host(1)host(1)NAMEhost - query nameserver about domain names and zones
SYNOPSIShost [-v] [-a] [-t querytype] [options] name [server]
host [-v] [-a] [-t querytype] [options] -l zone [server]
host [-v] [options] -H [-D] [-E] [-G] zone
host [-v] [options] -C zone
host [-v] [options] -Ahost
host [options] -x [name ...]
host [options] -X server [name ...]
DESCRIPTIONhost looks for information about Internet hosts and domain names. It
gets this information from a set of interconnected servers that are
spread across the world. The information is stored in the form of
"resource records" belonging to hierarchically organized "zones".
By default, the program simply converts between host names and Internet
addresses. However, with the -t, -a and -v options, it can be used to
find all of the information about domain names that is maintained by
the domain nameserver system. The information printed consists of var‐
ious fields of the associated resource records that were retrieved.
The arguments can be either host names (domain names) or numeric Inter‐
A numeric Internet address consists of four decimal numbers separated
by dots, e.g. 18.104.22.168, representing the four bytes of the 32-bit
The default action is to look up the associated host name.
A host name or domain name consists of component names (labels) sepa‐
rated by dots, e.g. nikhefh.nikhef.nl
The default action is to look up all of its Internet addresses.
For single names without a trailing dot, the local domain is automati‐
cally tacked on the end. Thus a user in domain "nikhef.nl" can say
"host nikhapo", and it will actually look up "nikhapo.nikhef.nl". In
all other cases, the name is tried unchanged. Single names with trail‐
ing dot are considered top-level domain specifications, e.g. "nl."
Note that the usual lookup convention for any name that does not end
with a trailing dot is to try first with the local domain appended, and
possibly other search domains. This convention is not used by this
The actual suffix to tack on the end is usually the local domain as
specified in the /etc/resolv.conf file, but this can be overridden.
See below for a description of how to customize the host name lookup.
The first argument is normally the host name (domain name) for which
you want to look up the requested information. If the first argument
is an Internet address, a query is done on the special "reversed map‐
ping" domain to look up its associated host name.
If the -l option is given, the first argument is a domain zone name for
which a complete listing is given. The program enters a special zone
listing mode which has several variants (see below).
The second argument is optional. It allows you to specify a particular
server to query. If you don't specify this argument, default servers
are used, as defined by the /etc/resolv.conf file.
If the -x option is given, it extends the syntax in the sense that mul‐
tiple arguments are allowed on the command line. An optional explicit
server must now be specified using the -X option as it cannot be given
as an ordinary argument any more. The -X option implies -x.
The extended syntax allows no arguments at all, in which case the argu‐
ments will be read from standard input. This can be a pipe, redirection
from a file, or an interactive terminal. Note that these arguments are
the names to be queried, and not command options. Everything that
appears after a '#' or ';' on an input line will be skipped. Multiple
arguments per line are allowed.
There are a number of options that can be used before the specified
arguments. Some of these options are meaningful only to the people who
maintain the domain database zones. The first options are the regu‐
larly used ones.
-v causes printout to be in a "verbose" format. All resource record
fields are printed. Without this option, the TTL and class fields
are not shown. Also the contents of the "additional information"
and "authoritative nameservers" sections in the answer from the
nameserver are printed, if present. Normally these sections are
not shown. In addition, the verbose option prints extra informa‐
tion about the various actions that are taken by the program. Note
that -vv is "very verbose". This generates a lot of output.
allows you to specify a particular type of resource record informa‐
tion to be looked up. Supported types are listed below. The wild‐
card may be written as either ANY or *. Types may be given in
upper or lower case. The default is type A for regular lookups,
and A, NS, and PTR for zone listings.
-a is equivalent to -t ANY. Note that this gives you "anything avail‐
able" (currently cached) and not "all defined data" if a non-
authoritative server is queried.
The following options put the program in a special mode.
generates the listing of an entire zone.
E.g. the command
will give a listing of all hosts in the "nikhef.nl" zone. The -t
option is used to filter what information is extracted, as you
would expect. The default is address information from A records,
supplemented with data from PTR and NS records.
host-v -a -l nikhef.nl
will give a complete download of the zone data for "nikhef.nl", in
the official master file format.
-H can be specified instead of the -l option. It will print the count
of the unique hostnames (names with an A record) encountered within
the zone. It will not count pseudo names like "localhost", nor
addresses associated with zone name itself. Neither are counted the
"glue records" that are necessary to define nameservers for the
zone and its delegated zones.
By default, this option will not print any resource records.
Combined with the -S option, it will give a complete statistics
survey of the zone.
The host count may be affected by duplicate hosts (see below). To
compute the most realistic value, subtract the duplicate host count
from the total host count.
-G implies -H, but lists the names of gateway hosts. These are the
hosts that have more than one address. Gateway hosts are not
checked for duplicate addresses.
