Waiting
Enter a domain and run a lookup to see results.
DNS Lookup - Check All DNS Records for Any Domain
Domain Input
DNS Lookup & Security Diagnostics
Query A, AAAA, MX, TXT, NS, SOA, and CAA records for any domain. Beyond raw records, this tool checks DNSSEC status, validates SPF/DMARC syntax, and identifies misconfigurations. Results include a severity-rated diagnostic with root cause analysis — not just a record dump.
How It Works
DNS queries are sent to Cloudflare DoH (DNS-over-HTTPS) and cross-verified against the domain's authoritative nameservers. The interpret layer analyzes each record type for known issues — missing SPF, permissive DMARC, DNSSEC absence, and more. Each finding is tagged with severity and confidence level.
FAQ
What DNS records should every domain have?
At minimum: A or AAAA (points to your server), NS (nameservers), and SOA (zone authority). For email: MX (mail server), SPF (authorized senders via TXT), and DMARC (policy via TXT). DNSSEC is recommended for tamper-proofing.
Why do my DNS changes take time to appear?
DNS records are cached by resolvers worldwide according to the TTL (Time To Live) value. After a change, old cached values must expire before resolvers fetch the new record. Lower TTL = faster propagation but more DNS queries. Use our Propagation tool to check real-time status across global resolvers.
What does DNSSEC do?
DNSSEC adds cryptographic signatures to DNS records, allowing resolvers to verify that the response hasn't been tampered with. Without DNSSEC, attackers can poison DNS caches and redirect traffic. This tool checks the AD (Authenticated Data) flag to confirm DNSSEC validation.
Records
—
Email Security
—
Propagation Status
—
JSON
—
Tool Features
[Ad] DNS Detail Inline
DNS Management Service
Advanced DNS management with fast propagation.
Coming SoonRelated Guides
Pro DNS change monitoring + Diff storage — monitoring feature coming soon.