or '::'.
- *LOOPBACK6
- IPv6 loopback, or '::1'.
- character-value
- Specify an IP address to use as the source IP address for the query.
Top |
Batch input file (BCHFILE)
Specifies the file containing a list of query requests to be used as batch input. The file contains a number of queries, one per line. Each entry in the file should be organized in the same way they would be presented as queries to DIG using the PASE command-line interface. The purpose of using a file is to allow batch mode or scripting operation.
- *NONE
- Do not specify a batch query file.
- path-name
- Specify the path for a stream file from which input is read. The contents of the stream file lines are as follows:
Format: [@global-server] [domain] [q-type] [q-class] {q-opt} or {global-d-opt} domain [@local-server] {local-d-opt} or [domain [@local-server] {local-d-opt} [...]] Where: domain is in the Domain Name System q-type is one of (a,any,mx,ns,soa,...) [default:a] (Use ixfr=version for type ixfr) q-class is one of (in,hs,ch, ...) [default: in] q-opt is one of: -x dot-notation (shortcut for in-addr lookups) -i (IP6.INT reverse IPv6 lookups) -f filename (batch mode) -b address[#port] (bind to source address/port) -p port (specify port number) -q name (specify query name) -t type (specify query type) -c class (specify query class) -k keyfile (specify tsig key file) -y [hmac:]name:key (specify named base64 tsig key) -4 (use IPv4 query transport only) -6 (use IPv6 query transport only) d-opt is of the form +keyword[=value], where keyword is: +[no]vc (TCP mode) +[no]tcp (TCP mode, alternate syntax) +time=### (Set query timeout) [5] +tries=### (Set number of UDP attempts) [3] +retry=### (Set number of UDP retries) [2] +domain=### (Set default domainname) +bufsize=### (Set EDNS0 Max UDP packet size) +ndots=### (Set NDOTS value) +edns=### (Set EDNS version) +[no]search (Set whether to use searchlist) +[no]showsearch (Search with intermediate results) +[no]defname (Ditto) +[no]recurse (Recursive mode) +[no]all (Set or clear all display flags) +[no]qr (Print question before sending) +[no]nssearch (Search authoritative nameservers) +[no]identify (ID responders in short answers) +[no]trace (Trace delegation down from root) +[no]dnssec (Request DNSSEC records) +[no]sigchase (Chase DNSSEC signatures) +trusted-key=#### (Trusted Key chasing DNSSEC sigs) +[no]topdown (Do DNSSEC validation top down) +[no]multiline (Print records in expanded format) global d-opts and servers (before domain) affect all queries local d-opts and servers (after domain) affect only that query For example, you could put these lines into a file: ibm.com aaaa in aol.com mx -q microsoft.com -t aaaa -c in +recurse cisco.com @10.0.0.1 @10.0.0.2 @10.0.0.1 aa.com
Top |
IP Version (IPVSN)
Specifies whether to limit the query to IPv4 or IPv6 networks.
- *ALL
- Do not limit queries to IPv4 or IPv6.
- *IPV4ONLY
- Only send queries out IPv4 network interfaces.
- *IPV6ONLY
- Only send queries out IPv6 network interfaces.
Top |
Network protocol (PROTOCOL)
Specified whether to use TCP or UDP when sending requests to the server.
- *UDP
- Use UDP to send the query. However, TCP will be automatically selected for queries that require it, such as zone transfer (AXFR) requests.
- *TCP
- Use TCP to send the query.
Top |
Recursion desired (SETRDFLAG)
Specifies whether or not to set the Recursion Desired (RD) flag in the query. This tells the current DNS server to query other DNS servers if the current server does not have the information.
- *YES
- Set the RD flag.
- *NO
- Do not set the RD flag.
Top |
Authoritative answers only (SETAAFLAG)
Specifies whether or not to set the Authoritative Answers (AA) flag in the query. This indicates that you want the response to be from an authoritative server and not from the cache of a non-authoritative server. Authoritative servers own the domain being queried.
- *NO
- Do not set the AA flag.
- *YES
- Set the AA flag.
Top |
Authentic data (SETADFLAG)
Specifies whether or not to set the Authentic Data (AD) flag in the query. This requests the server to return whether all of the answer and authority sections have all been validated as secure according to the security policy of the server. AD=1 indicates that all records have been validated as secure and the answer is not from a OPT-OUT range. AD=0 indicate that some part of the answer was insecure or not validated.
- *NO
- Do not set the AD flag.
