DNS Lookup
Web ToolsQuery DNS records for any domain — A, AAAA, MX, TXT, CNAME, NS, SOA, CAA — with resolver path and TTL details.. Free, private — all processing in your browser.
Queries go from your browser to dns.google over HTTPS (DoH JSON API — free, no auth, CORS-friendly). Same data your browser could fetch directly. Tooleras doesn't see the query or proxy the request.
DNS caches are multi-layered. TTL values shown are what Google's resolver returned at the moment of query; authoritative nameservers may advertise different TTLs, and your own OS/browser cache can delay propagation further. Empty results (no records) are a valid answer, not an error — most hosts don't publish all record types.
The DNS Lookup tool queries any domain for its DNS records — A (IPv4), AAAA (IPv6), MX (mail servers), TXT (SPF, DKIM, DMARC, verification), CNAME (aliases), NS (name servers), SOA (zone authority), and CAA (Certificate Authority Authorization). Every web property depends on correct DNS, and troubleshooting DNS issues is a daily task for domain administrators, email deliverability specialists, security analysts, and developers moving between environments.
Query records by type and see exactly what resolvers return. The tool supports multiple public DNS resolvers (Google 8.8.8.8, Cloudflare 1.1.1.1, Quad9 9.9.9.9) to diagnose propagation and resolver-specific issues. See TTL (time-to-live) for each record, which tells you how long resolvers will cache it — useful for understanding DNS propagation delays during migrations. For MX records, lookup shows mail server priorities in correct order. For TXT records, common uses (SPF, DKIM, DMARC, domain verification for Google/Apple/etc.) are automatically labeled for clarity.
DNS Lookup — key features
All common record types
Query A, AAAA, MX, TXT, CNAME, NS, SOA, CAA, PTR, SRV records with one click.
Multiple public resolvers
Compare results from Google 8.8.8.8, Cloudflare 1.1.1.1, Quad9 9.9.9.9 to detect propagation issues.
TTL display
Shows TTL for each record so you know how long it will be cached.
TXT record labeling
Automatically labels SPF, DKIM, DMARC, and common verification records for quick identification.
MX priority sorting
Shows mail exchangers in priority order with numeric weights.
Bulk subdomain lookup
Query multiple subdomains at once for migration or infrastructure audit.
DNSSEC validation
Optional DNSSEC status check for security-critical domains.
Client-side with public APIs
Queries go to public DNS resolvers; we don’t log what you look up.
How to use the DNS Lookup
- 1
Enter domain
Type any domain (example.com, subdomain.example.com, etc.) in the input field.
- 2
Choose record type
Pick A, MX, TXT, or any other record type. Default is A (IPv4 address).
- 3
Select resolver
Default is Google (8.8.8.8); switch to Cloudflare or Quad9 to compare results.
- 4
See records
Results appear with record values, TTLs, and inline labels for common TXT types.
- 5
Copy or export
Copy individual values or export all records as JSON for documentation.
Common use cases for the DNS Lookup
Domain administration
- →DNS verification after changes: Confirm DNS changes propagated by querying multiple resolvers after an update.
- →Email deliverability: Check SPF, DKIM, and DMARC TXT records to ensure email authentication is configured correctly.
- →Subdomain audit: List DNS records for all subdomains to document infrastructure.
Security
- →Subdomain enumeration: Check common subdomains (www, mail, api, admin) for an infrastructure footprint overview.
- →CAA record review: Verify only intended CAs can issue certificates for your domain.
- →DKIM rotation verification: Confirm new DKIM keys are published in DNS before rotating the active signing key.
Development
- →Migration verification: Before cutting over DNS to a new server, verify new records exist with expected values.
- →CDN setup: Check that CNAMEs point to the CDN correctly for sites using services like Cloudflare.
- →Debugging connectivity: When a service can’t be reached, DNS lookup is the first step — is the name even resolving?
