Using the Linux host command to extract DNS details

the host The command on Linux systems can look up a variety of information available through the Domain Name System (DNS). It can find a hostname if given an IP address or an IP address if given a hostname along with many other interesting details about Internet systems and domains.

The first request below tells us that the system associated with the address is called “dragonfly”. The second tells us that is the default router.

$ host domain name pointer dragonfly.
$ host domain name pointer router.

To do the opposite, you can use commands like these:

$ host dragonfly
dragonfly has address
$ host router
router has address

These commands were run on my home network, and they only show a small portion of the information that the host command can recover.

Viewing Host Command Options

Whenever you type “host” with no additional arguments, you will see the command options available with a brief explanation of each.

Usage: host [-aCdilrTvVw] [-c class] [-N ndots] [-t type] [-W time]
            [-R number] [-m flag] [-p port] hostname [server]
       -a is equivalent to -v -t ANY
       -A is like -a but omits RRSIG, NSEC, NSEC3
       -c specifies query class for non-IN data
       -C compares SOA records on authoritative nameservers
       -d is equivalent to -v
       -l lists all hosts in a domain, using AXFR
       -m set memory debugging flag (trace|record|usage)
       -N changes the number of dots allowed before root lookup is done
       -p specifies the port on the server to query
       -r disables recursive processing
       -R specifies number of retries for UDP packets
       -s a SERVFAIL response should stop query
       -t specifies the query type
       -T enables TCP/IP mode
       -U enables UDP mode
       -v enables verbose output
       -V print version number and exit
       -w specifies to wait forever for a reply
       -W specifies how long to wait for a reply
       -4 use IPv4 query transport only
       -6 use IPv6 query transport only

For almost all options, you need to provide some additional information: a hostname, IP address, domain name, or maybe some additional data to describe what you’re looking for. The only option that will NOT simply supply the above list when no arguments are supplied is the -V option that reports version information for the command itself.

$ host -V
host 9.16.24-RH

Now let’s look at some of the other useful information the command can provide.

IP addresses

Some important details for a specific domain can be retrieved using only the domain name:

$ host has address has address has address has address mail is handled by 0

We can see that this domain uses multiple servers, as is often the case with many commercial sites.

Detailed report

If you add the -v (verbose), you’ll see a lot of extra detail. For, we would see 33 lines of output if the head command did not limit it to the first ten lines.

$ host -v | wc -l
$ host -v | head -10
Trying “”
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2094
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 0

;              IN      A

;; ANSWER SECTION:       300     IN      A       300     IN      A

However, you can still pass the host command output to grep to narrow it down to what you want to see.

Mail exchange (MX)

To focus on the mail exchange (MX) records, you can use a command like this:

$ host -v | grep MX
;                   IN      MX            2189    IN      MX      0

Alternatively, you can recover MX records using the host ordered -t (type) MX option:

$ host -t mx mail is handled by 0

SOA Records

To focus on SOA (start of authority), you can use a command like this:

$ host -v | grep SOA            342     IN      SOA 2021092901 28800 7200 604800 600

Alternatively, you can also use a command like this with the -t (type) SOA option:

$ host -t SOA has SOA record 2022021100 1800 900 1209600 86400


To have CNAME (canonical name), you can use a command like this which tells you that is an alias for Google’s mail server:

$ host -t cname is an alias for

Server name

In the command below, we are simply looking for nameservers using the ns tap with the host order:

$ host -t ns name server name server name server name server name server name server


the host The command has so many options that it may take some getting used to and deciding which are the most useful. They can be very handy depending on what you are looking for in the vast DNS knowledge bank.

Join the Network World communities on Facebook and LinkedIn to comment on topics that matter to you.

Copyright © 2022 IDG Communications, Inc.

Previous How to setup and configure custom DNS using NextDNS
Next NIA arrests IPS officer for 'leaking' secret documents to terrorist group LeT - Jammu Kashmir Latest News | Tourism