- *YES
- Set the AD flag.
Top |
Disable DNSSEC checking (SETCDFLAG)
Specifies whether or not to set the Checking Disabled (CD) flag in the query. This requests the server to not perform DNSSEC validation of responses.
- *NO
- Do not set the CD flag.
- *YES
- Set the CD flag.
Top |
Print multiple lines (MULTILINE)
Specifies whether or not to print records, like the SOA record, in a verbose multi-line format with human-readable comments.
- *NO
- Do not use multi-line format. Print each record on a single line, which can facilitate machine parsing of the output.
- *YES
- Use multi-line format.
Top |
Print short answer (SHORT)
Specifies whether or not DIG should provide a terse answer.
- *NO
- Do not print a terse answer. Print the answer in a verbose form.
- *YES
- Print a terse answer.
Top |
Print server in short answer (IDENTIFY)
Specifies whether or not to display the IP address and port number of the server that supplied the answer when the SHORT(*YES) parameter is specified.
Note: This parameter is ignored if SHORT(*NO) is specified.
- *NO
- Do not print the IP address and port number of the server providing the answer.
- *YES
- Print the IP address and port number of the server providing the answer.
Top |
Print query (PRTQRY)
Specifies whether or not to print the query as it is sent.
- *NO
- Do not print the query as it is sent.
- *YES
- Print the query as it is sent.
Top |
Print RR class (PRTCLASS)
Specifies whether or not to print the CLASS when printing the record.
- *YES
- Print the CLASS in the record output.
- *NO
- Do not print the CLASS in the record output.
Top |
Print RR TTL (PRTTTL)
Specifies whether or not to print the Time To Live (TTL) in the record output.
- *YES
- Print the TTL in the record output.
- *NO
- Do not print the TTL in the record output.
Top |
Print all query detail (PRTALL)
Specifies whether to set or clear all print flags. You use this parameter in conjunction with other print parameters. This allows you to print only the output you are interested in. The shipped default is *YES for the CMD, COMMENTS, STATS, QUESTION, ANSWER, AUTHORITY and ADDITIONAL parameters.
- *YES
- Set all print flags.
- *NO
- Clear all print flags.
For example, you could use the PRTALL parameter as follows:
DIG PRTALL(*NO) QUESTION(*YES) ANSWER(*YES)
The PRTALL(*NO) parameter turns off all print flags, and the QUESTION(*YES) and ANSWER(*YES) flags override the PRTALL(*NO) parameter to print only the question and answer sections of the DIG output.
Top |
Print query command (CMD)
Specifies whether to print the initial comment in the output identifying the version of DIG and the query options that have been applied.
- *DFT
- Use the value specified for the Print all query detail (PRTALL) parameter.
- *YES
- Print the initial comment.
- *NO
- Do not print the initial comment.
Top |
Print query comments (COMMENTS)
Specifies whether to print comment lines in the output.
- *DFT
- Use the value specified for the Print all query detail (PRTALL) parameter.
- *YES
- Print the comment lines.
- *NO
- Do not print the comment lines.
Top |
Print query statistics (STATS)
Specifies whether to print query statistics, like when the query was made or the size of the reply.
- *DFT
- Use the value specified for the Print all query detail (PRTALL) parameter.
- *YES
- Print the query statistics.
- *NO
- Do not print the query statistics.
Top |
Print question section (QUESTION)
Specifies whether to print the question section of a reply.
- *DFT
- Use the value specified for the Print all query detail (PRTALL) parameter.
- *YES
- Print the question section of a reply.
- *NO
- Do not print the question section of a reply.
Top |
Print answer section (ANSWER)
Specifies whether to print the answer section of a reply.
- *DFT
- Use the value specified for the Print all query detail (PRTALL) parameter.
- *YES
- Print the answer section of a reply.
- *NO
- Do not print the answer section of a reply.
Top |
Print authority section (AUTHORITY)
Specifies whether to print the authority section of a reply.
- *DFT
- Use the value specified for the Print all query detail (PRTALL) parameter.
- *YES
- Print the authority section of a reply.
- *NO
- Do not print the authority section of a reply.
Top |
Print additional section (ADDITIONAL)
Specifies whether to print the additional section of a reply.
- *DFT
- Use the value specified for the Print all query detail (PRTALL) parameter.
- *YES
- Print the additional section of a reply.
- *NO
- Do not print the additional section of a reply.
