$ Linux One Liners
Back to lessons

Web Server Rescue

Risk: safe

Show the DNS Answer TTL

You need to see how long a DNS answer can remain cached.

Command

dig +noall +answer edge.test A

Before you run this

Risk: safe. Do not treat the displayed TTL as the original zone TTL after a resolver has already cached it.

Expected output

A DNS answer line showing name, TTL, class, type, and value.

System impact

Nothing changes. The command prints the answer section including TTL.

Recovery / rollback: no state is changed.

When to use it

Use during DNS cutovers or when deciding whether stale answers are expected.

When not to use it

Do not treat the displayed TTL as the original zone TTL after a resolver has already cached it.

Watch this command run

Example output from a temporary Linux lab

This example uses disposable sample files and sanitized output so you can inspect the shape of the result before touching a real system.

demo@lab:~$

$ dig +short example.com A

203.0.113.10

$ dig +noall +answer example.com A

example.com. 300 IN A 203.0.113.10
View reproducible demo details

This page shows the sanitized shell transcript and the setup steps needed to reproduce the example.

Lab setup steps

  1. dig +short edge.test A
  2. dig +noall +answer edge.test A

next steps

Related commands

Web Server Rescue Risk: safe

Compare DNS Answers Across Resolvers

One resolver can still have the old edge IP while another has the new one.

for r in 1.1.1.1 8.8.8.8 9.9.9.9; do printf '%s ' "$r"; dig @"$r" +short edge.test A; done
Web Server Rescue Risk: safe

Compare Authoritative Nameserver Answers

The recursive resolver was not the problem. One nameserver disagreed.

for ns in $(dig +short NS edge.test); do printf '%s ' "$ns"; dig @"$ns" +short edge.test A; done
Web Server Rescue Risk: safe

Check CAA Certificate Issuers

The certificate request failed because DNS allowed the wrong issuer.

dig +short edge.test CAA
Web Server Rescue Risk: safe

Compare A and AAAA Records

IPv4 worked. IPv6 sent users to a different edge.

printf 'A '; dig +short edge.test A; printf 'AAAA '; dig +short edge.test AAAA
Web Server Rescue Risk: safe

Check the WWW CNAME Target

The apex was right. The www name pointed through a different path.

dig +short www.edge.test CNAME
Study mapping

Use this as independent command practice: read the notes, predict the output, then compare it with the example before using a real shell.

  • lpic1:109-networking
  • lfcs:networking
  • lfcs:services-logs
  • linuxplus:provisional
  • linuxplus:troubleshooting
  • risk:read-only

Useful for

  • LPIC-1 style command-line practice
  • LFCS style performance tasks
  • Linux+ style troubleshooting review

Independent study support only. No affiliation, endorsement, exam dumps, or real exam questions.