Start DIG Query (STRDIGQRY)

The Start DIG Query (STRDIGQRY) command, or its alias DIG, starts the Domain Information Groper tool.

DIG is a powerful query tool that allows you to retrieve information from or test the response of a Domain Name System (DNS) server. You can verify that a DNS server is responding correctly before you configure your system to use it. You can also retrieve DNS information about hosts, domains, and other DNS servers.

Unless it is told to query a specific name server, DIG will try each of the servers listed in CHGTCPDMN.

Restrictions:

Parameters

Keyword Description Choices Notes
HOSTNAME Query name Character value, *DFT Optional, Positional 1
TYPE Query type *A, *AAAA, *ANY, *AXFR, *CNAME, *MX, *NS, *PTR, *SOA, *SRV, *TXT Optional, Positional 2
CLASS Query class *IN, *CH, *HS, *ANY Optional
REVERSE Reverse lookup *NO, *YES, *IP6INT Optional
DMNNAMSVR Domain name server Character value, *CFG Optional
PORT Domain name server port 1-65535, 53 Optional
TIMEOUT Query timeout 1-100, 5 Optional
USEDMNSCHL Use domain search list *YES, *NO Optional
DMNSCHLIST Domain search list Character value, *CFG, *NONE Optional
SRCADR Source address Character value, *DFT, *ANY4, *LOOPBACK4, *ANY6, *LOOPBACK6 Optional
BCHFILE Batch input file Path name, *NONE Optional
IPVSN IP Version *ALL, *IPV4ONLY, *IPV6ONLY Optional
PROTOCOL Network protocol *UDP, *TCP Optional
SETRDFLAG Recursion desired *YES, *NO Optional
SETAAFLAG Authoritative answers only Character value, *NO, *YES Optional
SETADFLAG Authentic data *NO, *YES Optional
SETCDFLAG Disable DNSSEC checking *NO, *YES Optional
MULTILINE Print multiple lines *NO, *YES Optional
SHORT Print short answer *NO, *YES Optional
IDENTIFY Print server in short answer *NO, *YES Optional
PRTQRY Print query *NO, *YES Optional
PRTCLASS Print RR class *YES, *NO Optional
PRTTTL Print RR TTL *YES, *NO Optional
PRTALL Print all query detail *YES, *NO Optional
CMD Print query command *DFT, *YES, *NO Optional
COMMENTS Print query comments *DFT, *YES, *NO Optional
STATS Print query statistics *DFT, *YES, *NO Optional
QUESTION Print question section *DFT, *YES, *NO Optional
ANSWER Print answer section *DFT, *YES, *NO Optional
AUTHORITY Print authority section *DFT, *YES, *NO Optional
ADDITIONAL Print additional section *DFT, *YES, *NO Optional
KEYFILE Key file Path name, *NONE Optional
KEYNAME Key name Character value, *NONE Optional
STOPFAIL Stop on SERVFAIL *YES, *NO Optional
UDPTRUNC Ignore truncated responses *RETRY, *IGNORE Optional
NSSCH List authoritative servers *NO, *YES Optional
TRACE Trace delegation path *NO, *YES Optional
UDPTRIES Times to try UDP query 1-100, 3 Optional
UDPNBRRTY UDP retry 0-100, 2 Optional
NBRDOTS Number of dots 0-10, 1 Optional
BUFSIZE UDP buffer size for EDNS 0-65535, 0 Optional
EDNS Set EDNS version 0-255, 0 Optional
NOEDNS Clear EDNS version *NO, *YES Optional
BESTEFFORT Best effort display *NO, *YES Optional
DNSSEC Request DNSSEC records *NO, *YES Optional
SIGCHASE Chase DNSSEC chains *NO, *YES Optional
TRUSTEDKEY Trusted keys file Path name, *NONE Optional
TOPDOWN DNSSEC top down validation *NO, *YES Optional
EDNSIDRQS Include EDNS ID request *NO, *YES Optional
TOSTMF Output file Path name, *STDOUT Optional

Query name (HOSTNAME)

Specifies the name that you want the Domain Name System (DNS) server to supply information about. You can use either a name or an IP address to identify the resource record. For example, a name could be 'mycomputer.mycompany.com' An IP address could be an IPv4 address like '10.0.1.100' or an IPv6 address like '2001:D88::1'. You can use either the name to obtain the address, or the address to obtain the name.

