DNS check after migration

NoteCreated 2026-06-11Updated 2026-06-11reviewed

Linux Operations Monitoring / Observability Automation

A compact operational checklist for verifying DNS behavior after moving a service, zone or reverse proxy target.

After moving a service, zone or reverse proxy target, DNS checks should cover more than one successful lookup from the local machine.

The useful question is not only "does it resolve?", but "does it resolve from the right places, to the expected target, with a rollback window I still understand?"

Checks

Query authoritative nameservers directly.
Compare public resolver answers from at least two networks or resolver paths.
Check both apex and expected subdomains.
Confirm TTLs match the intended rollback window.
Verify HTTP redirects and TLS certificates after DNS has converged.

Example commands

Replace `example.com` and `www.example.com` with the public names being checked:

`dig example.com A +short`
`dig www.example.com CNAME +short`
`dig @1.1.1.1 example.com A +short`
`dig @8.8.8.8 example.com A +short`
`dig example.com NS +short`
`curl -I https://www.example.com/`

Safety note

Keep internal hostnames, private IP ranges, customer names and incident details out of public notes. Use real commands, but sanitize the target names before publishing.