DNS lookup
Query A, MX, TXT, NS and more records for any domain — over DNS-over-HTTPS.
Resolved via Cloudflare 1.1.1.1, proxied through our server. Never stored.
How to do a DNS lookup
- Enter a host. Type a domain or host name, like example.com.
- Choose a record type. Pick A, MX, TXT, NS or another record type.
- Resolve. See the matching records with their TTLs.
What DNS does
DNS is the internet's address book. People and links use names like example.com, but
machines route traffic to numeric IP addresses — DNS is the distributed system that translates one into
the other. When you visit a site, your resolver walks the hierarchy (root → the TLD's servers → the
domain's authoritative name servers) to find the answer, then caches it. A DNS lookup lets you query that
system directly for any record type, which is how you confirm a site points where it should, diagnose
why email isn't arriving, or verify a change has gone live.
The record types, and what each is for
A domain's behaviour is the sum of its records. A and AAAA map a name
to an IPv4 and IPv6 address respectively — the records a browser needs to reach a server.
CNAME aliases one name to another (e.g. www to the root). MX
records name the mail servers that receive a domain's email, in priority order. TXT
records hold free-form text used for domain verification and, critically, email authentication — SPF,
DKIM and DMARC all live here. NS records list the authoritative name servers;
SOA carries the zone's administrative metadata; CAA restricts which
certificate authorities may issue HTTPS certificates; and SRV records advertise services
like SIP or XMPP. Picking the right type is half of reading DNS correctly.
TTL, caching and propagation
Every record carries a TTL — the number of seconds resolvers may cache it before asking again. This is why a DNS change isn't instant: until each cache's TTL expires, it keeps serving the old answer, so different people around the world can see different results for a while. That window is what people mean by "propagation". The practical move before a planned change is to lower the record's TTL a day ahead (so the old value drains quickly), make the change, confirm it, then raise the TTL again for efficiency. Because this tool queries the public 1.1.1.1 resolver rather than your local cache, it often shows you a fresher view than your own machine during that window.
Resolved privately over DNS-over-HTTPS
Lookups here run over DNS-over-HTTPS (DoH) against Cloudflare's 1.1.1.1, proxied through our edge — the query is encrypted in transit and we don't store it. DNS answers "where does this name point?"; to see who registered the domain and when it expires, run a WHOIS lookup, and to map an IP address back to a hostname, use the reverse DNS lookup.
Frequently asked questions
- A and AAAA (addresses), MX (mail servers), TXT (SPF, DKIM, verification), NS (name servers), CNAME (aliases), SOA, CAA and SRV. Pick the type and enter a host.
- We resolve over DNS-over-HTTPS using Cloudflare’s 1.1.1.1 resolver, proxied through our server so nothing about your query is stored.
- TTL (time to live) is how many seconds a resolver is allowed to cache a record before checking again. A low TTL (e.g. 300s) means changes propagate quickly but resolvers query more often; a high TTL (e.g. 86400s) is cheaper and faster but means edits take up to a day to be seen everywhere. Lower the TTL a day before a planned migration, then raise it again afterwards.
- DNS is cached at many layers — your browser, OS, router, and ISP resolver. A public resolver like 1.1.1.1 may hold fresher or staler records than your ISP, so during a change different people legitimately see different answers until every cache's TTL expires. That window is DNS "propagation".
- Look up MX for your domain to see which mail servers receive its email, then TXT to find the SPF and DKIM records that authorize senders, and the DMARC policy at _dmarc.yourdomain.com. Missing or wrong records here are the usual cause of mail landing in spam.
- A CAA record names which certificate authorities are allowed to issue TLS certificates for your domain. It's a guardrail: if someone tries to get a certificate from an unlisted CA, a compliant CA will refuse. Worth checking if you manage HTTPS for a domain.
- No. DNS shows where a domain points (its servers and mail); WHOIS shows who registered it and when it expires. They answer different questions — use both together.