DNS Lookup Online
Free DNS Checker Tool to Query All DNS Records
Use our free DNS lookup online tool to check DNS records for any domain. This DNS checker tool queries authoritative nameservers and returns A records, AAAA (IPv6), MX (mail), CNAME, TXT, NS, SOA, PTR (reverse DNS), and CAA records with TTL (time to live) values and DNS resolution time. Verify SPF, DKIM, DMARC security records and troubleshoot DNS propagation issues instantly.
Quick Answer: What Is a DNS Lookup?
A DNS lookup online queries the Domain Name System to translate a domain name (like google.com) into IP addresses and retrieve all associated DNS records. Our DNS checker tool fetches A, AAAA, MX, CNAME, TXT, NS, SOA, PTR, and CAA records from authoritative servers. It measures DNS resolution time, displays TTL values for DNS propagation tracking, and helps verify email security records like SPF, DKIM, and DMARC.
Query DNS Records for Any Domain
Enter a domain to dig DNS online and retrieve all record types with resolution latency and TTL analysis.
Robert Harrison
OSINT & Network Utility Expert
Robert specializes in DNS management, port scanning, network forensics, and OSINT investigations. He helps system administrators and security professionals audit domain infrastructure, troubleshoot DNS propagation issues, and verify DNSSEC configurations.
View All Articles by Robert HarrisonWhat Is a DNS Lookup Online and Why Does It Matter?
A DNS lookup online queries the Domain Name System — the internet's phone book — to translate human-readable domain names into machine-readable IP addresses and retrieve all associated DNS records. When you type "google.com" into your browser, a DNS query happens behind the scenes to find the server's IP address so your browser knows where to connect.
Our DNS checker tool goes beyond basic resolution. It fetches every record type configured for a domain: A records (IPv4 addresses), AAAA records (IPv6 addresses), MX records (mail servers), CNAME records (aliases), TXT records (security and verification), NS records (authoritative nameservers), SOA records (zone authority), PTR records (reverse DNS), and CAA records (SSL certificate authority). This complete picture helps you diagnose email delivery failures, verify domain ownership, troubleshoot hosting migrations, and audit your security posture.
According to Wikipedia's article on the Domain Name System, DNS handles an estimated 1.1 trillion queries per day globally, making it one of the most critical infrastructure systems on the internet. A misconfigured DNS record can take an entire website offline, block all incoming email, or expose your domain to spoofing attacks.
Key Fact: Our DNS lookup online tool measures DNS resolution time in milliseconds. Healthy domains resolve in under 100ms. If your resolution time exceeds 500ms, it may indicate DNS server issues, DDoS mitigation filters, or geographic latency from distant anycast DNS nodes — all factors that affect your website's loading speed.
DNS Record Types Explained: Complete Technical Breakdown
Understanding each DNS record type is essential for managing your domain infrastructure. Our dig DNS online tool returns all of these record types with detailed values and TTL information.
A Record — The IPv4 Address Anchor
The A record is the most fundamental DNS record. It maps a domain directly to an IPv4 address like 142.251.46.206. Every website needs at least one A record. Multiple A records enable round-robin load balancing across servers. If your A record points to the wrong IP after a hosting migration, your website displays someone else's content or shows a connection error.
AAAA Record — IPv6 Resolution
The AAAA record (Quad-A) maps a domain to an IPv6 address like 2001:4860:4860::8888. With IPv4 addresses running out globally, IPv6 adoption is accelerating. Modern websites should configure both A and AAAA records for full protocol compatibility. Learn more about the technical differences in our IPv4 vs IPv6 header comparison guide.
MX Record — Mail Server Routing
MX (Mail Exchange) records tell the internet which servers handle email for your domain. Each MX record has a priority value — mail servers try the lowest number first. If your primary mail server (priority 10) fails, backup servers (priority 20, 30) receive the email instead. This redundancy prevents email loss during server outages.
CNAME Record — Domain Aliasing
A CNAME (Canonical Name) record creates an alias from one domain to another. For example, pointing "blog.example.com" to "example.ghost.io." CNAME records cannot coexist with other record types on the same hostname — this is a common configuration mistake that causes MX records to disappear. For Shopify and similar platforms, CNAME setup is critical — see our Shopify DNS setup guide.
