>_cmd.script

host

Simple DNS lookup utility

Networking

By CMD Script Team · 4 min read · Last updated

SYNTAX
host [OPTIONS] NAME [SERVER]

Options

Command options and flags
FlagDescription
-t TYPEQuery a specific DNS record type, e.g. host -t MX example.com
-aEquivalent to -v -t ANY: verbose output showing all record types found
-vVerbose mode: show the full query and response detail
-lAttempt a zone transfer (AXFR) listing all records for a domain (only works if the server allows it)
-4 / -6Use IPv4 or IPv6 transport only for the query

Distribution compatibility

  • Ubuntu
  • Debian
  • Fedora
  • Arch
  • macOS

What it does

host performs DNS lookups and prints a short, human-readable answer — "example.com has address 93.184.216.34" rather than the multi-section verbose output dig produces. It's the tool to reach for when you just need a fast answer to "what IP does this hostname resolve to" or "what hostname does this IP reverse-resolve to," without needing the full protocol-level detail dig provides.

Beginner examples

  • host example.com — print the domain's resolved address(es) in one line
  • host 8.8.8.8 — reverse lookup: print the hostname for an IP address
  • host -t MX example.com — look up mail exchanger records
  • host -t TXT example.com — look up TXT records (SPF, verification strings, etc.)
host example.com

Advanced examples

  • Query a specific resolver directly to check if a DNS change has propagated there yet: host example.com 8.8.8.8
  • Dump every record type host can find for quick triage: host -a example.com
  • Batch-check a list of hostnames' resolution as part of an inventory or health check script: while read -r h; do host "$h"; done < hostnames.txt
  • Verify whether a misconfigured nameserver allows an (insecure) full zone transfer: host -l example.com ns1.example.com
host -t NS example.com

Common mistakes

  • Expecting host's output to be script-friendly like dig +short — its format is meant for humans and can require more fragile text parsing if you need to extract just a value programmatically; dig +short is more robust for scripting.
  • Assuming host -l (zone transfer) will work against any domain — virtually all properly configured authoritative servers refuse AXFR requests from arbitrary clients.
  • Forgetting that host <ip> does a reverse lookup automatically, and instead overcomplicating things by trying to pass extra reverse-lookup flags (unnecessary, unlike with dig -x).
  • Not realizing host without -t only shows the record type(s) relevant to a plain hostname query, not everything available — use -a to see all record types at once.

Tips

  • Use host for fast interactive checks during troubleshooting; switch to dig when you need TTLs, authority sections, or +trace-style delegation details.
  • host -a is a convenient one-shot way to see A, AAAA, MX, NS, and TXT records without running separate queries for each type.
  • Because host <ip> auto-detects reverse lookups, it's one less thing to remember compared to dig's explicit -x flag.

Best practices

  • Use host for quick manual sanity checks, but standardize on dig +short in scripts and automation, since its output format is more consistent and easier to parse reliably.
  • When verifying DNS changes have propagated, check against multiple servers explicitly (host example.com 8.8.8.8, host example.com 1.1.1.1) rather than trusting a single cached local resolver.
  • Treat a working host -l zone transfer against a production domain as a security finding to report, not a routine diagnostic result — it indicates a misconfigured, overly permissive nameserver.

Try it yourself

A simulated shell with a sample home directory — experiment freely, nothing leaves your browser. Type help to list supported commands.

Real-world use cases

  • Fast interactive checks during on-call troubleshooting: "does this hostname even resolve, and to what?"
  • Verifying reverse DNS (PTR) records are correctly configured for outbound mail servers, since many receiving mail servers reject mail from IPs without valid reverse DNS.
  • Quick sanity checks after updating DNS records, before diving into dig's more detailed output if something looks wrong.

Common interview questions

  • How does host differ from dig in typical usage? host gives brief, human-readable one-line answers ideal for quick checks; dig gives detailed, protocol-level output (headers, TTLs, authority/additional sections) better suited to deep troubleshooting and scripting with +short.
  • How do you do a reverse DNS lookup with host? Just pass the IP address: host 8.8.8.8 — no special flag is required, unlike dig's -x.
  • Why would a zone transfer attempt (host -l) normally fail? Authoritative nameservers restrict AXFR (zone transfer) requests to authorized secondary servers to prevent anyone from dumping the entire DNS zone; an open zone transfer is a misconfiguration and a security risk.

Frequently Asked Questions

When should I use host instead of dig?

host is ideal for a quick, one-line 'what does this resolve to' check — its output is terser and more human-readable than dig's default. Reach for dig instead when you need TTLs, full protocol detail, or to query a specific record type in a script-friendly, structured way.

How do I do a reverse lookup with host?

Just pass an IP address: `host 8.8.8.8` automatically performs a PTR (reverse) lookup and prints the associated hostname, no extra flag needed (unlike dig, which needs -x).

Can host query a specific DNS server instead of the system default?

Yes — pass the server as a second argument: `host example.com 1.1.1.1` queries that server directly instead of your configured resolver.

Why does host -l fail on most domains?

Zone transfers (AXFR) are almost always restricted to trusted secondary nameservers for security reasons — allowing an open zone transfer would let anyone dump a domain's entire DNS zone. host -l only succeeds against misconfigured or intentionally permissive servers.

Cheat sheet

Download a quick-reference cheat sheet for host.