___________ __________ _____ ________ ________ .____ ___________ \_ _____/ \______ \ / _ \ / _____/ / _____/ | | \_ _____/ | __) | _/ / /_\ \ / \ ___ / \ ___ | | | __)_ | \ | | \ / | \ \ \_\ \ \ \_\ \ | |___ | \ \___ / |____|_ / \____|__ / \______ / \______ / |_______ \ /_______ / \/ \/ \/ \/ \/ \/ \/

host Cheatsheet

← Back to cheatsheets

← Home

host is a simple utility for performing DNS lookups. It's part of the BIND utilities and provides quick DNS resolution without the complexity of dig.

Basic Usage

  • host <hostname> - Basic lookup
  • host <ip> - Reverse lookup
  • host <hostname> <dns-server> - Use specific DNS server

Query Types

  • host -t A <hostname> - IPv4 address
  • host -t AAAA <hostname> - IPv6 address
  • host -t MX <hostname> - Mail servers
  • host -t NS <hostname> - Name servers
  • host -t TXT <hostname> - TXT records
  • host -t CNAME <hostname> - Canonical name
  • host -t SOA <hostname> - Start of authority
  • host -t PTR <ip> - Pointer record (reverse)
  • host -t ANY <hostname> - All records

Options

  • -a - Equivalent to -v -t ANY
  • -v - Verbose output
  • -l - Zone transfer (AXFR)
  • -C - Compare SOA records from all NS
  • -4 - Use IPv4 only
  • -6 - Use IPv6 only
  • -r - Non-recursive query
  • -T - Use TCP instead of UDP
  • -W <seconds> - Wait timeout
  • -R <number> - Number of retries

Common Examples

Basic Lookup

host example.com

Get IP addresses for domain.

Reverse Lookup

host 8.8.8.8

Find hostname for IP.

MX Records

host -t MX example.com

Find mail servers.

Name Servers

host -t NS example.com

Find authoritative name servers.

TXT Records

host -t TXT example.com

Get TXT records (SPF, DKIM, etc.).

Use Specific DNS

host example.com 8.8.8.8

Query using Google DNS.

All Records

host -a example.com

Verbose output with all record types.

Zone Transfer (AXFR)

host -l example.com ns1.example.com

Attempt zone transfer (usually blocked).

SOA Record

host -t SOA example.com

Get start of authority info.

Compare NS Records

host -C example.com

Compare SOA from all name servers.

Output Examples

A Record Output

$ host example.com
example.com has address 93.184.216.34
example.com has IPv6 address 2606:2800:220:1:248:1893:25c8:1946

MX Record Output

$ host -t MX example.com
example.com mail is handled by 10 mail.example.com.

Reverse Lookup Output

$ host 8.8.8.8
8.8.8.8.in-addr.arpa domain name pointer dns.google.

Comparison with Other Tools

host vs dig

  • host - Simple, quick, human-readable
  • dig - Detailed, more options, scriptable

host vs nslookup

  • host - Simpler output, CLI focused
  • nslookup - Interactive mode, legacy tool

Tips

  • Use for quick DNS lookups
  • Try zone transfers (-l) during recon
  • Check MX records for mail server enumeration
  • Use -t TXT to find SPF/DKIM records
  • Query different DNS servers to compare
  • Use dig for more detailed analysis
  • Great for quick command-line lookups
  • Reverse lookups can reveal shared hosting

← Back to cheatsheets

← Home