Top |
Key file (KEYFILE)
Specifies a Transaction Signature (TSIG) key file to sign the DNS queries. The DNS server that is queried needs to be configured with the TSIG key and algorithm that is being used or the transaction will fail.
This key must be a base-64 encoding of an HMAC-MD5 key.
Note: If this parameter is specified, the KEYNAME parameter cannot be specified.
- *NONE
- Do not specify a key path name.
- path-name
- Specify the path name of a stream file which contains the keys to be used. For example, '/QIBM/UserData/OS400/DNS/_DYN/my-tsig-key._KID'.
The DNS server being queried needs to include this key name and algorithm in its configuration in order to accept this TSIG key from clients.
Top |
Key name (KEYNAME)
Specifies a Transaction Signature (TSIG) key to sign the DNS queries. The key is a base-64 encoded string. The DNS server that is queried needs to be configured with the TSIG key and algorithm that is being used or the transaction will fail.
Note: If this parameter is specified, the KEYFILE parameter cannot be specified.
- *NONE
- Do not specify a key name.
- character-value
- Specify the Transaction Signature key to use. The format is name:key where name is the key name, and key is the actual key as a base-64 encoded string. Example:
my-tsig-key:JNvcpnxysbJ2hsdOqQ5qrQ==
The key name in this case is 'my-tsig-key' and the base-64 encoded key is 'JNvcpnxysbJ2hsdOqQ5qrQ=='.
The DNS server being queried needs to include this key and algorithm in its configuration in order to accept this TSIG key from clients.
Top |
Stop on SERVFAIL (STOPFAIL)
Specifies whether to stop or try the next server if you receive a SERVFAIL response. The default is to not try the next server, which is the reverse of normal stub resolver behaviour.
- *YES
- Do not try the next server if a SERVFAIL response is received. This is the reverse of normal stub resolver behaviour.
- *NO
- Try the next server if a SERVFAIL response is received.
Top |
Ignore truncated responses (UDPTRUNC)
Specifies whether to ignore truncation in UDP responses or retry with TCP.
- *RETRY
- Retry queries using TCP if UDP responses are truncated.
- *IGNORE
- Ignore truncation in UDP responses. Do not retry queries using TCP if UDP responses are truncated.
Top |
List authoritative servers (NSSCH)
Specifies whether or not DIG should attempt to find the authoritative DNS servers for the zone containing the name being looked up (HOSTNAME parameter) and print the Start of Authority (SOA) record that each name server has for the zone.
- *NO
- Do not search for the SOA records of all DNS servers for the zone containing the HOSTNAME.
- *YES
- Search for the SOA records of all DNS servers for the zone containing the HOSTNAME.
Top |
Trace delegation path (TRACE)
Specifies whether or not to tracing the delegation path from the root name servers for the name being looked up. When tracing is enabled, DIG makes iterative queries to resolve the name being looked up. It will follow referrals from the root servers, showing the answer from each server that was used to resolve the lookup. You must have access to the root servers for this option.
- *NO
- Do not trace the delegation path from the root servers for the name being looked up (HOSTNAME parameter).
- *YES
- Trace the delegation path from the root servers for the name being looked up (HOSTNAME parameter).
Top |
Times to try UDP query (UDPTRIES)
Specifies how many times to try UDP queries to the current DNS server before attempting TCP queries.
- 3
- Try UDP queries three times before attempting TCP queries.
- 1-100
- Specify the number of times to try UDP queries before attempting TCP queries. If you use this parameter, you do not need to use the UDPNBRRTY parameter.
Top |
UDP retry (UDPNBRRTY)
Specifies the number of times to retry UDP queries to the current DNS server before attempting TCP queries.
- 2
- Two UDP retries will be used. This is in addition to the initial query.
- 0-100
- Specify the number of UDP retries. You normally only need to retry a query 3 to 5 times. If you use this parameter, you do not need to use the UDPTRIES parameter.
Top |
Number of dots (NBRDOTS)
Specifies the number of dots (period characters) that have to appear in a domain name for it to be considered absolute.
Names with fewer dots are interpreted as relative names and will be searched for in the domains listed in the DMNSCHLIST parameter.
- 1
- If the domain name contains one dot it is considered an absolute name.
- 0-10
- Specify the number of dots that must be in a domain name for the domain name to be considered to be an absolute name.
Top |
UDP buffer size for EDNS (BUFSIZE)
Specifies the UDP message buffer size advertised using EDNS(0).
- 0
- The UDP message buffer size is 0.
