$ Linux One Liners
Back to commands

Web Server Rescue

Read-only

Compare Authoritative Nameserver Answers

Recursive resolvers disagree or propagation looks stuck, and you need to check whether the authoritative nameservers themselves return the same edge IP.

Command

for ns in $(dig +short NS edge.test); do printf '%s ' "$ns"; dig @"$ns" +short edge.test A; done

Before you run this

System impact: Read-only. Low when scoped to the shown target.

When not to use it: Do not edit zone data from this output alone. First confirm which provider owns the live zone and whether all nameservers are in sync.

Expected output

Each authoritative nameserver followed by its A record answer, making mismatched zone data visible.

System impact

Read-only. Nothing changes. The command lists NS records and asks each authoritative nameserver for the A record.

Recovery / rollback: no state is changed.

When to use it

Use when propagation looks inconsistent even after recursive caches should have expired.

When not to use it

Do not edit zone data from this output alone. First confirm which provider owns the live zone and whether all nameservers are in sync.

Explanation-only example

Illustrated output, not a live lab run

This example is intentionally illustrative. It shows the command shape without killing real processes or changing your machine.

demo@lab:~$

$ dig +short NS example.com

example.com.
example.com.

$ for ns in $(dig +short NS example.com); do printf '%s ' "$ns"; dig @"$ns" +short example.com A; done

example.com. 203.0.113.10
example.com. 198.51.100.44
View commands shown

These are the commands shown in the sanitized transcript.

Commands shown

  1. dig +short NS edge.test
  2. for ns in $(dig +short NS edge.test); do printf '%s ' "$ns"; dig @"$ns" +short edge.test A; done

next steps

Related commands

Web Server Rescue Read-only

Compare DNS Answers Across Resolvers

One resolver can still have the old edge IP while another has the new one.

for r in 1.1.1.1 8.8.8.8 9.9.9.9; do printf '%s ' "$r"; dig @"$r" +short edge.test A; done
Web Server Rescue Read-only

Compare A and AAAA Records

IPv4 worked. IPv6 sent users to a different edge.

printf 'A '; dig +short edge.test A; printf 'AAAA '; dig +short edge.test AAAA
Web Server Rescue Read-only

Check CAA Certificate Issuers

The certificate request failed because DNS allowed the wrong issuer.

dig +short edge.test CAA
Web Server Rescue Read-only

Check the WWW CNAME Target

The apex was right. The www name pointed through a different path.

dig +short www.edge.test CNAME
Web Server Rescue Read-only

Show the DNS Answer TTL

The fix was correct. The TTL explained why users still saw the old edge.

dig +noall +answer edge.test A
Study mapping

Use this as independent command practice: read the notes, predict the output, then compare it with the example before using a real shell.

  • lpic1:109-networking
  • lfcs:networking
  • lfcs:services-logs
  • linuxplus:provisional
  • linuxplus:troubleshooting
  • risk:read-only

Useful for

  • LPIC-1 style command-line practice
  • LFCS style performance tasks
  • Linux+ style troubleshooting review

Independent study support only. No affiliation, endorsement, exam dumps, or real exam questions.