Query any DNS record type for any domain. Choose your resolver and inspect the live response.
Common questions about DNS records and how to use this tool.
A DNS lookup is a query sent to a DNS server asking for a specific record type for a domain. When your browser visits a website, it first performs an A record lookup to find the server's IP address. This tool lets you perform the same queries manually to inspect what any DNS resolver returns for any domain and record type — useful for debugging DNS configuration, verifying propagation, and auditing records.
This tool supports the most commonly used DNS record types: A (IPv4 address), AAAA (IPv6 address), CNAME (canonical name / alias), MX (mail exchanger), TXT (text records — includes SPF, DMARC, DKIM, domain verification tokens), NS (nameservers), SOA (start of authority), SRV (service locator), CAA (certification authority authorisation), and PTR (reverse DNS / pointer).
A records map a domain to an IPv4 address (e.g., 93.184.216.34). AAAA records (pronounced "quad-A") map a domain to an IPv6 address (e.g., 2606:2800:220:1:248:1893:25c8:1946). Most modern servers support both. A domain can have multiple A and AAAA records for load balancing or redundancy.
A CNAME (Canonical Name) record creates an alias from one domain name to another. For example, www.example.com might be a CNAME pointing to example.com. DNS resolvers follow the CNAME chain until they reach an A or AAAA record. You cannot put a CNAME at the zone apex (the root domain itself) — that requires an A record or a proprietary ALIAS/ANAME record. CNAME records are also used in DKIM delegation, where a selector points to a provider's canonical signing key.
MX (Mail Exchanger) records tell sending mail servers which host(s) accept email for your domain. Each MX record has a priority (lower number = higher priority) and a hostname. When someone sends you an email, their server looks up your MX records and delivers to the highest-priority host. If you have misconfigured or missing MX records, incoming email will fail. The MX Inspector tool goes further, resolving each MX host and checking PTR/FCrDNS records.
TXT records hold arbitrary text data and are used for many purposes. In email deliverability, TXT records store SPF policy (v=spf1 ...), DMARC policy at _dmarc.{domain}, DKIM public keys at {selector}._domainkey.{domain}, and TLS-RPT reporting addresses at _smtp._tls.{domain}. They're also used by services like Google and Microsoft to verify domain ownership.
The SOA (Start of Authority) record is the first record in a DNS zone. It contains the primary nameserver, the responsible administrator's email (with the @ replaced by a dot), and several timing parameters: serial (version number incremented on each change), refresh (how often secondary nameservers check for updates), retry (how long to wait before retrying a failed refresh), expire (how long to serve zone data if the primary is unreachable), and minimum TTL (the default TTL for negative caching).
CAA (Certification Authority Authorisation) records control which certificate authorities (CAs) are allowed to issue TLS/SSL certificates for your domain. For example, 0 issue "letsencrypt.org" means only Let's Encrypt may issue certificates. If no CAA records exist, any CA can issue certificates. Setting CAA records reduces the risk of mis-issuance by unauthorised CAs. Use issuewild for wildcard certificates and iodef to receive violation reports.
A PTR (Pointer) record maps an IP address back to a hostname — the reverse of an A record. To look up the PTR for 93.184.216.34, the query is made at 34.216.184.93.in-addr.arpa. PTR records are set by the IP address owner (typically your ISP or hosting provider) and cannot be set in your own domain's DNS zone. Reverse DNS is important for email deliverability: many mail servers check that the sending IP has a PTR record and that it matches the forward A record (FCrDNS). If you enter an IPv4 address in this tool and select PTR, it is automatically converted to the correct reverse notation.
SRV (Service) records specify the location of servers for specific protocols. They include a priority, weight, port, and target hostname. For example, _sip._tcp.example.com might have an SRV record pointing to the SIP server for that domain on a specific port. SRV records are used by VoIP (SIP), XMPP, Microsoft services (Autodiscover, Teams), and other protocols to discover service endpoints automatically.
dig and nslookup are command-line tools that perform DNS lookups from your local machine using your system's configured resolver. This tool is a web-based equivalent — you can run it from any browser without installing anything, and it queries three well-known public resolvers (Google, Cloudflare, Quad9) directly, bypassing your local network configuration. This is useful when you want to see what global resolvers return rather than what your local or corporate DNS server returns.
Google (8.8.8.8) is the most widely used public resolver with strong global coverage and fast responses. Cloudflare (1.1.1.1) prioritises privacy (no query logging) and is consistently among the fastest resolvers worldwide. Quad9 (9.9.9.9) is a Swiss non-profit resolver that blocks known malicious domains. For most DNS lookups any of the three will return the same result — they differ mainly in caching state during propagation. If your changes appear on Google but not Cloudflare, your TTL may still be in effect on some resolvers. Use the DNS Propagation Checker to see results across 15+ resolvers simultaneously.