host Commands
Simple DNS lookup utility for querying DNS records and performing reverse lookups
Basic Lookups
Simple hostname lookup (A and AAAA records)
host example.comReturns IPv4 (A) and IPv6 (AAAA) addresses for the domain. This is the most basic usage.
IPv4 addresses only (A records)
host -t A example.comExplicitly query for IPv4 addresses only. Useful when you only need IPv4 information.
IPv6 addresses only (AAAA records)
host -t AAAA example.comQuery for IPv6 addresses only. Essential for testing IPv6 connectivity and configuration.
Reverse DNS Lookups
Reverse lookup (IP to hostname)
host 93.184.216.34Finds the hostname(s) associated with an IP address. Useful for identifying servers and verifying PTR records.
Reverse lookup for IPv6
host 2606:2800:220:1:248:1893:25c8:1946Performs reverse DNS lookup for IPv6 addresses. IPv6 PTR records use ip6.arpa domain.
Explicit PTR record query
host -t PTR 34.216.184.93.in-addr.arpaDirectly query the PTR record using the in-addr.arpa format. Useful for understanding reverse DNS mechanics.
Mail Records (MX)
Query MX records (mail servers)
host -t MX example.comShows mail servers for a domain with their priority values. Lower priority values are preferred.
Verbose MX lookup with addresses
host -t MX -a example.comShows MX records along with additional DNS information. The -a flag provides detailed output.
Text Records (TXT)
Query TXT records (SPF, DKIM, verification)
host -t TXT example.comShows TXT records used for SPF, DKIM, domain verification, and other text-based DNS data.
Check SPF record
host -t TXT example.com | grep "v=spf1"Filter TXT records to show only SPF (Sender Policy Framework) record, used for email authentication.
Check DMARC record
host -t TXT _dmarc.example.comDMARC records are stored at the _dmarc subdomain and define email authentication policy.
Name Server Records
Query NS records (authoritative nameservers)
host -t NS example.comShows authoritative name servers for the domain. These servers are the official source for domain DNS records.
Query SOA record (zone authority)
host -t SOA example.comShows Start of Authority record containing zone serial number, refresh intervals, and primary nameserver.
Query CNAME record (canonical name)
host -t CNAME www.example.comShows if a hostname is an alias pointing to another hostname. Common for www subdomains and CDNs.
CAA Records (Certificate Authority Authorization)
Query CAA records
host -t CAA example.comShows which Certificate Authorities are authorized to issue certificates for the domain. Critical for SSL/TLS security.
Verbose CAA lookup
host -t CAA -v example.comDetailed CAA record information including issue, issuewild, and iodef tags.
Using Specific Name Servers
Query using Google DNS
host example.com 8.8.8.8Query a specific nameserver (Google Public DNS in this example). Useful for testing DNS propagation.
Query using Cloudflare DNS
host example.com 1.1.1.1Use Cloudflare's public DNS resolver for queries. Alternative to default system DNS.
Query authoritative nameserver directly
host example.com ns1.example.comQuery the domain's own authoritative nameserver. Bypasses caching and shows current authoritative data.
Verbose and Debugging Options
Verbose output
host -v example.comShows detailed DNS query and response information. Useful for debugging DNS issues.
All DNS records (ANY query)
host -a example.comEquivalent to -v -t ANY. Shows comprehensive DNS information for the domain.
Debug mode
host -d example.comEnables debugging output showing DNS protocol details. Similar to -v but with more technical information.
Non-recursive query
host -r example.comDisables recursive queries. The nameserver won't query other servers on your behalf.
Timeout and Retry Options
Set query timeout
host -W 10 example.comWait up to 10 seconds for a response. Default timeout is typically 5 seconds.
Set number of retries
host -R 5 example.comRetry the query up to 5 times. Useful for unreliable network connections.
Combined timeout and retry
host -W 5 -R 3 example.comWait 5 seconds per attempt with 3 retries. Balances thoroughness with performance.
Protocol Options
Use TCP instead of UDP
host -T example.comForce TCP for the DNS query. UDP is default but TCP can be more reliable for large responses.
Query using IPv4 only
host -4 example.comUse IPv4 transport only for DNS queries. Useful when IPv6 connectivity is problematic.
Query using IPv6 only
host -6 example.comUse IPv6 transport only for DNS queries. Tests IPv6 DNS connectivity.
Practical Examples
Check DNS propagation
host example.com 8.8.8.8
host example.com 1.1.1.1
host example.com ns1.example.comQuery multiple nameservers to verify DNS changes have propagated globally.
Verify mail server configuration
host -t MX example.com
host -t TXT example.com | grep spf
host -t TXT _dmarc.example.comComplete email infrastructure check: MX records, SPF, and DMARC configuration.
Check domain certificate authorization
host -t CAA example.com
host -t A example.com
host -t AAAA example.comVerify which CAs can issue certificates and check A/AAAA records for SSL/TLS setup.
Troubleshoot DNS resolution
host -v -t A example.com
host -t NS example.com
host -t SOA example.comDebug DNS issues by checking verbose output, authoritative nameservers, and zone information.
Important Notes
DNS Caching
DNS responses are cached by resolvers. To see authoritative data, query the domain's nameservers directly.
TTL (Time To Live)
TTL values determine how long DNS records are cached. Use -v flag to see TTL values in responses.
Comparison with dig
host provides simpler, more readable output than dig. For detailed protocol analysis, use dig instead.
ANY Queries Deprecated
Many DNS servers no longer respond to ANY queries due to DDoS concerns. Query specific record types instead.