*DFT
Query the root '.' servers.
domain-name
Specify the name to use for the DNS server query. This is usually a hostname (like mycomputer.mycompany.com) or domain (like mycompany.com) that you want to query.
internet-address
Specify the IPv4 address in dotted-decimal notation or a colon-delimited IPv6 address. If you use an IP address, consider using the REVERSE(*YES) parameter to simplify PTR (pointer) type queries. See the examples for this command for more information.

Query type (TYPE)

Specifies the type of the query. The default type is *A. The list of supported query types changes with time, and not all servers support all the types that exist. This list provides some common query types for convenience and is not a complete list. If you do not see a query type you want in this list, you can still type in a character string that represents that query type. If the type is unknown by this BIND version, the query will default to an *A query with any corresponding results.

*A
IPv4 Address record. This is the character string 'a'.
*AAAA
IPv6 address record. This is the character string 'aaaa'.
*ANY
Any resource record. This is the character string 'any'.
*AXFR
Zone transfer. This is the character string 'axfr'.
*CNAME
Canonical name record. Returns a list of aliases for the true (canonical) host name, if any exist. This is the character string 'cname'.
*MX
Mail exchange record. This is the character string 'mx'.
*NS
Name server (DNS server) information for the zone. This is the character string 'ns'.
*PTR
Pointer record. Returns a name for an IP address. This is the character string 'ptr'.
*SOA
Start of authority record. This is the character string 'soa'.
*SRV
Services location selection. This is the character string 'srv'.
*TXT
Text record. This is the character string 'txt'.

Query class (CLASS)

Specifies the protocol group of the information.

*IN
The Internet class.
*CH
The CHAOS class. The server provides some helpful diagnostic information through a number of built-in zones under the CHAOS class.
version
If your BIND server named.conf has the 'version' option configured, then you can query for it using the CHAOS class. This is the version the server should report via a query of the name 'version.bind' with type TXT, class CHAOS. The default is the real version number of this server. 

DIG   HOSTNAME('version.bind')  TYPE(*TXT)  CLASS(*CH)

hostname
If your BIND server named.conf has the 'hostname' option configured, then you can query for it using the CHAOS class. This is the hostname the server should report via a query of the name 'hostname.bind' with type TXT, class CHAOS. This defaults to the hostname of the machine hosting the name server. The primary purpose of such queries is to identify which of a group of anycast servers is actually answering your queries. 

DIG   HOSTNAME('hostname.bind')  TYPE(*TXT)  CLASS(*CH)

server-id
If your BIND server named.conf has the 'server-id' option configured, then you can query for it using the CHAOS class. This is the ID of the server should report via a query of the name 'ID.SERVER' with type TXT, class CHAOS. The primary purpose of such queries is to identify which of a group of anycast servers is actually answering your queries. The default server-id is none. 

DIG   HOSTNAME('ID.SERVER')  TYPE(*TXT)  CLASS(*CH)

*HS
Specifies the MIT Athena Hesiod class. Hesiod, developed by MIT Project Athena, is an information service built upon BIND. Its intent is to furnish information about users, groups, network-accessible file systems, printcaps, and mail service throughout an installation. In other words, it holds arbitrary data stored as text strings. Queries that use the HS class retrieve data stored as TXT Resource Records. You cannot specify root servers for the Hesiod class (generally the ones at MIT) in your list of root name servers.
*ANY
This says to query any class, and is a wildcard query.

Reverse lookup (REVERSE)

Specifies if the value specified for the Query name (HOSTNAME) parameter is to be used as part of a reverse (PTR) query. A reverse lookup is when you map an IPv4 address in dotted-decimal notation or a colon-delimited IPv6 address to a name. Reverse lookups require the name to be in either the 'in-addr.arpa' (IPv4) or 'ip6.arpa' (IPv6) zone.

Reverse lookups are simplified by this option as there is no need format the NAME parameter or provide the TYPE and CLASS parameters. For an IPv4 address like 10.0.1.100, DIG will reverse the IP address using byte (8-bit) format and sets the NAME parameter to 100.1.0.10.in-addr.arpa. DIG also sets the TYPE and CLASS parameters to *PTR and *IN, respectively.

