Skip to content
DNS Terminal Required 8 min read

How to Check DNS Propagation in Terminal

Use dig, nslookup, and host from the command line to verify A, MX, TXT, and CNAME records before and after DNS changes.

After changing DNS, resolvers worldwide cache old answers until TTL expires. Checking propagation from the terminal gives fast, repeatable results without relying on a single web tool. This guide shows how to query authoritative and public resolvers from Linux or macOS.

Prerequisites

Install DNS lookup tools if needed. Most servers include dig (package bind-utils on RHEL/Alma/Rocky). host and nslookup are alternatives; dig is preferred for scripting.

# RHEL/Alma/Rocky/CentOS
sudo dnf install -y bind-utils

# Debian/Ubuntu
sudo apt-get update && sudo apt-get install -y dnsutils

Query Authoritative Nameservers

Authoritative servers hold the live zone data. First list nameservers, then query one directly:

dig NS example.com +short
dig @ns1.example-dns-host.com example.com A +short

If the authoritative answer is correct but your laptop still shows the old IP, propagation to recursive resolvers is still in progress.

Tip: Replace @ns1.example-dns-host.com with an actual NS hostname from the first command’s output.

Compare Public Resolvers

Query well-known recursive resolvers to approximate global cache state:

dig @1.1.1.1 example.com A +short
dig @8.8.8.8 example.com A +short
dig @9.9.9.9 example.com A +short
dig example.com A +short

Cloudflare 1.1.1.1 and Google Public DNS document their resolver IPs and policies.

Check Specific Record Types

www and Subdomains

dig www.example.com A +short
dig blog.example.com CNAME +short

MX and TXT

dig example.com MX +noall +answer
dig example.com TXT +short

Trace Delegation

+trace walks the resolution path from root to your zone—useful when NS changes are stuck:

dig example.com A +trace

TTL and Timing

View remaining cache hints via full output:

dig example.com A | grep -E '^(example\.com|;; ANSWER|;; QUERY)'

Wait at least the previous TTL (often 300–3600 seconds) before expecting all resolvers to match. Lowering TTL before a change speeds later cutovers.

Warning: Local OS DNS cache and browser DNS cache can show stale results longer than public resolvers. Flush local cache or test from the server itself when in doubt.

Scripted Checks

Loop until the expected IP appears (example expects 203.0.113.10):

EXPECTED="203.0.113.10"
DOMAIN="example.com"
while true; do
  CURRENT=$(dig +short "$DOMAIN" A | head -n1)
  echo "$(date -Is) $DOMAIN -> ${CURRENT:-none}"
  [ "$CURRENT" = "$EXPECTED" ] && break
  sleep 60
done

Summary

Use dig against authoritative NS first, then compare 1.1.1.1, 8.8.8.8, and your default resolver. Check A, CNAME, MX, and TXT as needed, respect TTL, and use +trace for delegation issues. SerVee IT migrations include a target IP—verify that value on authoritative DNS before considering propagation complete.