-E implies -H, but lists the names of extrazone hosts. An extrazone
host in zone "foo.bar" is of the form "host.xxx.foo.bar" where
"xxx.foo.bar" is not defined as a delegated zone with an NS record.
This may be intentional, but also may be an error.
-D implies -H, but lists the names of duplicate hosts. These are
hosts with only one address, which is known to have been defined
also for another host with a different name, possibly even in a
different zone. This may be intentional, but also may be an error.
-C can be specified instead of the -l option. It causes the SOA
records for the specified zone to be compared as found at each of
the authoritative nameservers for the zone (as listed in the NS
records). Nameserver recursion is turned off, and it will be
checked whether the answers are really authoritative. If a server
cannot provide an authoritative SOA record, a lame delegation of
the zone to that server is reported. Discrepancies between the
records are reported. Various sanity checks are performed.
-A enters a special address check mode.
If the first argument is a host name, its addresses will be
retrieved, and for each of the addresses it will be checked whether
they map back to the given host.
If the first argument is a dotted quad Internet address, its name
will be retrieved, and it will be checked whether the given address
is listed among the known addresses belonging to that host.
The following options apply only to the special zone listing modes.
Recursively generate zone listings up to this level deep. Level 1
traverses the parent zone and all of its delegated zones. Each
additional level descends into another layer of delegated zones.
-S prints statistics about the various types of resource records found
during zone listings, the number of various host classifications,
the number of delegated zones, and some total statistics after
-p causes only the primary nameserver of a zone to be contacted for
zone transfers during zone listings. Normally, zone transfers are
obtained from any one of the authoritative servers that responds.
Note that a specific server given on the command line overrules
this option. The primary nameserver is obtained from the SOA
record of the zone.
The following options can be used in both normal mode and domain list‐
-T prints the time-to-live values during non-verbose output. By
default the TTL is shown only in verbose mode. It also prints the
preference value for MX records.
-d turns on debugging. Nameserver transactions are shown in detail.
Note that -dd prints even more debugging output.
-e excludes information about names that are not residing within the
given zone during zone listings, such as some glue records. For
regular queries, it suppresses the printing of the "additional
information" and "authoritative nameserver" sections in the answer
from the nameserver.
writes the resource record output to the given logfile as well as
to standard output.
same as -f, but exchange the role of stdout and logfile. All std‐
out output goes to the logfile, and stdout gets only the extra
resource record output (so that it can be used in pipes). This
option is supported on a few platforms only.
-i constructs a query for the "reversed mapping" in-addr.arpa domain
in case a numeric (dotted quad) address was specified. Useful pri‐
marily for zone listing mode, since for numeric regular lookups
such query is done anyway (but with -i you see the actual PTR
resource record outcome).
-q be quiet and suppress various warning messages (the ones preceded
by " !!! "). Serious error messages (preceded by " *** ") are
The following options are used only in special circumstances.
allows you to specify a particular resource record class. Sup‐
ported are IN, INTERNET, CS, CSNET, CH, CHAOS, HS, HESIOD, and the
wildcard ANY or *. The default class is IN.
-m is equivalent to -t MAILB, which filters any of types MB, MR, MG,
or MINFO. In addition, MR and MG records will be recursively
expanded into MB records.
-r causes nameserver recursion to be turned off in the request. This
means that the contacted nameserver will return only data it has
currently cached in its own database. It will not ask other
servers to retrieve the information. Note that nameserver recur‐
sion is always turned off when checking SOA records using the -C
option. Authoritative servers should have all relevant information
-R Normally querynames are assumed to be fully qualified and are tried
as such, unless it is a single name, which is always tried (and
only once) in the default domain. This option simulates the
default BIND behaviour by qualifying any specified name by repeat‐
edly adding search domains, with the exception that the search ter‐
minates immediately if the name exists but does not have the
desired querytype. The default search domains are constructed from
the default domain by repeatedly peeling off the first component,
until a final domain with only one dot remains.
-u forces the use of virtual circuits instead of datagrams when issu‐
ing nameserver queries. This is slower, but potentially more reli‐
able. Note that a virtual circuit is automatically chosen in case
a query exceeds the maximum datagram packet size. Also if a data‐
gram answer turns out to be truncated, the query is retried using
virtual circuit. A zone transfer is always done via a virtual cir‐
-w causes the program to retry forever if the response to a regular
query times out. Normally it will time out after some 10 seconds
per nameserver address tried.
specifies a new nameserver timeout value. The program will wait for
a nameserver reply in two attempts of this number of seconds. Nor‐
mally it does 2 attempts of 5 seconds per nameserver address tried.
The actual timeout algorithm is slightly more complicated, extend‐
ing the timeout value dynamically depending on the number of tries
and the number of nameserver addresses.