By default, IPv6 addresses are queried using nibble (4-bit) format under the zone ip6.arpa (and not zone ip6.int). Thus, for an IPv6 address like 2001:D88::1, DIG will set the NAME parameter to 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.8.d.0.1.0.0.2.ip6.arpa. DIG also sets the TYPE and CLASS parameters to *PTR and *IN, respectively.

Note: For IPv4, a reverse lookup name is normally the IP address written in reverse order, separated by a dot at every 8-bit boundary (a 'byte' boundary) and it is delegated within the zone in-addr.arpa (i.e. 100.1.0.10.in-addr.arpa.). The notation for IPv6 is a bit different, it is also the IP address written backwards with dots as separators, but it is separated at every 4-bit boundary (a 'nibble' boundary) and the delegation is done within the zone ip6.arpa. (e.g. 8.8.d.0.1.0.0.2.ip6.arpa.). In the past, the delegation for IPv6 addresses was done in the zone ip6.int, therefore today it might still be common and often necessary to query a delegation like 8.8.d.0.1.0.0.2.ip6.int.

*NO
No reverse lookup will be performed.
*YES
A reverse lookup will be performed.
*IP6INT
An IPv6 address reverse lookup in the zone ip6.int will be performed. This zone is deprecated, but may still be required to query IPv6 backbone prefixes.

Domain name server (DMNNAMSVR)

Specifies the name or the IP address of the DNS server that DIG will use as its current server for the query session. You can specify any DNS server to which your TCP/IP network has access.

DIG retrieves information from DNS servers. It needs an active DNS server to send its queries to. If you do not specify a DNS server with DMNNAMSVR when you start the tool, it will attempt to set one of the following as its default DNS server for the session:

  1. DNS server your system is configured to use (*CFG), or
  2. The DNS server that is running on your local system.
*CFG
Try all the DNS servers currently designated for use by this system. These server internet addresses can be seen by prompting the Change TCP/IP Domain (CHGTCPDMN) command and looking at the values shown for the INTNETADR parameter.
server-domain-name
Specify the name of a DNS server.
server-internet-address
Specify the IP address of a DNS server.

Domain name server port (PORT)

Specifies the default TCP/UDP name server port to use.

53
The default port is 53.
1-65535
Specify a valid port number.

Query timeout (TIMEOUT)

Specifies the timeout interval, in seconds, to wait for a response.

5
A timeout value of 5 seconds is used.
1-100
Specify a valid timeout value in seconds.

Use domain search list (USEDMNSCHL)

Specifies whether or not to use the search list defined by the Domain search list (DMNSCHLIST) parameter. The search list is not used by default.

*NO
Do not use a search list.
*YES
Use the search list specified by the DMNSCHLIST parameter.

Domain search list (DMNSCHLIST)

Specifies the domains for the search list.

If DMNSCHLIST is specified, USEDMNSCHL(*YES) must also be specified.

*CFG
Use the domains specified by the DMNSCHLIST parameter in the CHGTCPDMN command.
*NONE
Do not specify a search list.
character-value
Specify a valid domain name string to use. Only one domain name can be specified.

Source address (SRCADR)

Specifies the source IP address to use when sending the query. Some DNS servers are configured to only allow queries from certain source addresses. This parameter allows you use a specific source address if your system has multiple network interfaces.

*DFT
Uses the default supplied by the stack.
*ANY4
Any IPv4 address, or '0.0.0.0'.
*LOOPBACK4
IPv4 loopback, or '127.0.0.1'.
*ANY6
Any IPv6 address, or '::'.
*LOOPBACK6
IPv6 loopback, or '::1'.
character-value
Specify an IP address to use as the source IP address for the query.

Batch input file (BCHFILE)

Specifies the file containing a list of query requests to be used as batch input. The file contains a number of queries, one per line. Each entry in the file should be organized in the same way they would be presented as queries to DIG using the PASE command-line interface. The purpose of using a file is to allow batch mode or scripting operation.

