Home/Tools/DNS Lookup

DNS Lookup Tool

Free DNS record checker. Instantly query A, AAAA, MX, TXT, NS, and other DNS records. Analyze email security with SPF and DMARC validation.

Ethical Use Notice

This tool is provided for educational, defensive security, and authorized testing purposes only. Unauthorized access to computer systems, networks, or data is illegal. Always obtain proper authorization before conducting security assessments or testing. Use this tool responsibly and in compliance with all applicable laws and regulations.

Free DNS Lookup Tool: Query DNS records for any domain. Results are fetched in real-time from authoritative DNS servers.
Try:

Key Features

🔍

Complete DNS Records

Query all major DNS record types including A, AAAA, CNAME, MX, TXT, NS, SOA, SRV, and CAA records in one comprehensive lookup.

📧

Email Security Analysis

Automatic SPF, DKIM, and DMARC record detection and analysis with strength scoring and actionable warnings.

💯

DNS Health Score

Get a comprehensive health score (0-100) evaluating your DNS configuration, security records, and best practices.

Real-Time Queries

Fast, real-time DNS lookups from authoritative nameservers. See current TTL values and record freshness.

📊

Export & Filter

Filter records by type, search by value, and export results to text files for documentation and analysis.

🕒

Lookup History

Track recent lookups for quick re-checking. Perfect for monitoring DNS changes during propagation.

Understanding DNS Record Types

DNS records are the building blocks of the Domain Name System. Each record type serves a specific purpose:

A Record (IPv4)

Maps a domain name to an IPv4 address (e.g., 192.0.2.1).

  • • Most common DNS record type
  • • Points your domain to a web server
  • • Required for website hosting
  • • Can have multiple A records for load balancing

AAAA Record (IPv6)

Maps a domain name to an IPv6 address (e.g., 2001:0db8::1).

  • • IPv6 version of A record
  • • Supports modern internet infrastructure
  • • Recommended for future compatibility
  • • Can coexist with A records

MX Record (Mail Exchange)

Specifies the mail servers responsible for accepting email.

  • • Required for receiving email
  • • Priority values determine server order
  • • Multiple MX records provide redundancy
  • • Lower priority number = higher priority

CNAME Record (Alias)

Creates an alias pointing one domain to another.

  • • Points to another domain name
  • • Cannot be used on root domain
  • • Useful for subdomains (www, blog, etc.)
  • • Cannot coexist with other records on same name

TXT Record (Text)

Stores arbitrary text data for various purposes.

  • • SPF records for email authentication
  • • DMARC policies for email security
  • • DKIM public keys for email signing
  • • Domain verification for services

NS Record (Nameserver)

Delegates a DNS zone to specific authoritative nameservers.

  • • Defines authoritative DNS servers
  • • Multiple NS records for redundancy
  • • Required for all domains
  • • Controls where DNS records are hosted

SOA Record (Start of Authority)

Contains administrative information about the DNS zone.

  • • Primary nameserver information
  • • Responsible party email
  • • Zone serial number for updates
  • • Refresh and retry timings

CAA Record (Certificate Authority)

Specifies which certificate authorities can issue SSL certificates.

  • • Security feature to prevent unauthorized SSL
  • • Lists approved certificate authorities
  • • Recommended security best practice
  • • Helps prevent certificate mis-issuance

Email Security Records

Email security relies on three key DNS record types that work together to prevent spoofing and improve deliverability:

SPF (Sender Policy Framework)

SPF is a TXT record that lists which IP addresses and domains are authorized to send email on behalf of your domain.

v=spf1 include:_spf.google.com include:servers.mcsv.net -all
  • v=spf1 - SPF version identifier
  • include: - Authorizes another domain's SPF record
  • ip4: / ip6: - Authorizes specific IP addresses
  • -all - Reject all other senders (hard fail)
  • ~all - Soft fail for other senders
  • ?all - Neutral (no policy)
Warning: SPF has a 10 DNS lookup limit. Too many includes will cause validation failures.