- 0-65535
- Specify the number of bytes to use as the UDP message buffer size. You typically want to set this buffer size to avoid truncated packets in UDP. By default, UDP sends a maximum packet size of 512 bytes unless overridden by this option. This is useful if TCP connections are blocked by firewalls.
Top |
Set EDNS version (EDNS)
Specifies the EDNS version to use with queries. Setting the EDNS version will cause an EDNS query to be sent. The Clear EDNS version (NOEDNS) parameter clears the remembered EDNS version.
If EDNS is specified, the NOEDNS parameter must not be specified.
- 0
- Version 0 is traditionally used to allow UDP packets larger than 512 bytes for clients and servers that support it.
- 0-255
- Values other than 0 have uses in DNSSEC zones.
Resolvers and servers can negotiate with other servers to set a UDP message size larger than the 512 byte default. Typically, they will attempt to negotiate a 4096 byte UDP packet size with a remote server. This negotiation requires the remote server to support EDNS. If the remote server does not support EDNS, then the original 512 byte limit remains the UDP default.
You can use the BUFSIZE parameter to control the size of the negotiated UDP packets.
Top |
Clear EDNS version (NOEDNS)
Specifies that the value set by a previous DIG invocation with the Set EDNS version (EDNS) parameter specified is to be cleared.
If NOEDNS is specified, the EDNS parameter must not be specified.
- *NO
- Do not clear the remembered EDNS version.
- *YES
- Clear the remembered EDNS version.
Top |
Best effort display (BESTEFFORT)
Specifies whether or not to attempt to print the contents of messages which are malformed.
- *NO
- Do not print malformed answers.
- *YES
- Attempt to print malformed answers.
Top |
Request DNSSEC records (DNSSEC)
Specifies whether or not to request DNSSEC records be sent by setting the DNSSEC OK bit (DO) in the OPT record in the additional section of the query.
- *NO
- Do not request any DNSSEC records.
- *YES
- Request any DNSSEC records.
Top |
Chase DNSSEC chains (SIGCHASE)
Specifies whether or not to chase DNSSEC signature chains. This attempts to verify SIG records that belong to the record and further will try to verify them recursively for all the keys and DS that form the chain of trust all the way up to any self-signed or unsigned key.
- *NO
- Do not chase DNSSEC signature chains.
- *YES
- Chase DNSSEC signature chains.
If SIGCHASE(*YES) is specified, DNSSEC(*YES) must also be specified.
Top |
Trusted keys file (TRUSTEDKEY)
Specifies a file containing trusted keys to be used with the SIGCHASE parameter. Each DNSKEY record must be on its own line.
If a value other than *NONE is specified, SIGCHASE(*YES) must also be specified.
- *NONE
- Do not specify a trusted key.
- path-name
- Specify the path name for a stream file with the trusted keys.
Top |
DNSSEC top down validation (TOPDOWN)
Specifies, when chasing DNSSEC signature chains, whether or not to perform a top down validation (from the root '.' to the leaf nodes).
If TOPDOWN(*YES) is specified, SIGCHASE(*YES) must also be specified.
- *NO
- Do not do top down validation.
- *YES
- Do top down validation.
Top |
Include EDNS ID request (EDNSIDRQS)
Specifies whether or not to include an EDNS name server ID request when sending a query.
- *NO
- Do not include EDNS name server ID request.
- *YES
- Do include EDNS name server ID request.
Top |
Output file (TOSTMF)
Specifies the name of a stream file where all command output is written.
- *STDOUT
- All command output goes to the standard output device (normally the display).
- path-name
- Specify the path name for a stream file where output should be written.
Top |
Examples
Example 1: Forward Lookup Example - Long
STRDIGQRY HOSTNAME('ibm.com') DMNNAMSVR(*CFG)
This command illustrates a simple query for a domain named 'ibm.com'. It will use the configured DNS server on the system. By default it will look up record type *A and class *IN. The output from this command might look like this:
; <<>> DiG 9.7.2.i5/OS.V7R2M0 <<>> ibm.com @10.0.1.100 ; (1 server found) ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 510 ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 3, ADDITIONAL: 3 ;; QUESTION SECTION: ;ibm.com. IN A ;; ANSWER SECTION: ibm.com. 9559 IN A 129.42.18.103 ibm.com. 9559 IN A 129.42.16.103 ibm.com. 9559 IN A 129.42.17.103 ;; AUTHORITY SECTION: ibm.com. 9559 IN NS leda2.ibm.com. ibm.com. 9559 IN NS castor.ibm.com. ibm.com. 9559 IN NS pollux.ibm.com. ;; ADDITIONAL SECTION: leda2.ibm.com. 9559 IN A 9.14.1.3 castor.ibm.com. 9559 IN A 9.78.1.2 pollux.ibm.com. 9559 IN A 9.46.1.2 ;; Query time: 13 msec ;; SERVER: 10.0.1.100#53(10.0.1.100) ;; WHEN: Sat Aug 5 11:11:18 2006 ;; MSG SIZE rcvd: 183
Example 2: Forward Lookup Example - Short
DIG HOSTNAME('ibm.com') DMNNAMSVR(*CFG) SHORT(*YES) IDENTIFY(*YES)
This command illustrates a the same query as in example 1, but with shorter output.