TXT Record — Security and Verification
TXT records store text-based data used for domain verification, email authentication, and security policies. The three critical TXT records every domain needs are SPF (Sender Policy Framework), DKIM (DomainKeys Identified Mail), and DMARC (Domain-based Message Authentication). Without these, your emails land in spam folders or get rejected entirely.
NS Record — Nameserver Authority
NS (Nameserver) records declare which DNS servers are authoritative for your domain. When you register a domain and set nameservers to Cloudflare or your hosting provider, you are configuring NS records. All your other DNS records (A, MX, TXT) are managed at whatever nameservers your NS records point to.
SOA Record — Zone of Authority
The SOA (Start of Authority) record contains metadata about the DNS zone: the primary nameserver, the responsible administrator's email, a serial number that increments with each change, and refresh/retry/expire timers. SOA records are critical for DNS zone transfers between primary and secondary nameservers.
PTR Record — Reverse DNS
PTR (Pointer) records perform reverse DNS lookups — translating an IP address back to a hostname. Email servers use PTR records to verify that the sending server's IP matches its claimed hostname. Missing PTR records are a major cause of email deliverability issues. Check your reverse DNS with our Reverse IP Lookup tool.
CAA Record — SSL Certificate Authority
CAA (Certification Authority Authorization) records specify which certificate authorities are allowed to issue SSL certificates for your domain. Without CAA records, any CA worldwide can issue a certificate — creating a potential attack vector. Our tool helps you check DNS CAA records for SSL issuance security. Verify your SSL status with our SSL Certificate Checker.
How to Check If My DNS Records Are Propagated Globally
DNS propagation is the process of updating DNS records across all nameservers worldwide. When you change an A record, MX record, or any DNS entry, it does not update instantly everywhere. Cached copies of the old record persist on DNS resolvers around the world until their TTL (Time to Live) expires.
How TTL Controls DNS Propagation Speed
Every DNS record has a TTL value measured in seconds. This tells DNS resolvers how long to cache the record before checking for updates. A TTL of 3600 means resolvers will serve the cached copy for 1 hour. A TTL of 86400 means 24 hours of caching. Lower TTL values mean faster propagation but slightly more DNS queries hitting your authoritative server.
# Typical TTL values and their propagation impact:
TTL 300 (5 min) → Fast propagation, ideal pre-migration
TTL 3600 (1 hour) → Standard for most records
TTL 14400 (4 hours) → Common default for many registrars
TTL 86400 (24 hours) → Maximum caching, slowest propagation
# Pro migration strategy:
# 24 hours BEFORE migration: Lower TTL to 300
# Make DNS changes
# Wait for propagation (5-30 minutes)
# Verify with TrustMyIP DNS Lookup
# After confirmation: Restore original TTL
Why DNS Propagation Takes Up to 48 Hours
While major public DNS resolvers like Google (8.8.8.8) and Cloudflare (1.1.1.1) typically update within minutes, thousands of smaller ISP resolvers worldwide may honor the old TTL until it expires. Some ISPs also add their own caching layer on top of TTL values. This is why full global propagation can take up to 48 hours in worst-case scenarios.
To speed up propagation on your own machine, you can flush your local DNS cache. Our detailed guide covers this process: How to fix DNS propagation delay for new domains.
Common Mistake: Many users change DNS records and immediately test from their browser — but their local machine has the old record cached. Always flush your DNS cache before testing, or use our DNS lookup online tool which queries from the server side and bypasses your local cache entirely.
Free Tool to Find Hidden TXT Records for Domain Verification
TXT records serve multiple critical functions beyond simple text storage. Our DNS checker tool reveals all TXT records including email authentication protocols and domain verification entries that many basic tools miss.
SPF — Sender Policy Framework
SPF records list all IP addresses and servers authorized to send email on your domain's behalf. A properly configured SPF record prevents spammers from sending fake emails that appear to come from your domain. The record starts with "v=spf1" and includes authorized sources like "include:_spf.google.com" for Google Workspace users.
