$ Linux One Liners
Back to lessons

Web Server Rescue

Risk: safe

Compare A and AAAA Records

A site works for some users but fails for IPv6-capable clients, so you need to compare IPv4 and IPv6 DNS.

Command

printf 'A '; dig +short edge.test A; printf 'AAAA '; dig +short edge.test AAAA

Before you run this

Risk: safe. Do not remove IPv6 records without confirming the intended edge and provider behavior.

Expected output

The IPv4 and IPv6 DNS answers for the same hostname.

System impact

Nothing changes. The command reads DNS and compares address families.

Recovery / rollback: no state is changed.

When to use it

Use when mobile networks, certain ISPs, or IPv6 clients report a different failure.

When not to use it

Do not remove IPv6 records without confirming the intended edge and provider behavior.

Watch this command run

Example output from a temporary Linux lab

This example uses disposable sample files and sanitized output so you can inspect the shape of the result before touching a real system.

demo@lab:~$

$ printf 'A '; dig +short example.com A; printf 'AAAA '; dig +short example.com AAAA

A 203.0.113.10
AAAA 2001:db8:44::10

$ curl -4 -I https://example.com && curl -6 -I https://example.com

HTTP/2 200
server: edge-fixture
content-type: text/html

ipv6_path=connect_failed status=000
View reproducible demo details

This page shows the sanitized shell transcript and the setup steps needed to reproduce the example.

Lab setup steps

  1. printf 'A '; dig +short edge.test A; printf 'AAAA '; dig +short edge.test AAAA
  2. curl -4 -I https://edge.test && curl -6 -I https://edge.test

next steps

Related commands

Web Server Rescue Risk: safe

Compare DNS Answers Across Resolvers

One resolver can still have the old edge IP while another has the new one.

for r in 1.1.1.1 8.8.8.8 9.9.9.9; do printf '%s ' "$r"; dig @"$r" +short edge.test A; done
Web Server Rescue Risk: safe

Compare Authoritative Nameserver Answers

The recursive resolver was not the problem. One nameserver disagreed.

for ns in $(dig +short NS edge.test); do printf '%s ' "$ns"; dig @"$ns" +short edge.test A; done
Web Server Rescue Risk: safe

Check CAA Certificate Issuers

The certificate request failed because DNS allowed the wrong issuer.

dig +short edge.test CAA
Web Server Rescue Risk: safe

Check the WWW CNAME Target

The apex was right. The www name pointed through a different path.

dig +short www.edge.test CNAME
Web Server Rescue Risk: safe

Show the DNS Answer TTL

The fix was correct. The TTL explained why users still saw the old edge.

dig +noall +answer edge.test A
Study mapping

Use this as independent command practice: read the notes, predict the output, then compare it with the example before using a real shell.

  • lpic1:109-networking
  • lfcs:networking
  • lfcs:services-logs
  • linuxplus:provisional
  • linuxplus:troubleshooting
  • risk:read-only

Useful for

  • LPIC-1 style command-line practice
  • LFCS style performance tasks
  • Linux+ style troubleshooting review

Independent study support only. No affiliation, endorsement, exam dumps, or real exam questions.