129.42.18.103 from server 10.0.1.100 in 1 ms. 129.42.16.103 from server 10.0.1.100 in 2 ms. 129.42.17.103 from server 10.0.1.100 in 2 ms.
Example 3: Reverse Lookup Example
DIG HOSTNAME('10.0.1.100') REVERSE(*YES)
This command illustrates a simple reverse query for a host with IPv4 address '10.0.1.100'. It will use the configured DNS server on the system (seen with the CHGTCPDMN command). By default it will look up name '100.1.0.10.in-addr.arpa.' and record type PTR and class *IN. This is equivalent to the following command:
DIG HOSTNAME('100.1.0.10.in-addr.arpa') TYPE(*PTR) CLASS(*IN)
The output from this type of query might look like this:
; <<>> DiG 9.7.2.i5/OS.V7R2M0 <<>> -x 10.0.1.100 @10.0.1.100 ; (1 server found) ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 609 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION: ;100.1.0.10.in-addr.arpa. IN PTR ;; ANSWER SECTION: 100.1.0.10.in-addr.arpa. 86400 IN PTR mydns1.i5os.ibm.com. ;; AUTHORITY SECTION: 0.10.in-addr.arpa. 86400 IN NS mydns1.i5os.ibm.com. ;; ADDITIONAL SECTION: mydns2.i5os.ibm.com. 47409 IN A 10.0.2.200 ;; Query time: 994 msec ;; SERVER: 10.0.1.100#53(10.0.1.100) ;; WHEN: Sat Aug 5 11:32:16 2006 ;; MSG SIZE rcvd: 119
Example 4: DIG with Searchlist
STRDIGQRY HOSTNAME(time) TYPE(*ANY) CLASS(*IN) USESCHDMNL(*YES) DMNSCHLIST(nist.gov)
This command queries for any records associated with the name 'time'. If this query fails, then DIG will retry the query by appending the domain 'nist.gov' from the searchlist to the name.
The output from this type of query might look like this:
; <<>> DiG 9.7.2.i5/OS.V7R2M0 <<>> -q time -t any -c in @10.0.1.100 +search +domain=nist.gov ; (1 server found) ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1336 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2 ;; QUESTION SECTION: ;time.nist.gov. IN ANY ;; ANSWER SECTION: time.nist.gov. 287 IN A 192.43.244.18 ;; AUTHORITY SECTION: nist.gov. 65982 IN NS ns1.nist.gov. nist.gov. 65982 IN NS dns-x.boulder.nist.gov. ;; ADDITIONAL SECTION: ns1.nist.gov. 283 IN A 129.6.13.2 dns-x.boulder.nist.gov. 40652 IN A 132.163.4.9 ;; Query time: 1038 msec ;; SERVER: 10.0.1.100#53(10.0.1.100) ;; WHEN: Sat Aug 5 11:36:18 2006 ;; MSG SIZE rcvd: 125
Example 5: Suppression of Response Sections
DIG HOSTNAME(time.nist.gov) TYPE(*ANY) CLASS(*IN) PRTALL(*NO) QUESTION(*YES) ANSWER(*YES)
This command is similar to Example 4, except we suppressed most of the response sections using the PRTALL(*NO) paramter, and then overrode that setting for the question section using QUESTION(*YES) and the answer section using ANSWER(*YES).
The output from this type of query might look like this:
;time.nist.gov. IN ANY time.nist.gov. 673 IN A 192.43.244.18
Top |
Error messages
*ESCAPE Messages
- DNS0013
- Error processing command parameters.
- DNS0065
- Option 33 of i5/OS is required, but is not installed.
- TCP7124
- Program &1 in library &2 type *PGM ended abnormally.
Top |