🔍 Networking

DNS Record Lookup

Query A, AAAA, CNAME, MX, TXT, NS, SOA, CAA and SRV records for any domain using Cloudflare's DNS-over-HTTPS API. No dig command or terminal needed — results in under a second.

Domain Name
Record Types
github.com google.com cloudflare.com amazon.com netflix.com
📋 DNS Record Types Reference
A IPv4 address
AAAA IPv6 address
CNAME Alias to another domain
MX Mail server
TXT Text records (SPF, DKIM…)
NS Authoritative nameservers
SOA Start of authority
CAA CA authorisation
How it works: This tool uses Cloudflare's 1.1.1.1 DNS-over-HTTPS API to query records. Results reflect what Cloudflare's resolver sees — propagation times mean recent changes may not be visible everywhere yet. TTL values are in seconds.
📖 How to Use This Tool
1
Enter a domain name (e.g. github.com)
2
Select record types: A, MX, TXT, NS, etc.
3
Click Lookup — uses Cloudflare DoH (1.1.1.1)
4
Try quick domain chips for popular sites
📝 Examples
A record
Input: github.com
Output: 140.82.121.3

The Problem DNS Lookup Solves

DNS is often called the phone book of the internet, but checking it manually requires either trusting your local resolver's cache — which may be stale or split-horizon — or reaching for a terminal and remembering the right flags for dig or nslookup. A DNS lookup tool removes that friction: it queries the Domain Name System directly and returns the authoritative records associated with a domain — A records that point to IPv4 addresses, MX records that route email, TXT records used for domain ownership verification and email authentication, and more — without requiring shell access or local tooling.

The operational stakes go well beyond name resolution. TXT records carry SPF and DKIM policies that determine whether your outbound email is accepted or marked as spam. CAA records control which certificate authorities are permitted to issue TLS certificates for your domain. NS records determine which authoritative servers a registrar delegates to. Misreading or missing any of these during a migration is a common cause of self-inflicted outages, so having an instant, reliable way to verify them from any browser — on a phone during an incident, or a locked-down corporate laptop without dig installed — is a genuinely practical operational need.

How It Works Under the Hood

This tool sends DNS queries using Cloudflare's DNS-over-HTTPS (DoH) API at 1.1.1.1/dns-query. DoH wraps the DNS query inside an HTTPS request, which means the lookup is encrypted in transit and not visible to network intermediaries. The response contains the resource records from the authoritative nameservers for the queried domain, along with the TTL (Time to Live) for each record. Because the queries go through Cloudflare's globally distributed resolver, results represent the public DNS view rather than any cached or split-horizon view specific to your local network.

Real-World Use Cases

Common Mistakes & Troubleshooting

The most frequent mistake is checking a DNS change immediately after making it and concluding it "isn't working" — propagation is bound by the record's TTL, and a record published with an 86400-second TTL can legitimately take up to 24 hours to be visible everywhere, even though Cloudflare's resolver may already show the new value. A second common error is confusing your local resolver's cached answer with the authoritative one: if you changed a record minutes ago and your laptop still shows the old IP, the problem is usually local OS-level DNS caching, not propagation — flushing the local cache (sudo dscacheutil -flushcache on macOS, ipconfig /flushdns on Windows) often resolves it instantly. Third, people forget that CNAME records cannot coexist with other record types on the same name — adding a TXT record to a hostname that already has a CNAME is invalid DNS and will be silently rejected or cause unpredictable behaviour depending on the provider. Finally, when debugging SPF failures, remember that DNS enforces a 255-character limit per TXT string and a practical limit on the number of DNS lookups SPF evaluation can perform (10) — an SPF record with too many include: mechanisms will fail validation even though the record itself looks syntactically correct.

Frequently Asked Questions

Which DNS server does this tool use?

This tool queries Cloudflare's DNS-over-HTTPS (DoH) service at 1.1.1.1. DoH encrypts the DNS query inside an HTTPS connection, ensuring your lookups are not visible to network intermediaries such as ISPs or corporate proxies. Results reflect the global public DNS view as seen by Cloudflare's anycast resolver network, which covers over 300 data centres worldwide. This makes it reliable for verifying whether a DNS change has propagated globally, rather than just on your local resolver.

What DNS record types can I look up?

The tool supports A (IPv4 address), AAAA (IPv6 address), CNAME (canonical name alias), MX (mail exchanger, with priority), TXT (free-form text — used for SPF, DKIM, Google Search Console verification, and others), NS (authoritative nameservers), SOA (Start of Authority, containing zone serial and refresh timings), and CAA (Certification Authority Authorization, restricting which CAs can issue certificates for the domain). These cover the full set of records that DevOps and infrastructure teams interact with on a daily basis.

How long does DNS propagation take after changing records?

Propagation time is determined by the TTL (Time to Live) value set on the record being changed — a record with a 300-second TTL will be expired and re-fetched by resolvers within 5 minutes, while one with an 86400-second (24-hour) TTL can take up to a day to propagate fully across the internet. The best practice before a major DNS change such as a domain migration or load balancer cutover is to lower the TTL to 300 seconds at least 48 hours in advance, giving existing caches time to expire. Once you've made the change and confirmed it's working, you can raise the TTL back to a higher value to reduce resolver load. Note that some resolvers ignore TTL values and cache for longer than specified.