DNS Lookup Tool
Resolve domain names to IP addresses and fetch DNS records (A, AAAA, MX, TXT, CNAME, etc.). Perfect for network diagnostics, domain analysis, and troubleshooting DNS issues.
Domain Lookup
DNS Options
Popular Domains
DNS Record Types Guide
Creates alias pointing to another domain
Specifies authoritative name servers
Start of Authority record with zone info
Reverse DNS lookup (IP to domain)
DNS Best Practices
✓ Recommendations
- • Use multiple DNS providers for redundancy
- • Set appropriate TTL values (300-3600 seconds)
- • Monitor DNS response times regularly
- • Implement SPF, DKIM, and DMARC records
- • Use CDN with DNS load balancing
- • Keep DNS records up to date
- • Use meaningful subdomain names
- • Implement DNS security measures
✗ Common Issues
- • Long DNS propagation delays
- • Single point of failure
- • Incorrect MX record priorities
- • Missing A/AAAA records
- • Wildcard DNS misconfigurations
- • Outdated or orphaned records
- • DNS cache poisoning vulnerabilities
- • Lack of monitoring and alerting
DNS Troubleshooting Tips
DNS Resolution Issues
Check if domain resolves to correct IP addresses. Look for missing A or AAAA records, verify TTL settings, and ensure DNS servers are responding properly.
Email Delivery Problems
Verify MX records are properly configured with correct priorities. Check for SPF, DKIM, and DMARC records to prevent email delivery issues.
Website Loading Issues
Ensure A records point to correct server IPs. Check CNAME records for subdomains, verify CDN configuration, and monitor DNS response times.
Propagation Delays
DNS changes can take 24-48 hours to propagate globally. Use lower TTL values before making changes, and test from multiple locations and DNS providers.
About DNS Lookup Tool
A comprehensive DNS lookup tool that resolves domain names to IP addresses and retrieves detailed DNS records including A, AAAA, MX, TXT, CNAME, NS, and PTR records. This tool provides essential network diagnostic capabilities for troubleshooting connectivity issues, analyzing domain configurations, and verifying DNS propagation.
Why use a DNS Lookup Tool?
DNS issues are common causes of website downtime, email delivery problems, and network connectivity failures. This tool simplifies DNS troubleshooting by providing instant access to all DNS record types, helping network administrators and developers quickly identify and resolve domain resolution problems without complex command-line tools.
Who is it for?
Essential for network administrators diagnosing connectivity issues, web developers debugging domain problems, system administrators managing DNS configurations, and IT professionals troubleshooting email delivery. Perfect for anyone who needs to analyze DNS records or verify domain name resolution.
How to use the tool
Enter a domain name or IP address in the input field
Select the specific DNS record type you want to query (or choose 'All')
Click lookup to retrieve DNS information and record details
Analyze the returned DNS records for troubleshooting or verification
Use the results to diagnose network issues or confirm DNS configuration changes
Frequently Asked Questions
How do I look up DNS records for a domain?
Enter the domain name (e.g., example.com — no protocol needed) and choose the record type. The tool queries authoritative DNS resolvers and displays the records: A (IPv4 addresses), AAAA (IPv6), MX (mail servers), TXT (text records — used for SPF/DKIM/DMARC/BIMI verification, domain ownership), NS (name servers), CNAME (aliases), CAA (certificate authority authorization), SRV (service records like SIP/XMPP), SOA (zone authority). For a complete DNS picture, query each type separately. Common workflow: A + AAAA for hostname resolution, MX + TXT for email setup verification, NS + SOA for delegation troubleshooting.
Why are my DNS changes not propagating?
DNS propagation isn't instant. After updating a record at your registrar, three things must happen: (1) the registrar pushes the change to your authoritative name servers (seconds to minutes), (2) any caching resolvers that previously answered queries for that record must let their cached entry expire — this is governed by the TTL (Time-To-Live) on the OLD record, not the new one, so a record with TTL=86400 (24 hours) can take a full day to refresh worldwide, (3) browsers and OS DNS caches add another local TTL on top. Trick: lower the TTL to 300 (5 min) 24+ hours BEFORE changing the record, then update, then raise TTL back.
What's the difference between A, AAAA, and CNAME records?