*NONE
Do not specify a batch query file.
path-name
Specify the path for a stream file from which input is read. The contents of the stream file lines are as follows: 

Format: [@global-server] [domain] [q-type] [q-class] {q-opt}
                or
        {global-d-opt} domain [@local-server] {local-d-opt}
                or
        [domain [@local-server] {local-d-opt} [...]]
Where:
 domain   is in the Domain Name System
 q-type   is one of (a,any,mx,ns,soa,...) [default:a]
          (Use ixfr=version for type ixfr)
 q-class  is one of (in,hs,ch, ...) [default: in]
 q-opt    is one of:
          -x dot-notation     (shortcut for in-addr lookups)
          -i                  (IP6.INT reverse IPv6 lookups)
          -f filename         (batch mode)
          -b address[#port]   (bind to source address/port)
          -p port             (specify port number)
          -q name             (specify query name)
          -t type             (specify query type)
          -c class            (specify query class)
          -k keyfile          (specify tsig key file)
          -y [hmac:]name:key  (specify named base64 tsig key)
          -4                  (use IPv4 query transport only)
          -6                  (use IPv6 query transport only)
 d-opt  is of the form +keyword[=value], where keyword is:
          +[no]vc             (TCP mode)
          +[no]tcp            (TCP mode, alternate syntax)
          +time=###           (Set query timeout) [5]
          +tries=###          (Set number of UDP attempts) [3]
          +retry=###          (Set number of UDP retries) [2]
          +domain=###         (Set default domainname)
          +bufsize=###        (Set EDNS0 Max UDP packet size)
          +ndots=###          (Set NDOTS value)
          +edns=###           (Set EDNS version)
          +[no]search         (Set whether to use searchlist)
          +[no]showsearch     (Search with intermediate results)
          +[no]defname        (Ditto)
          +[no]recurse        (Recursive mode)
          +[no]all            (Set or clear all display flags)
          +[no]qr             (Print question before sending)
          +[no]nssearch       (Search authoritative nameservers)
          +[no]identify       (ID responders in short answers)
          +[no]trace          (Trace delegation down from root)
          +[no]dnssec         (Request DNSSEC records)
          +[no]sigchase       (Chase DNSSEC signatures)
          +trusted-key=####   (Trusted Key chasing DNSSEC sigs)
          +[no]topdown        (Do DNSSEC validation top down)
          +[no]multiline      (Print records in expanded format)
 global d-opts and servers (before domain) affect all queries
 local d-opts and servers (after domain) affect only that query
For example, you could put these lines into a file:
  ibm.com aaaa in
  aol.com mx
  -q microsoft.com -t aaaa -c in
  +recurse cisco.com @10.0.0.1 @10.0.0.2
  @10.0.0.1 aa.com

IP Version (IPVSN)

Specifies whether to limit the query to IPv4 or IPv6 networks.

*ALL
Do not limit queries to IPv4 or IPv6.
*IPV4ONLY
Only send queries out IPv4 network interfaces.
*IPV6ONLY
Only send queries out IPv6 network interfaces.

Network protocol (PROTOCOL)

Specified whether to use TCP or UDP when sending requests to the server.

*UDP
Use UDP to send the query. However, TCP will be automatically selected for queries that require it, such as zone transfer (AXFR) requests.
*TCP
Use TCP to send the query.

Recursion desired (SETRDFLAG)

Specifies whether or not to set the Recursion Desired (RD) flag in the query. This tells the current DNS server to query other DNS servers if the current server does not have the information.

*YES
Set the RD flag.
*NO
Do not set the RD flag.

Authoritative answers only (SETAAFLAG)

Specifies whether or not to set the Authoritative Answers (AA) flag in the query. This indicates that you want the response to be from an authoritative server and not from the cache of a non-authoritative server. Authoritative servers own the domain being queried.

*NO
Do not set the AA flag.
*YES
Set the AA flag.

Authentic data (SETADFLAG)

Specifies whether or not to set the Authentic Data (AD) flag in the query. This requests the server to return whether all of the answer and authority sections have all been validated as secure according to the security policy of the server. AD=1 indicates that all records have been validated as secure and the answer is not from a OPT-OUT range. AD=0 indicate that some part of the answer was insecure or not validated.

*NO
Do not set the AD flag.
*YES
Set the AD flag.

Disable DNSSEC checking (SETCDFLAG)

Specifies whether or not to set the Checking Disabled (CD) flag in the query. This requests the server to not perform DNSSEC validation of responses.