DNS Lookup — examples
Basic A record
Standard IPv4 lookup.
example.com (A record)
A: 93.184.216.34 TTL: 3600
Email MX
Mail server lookup.
gmail.com (MX record)
MX 5 gmail-smtp-in.l.google.com MX 10 alt1.gmail-smtp-in.l.google.com MX 20 alt2.gmail-smtp-in.l.google.com ...
SPF TXT
Email authentication record.
example.com (TXT record)
v=spf1 include:_spf.google.com -all label: SPF (Sender Policy Framework)
Multiple resolvers
Cross-check for propagation.
newdomain.com (A record, Google and Cloudflare)
Google: 203.0.113.10 Cloudflare: 203.0.113.10 (both resolvers agree; propagation complete)
CAA
Certificate authority authorization.
example.com (CAA record)
CAA 0 issue "letsencrypt.org" only Let’s Encrypt allowed to issue certificates
Technical details
DNS (Domain Name System) is the distributed lookup system that translates human-readable domain names into IP addresses and other information. Records are the unit of DNS data.
Record types:
A: maps domain to IPv4 address. \"tooleras.com A 198.51.100.42\" means tooleras.com resolves to 198.51.100.42. Most common record type.
AAAA: same but for IPv6. Modern sites should have both A and AAAA records for dual-stack support.
MX: mail exchange. Points to mail servers in priority order. Lower priority = higher preference. \"example.com MX 10 mail1.example.com\" and \"example.com MX 20 mail2.example.com\" means senders try mail1 first, fallback to mail2.
TXT: arbitrary text, widely used for:
- SPF (Sender Policy Framework): v=spf1 ...
- DKIM keys: v=DKIM1; p=...
- DMARC policy: v=DMARC1; p=...
- Domain verification for Google, Apple, Stripe, etc.
CNAME: canonical name alias. \"www.example.com CNAME example.com\" makes www an alias. CNAMEs cannot coexist with other records at the same name (except DNSSEC).
NS: name servers authoritative for this zone. Used in DNS delegation.
SOA: Start of Authority. One per zone, shows the primary name server, admin email, serial number (zone version), refresh/retry/expire/minimum TTL.
CAA: Certificate Authority Authorization. Specifies which CAs can issue certificates for the domain. \"example.com CAA 0 issue \\\"letsencrypt.org\\\"\" restricts issuance to Let\u2019s Encrypt.
PTR: reverse DNS from IP to name. Queried in a special in-addr.arpa zone.
TTL: time-to-live in seconds. Resolvers cache records for this long before re-querying. Short TTL (60-300s) for records that change often; long TTL (86400s or more) for stable records.
Propagation: when you change a DNS record, it takes time for all resolvers worldwide to see the new value because they cache the old one until TTL expires. \"DNS propagation\" time is bounded by the old TTL plus retry behavior.
Recursive vs authoritative: most lookups go through a recursive resolver (8.8.8.8, your ISP, etc.) which queries authoritative servers on your behalf. Authoritative servers are the ones configured for a specific zone.
Common problems and solutions
⚠Browser caching
If the tool returns cached results, force a fresh query by using a different resolver or waiting for TTL expiry. Some tools and browsers add an extra layer of caching.
⚠Propagation timing
DNS changes can take up to the TTL of the old record to propagate. Short TTL before changes speeds propagation; high TTL (86400s+) makes changes slow.
⚠CNAME loops
CNAME pointing to another CNAME pointing back creates a loop. DNS resolvers limit chain depth and will return SERVFAIL on loops.
⚠SPF record too long
SPF records over 255 characters per string must be split into multiple strings. The tool shows the combined parsed record.
⚠DMARC alignment
DMARC requires SPF and/or DKIM to pass AND align with the From domain. A DMARC-passing email still needs authentication aligned; TXT record alone doesn’t enforce this.
⚠NS delegation mismatch
Registrar NS records (what your domain registrar publishes) must match the NS records in the zone itself. Mismatch causes lookups to fail for some resolvers.
⚠DNS over HTTPS privacy
Using different resolvers may return different answers if some are compromised or poisoned. Default resolvers (Google, Cloudflare, Quad9) are trustworthy; unknown resolvers should be used with caution.