DMARC (Domain-based Message Authentication)

DMARC tells receiving servers what to do with emails that fail SPF or DKIM checks.

v=DMARC1; p=quarantine; rua=mailto:[email protected]; pct=100
  • p=none - Monitor only (no action taken)
  • p=quarantine - Send to spam folder
  • p=reject - Reject the email (strongest policy)
  • rua= - Email address for aggregate reports
  • ruf= - Email address for forensic reports
  • pct= - Percentage of emails to apply policy to
Best Practice: Start with p=none to monitor, then gradually move to p=quarantine and finally p=reject.

DKIM (DomainKeys Identified Mail)

DKIM adds a digital signature to outgoing emails, allowing recipients to verify the email hasn't been tampered with.

v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC...
  • • Email server signs outgoing messages with private key
  • • Public key published in DNS as TXT record
  • • Receiving servers verify signature with public key
  • • Selector allows multiple DKIM keys per domain
  • • Protects against email content modification
Tip: DKIM records are published at selector._domainkey.yourdomain.com

DNS Propagation & TTL

What is DNS Propagation?

DNS propagation is the time it takes for DNS changes to spread across the internet. When you update a DNS record, it doesn't change instantly everywhere - it gradually propagates to DNS servers worldwide.

Factors Affecting Speed:

  • • TTL (Time To Live) values
  • • DNS server cache refresh rates
  • • ISP DNS server configurations
  • • Geographic location

Typical Timelines:

  • • Local DNS: Minutes
  • • ISP DNS: Hours
  • • Global propagation: 24-48 hours
  • • Complete propagation: Up to 72 hours

Understanding TTL (Time To Live)

TTL is the duration (in seconds) that DNS resolvers cache your record before checking for updates.

300 seconds (5 minutes)Low TTL

Good for: Testing changes, frequent updates. Drawback: Higher DNS query load.

3600 seconds (1 hour)Balanced

Good for: Most domains. Balances propagation speed with server load.

86400 seconds (24 hours)High TTL

Good for: Stable configurations. Drawback: Changes take longer to propagate.

Pro Tip: Lower your TTL to 300 seconds a day before making DNS changes, then raise it back after propagation completes.

Common DNS Issues & Solutions

Common Problems

  • Missing SPF/DMARC: Emails marked as spam or rejected
  • Too many SPF includes: SPF validation failures (10 lookup limit)
  • Single nameserver: No redundancy if server fails
  • No IPv6 (AAAA): Incompatible with IPv6-only networks
  • Incorrect MX priority: Mail routing to wrong server

Best Practices

  • Configure email security: Add SPF, DKIM, and DMARC records
  • Use multiple nameservers: 2-4 NS records for redundancy
  • Add IPv6 support: Include AAAA records alongside A records
  • Set CAA records: Control SSL certificate issuance
  • Optimize TTL values: Balance update speed with server load

Frequently Asked Questions

Find answers to common questions

A DNS lookup is the process of querying the Domain Name System to retrieve DNS records for a specific domain. These records contain information about how a domain is configured, including IP addresses, mail servers, text records for email security, and authoritative nameservers.

Key Security Terms

Understand the essential concepts behind this tool

Domain Name System (DNS)

The hierarchical naming system that translates human-readable domain names into IP addresses.

Learn more →

WHOIS Database

A public directory that stores registration information for domain names and IP address blocks.

Learn more →

IP Address Geolocation

The process of determining the geographic location of an internet-connected device using its IP address.

Learn more →

Port Numbers

Numerical identifiers (0-65535) used to route network traffic to specific services on a device.

Learn more →
View all terms in our glossary →

Related Network Tools

🌐

Network Tools

Browse all network and infrastructure tools

🔒

Password Strength Checker

Test password security and entropy

🛡️

Cybersecurity Services

Professional security consulting and support

Need Help with DNS Configuration?

Our network engineers can help you configure DNS records, troubleshoot email delivery issues, implement email security (SPF/DKIM/DMARC), and optimize your DNS infrastructure.

Get Expert HelpView Our Services