Web Server Rescue
Read-onlyCompare DNS Answers Across Resolvers
Users in different places reach different edge IPs, and you need to compare recursive resolver answers before touching the web server.
Command
for r in 1.1.1.1 8.8.8.8 9.9.9.9; do printf '%s ' "$r"; dig @"$r" +short edge.test A; done
Before you run this
System impact: Read-only. Low when scoped to the shown target.
When not to use it: Do not assume public resolver agreement proves every ISP, corporate resolver, or local cache has updated.
Expected output
Resolver IPs followed by the A record each resolver returns; disagreement points to cache or propagation behavior, not necessarily a broken server.
System impact
Read-only. Nothing changes. The command sends read-only DNS queries to public resolvers.
Recovery / rollback: no state is changed.
When to use it
Use during DNS cutovers, CDN moves, or reports that only some users still reach the old IP.
When not to use it
Do not assume public resolver agreement proves every ISP, corporate resolver, or local cache has updated.
Explanation-only example
Illustrated output, not a live lab run
This example is intentionally illustrative. It shows the command shape without killing real processes or changing your machine.
$ dig +short example.com A
203.0.113.10
$ for r in 1.1.1.1 8.8.8.8 9.9.9.9; do printf '%s ' "$r"; dig @"$r" +short example.com A; done
1.1.1.1 203.0.113.10
8.8.8.8 198.51.100.44
9.9.9.9 203.0.113.10
View commands shown
These are the commands shown in the sanitized transcript.
Commands shown
dig +short edge.test Afor r in 1.1.1.1 8.8.8.8 9.9.9.9; do printf '%s ' "$r"; dig @"$r" +short edge.test A; done
next steps
Related commands
Compare Authoritative Nameserver Answers
The recursive resolver was not the problem. One nameserver disagreed.
for ns in $(dig +short NS edge.test); do printf '%s ' "$ns"; dig @"$ns" +short edge.test A; done
Compare A and AAAA Records
IPv4 worked. IPv6 sent users to a different edge.
printf 'A '; dig +short edge.test A; printf 'AAAA '; dig +short edge.test AAAA
Check CAA Certificate Issuers
The certificate request failed because DNS allowed the wrong issuer.
dig +short edge.test CAA
Show the DNS Answer TTL
The fix was correct. The TTL explained why users still saw the old edge.
dig +noall +answer edge.test A
Check the WWW CNAME Target
The apex was right. The www name pointed through a different path.
dig +short www.edge.test CNAME
Study mapping
Use this as independent command practice: read the notes, predict the output, then compare it with the example before using a real shell.
Useful for
- LPIC-1 style command-line practice
- LFCS style performance tasks
- Linux+ style troubleshooting review
Independent study support only. No affiliation, endorsement, exam dumps, or real exam questions.