Checking Up on DNS from the Terminal: A Practical Guide

Published in Originals on Oct 2, 2025

When something breaks on the internet, whether it’s a website, an email service, or an app. DNS (Domain Name System) is often the first place to look.

DNS is what turns human-friendly names like vulpo.be into machine-friendly IP addresses. It also handles things like mail servers, verification records, and caching rules. The good news? You don’t need special software to investigate DNS. Your terminal already has everything you need.

In this guide, we’ll explore the most useful terminal commands for checking DNS records, understanding TTLs (time to live), and troubleshooting issues.

1. The Quick Option: nslookup

If you just want a fast check, nslookup works on almost every system.

nslookup vulpo.be

Output will show the resolved IP address. You can also specify the type of record:

nslookup -type=MX vulpo.be   # Mail servers
nslookup -type=TXT vulpo.be  # TXT records (SPF, DKIM, verification tokens)

⚠️ Note: nslookup is older and sometimes inconsistent between systems. For more detailed inspection, dig is the better choice.

2. The Workhorse: dig

The dig command gives you precise, detailed results.

dig vulpo.be

You'll see sections like this:

;; ANSWER SECTION:
vulpo.be.   3599   IN   A   34.77.128.88

Here’s what matters:

  • vulpo.be. → the queried domain
  • 3599 → the TTL (time in seconds that resolvers will cache this record)
  • A → the record type (IPv4 address)
  • 34.77.128.88 → the actual value of the record

You can also query specific record types:

dig MX vulpo.be   # Mail servers
dig TXT vulpo.be  # Verification or SPF/DKIM
dig AAAA vulpo.be # IPv6 addresses

3. Querying Specific Name Servers

By default, dig asks your system’s configured resolver. But sometimes you want to check what a different DNS server sees.

dig @8.8.8.8 vulpo.be

This queries Google’s public DNS. Other popular resolvers include Cloudflare (1.1.1.1) and Quad9 (9.9.9.9).

This is especially useful for checking DNS propagation. Different resolvers may still have cached old values while others have updated.

4. Going to the Source: Authoritative Servers

If you want the most authoritative answer, you can skip resolvers and ask the official nameservers for a domain.

First, find them:

dig NS vulpo.be

Then query one directly:

dig @ns1.example-dns.com vulpo.be

This helps you see what the domain owner’s DNS servers are publishing right now, without cache interference.

5. Reverse Lookups

Sometimes you have an IP address and want to know if it maps back to a domain:

dig -x 34.77.128.88

If there’s a reverse DNS record (PTR), it will show up here.

6. A Lightweight Alternative: host

The host command is another simple tool for DNS queries:

host vulpo.be
host -t MX vulpo.be

It’s less verbose than dig and great for quick checks.

Why TTLs Matter

Throughout these commands you’ll notice TTL values (time to live). This number, in seconds, tells resolvers how long to cache a record.

  • A high TTL (e.g., 86400 = 24 hours) means fewer queries but slower updates when records change.
  • A low TTL (e.g., 300 = 5 minutes) makes updates propagate faster but increases DNS traffic.

If you’re planning a migration, lowering TTLs ahead of time is a smart move.

Final Thoughts

With just a few built-in commands, dig, nslookup, and host, you can:

  • ✅ Inspect all types of DNS records (A, AAAA, MX, TXT, CNAME, NS)
  • ✅ Check TTLs to understand caching behavior
  • ✅ Query specific resolvers or authoritative servers
  • ✅ Monitor changes in real time

Whether you’re debugging an outage, setting up email, or rolling out DNS changes, knowing how to check DNS from the terminal is an essential skill for developers and sysadmins alike.



#dns, #caching, #dig, #nslookup, #host, #ttl, #time-to-live, #sysadmin