$ Linux One Liners
Back to lessons

Web Server Rescue

Risk: safe

Compare Authoritative Nameserver Answers

A domain has multiple authoritative nameservers and you need to see whether they return the same edge IP.

Command

for ns in $(dig +short NS edge.test); do printf '%s ' "$ns"; dig @"$ns" +short edge.test A; done

Before you run this

Risk: safe. Do not edit zone data from this output alone; confirm which provider owns the live zone.

Expected output

Each authoritative nameserver followed by its A record answer.

System impact

Nothing changes. The command lists NS records and asks each nameserver for the A record.

Recovery / rollback: no state is changed.

When to use it

Use when propagation looks inconsistent even after recursive caches should have expired.

When not to use it

Do not edit zone data from this output alone; confirm which provider owns the live zone.

Watch this command run

Example output from a temporary Linux lab

This example uses disposable sample files and sanitized output so you can inspect the shape of the result before touching a real system.

demo@lab:~$

$ dig +short NS example.com

example.com.
example.com.

$ for ns in $(dig +short NS example.com); do printf '%s ' "$ns"; dig @"$ns" +short example.com A; done

example.com. 203.0.113.10
example.com. 198.51.100.44
View reproducible demo details

This page shows the sanitized shell transcript and the setup steps needed to reproduce the example.

Lab setup steps

  1. dig +short NS edge.test
  2. for ns in $(dig +short NS edge.test); do printf '%s ' "$ns"; dig @"$ns" +short edge.test A; done

next steps

Related commands

Web Server Rescue Risk: safe

Compare DNS Answers Across Resolvers

One resolver can still have the old edge IP while another has the new one.

for r in 1.1.1.1 8.8.8.8 9.9.9.9; do printf '%s ' "$r"; dig @"$r" +short edge.test A; done
Web Server Rescue Risk: safe

Compare A and AAAA Records

IPv4 worked. IPv6 sent users to a different edge.

printf 'A '; dig +short edge.test A; printf 'AAAA '; dig +short edge.test AAAA
Web Server Rescue Risk: safe

Check CAA Certificate Issuers

The certificate request failed because DNS allowed the wrong issuer.

dig +short edge.test CAA
Web Server Rescue Risk: safe

Check the WWW CNAME Target

The apex was right. The www name pointed through a different path.

dig +short www.edge.test CNAME
Web Server Rescue Risk: safe

Show the DNS Answer TTL

The fix was correct. The TTL explained why users still saw the old edge.

dig +noall +answer edge.test A
Study mapping

Use this as independent command practice: read the notes, predict the output, then compare it with the example before using a real shell.

  • lpic1:109-networking
  • lfcs:networking
  • lfcs:services-logs
  • linuxplus:provisional
  • linuxplus:troubleshooting
  • risk:read-only

Useful for

  • LPIC-1 style command-line practice
  • LFCS style performance tasks
  • Linux+ style troubleshooting review

Independent study support only. No affiliation, endorsement, exam dumps, or real exam questions.