Loading...
Loading...
Free online DNS lookup tool. Query A, AAAA, MX, CNAME, NS, TXT, SOA, and SRV records for any domain using Google DNS over HTTPS.
DNS (Domain Name System) is the phonebook of the internet. When you type a domain name like example.com into your browser, DNS translates it into an IP address that computers use to communicate. This process, called resolution, happens in milliseconds and involves multiple DNS servers working together in a hierarchical system.
DNS records come in many types, each serving a different purpose. A (Address) records map a domain to an IPv4 address. AAAA records map to IPv6. MX (Mail Exchange) records specify email servers for a domain. CNAME (Canonical Name) records alias one domain to another. NS (Name Server) records delegate subdomains to specific DNS servers. TXT records store arbitrary text data, often used for domain verification and SPF/DKIM email security.
The DNS resolution process follows a chain: your device queries a recursive resolver (usually your ISP's or a public resolver like Google's 8.8.8.8). The resolver queries the root nameservers, which direct it to TLD nameservers (.com, .org, etc.), which point to authoritative nameservers for the specific domain. The authoritative server returns the final DNS record.
DNS caching is critical for performance. Records include a TTL (Time To Live) value specifying how long resolvers should cache the response. Common TTLs range from 60 seconds (for fast propagation of changes) to 86400 seconds (24 hours) for stable records. Lower TTLs mean faster updates but more queries. Higher TTLs improve performance but delay propagation.
This tool uses Google's DNS-over-HTTPS (DoH) API to query DNS records. Unlike traditional DNS queries sent over UDP, DoH encrypts queries inside HTTPS, preventing eavesdropping and manipulation. It supports all common record types and shows the TTL for each record. Use it to verify domain configuration, debug email delivery issues, or check DNS propagation.
Email deliverability relies heavily on properly configured DNS records. SPF (TXT) records specify which mail servers are authorized to send email for your domain. DKIM (TXT) records provide cryptographic signatures that verify email integrity and authenticity. DMARC (TXT) records tell receiving servers how to handle emails that fail SPF or DKIM checks. Misconfigured email DNS records are a leading cause of legitimate emails landing in spam folders or being rejected entirely.
DNS propagation depends on the TTL set on each record. Changes take effect immediately on the authoritative server, but cached records persist until the TTL expires. With a typical TTL of 3600 seconds (1 hour), full global propagation usually completes within a few hours. Lowering the TTL before making changes can speed up propagation.
An A record directly maps a domain name to an IP address. A CNAME record maps a domain name to another domain name (an alias). The root domain (example.com) must use an A record. Subdomains like www can use a CNAME pointing to the root domain. CNAMEs cannot coexist with other record types for the same name.
DNSSEC adds cryptographic signatures to DNS records, protecting against DNS spoofing and cache poisoning attacks. It ensures the DNS response you receive is authentic and hasn't been tampered with. If your domain handles sensitive data or email, enabling DNSSEC is strongly recommended.
Recursive DNS resolvers (like 8.8.8.8 or your ISP's resolver) handle client queries by walking the DNS hierarchy — root servers, TLD servers, then authoritative servers — to find and cache the answer. Authoritative DNS servers host the actual DNS records for a domain and provide definitive answers. Every domain needs authoritative servers; every client uses recursive resolvers.
SPF records list authorized sending servers for your domain. DKIM provides a cryptographic signature verified against your domain's DNS. DMARC tells receivers how to handle emails failing these checks. All three are TXT records in your DNS. Missing or misconfigured email DNS records are the top reason legitimate emails get flagged as spam or rejected.