DKIM — DomainKeys Identified Mail
DKIM adds a digital signature to every outgoing email. The receiving server checks this signature against a public key stored in your DNS TXT records. If the signature matches, the email is verified as authentic and unmodified in transit. DKIM records are typically stored on a subdomain like "google._domainkey.yourdomain.com."
DMARC — Domain-based Message Authentication
DMARC builds on SPF and DKIM by telling receiving servers what to do when authentication fails. A DMARC policy can instruct servers to reject, quarantine (send to spam), or simply report failed messages. DMARC records are stored as TXT records on "_dmarc.yourdomain.com."
# Example SPF record (Google Workspace):
"v=spf1 include:_spf.google.com ~all"
# Example DMARC record:
"v=DMARC1; p=quarantine; rua=mailto:dmarc@yourdomain.com"
# Common issue: Missing SPF = emails go to spam
# Use TrustMyIP DNS Lookup → filter TXT records
# Look for v=spf1 and v=DMARC1 entries
If your emails are landing in spam, the first step is to check DNS records for missing or misconfigured SPF, DKIM, and DMARC entries. Our tool highlights these automatically. For deeper email analysis, use our Email Verification Tool.
DNS Security: DNSSEC, Spoofing Protection, and Modern Protocols
DNS was designed in the 1980s without built-in security. Attackers can exploit this through DNS spoofing (cache poisoning), man-in-the-middle attacks, and DNS hijacking. Modern security protocols address these vulnerabilities.
DNSSEC — Cryptographic DNS Validation
DNSSEC (DNS Security Extensions) adds cryptographic signatures to DNS records. When a resolver receives a DNS response, it verifies the signature against the domain's public key stored in the parent zone. If the signature does not match, the response is rejected — preventing spoofing protection at the protocol level. Not all domains have DNSSEC enabled, but it is increasingly standard for high-security applications.
DoH and DoT — Encrypted DNS Queries
Traditional DNS queries travel over UDP/TCP port 53 in plain text. Anyone monitoring your network (ISP, public WiFi operators, attackers) can see every domain you visit. DNS over HTTPS (DoH) and DNS over TLS (DoT) encrypt DNS queries, preventing eavesdropping. Major browsers and public resolvers now support both protocols.
Anycast DNS and DDoS Mitigation
Anycast DNS routes your DNS queries to the nearest geographic server in a distributed network. This reduces latency and provides built-in DDoS mitigation — if one server is attacked, traffic automatically routes to healthy nodes. Providers like Cloudflare and Google use anycast extensively. Read our detailed guide on how anycast routing works.
Security Tip: Switch your device's DNS resolver to a provider that supports DoH or DoT: Google (8.8.8.8), Cloudflare (1.1.1.1), or Quad9 (9.9.9.9). This encrypts your DNS queries and prevents ISP-level DNS monitoring. Then use our DNS lookup online tool to verify your records are resolving correctly through the new resolver.
DNS Record Lookup for Shopify, Microsoft 365 Setup Troubleshooting
One of the most common reasons people use a DNS checker tool is to verify records during platform setup. Here are the exact DNS configurations for popular services and how to troubleshoot them.
Shopify Custom Domain Setup
Shopify requires two DNS changes for a custom domain: an A record pointing to 23.227.38.65 and a CNAME record for "www" pointing to shops.myshopify.com. After adding these at your DNS provider, use our tool to verify both records appear correctly. If the A record shows a different IP, propagation is still in progress. For the complete setup walkthrough, see our Shopify DNS records setup guide.
Microsoft 365 (Outlook) Email Setup
Microsoft 365 requires multiple DNS changes: MX records pointing to "yourdomain-com.mail.protection.outlook.com" with priority 0, a TXT record for SPF (v=spf1 include:spf.protection.outlook.com -all), a CNAME for autodiscover pointing to autodiscover.outlook.com, and a TXT record for domain verification. Use our DNS lookup online tool to confirm all records are correctly propagated before verifying in the Microsoft admin panel.
Google Workspace Email Setup
Google Workspace requires specific MX records (aspmx.l.google.com at priority 1, plus four backup servers), SPF via TXT record (v=spf1 include:_spf.google.com ~all), and DKIM setup through a TXT record on a subdomain. Our tool's TXT record filter makes it easy to verify all authentication records are in place.