A maps a hostname to an IPv4 address (e.g., example.com → 192.0.2.1). AAAA does the same for IPv6 (e.g., example.com → 2001:db8::1). CNAME maps a hostname to another hostname (e.g., www.example.com → example.com), and the resolver then looks up the target. Key rules: a name can have multiple A and AAAA records (load balancing), but a CNAME cannot coexist with any other record at the same name — which is why the apex (example.com itself) usually can't be a CNAME. For apex aliasing, modern DNS providers offer ALIAS or ANAME records that resolve at query time.
Is my DNS query private?
This tool runs the lookup through our edge proxy, which queries public DNS resolvers. The proxy doesn't store the queried domain or your IP. Your queries don't include any cookies, account identifiers, or browser fingerprints that link them to you. However, the public DNS resolvers themselves see the queries (this is true of every DNS lookup, regardless of which tool you use). For genuinely private DNS, run a local resolver with DNS-over-HTTPS or DNS-over-TLS pointed at a privacy-respecting upstream (Cloudflare 1.1.1.1, Quad9), or use your ISP's resolver behind a VPN. This tool is appropriate for ad-hoc troubleshooting and verification.
How does DNS lookup relate to email deliverability?
Email auth is built on DNS records. MX records tell other servers where to deliver your inbound mail. TXT records carry SPF (which IPs are authorized to send for your domain), DKIM (the public keys verifying outgoing signatures, published at selector._domainkey.yourdomain), DMARC (the policy receivers should apply at _dmarc.yourdomain), and BIMI (your logo URL at default._bimi.yourdomain). DNS Lookup is the lowest-level view of these records; the specialized tools — [SPF Checker](/tools/spf-checker/), [DKIM Checker](/tools/dkim-checker/), [DMARC Generator](/tools/dmarc-generator/), [BIMI Checker](/tools/bimi-checker/), [MX Lookup](/tools/mx-lookup/) — parse and validate each one. For end-to-end guidance, see the [Email Deliverability 2026 Guide](/blog/email-deliverability-2026-spf-dkim-dmarc-bimi-warmup/).
What is a TXT record used for?
TXT records store arbitrary text and are used by many protocols layered on DNS. Common uses in 2026: SPF policy (v=spf1 ...), DKIM public keys (v=DKIM1; p=...), DMARC policy at _dmarc.domain (v=DMARC1; p=quarantine; ...), BIMI logo URL at default._bimi.domain (v=BIMI1; l=...), domain ownership verification for services (Google Search Console, AWS SES, Stripe, etc. each publish a verification token you add as a TXT record), MTA-STS policy hints, and HTTPS-related records like _acme-challenge for Let's Encrypt DNS-01 validation. A single name can have multiple TXT records; verifiers look for ones matching their expected prefix.
How do I check if a domain has DNSSEC enabled?
DNSSEC adds cryptographic signatures to DNS records via DS (Delegation Signer) and DNSKEY records. If DS records exist at the parent zone and DNSKEY records exist at the child zone, DNSSEC is enabled. Query the DS record for the domain — if present and valid, the chain of trust extends to the apex. Many DNS providers offer a DNSSEC status page in their dashboard. Practical impact: DNSSEC prevents DNS-spoofing attacks but adds operational complexity (key rotation, ZSK/KSK management). It's most valuable for high-stakes domains (banking, government, infrastructure) where DNS poisoning is a real threat. Most consumer domains run without DNSSEC.
What's a CAA record and why does it matter for HTTPS?
CAA (Certification Authority Authorization) records list which Certificate Authorities are allowed to issue TLS certificates for your domain. Example: 'example.com. CAA 0 issue "letsencrypt.org"' restricts certificate issuance to Let's Encrypt — any other CA receiving a CSR for example.com must refuse. Without CAA records, any CA can issue a certificate, which has historically been exploited via social engineering or domain takeover. CAA became mandatory for CAs to check in 2017 (CA/B Forum). Verify your CAA records when setting up new domains; combine with the [SSL Certificate Checker](/tools/ssl-certificate-checker/) to verify the issued certificate matches your CAA policy.
Share This Tool
Found this tool helpful? Share it with others who might benefit from it!
💡 Help others discover useful tools! Sharing helps us keep these tools free and accessible to everyone.