$ Linux One Liners
Back to commands

Web Server Rescue

Read-only

Show the DNS Answer TTL

You need to see how long a DNS answer can remain cached.

Command

dig +noall +answer edge.test A

Before you run this

System impact: Read-only. Low when scoped to the shown target.

When not to use it: Do not treat the displayed TTL as the original zone TTL after a resolver has already cached it.

Expected output

A DNS answer line showing name, TTL, class, type, and value.

System impact

Read-only. Nothing changes. The command prints the answer section including TTL.

Recovery / rollback: no state is changed.

When to use it

Use during DNS cutovers or when deciding whether stale answers are expected.

When not to use it

Do not treat the displayed TTL as the original zone TTL after a resolver has already cached it.

Watch this command run

Command transcript

This sanitized transcript shows the commands and output shape without exposing host details.

demo@lab:~$

$ dig +short example.com A

203.0.113.10

$ dig +noall +answer example.com A

example.com. 300 IN A 203.0.113.10
View commands shown

These are the commands shown in the sanitized transcript.

Commands shown

  1. dig +short edge.test A
  2. dig +noall +answer edge.test A

next steps

Related commands

Web Server Rescue Read-only

Compare DNS Answers Across Resolvers

One resolver can still have the old edge IP while another has the new one.

for r in 1.1.1.1 8.8.8.8 9.9.9.9; do printf '%s ' "$r"; dig @"$r" +short edge.test A; done
Web Server Rescue Read-only

Check CAA Certificate Issuers

The certificate request failed because DNS allowed the wrong issuer.

dig +short edge.test CAA
Web Server Rescue Read-only

Compare A and AAAA Records

IPv4 worked. IPv6 sent users to a different edge.

printf 'A '; dig +short edge.test A; printf 'AAAA '; dig +short edge.test AAAA
Web Server Rescue Read-only

Compare Authoritative Nameserver Answers

The recursive resolver was not the problem. One nameserver disagreed.

for ns in $(dig +short NS edge.test); do printf '%s ' "$ns"; dig @"$ns" +short edge.test A; done
Web Server Rescue Sensitive output

Show TLS Certificate Names

The cert was valid, but not for this hostname.

openssl s_client -connect edge.test:443 -servername edge.test </dev/null 2>/dev/null | openssl x509 -noout -subject -ext subjectAltName
Study mapping

Use this as independent command practice: read the notes, predict the output, then compare it with the example before using a real shell.

  • lpic1:109-networking
  • lfcs:networking
  • lfcs:services-logs
  • linuxplus:provisional
  • linuxplus:troubleshooting
  • risk:read-only

Useful for

  • LPIC-1 style command-line practice
  • LFCS style performance tasks
  • Linux+ style troubleshooting review

Independent study support only. No affiliation, endorsement, exam dumps, or real exam questions.