Why Is My MX Record Not Showing Up in DNS Lookup?
This is one of the most common DNS troubleshooting questions. The usual causes are: propagation still in progress (wait for TTL expiry), the MX record was added to the wrong zone or subdomain, a CNAME record exists on the same hostname (CNAME and MX cannot coexist per RFC 1034), or you are querying a cached resolver that has not refreshed yet. Check your IP and hosting details with our IP Lookup Tool.
Check DNS Resolution Time and Latency Online
DNS resolution speed directly impacts your website's loading time. Every page load begins with a DNS query — if that query takes 500ms instead of 20ms, your visitors experience a noticeable delay before anything even starts loading. Our tool measures DNS resolution time in milliseconds for every query.
What Is Good DNS Resolution Time?
For optimal performance, DNS resolution should complete in under 100ms. Resolution times between 100-300ms are acceptable but could be improved. Times exceeding 500ms indicate problems with your authoritative nameservers, geographic distance from the resolver, or potential DDoS mitigation filtering that adds latency.
How to Improve DNS Performance
Switch your authoritative DNS to a provider with anycast DNS infrastructure like Cloudflare, AWS Route 53, or Google Cloud DNS. These distribute your DNS records across dozens of global Points of Presence (PoPs), ensuring that resolvers worldwide get fast responses from the nearest server. Monitor your server performance with our Ping Test Tool and check your network's MTU configuration with our MTU Test.
How DNS Resolves Domain Names: The Complete Query Lifecycle
Understanding the full DNS resolution process helps you diagnose issues more effectively. Here is exactly what happens when your browser needs to resolve a domain, step by step.
# DNS Query Lifecycle (what happens when you visit google.com):
1. Browser checks its internal DNS cache
→ Cache HIT? Use cached IP. Done.
→ Cache MISS? Continue to step 2.
2. OS checks system DNS cache (stub resolver)
→ Cache HIT? Return IP to browser. Done.
→ Cache MISS? Forward query to configured resolver.
3. Recursive resolver (e.g., 8.8.8.8) checks its cache
→ Cache HIT? Return answer. Done.
→ Cache MISS? Begin iterative resolution.
4. Resolver queries ROOT servers (.)
→ Root returns: "Ask .com TLD servers"
5. Resolver queries .COM TLD servers
→ TLD returns: "Ask ns1.google.com (authoritative)"
6. Resolver queries authoritative nameserver
→ Authoritative returns: "142.251.46.206" (A record)
7. Resolver caches answer for TTL duration
8. IP returned to browser → TCP connection begins
This entire process typically completes in 20-100ms for cached queries and 100-300ms for full recursive lookups. Our public DNS lookup tool lets you observe the final result — what the authoritative server actually reports — helping you verify that your DNS configuration is correct at the source. For a deeper understanding, read our guide on how DNS resolves domain names to IPs.
How to Lookup DNS Records for a Specific Nameserver
Our web-based DNS lookup online tool queries from the server's default resolver. But sometimes you need to query DNS records against a specific nameserver — like checking what Google's resolver (8.8.8.8) sees versus Cloudflare's (1.1.1.1). This is especially useful during DNS propagation when different resolvers may return different answers.
Using dig Command (Linux/macOS)
# Query ALL records from Google DNS:
dig @8.8.8.8 example.com ANY
# Query only MX records from Cloudflare DNS:
dig @1.1.1.1 example.com MX
# Query TXT records (check SPF/DKIM/DMARC):
dig @8.8.8.8 example.com TXT
# Check CAA records for SSL authority:
dig @1.1.1.1 example.com CAA
# Trace the full resolution path:
dig +trace example.com
Using nslookup (Windows/macOS)
# Query specific nameserver (Google DNS):
nslookup example.com 8.8.8.8
# Query MX records specifically:
nslookup -type=MX example.com 1.1.1.1
# Query TXT records:
nslookup -type=TXT example.com
For users who prefer a web interface over command-line tools, our DNS checker tool provides the same information with visual formatting, record type filtering, and resolution time measurement — no terminal required. Complement your DNS analysis with our Port Scanner to verify that your server's DNS port (53) is properly configured.
