The Linux host command can retrieve a lot of useful information from the domain name service, but has a lot of options that you need to understand to get started. Credit: iStock The host command on Linux systems can look up a variety of information available through the Domain Name System (DNS). It can find a host name if given an IP address or an IP address if given a host name plus a lot of other interesting details on systems and internet domains. The first query below tells us that the system associated with the address 192.168.0.18 is named “dragonfly”. The second tells us that 192.168.0.1 is the default router. $ host 192.168.0.18 18.0.168.192.in-addr.arpa domain name pointer dragonfly. $ host 192.168.0.1 1.0.168.192.in-addr.arpa domain name pointer router. To do the reverse, you can use commands like these: $ host dragonfly dragonfly has address 192.168.0.18 $ host router router has address 192.168.0.1 These commands were run on my home network, and they only show a small part of the information that the host command can retrieve. Viewing the host command’s options Any time you type “host” with no additional arguments, you will see the available command options with a brief explanation of each. Usage: host [-aCdilrTvVw] [-c class] [-N ndots] [-t type] [-W time] [-R number] [-m flag] [-p port] hostname [server] -a is equivalent to -v -t ANY -A is like -a but omits RRSIG, NSEC, NSEC3 -c specifies query class for non-IN data -C compares SOA records on authoritative nameservers -d is equivalent to -v -l lists all hosts in a domain, using AXFR -m set memory debugging flag (trace|record|usage) -N changes the number of dots allowed before root lookup is done -p specifies the port on the server to query -r disables recursive processing -R specifies number of retries for UDP packets -s a SERVFAIL response should stop query -t specifies the query type -T enables TCP/IP mode -U enables UDP mode -v enables verbose output -V print version number and exit -w specifies to wait forever for a reply -W specifies how long to wait for a reply -4 use IPv4 query transport only -6 use IPv6 query transport only For almost every option, you need to supply additional information—a host name, an IP address, a domain name, or maybe some additional data to describe what you are looking for. The only option that will NOT simply provide the list shown above when no argument is provided is the -V option which reports the version information for the command itself. $ host -V host 9.16.24-RH Now let’s look at some of the other useful information that the command can provide. IP addresses Some important details for a specific domain can be retrieved using just the domain name: $ host networkworld.com networkworld.com has address 151.101.2.165 networkworld.com has address 151.101.66.165 networkworld.com has address 151.101.194.165 networkworld.com has address 151.101.130.165 networkworld.com mail is handled by 0 networkworld-com.mail.protection.outlook.com. We can see that this domain employs multiple servers as is common among many commercial sites. Verbose report If you add the -v (verbose) option, you will see a lot of additional details. For networkworld.com, we would see 33 lines of output if the head command didn’t limit this to the top ten lines. $ host -v comtech.com | wc -l 33 $ host -v networkworld.com | head -10 Trying “networkworld.com” ;; ->>HEADER You can, however, always pass the host command’s output to grep to pare it down to just what you want to see. Mail exchange (MX) To focus on the mail exchange (MX) records, you could use a command like this: $ host -v comtech.com | grep MX ;comtech.com. IN MX comtech.com. 2189 IN MX 0 comtech-com.mail.protection.outlook.com. Alternately, you can retrieve MX records using the host command’s -t (type) mx option: $ host -t mx comtech.com comtech.com mail is handled by 0 comtech-com.mail.protection.outlook.com. SOA records To focus on SOA (start of authority) records, you can use a command like this one: $ host -v comtech.com | grep SOA comtech.com. 342 IN SOA ns47.domaincontrol.com. dns.jomax.net. 2021092901 28800 7200 604800 600 Alternately, you can also use a command like this with the -t (type) SOA option: $ host -t SOA networkworld.com networkworld.com has SOA record ns2.pcworld.com. webops.idgesg.net. 2022021100 1800 900 1209600 86400 CNAME To see CNAME (canonical name) records, you can use a command like this one that tells you that mail.google.com is an alias for Google’s mail server: $ host -t cname mail.google.com mail.google.com is an alias for googlemail.l.google.com. Name server In the command below, we are just looking for name servers using the ns type with the host command: $ host -t ns networkworld.com networkworld.com name server ns-a.pnap.net. networkworld.com name server ns-c.pnap.net. networkworld.com name server ns3.pcworld.com. networkworld.com name server ns-d.pnap.net. networkworld.com name server ns-b.pnap.net. networkworld.com name server ns2.pcworld.com. Wrap-Up The host command has so many options that it may take a while to get used to them and decide which are the most useful. They can be very handy depending on what you are looking for from the vast DNS knowledge bank. Related content how-to Compressing files using the zip command on Linux The zip command lets you compress files to preserve them or back them up, and you can require a password to extract the contents of a zip file. By Sandra Henry-Stocker May 13, 2024 4 mins Linux opinion NSA, FBI warn of email spoofing threat Email spoofing is acknowledged by experts as a very credible threat. By Sandra Henry-Stocker May 13, 2024 3 mins Linux how-to The logic of && and || on Linux These AND and OR equivalents can be used in scripts to determine next actions. By Sandra Henry-Stocker May 02, 2024 4 mins Linux how-to Using the apropos command on Linux By Sandra Henry-Stocker Apr 24, 2024 3 mins Linux PODCASTS VIDEOS RESOURCES EVENTS NEWSLETTERS Newsletter Promo Module Test Description for newsletter promo module. Please enter a valid email address Subscribe