*NO
Do not set the CD flag.
*YES
Set the CD flag.

Print multiple lines (MULTILINE)

Specifies whether or not to print records, like the SOA record, in a verbose multi-line format with human-readable comments.

*NO
Do not use multi-line format. Print each record on a single line, which can facilitate machine parsing of the output.
*YES
Use multi-line format.

Print short answer (SHORT)

Specifies whether or not DIG should provide a terse answer.

*NO
Do not print a terse answer. Print the answer in a verbose form.
*YES
Print a terse answer.

Print server in short answer (IDENTIFY)

Specifies whether or not to display the IP address and port number of the server that supplied the answer when the SHORT(*YES) parameter is specified.

Note: This parameter is ignored if SHORT(*NO) is specified.

*NO
Do not print the IP address and port number of the server providing the answer.
*YES
Print the IP address and port number of the server providing the answer.

Print query (PRTQRY)

Specifies whether or not to print the query as it is sent.

*NO
Do not print the query as it is sent.
*YES
Print the query as it is sent.

Print RR class (PRTCLASS)

Specifies whether or not to print the CLASS when printing the record.

*YES
Print the CLASS in the record output.
*NO
Do not print the CLASS in the record output.

Print RR TTL (PRTTTL)

Specifies whether or not to print the Time To Live (TTL) in the record output.

*YES
Print the TTL in the record output.
*NO
Do not print the TTL in the record output.

Print all query detail (PRTALL)

Specifies whether to set or clear all print flags. You use this parameter in conjunction with other print parameters. This allows you to print only the output you are interested in. The shipped default is *YES for the CMD, COMMENTS, STATS, QUESTION, ANSWER, AUTHORITY and ADDITIONAL parameters.

*YES
Set all print flags.
*NO
Clear all print flags.

For example, you could use the PRTALL parameter as follows: 

DIG   PRTALL(*NO)  QUESTION(*YES)  ANSWER(*YES)

The PRTALL(*NO) parameter turns off all print flags, and the QUESTION(*YES) and ANSWER(*YES) flags override the PRTALL(*NO) parameter to print only the question and answer sections of the DIG output.

Print query command (CMD)

Specifies whether to print the initial comment in the output identifying the version of DIG and the query options that have been applied.

*DFT
Use the value specified for the Print all query detail (PRTALL) parameter.
*YES
Print the initial comment.
*NO
Do not print the initial comment.

Print query comments (COMMENTS)

Specifies whether to print comment lines in the output.

*DFT
Use the value specified for the Print all query detail (PRTALL) parameter.
*YES
Print the comment lines.
*NO
Do not print the comment lines.

Print query statistics (STATS)

Specifies whether to print query statistics, like when the query was made or the size of the reply.

*DFT
Use the value specified for the Print all query detail (PRTALL) parameter.
*YES
Print the query statistics.
*NO
Do not print the query statistics.

Print question section (QUESTION)

Specifies whether to print the question section of a reply.

*DFT
Use the value specified for the Print all query detail (PRTALL) parameter.
*YES
Print the question section of a reply.
*NO
Do not print the question section of a reply.

Print answer section (ANSWER)

Specifies whether to print the answer section of a reply.

*DFT
Use the value specified for the Print all query detail (PRTALL) parameter.
*YES
Print the answer section of a reply.
*NO
Do not print the answer section of a reply.

Print authority section (AUTHORITY)

Specifies whether to print the authority section of a reply.

*DFT
Use the value specified for the Print all query detail (PRTALL) parameter.
*YES
Print the authority section of a reply.
*NO
Do not print the authority section of a reply.

Print additional section (ADDITIONAL)

Specifies whether to print the additional section of a reply.

*DFT
Use the value specified for the Print all query detail (PRTALL) parameter.
*YES
Print the additional section of a reply.
*NO
Do not print the additional section of a reply.

Key file (KEYFILE)

Specifies a Transaction Signature (TSIG) key file to sign the DNS queries. The DNS server that is queried needs to be configured with the TSIG key and algorithm that is being used or the transaction will fail.

This key must be a base-64 encoding of an HMAC-MD5 key.

Note: If this parameter is specified, the KEYNAME parameter cannot be specified.

