$ Linux One Liners
Back to commands

Web Server Rescue

Read-only

Compare DNS Answers Across Resolvers

Users in different places reach different edge IPs, and you need to compare recursive resolver answers before touching the web server.

Command

for r in 1.1.1.1 8.8.8.8 9.9.9.9; do printf '%s ' "$r"; dig @"$r" +short edge.test A; done

Before you run this

System impact: Read-only. Low when scoped to the shown target.

When not to use it: Do not assume public resolver agreement proves every ISP, corporate resolver, or local cache has updated.

Expected output

Resolver IPs followed by the A record each resolver returns; disagreement points to cache or propagation behavior, not necessarily a broken server.

System impact

Read-only. Nothing changes. The command sends read-only DNS queries to public resolvers.

Recovery / rollback: no state is changed.

When to use it

Use during DNS cutovers, CDN moves, or reports that only some users still reach the old IP.

When not to use it

Do not assume public resolver agreement proves every ISP, corporate resolver, or local cache has updated.

Explanation-only example

Illustrated output, not a live lab run

This example is intentionally illustrative. It shows the command shape without killing real processes or changing your machine.

demo@lab:~$

$ dig +short example.com A

203.0.113.10

$ for r in 1.1.1.1 8.8.8.8 9.9.9.9; do printf '%s ' "$r"; dig @"$r" +short example.com A; done

1.1.1.1 203.0.113.10
8.8.8.8 198.51.100.44
9.9.9.9 203.0.113.10
View commands shown

These are the commands shown in the sanitized transcript.

Commands shown

  1. dig +short edge.test A
  2. for r in 1.1.1.1 8.8.8.8 9.9.9.9; do printf '%s ' "$r"; dig @"$r" +short edge.test A; done

next steps

Related commands

Web Server Rescue Read-only

Compare Authoritative Nameserver Answers

The recursive resolver was not the problem. One nameserver disagreed.

for ns in $(dig +short NS edge.test); do printf '%s ' "$ns"; dig @"$ns" +short edge.test A; done
Web Server Rescue Read-only

Compare A and AAAA Records

IPv4 worked. IPv6 sent users to a different edge.

printf 'A '; dig +short edge.test A; printf 'AAAA '; dig +short edge.test AAAA
Web Server Rescue Read-only

Check CAA Certificate Issuers

The certificate request failed because DNS allowed the wrong issuer.

dig +short edge.test CAA
Web Server Rescue Read-only

Show the DNS Answer TTL

The fix was correct. The TTL explained why users still saw the old edge.

dig +noall +answer edge.test A
Web Server Rescue Read-only

Check the WWW CNAME Target

The apex was right. The www name pointed through a different path.

dig +short www.edge.test CNAME
Study mapping

Use this as independent command practice: read the notes, predict the output, then compare it with the example before using a real shell.

  • lpic1:109-networking
  • lfcs:networking
  • lfcs:services-logs
  • linuxplus:provisional
  • linuxplus:troubleshooting
  • risk:read-only

Useful for

  • LPIC-1 style command-line practice
  • LFCS style performance tasks
  • Linux+ style troubleshooting review

Independent study support only. No affiliation, endorsement, exam dumps, or real exam questions.