-V prints just the version number of the host program, and exits.
Default options and parameters can be preset in an environment variable
HOST_DEFAULTS using the same syntax as on the command line. They will
be evaluated before the command line arguments.
The following querytypes (resource record types) are supported. Indi‐
cated within parentheses are the various kinds of data fields.
A Host address (dotted quad)
NS Authoritative nameserver (domain name)
MD Mail destination (domain name)
MF Mail forwarder (domain name)
CNAME Canonical name for an alias (domain name)
SOA Marks the start of a zone of authority (domain name of pri‐
mary, domain name of hostmaster, serial, refresh, retry,
expiration, default ttl)
MB Mailbox domain name (domain name)
MG Mail group member (domain name)
MR Mail rename domain name (domain name)
NULL Null resource record (no format or data)
WKS Well-known service description (dotted quad, protocol name,
list of services)
PTR Domain name pointer (domain name)
HINFO Host information (CPU type string, OS type string)
MINFO Mailbox or mail list information (request domain name, error
MX Mail exchanger (preference value, domain name)
TXT Descriptive text (string)
UINFO User information (string)
UID User identification (number)
GID Group identification (number)
UNSPEC Unspecified binary data (data)
ANY Matches any of the above information.
MAILB Matches any of types MB, MR, MG, or MINFO.
MAILA Matches any of types MD, or MF.
The following types have been defined recently in RFC1183, but are not
yet in general use. They are recognized by this program.
RP Responsible person (domain name for MB, domain name for TXT)
AFSDB AFS database location (type, domain name)
X25 X25 address (address string)
ISDN ISDN address (address string, optional subaddress string)
RT Route through host (preference value, domain name)
The following are status messages that are printed to show the result
of a particular query. The name of an explicit server, if specified,
may be included. If a special class is specified, it is also shown.
Nameserver not running
The contacted server host does not have a nameserver running.
Nameserver not responding
The nameserver at the contacted server host did not give a reply
within the specified time frame.
Nameserver not reachable
The network route to the intended server host is blocked.
name does not exist (Authoritative answer)
The queryname does definitely not exist at all.
name does not exist, try again
The queryname does not exist, but the answer was not authoritative,
so it is still undecided.
name type record not found, try again
Some intermediate nameserver failure, e.g. timeout.
name type record not found, no recovery
Some irrecoverable format error, or server refusal.
name has no type record (Authoritative answer)
The queryname is valid, but the specified type does not exist.
This status is here returned only in case authoritative.
name type record currently not present
The specified type does not exist, but we don't know whether the
queryname is valid or not. The answer was not authoritative. Per‐
haps recursion was off, and no data was cached locally.
zone has lame delegation to server
If we query a supposedly authoritative nameserver for the SOA
record of a zone, the information should be available and the
answer should be authoritative. If not, a lame delegation is
flagged. This is also done if the server turns out not to exist at
all. Ditto if we ask for a zone transfer and the server cannot pro‐
WARNING AND ERROR MESSAGES
Miscellaneous warning messages may be generated. They are preceded by
" !!! " and indicate some non-fatal condition. These messages can be
suppressed with the -q command line option. Error messages are pre‐
ceded by " *** " and indicate a serious problem. Those messages cannot
The program returns a zero exit status if the requested information
could be retrieved successfully, or in case zone listings or SOA checks
were performed without any serious error. Otherwise it returns a non-
zero exit status.
CUSTOMIZING HOST NAME LOOKUP
In general, if the name supplied by the user does not have any dots in
it, a default domain is appended to the end. This domain is usually
defined in the /etc/resolv.conf file. If not, it is derived by taking
the local hostname and taking everything after its first dot.
The user can override this, and specify a different default domain, by
defining it in the environment variable LOCALDOMAIN.
In addition, the user can supply his own single-word abbreviations for
host names. They should be in a file consisting of one line per abbre‐
viation. Each line contains an abbreviation, white space, and then the
fully qualified host name. The name of this file must be specified in
the environment variable HOSTALIASES.
The complete set of resource record information for a domain name is
available from an authoritative nameserver only. Therefore, if you
query another server with the "-a" option, only a subset of the data
may be presented, since this option asks for any data that the latter
server currently knows about, not all data that may possibly exist.
Note that the "-v" option shows whether an answer is authoritative or
When listing a zone with the "-l" option, information will be fetched
from authoritative nameservers for that zone. This is implemented by
doing a complete zone transfer and then filtering out the information
theat you have asked for. Note that direct contact with such name‐
servers must be possible for this option to work. This option should
be used with caution. Servers may be configured to refuse zone trans‐
fers if they are flooded with requests.
This program is originally from Rutgers University.
Rewritten by Eric Wassenaar, Nikhef-H, <firstname.lastname@example.org>
SEE ALSOnamed(8), resolv.conf(5), resolver(3)