*NONE
Do not specify a key path name.
path-name
Specify the path name of a stream file which contains the keys to be used. For example, '/QIBM/UserData/OS400/DNS/_DYN/my-tsig-key._KID'.

The DNS server being queried needs to include this key name and algorithm in its configuration in order to accept this TSIG key from clients.

Key name (KEYNAME)

Specifies a Transaction Signature (TSIG) key to sign the DNS queries. The key is a base-64 encoded string. The DNS server that is queried needs to be configured with the TSIG key and algorithm that is being used or the transaction will fail.

Note: If this parameter is specified, the KEYFILE parameter cannot be specified.

*NONE
Do not specify a key name.
character-value
Specify the Transaction Signature key to use. The format is name:key where name is the key name, and key is the actual key as a base-64 encoded string. Example: 

my-tsig-key:JNvcpnxysbJ2hsdOqQ5qrQ==

The key name in this case is 'my-tsig-key' and the base-64 encoded key is 'JNvcpnxysbJ2hsdOqQ5qrQ=='.

The DNS server being queried needs to include this key and algorithm in its configuration in order to accept this TSIG key from clients.

Stop on SERVFAIL (STOPFAIL)

Specifies whether to stop or try the next server if you receive a SERVFAIL response. The default is to not try the next server, which is the reverse of normal stub resolver behaviour.

*YES
Do not try the next server if a SERVFAIL response is received. This is the reverse of normal stub resolver behaviour.
*NO
Try the next server if a SERVFAIL response is received.

Ignore truncated responses (UDPTRUNC)

Specifies whether to ignore truncation in UDP responses or retry with TCP.

*RETRY
Retry queries using TCP if UDP responses are truncated.
*IGNORE
Ignore truncation in UDP responses. Do not retry queries using TCP if UDP responses are truncated.

List authoritative servers (NSSCH)

Specifies whether or not DIG should attempt to find the authoritative DNS servers for the zone containing the name being looked up (HOSTNAME parameter) and print the Start of Authority (SOA) record that each name server has for the zone.

*NO
Do not search for the SOA records of all DNS servers for the zone containing the HOSTNAME.
*YES
Search for the SOA records of all DNS servers for the zone containing the HOSTNAME.

Trace delegation path (TRACE)

Specifies whether or not to tracing the delegation path from the root name servers for the name being looked up. When tracing is enabled, DIG makes iterative queries to resolve the name being looked up. It will follow referrals from the root servers, showing the answer from each server that was used to resolve the lookup. You must have access to the root servers for this option.

*NO
Do not trace the delegation path from the root servers for the name being looked up (HOSTNAME parameter).
*YES
Trace the delegation path from the root servers for the name being looked up (HOSTNAME parameter).

Times to try UDP query (UDPTRIES)

Specifies how many times to try UDP queries to the current DNS server before attempting TCP queries.

3
Try UDP queries three times before attempting TCP queries.
1-100
Specify the number of times to try UDP queries before attempting TCP queries. If you use this parameter, you do not need to use the UDPNBRRTY parameter.

UDP retry (UDPNBRRTY)

Specifies the number of times to retry UDP queries to the current DNS server before attempting TCP queries.

2
Two UDP retries will be used. This is in addition to the initial query.
0-100
Specify the number of UDP retries. You normally only need to retry a query 3 to 5 times. If you use this parameter, you do not need to use the UDPTRIES parameter.

Number of dots (NBRDOTS)

Specifies the number of dots (period characters) that have to appear in a domain name for it to be considered absolute.

Names with fewer dots are interpreted as relative names and will be searched for in the domains listed in the DMNSCHLIST parameter.

1
If the domain name contains one dot it is considered an absolute name.
0-10
Specify the number of dots that must be in a domain name for the domain name to be considered to be an absolute name.

UDP buffer size for EDNS (BUFSIZE)

Specifies the UDP message buffer size advertised using EDNS(0).

0
The UDP message buffer size is 0.
0-65535
Specify the number of bytes to use as the UDP message buffer size. You typically want to set this buffer size to avoid truncated packets in UDP. By default, UDP sends a maximum packet size of 512 bytes unless overridden by this option. This is useful if TCP connections are blocked by firewalls.