Complete DNS Troubleshooting and Infrastructure Audit Checklist
Whether you are a website owner, system administrator, or developer, use this checklist to audit your domain's DNS health with our DNS checker tool.
- Step 1: Run a DNS lookup online on your domain above. Verify your A record points to the correct server IP.
- Step 2: Check MX records to ensure your email routing is correctly configured with proper priority values.
- Step 3: Filter TXT records and verify that SPF, DKIM, and DMARC are all present and correctly formatted.
- Step 4: Verify NS records point to your intended DNS provider (Cloudflare, Route 53, etc.).
- Step 5: Check CAA records to ensure only authorized certificate authorities can issue SSL for your domain.
- Step 6: Review TTL values — lower them before planned changes, restore them after propagation confirms.
- Step 7: Run a WHOIS Lookup to verify domain ownership and registration details.
- Step 8: Check your server IP against IP Blacklists to ensure email deliverability.
- Step 9: Verify your hosting with a Cloud IP Check to confirm the server provider.
- Step 10: Test domain redirects with our Redirect Checker to verify HTTP to HTTPS and www to non-www redirections.
Best Practice: Run a complete DNS audit after any hosting migration, nameserver change, email provider switch, or SSL certificate renewal. DNS misconfigurations are the single most common cause of website downtime and email delivery failures.
Frequently Asked Questions About DNS Lookup
What is a DNS lookup and how does it work?
A DNS lookup online queries the Domain Name System to translate domain names into IP addresses and retrieve associated DNS records. Our DNS checker tool sends queries to authoritative nameservers and returns all record types including A, AAAA, MX, CNAME, TXT, NS, SOA, PTR, and CAA with TTL values.
How to check if my DNS records are propagated globally?
Use our DNS lookup online tool and verify the A record IP matches your new server. DNS propagation typically takes 30 minutes to 48 hours depending on TTL values. Lower your TTL to 300 seconds before changes for faster propagation. Our tool queries server-side, bypassing your local DNS cache.
Why is my MX record not showing up in DNS lookup?
Common causes: DNS propagation still in progress, MX record added to the wrong zone, a CNAME record exists on the same hostname (CNAME and MX cannot coexist), or the resolver has a stale cache. Use our tool to check DNS records and filter by MX type to diagnose the issue.
What is the difference between A and AAAA DNS records?
An A record maps a domain to an IPv4 address (32-bit, e.g., 192.168.1.1). An AAAA record maps to an IPv6 address (128-bit, e.g., 2001:db8::1). Both serve the same domain-to-IP purpose but for different protocol versions. Modern domains should have both.
How long does DNS propagation take?
DNS propagation takes 5 minutes to 48 hours depending on TTL settings. Major public DNS resolvers (Google 8.8.8.8, Cloudflare 1.1.1.1) typically update within 30 minutes. Lower your TTL to 300 seconds 24 hours before planned changes to minimize propagation delay.
What are CAA records and why do they matter for SSL?
CAA records specify which certificate authorities can issue SSL certificates for your domain. Without them, any CA worldwide can issue a certificate — creating a security vulnerability. Use our DNS lookup online tool to check DNS CAA records for SSL issuance and protect your domain.
How to lookup DNS records for a specific nameserver?
Use command-line tools: dig @8.8.8.8 example.com ANY (Linux/macOS) or nslookup example.com 8.8.8.8 (Windows). This queries Google's resolver directly. Our DNS checker tool first identifies your NS records, then you can target specific resolvers via CLI for propagation comparison.
What DNS records do I need for Shopify or Microsoft 365?
Shopify: A record → 23.227.38.65, CNAME (www) → shops.myshopify.com. Microsoft 365: MX → your-domain.mail.protection.outlook.com, SPF TXT record, autodiscover CNAME, and verification TXT record. Use our tool to verify all records after configuration.
Related DNS & Network Tools
Complete your domain and network audit with our free toolkit.
Query Any Domain's DNS Records Instantly
Free DNS Checker Tool — No Signup Required
Our DNS lookup online tool fetches A, AAAA, MX, CNAME, TXT, NS, SOA, PTR, and CAA records with DNS resolution time and TTL analysis. Troubleshoot DNS propagation, verify email security records, and audit your complete domain infrastructure.