DNS Record Lookup

What a DNS lookup shows you

The Domain Name System, or DNS, is the backbone of the internet’s addressing infrastructure. Every time you type a domain name, DNS translates it into the numeric IP address computers use. Think of DNS as the internet’s phone book. Without it, you would memorize long strings of numbers just to visit a website. DNS records are the individual entries in that phone book. Each type of record serves a different purpose. Checking DNS records helps you diagnose connectivity issues and verify domain configurations. It also confirms that services like email and web hosting are properly set up. For a comprehensive overview of the resolution process, read our guide on how DNS works.

Understanding DNS record types

Each DNS record type carries specific information about a domain. For a detailed breakdown of every record type, see our companion article on DNS records explained. Here is what this tool can query and what each type tells you:

• A records map a domain name to an IPv4 address. This is the most fundamental DNS record. It tells browsers which server to contact when someone visits your website.
• AAAA records serve the same purpose as A records but for IPv6 addresses. They keep your site reachable as modern networks shift to IPv6.
• MX records (Mail Exchanger) specify which mail servers handle email for a domain. If emails are not delivering, check MX records first. Our dedicated MX lookup also resolves each mail server to its IPs.
• TXT records hold arbitrary text data. They handle domain verification, SPF policies, DKIM signatures, and DMARC rules — the core of email authentication. Browse every TXT record at once with our TXT lookup. Or check SPF, DKIM, and DMARC together with the email authentication checker.
• CNAME records (Canonical Name) create an alias from one domain name to another. They commonly point subdomains like www.example.com to the root domain or a CDN hostname.
• NS records (Name Server) identify which DNS servers are authoritative for a domain. They matter most during migrations and when delegating subdomains to different hosting providers.
• SOA records (Start of Authority) carry zone-level administrative data. That includes the primary name server, the admin contact, and a serial number. The serial increments with every zone change, so SOA quickly confirms a zone was actually updated.
• CAA records (Certification Authority Authorization) declare which certificate authorities may issue SSL/TLS certificates for the domain. They are a simple, powerful guard against mis-issued certificates. See how SSL certificates work for the bigger picture.
• SRV records advertise the host and port for specific services. They use underscore-prefixed names like _sip._tcp.example.com — paste the full prefixed name into the field above.
• HTTPS records (type 65) are the newest of the set. They publish connection details like HTTP/2 and HTTP/3 support and address hints directly in DNS. Browsers connect faster and can use features like Encrypted Client Hello. Expect to see them on major sites and CDNs first.

Common use cases for DNS lookups

Running a DNS lookup is one of the first things administrators do when something goes wrong. During a domain migration, verify that A records and NS records have updated at the new host. Our DNS propagation checker compares resolvers side by side to confirm a change has actually spread. When troubleshooting email delivery issues, MX records confirm that mail routes to the correct server. TXT records reveal whether SPF and DKIM policies are properly configured. For SSL certificate validation, certificate authorities often require a specific TXT or CNAME record to prove ownership. A quick DNS check confirms the record is in place before you request the certificate. Developers, system administrators, and site owners all get instant visibility into the records that keep a domain running. For more diagnostic techniques, see our network troubleshooting guide.

DNS lookup FAQ

What is the difference between an A record and a CNAME record?

An A record maps a name directly to an IPv4 address. A CNAME maps a name to another name — an alias resolved in a second step. A records answer the question immediately; CNAMEs delegate it. CNAMEs are common for www subdomains and CDN hostnames. A domain’s root (apex) generally cannot use one, which is why apex domains carry A or AAAA records.

Why are my DNS changes not showing up yet?

Resolvers cache each record for its TTL — the time-to-live shown in the results. Until the old TTL expires, a resolver keeps serving the cached value. Changes therefore appear at different times for different people. Most updates go live within minutes to a few hours, not the 24 to 48 hours often quoted. Our guide on how long DNS propagation takes explains why. Compare resolvers with the DNS propagation checker to see whether your change has reached the major public resolvers.

What does TTL mean in the results?

TTL (time to live) is the number of seconds a resolver may cache the record. After that, it asks the authoritative server again. A TTL of 300 means five minutes of caching. Low TTLs make changes propagate faster at the cost of more DNS queries. High TTLs reduce load but slow down updates. Before a planned migration, lowering TTLs in advance shortens the switchover window.

What does the DNSSEC status in the results mean?

DNSSEC adds cryptographic signatures to DNS records so resolvers can verify they were not tampered with. When this tool shows Validated, Google’s resolver confirmed the response against the domain’s DNSSEC signatures. Not validated means the domain is not signed, which is still the case for most domains. It can also mean the chain could not be verified. A signed domain with broken signatures typically returns a SERVFAIL error instead of records.

What is an HTTPS record (type 65)?

The HTTPS record, standardized in RFC 9460, lets a domain advertise connection details in DNS itself. Those details include HTTP/2 and HTTP/3 support plus IP address hints. Browsers use them to connect faster and more securely without extra round trips. It also underpins Encrypted Client Hello. Safari has queried it since 2020, and Firefox uses it over DoH. CDNs lead adoption, so you will see it on major sites but not most small domains.

How do I look up SPF, DKIM, or DMARC records?

All three live in TXT records. SPF sits on the domain itself — query TXT for example.com. DMARC lives at _dmarc.example.com, and DKIM at a selector name like selector1._domainkey.example.com. This tool accepts those underscore-prefixed names directly. To check all three together with parsing and pass/fail analysis, our email authentication checker is the faster route.

Which DNS server does this tool query, and why might other tools show different results?

This tool queries Google Public DNS (8.8.8.8) over HTTPS. Results reflect Google’s resolver cache at the moment you ask. Other tools may use Cloudflare, your ISP’s resolver, or authoritative servers directly — each with its own cache state. Answers can therefore differ briefly after a change. That difference is propagation in action, not an error; the propagation checker shows it side by side.

Related tools and resources

Need to go the other direction? Use our Reverse DNS Lookup to resolve an IP address back to its hostname. Look up domain registration with the WHOIS Lookup. Verify mail routing with the MX lookup, or check a site’s certificate with the SSL Certificate Checker. You can also check your own IP address or calculate subnet details. Browse common network ports, or visit the networking tools hub for the full collection.