Set EDNS version (EDNS)

Specifies the EDNS version to use with queries. Setting the EDNS version will cause an EDNS query to be sent. The Clear EDNS version (NOEDNS) parameter clears the remembered EDNS version.

If EDNS is specified, the NOEDNS parameter must not be specified.

0
Version 0 is traditionally used to allow UDP packets larger than 512 bytes for clients and servers that support it.
0-255
Values other than 0 have uses in DNSSEC zones.

Resolvers and servers can negotiate with other servers to set a UDP message size larger than the 512 byte default. Typically, they will attempt to negotiate a 4096 byte UDP packet size with a remote server. This negotiation requires the remote server to support EDNS. If the remote server does not support EDNS, then the original 512 byte limit remains the UDP default.

You can use the BUFSIZE parameter to control the size of the negotiated UDP packets.

Clear EDNS version (NOEDNS)

Specifies that the value set by a previous DIG invocation with the Set EDNS version (EDNS) parameter specified is to be cleared.

If NOEDNS is specified, the EDNS parameter must not be specified.

*NO
Do not clear the remembered EDNS version.
*YES
Clear the remembered EDNS version.

Best effort display (BESTEFFORT)

Specifies whether or not to attempt to print the contents of messages which are malformed.

*NO
Do not print malformed answers.
*YES
Attempt to print malformed answers.

Request DNSSEC records (DNSSEC)

Specifies whether or not to request DNSSEC records be sent by setting the DNSSEC OK bit (DO) in the OPT record in the additional section of the query.

*NO
Do not request any DNSSEC records.
*YES
Request any DNSSEC records.

Chase DNSSEC chains (SIGCHASE)

Specifies whether or not to chase DNSSEC signature chains. This attempts to verify SIG records that belong to the record and further will try to verify them recursively for all the keys and DS that form the chain of trust all the way up to any self-signed or unsigned key.

*NO
Do not chase DNSSEC signature chains.
*YES
Chase DNSSEC signature chains.

If SIGCHASE(*YES) is specified, DNSSEC(*YES) must also be specified.

Trusted keys file (TRUSTEDKEY)

Specifies a file containing trusted keys to be used with the SIGCHASE parameter. Each DNSKEY record must be on its own line.

If a value other than *NONE is specified, SIGCHASE(*YES) must also be specified.

*NONE
Do not specify a trusted key.
path-name
Specify the path name for a stream file with the trusted keys.

DNSSEC top down validation (TOPDOWN)

Specifies, when chasing DNSSEC signature chains, whether or not to perform a top down validation (from the root '.' to the leaf nodes).

If TOPDOWN(*YES) is specified, SIGCHASE(*YES) must also be specified.

*NO
Do not do top down validation.
*YES
Do top down validation.

Include EDNS ID request (EDNSIDRQS)

Specifies whether or not to include an EDNS name server ID request when sending a query.

*NO
Do not include EDNS name server ID request.
*YES
Do include EDNS name server ID request.

Output file (TOSTMF)

Specifies the name of a stream file where all command output is written.

*STDOUT
All command output goes to the standard output device (normally the display).
path-name
Specify the path name for a stream file where output should be written.

Examples

Example 1: Forward Lookup Example - Long 

STRDIGQRY   HOSTNAME('ibm.com')
            DMNNAMSVR(*CFG)

This command illustrates a simple query for a domain named 'ibm.com'. It will use the configured DNS server on the system. By default it will look up record type *A and class *IN. The output from this command might look like this: 

; <<>> DiG 9.7.2.i5/OS.V7R2M0 <<>> ibm.com @10.0.1.100
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 510
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 3, ADDITIONAL: 3
;; QUESTION SECTION:
;ibm.com.                       IN      A
;; ANSWER SECTION:
ibm.com.                9559    IN      A       129.42.18.103
ibm.com.                9559    IN      A       129.42.16.103
ibm.com.                9559    IN      A       129.42.17.103
;; AUTHORITY SECTION:
ibm.com.                9559    IN      NS      leda2.ibm.com.
ibm.com.                9559    IN      NS      castor.ibm.com.
ibm.com.                9559    IN      NS      pollux.ibm.com.
;; ADDITIONAL SECTION:
leda2.ibm.com.          9559    IN      A       9.14.1.3
castor.ibm.com.         9559    IN      A       9.78.1.2
pollux.ibm.com.         9559    IN      A       9.46.1.2
;; Query time: 13 msec
;; SERVER: 10.0.1.100#53(10.0.1.100)
;; WHEN: Sat Aug  5 11:11:18 2006
;; MSG SIZE  rcvd: 183

Example 2: Forward Lookup Example - Short 

DIG   HOSTNAME('ibm.com')
      DMNNAMSVR(*CFG)
      SHORT(*YES)
      IDENTIFY(*YES)

This command illustrates a the same query as in example 1, but with shorter output. 