DNS Lookup — comparisons and alternatives
Compared to command-line dig and nslookup, this tool has a browser UI with inline labels for common record types. CLI tools are better for scripting and automation; this tool is better for interactive investigation.
Compared to dnschecker.org and similar propagation-checking sites, this tool supports more record types and provides detailed TTL info. Propagation checkers are specialized for the \"has my record updated everywhere\" question.
Compared to paid DNS management tools (Cloudflare, Route 53 dashboards), this tool works against any domain without requiring DNS admin access. Admin tools are for managing your own zones; this tool is for querying any zone.
Frequently asked questions about the DNS Lookup
▶How do I look up DNS records for a domain?
Enter the domain and pick the record type. The tool queries a public resolver and shows the records with TTL. For a general overview, query A (IPv4), MX (email), and TXT records. For security review, add CAA and NS records.
▶What is DNS propagation?
The time it takes for DNS changes to be visible to all resolvers worldwide. Resolvers cache records for the TTL, so changes are slow to appear if TTL was long. A TTL of 300s means propagation completes within minutes; a TTL of 86400s means up to a day. Lower TTLs before planned changes.
▶Why do different resolvers give different results?
During propagation, some resolvers have the old cached record while others have the new one. It’s normal. Once all resolvers’ caches expire (max TTL time has passed), they converge.
▶What is an SPF record?
SPF (Sender Policy Framework) is a TXT record specifying which mail servers are authorized to send email for your domain. Format: v=spf1 include:_spf.google.com ~all. Receiving mail servers check SPF to detect forged sender addresses. Essential for email deliverability.
▶What is DMARC?
DMARC (Domain-based Message Authentication, Reporting, and Conformance) is a TXT record at _dmarc.example.com that tells receivers what to do with emails that fail SPF and DKIM checks. Policies are none (monitor only), quarantine (send to spam), or reject (bounce).
▶What is a CAA record?
Certificate Authority Authorization. Specifies which Certificate Authorities can issue SSL/TLS certificates for your domain. Helps prevent unauthorized certificate issuance (a known attack). Modern CAs are required to respect CAA records since 2017.
▶Can I see DNSSEC status?
Yes, the tool shows DNSSEC validation status for domains that publish DNSSEC signatures. DNSSEC-signed domains are protected against DNS spoofing attacks. Most websites do not use DNSSEC yet, but adoption is growing for security-sensitive domains.
▶Is my lookup private?
Queries go to public DNS resolvers (Google, Cloudflare, Quad9), which may log queries per their policies. The tool itself doesn’t log. For fully private lookups, run your own resolver or use a privacy-focused service with strict no-log policies.
Additional resources
- RFC 1035 DNS specification — The foundational DNS specification defining record types and query semantics.
- RFC 7208 SPF — SPF record format and semantics for email authentication.
- RFC 7489 DMARC — DMARC protocol specification.
- Google Public DNS — Google’s free public DNS service (8.8.8.8) used by this tool.
- Cloudflare 1.1.1.1 — Cloudflare’s privacy-focused public DNS resolver.
Related tools
All Web ToolsBroken Link Checker
Scan any webpage or sitemap for broken links, 404 errors, excessive redirect chains, and mixed-content issues. Get detailed response reports and fix suggestions for SEO and UX.
HTTP Headers Lookup
Complete reference for HTTP request and response headers with usage examples, RFC references, and common values.
HTTP Status Code Reference
Complete reference for every HTTP status code with meaning, usage guidelines, and examples for REST API design.
IP Address Lookup
Look up IP address details including approximate location, ISP, organization, ASN, timezone, and reverse DNS.
Regex Tester
Test and debug regular expressions with live matching and explanation
SSL Certificate Checker
Check SSL/TLS certificate validity, expiration, issuer, cipher suites, and chain details for any HTTPS domain.
Learn more
Explore more tools
200+ free tools that run in your browser.
Browse all tools →