129.42.18.103 from server 10.0.1.100 in 1 ms.
129.42.16.103 from server 10.0.1.100 in 2 ms.
129.42.17.103 from server 10.0.1.100 in 2 ms.

Example 3: Reverse Lookup Example 

DIG   HOSTNAME('10.0.1.100')
      REVERSE(*YES)

This command illustrates a simple reverse query for a host with IPv4 address '10.0.1.100'. It will use the configured DNS server on the system (seen with the CHGTCPDMN command). By default it will look up name '100.1.0.10.in-addr.arpa.' and record type PTR and class *IN. This is equivalent to the following command: 

DIG   HOSTNAME('100.1.0.10.in-addr.arpa')
      TYPE(*PTR)
      CLASS(*IN)

The output from this type of query might look like this: 

; <<>> DiG 9.7.2.i5/OS.V7R2M0 <<>> -x 10.0.1.100 @10.0.1.100
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 609
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;100.1.0.10.in-addr.arpa.         IN      PTR
;; ANSWER SECTION:
100.1.0.10.in-addr.arpa.    86400 IN      PTR     mydns1.i5os.ibm.com.
;; AUTHORITY SECTION:
0.10.in-addr.arpa.          86400 IN      NS      mydns1.i5os.ibm.com.
;; ADDITIONAL SECTION:
mydns2.i5os.ibm.com.        47409 IN      A       10.0.2.200
;; Query time: 994 msec
;; SERVER: 10.0.1.100#53(10.0.1.100)
;; WHEN: Sat Aug  5 11:32:16 2006
;; MSG SIZE  rcvd: 119

Example 4: DIG with Searchlist 

STRDIGQRY   HOSTNAME(time)
            TYPE(*ANY)
            CLASS(*IN)
            USESCHDMNL(*YES)
            DMNSCHLIST(nist.gov)

This command queries for any records associated with the name 'time'. If this query fails, then DIG will retry the query by appending the domain 'nist.gov' from the searchlist to the name.

The output from this type of query might look like this: 

; <<>> DiG 9.7.2.i5/OS.V7R2M0 <<>> -q time -t any -c in @10.0.1.100
  +search +domain=nist.gov
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1336
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;time.nist.gov.                 IN      ANY
;; ANSWER SECTION:
time.nist.gov.          287     IN      A    192.43.244.18
;; AUTHORITY SECTION:
nist.gov.               65982   IN      NS   ns1.nist.gov.
nist.gov.               65982   IN      NS   dns-x.boulder.nist.gov.
;; ADDITIONAL SECTION:
ns1.nist.gov.           283     IN      A    129.6.13.2
dns-x.boulder.nist.gov. 40652   IN      A    132.163.4.9
;; Query time: 1038 msec
;; SERVER: 10.0.1.100#53(10.0.1.100)
;; WHEN: Sat Aug  5 11:36:18 2006
;; MSG SIZE  rcvd: 125

Example 5: Suppression of Response Sections 

DIG   HOSTNAME(time.nist.gov)
      TYPE(*ANY)
      CLASS(*IN)
      PRTALL(*NO)
      QUESTION(*YES)
      ANSWER(*YES)

This command is similar to Example 4, except we suppressed most of the response sections using the PRTALL(*NO) paramter, and then overrode that setting for the question section using QUESTION(*YES) and the answer section using ANSWER(*YES).

The output from this type of query might look like this: 

;time.nist.gov.                 IN      ANY
time.nist.gov.          673     IN      A       192.43.244.18

Error messages

*ESCAPE Messages

DNS0013
Error processing command parameters.
DNS0065
Option 33 of i5/OS is required, but is not installed.
TCP7124
Program &1 in library &2 type *PGM ended abnormally.