Network Tools

DNS Lookup

Query any domain's DNS records in real time — A, AAAA, MX, TXT, NS, CNAME, SOA and more. Powered by Google's public DNS-over-HTTPS resolver — no server needed.

DNS record query
Powered by Google DNS-over-HTTPS (dns.google) · 100% client-side · No data stored
Queries sent via DoH  ·  No data stored  ·  Try: gmail.com  ·  github.com  ·  cloudflare.com
Enter a domain to begin
Type any domain above and click Look up DNS. Try these:

Scored using our published, open-source methodology. View methodology

A
Maps domain to IPv4
Points your domain to a specific IPv4 address. This is the most queried record type — used every time someone visits your site or sends you email.
AAAA
Maps domain to IPv6
Same as A but for IPv6 addresses. Required if your server supports IPv6 and you want modern devices to connect using the newer protocol.
MX
Email routing
Tells mail servers where to deliver email for your domain. The priority number determines the order tried — the lowest number is contacted first.
TXT
Verification & SPF/DMARC
Stores arbitrary text used for domain ownership verification, SPF (email sender policy), DMARC (anti-spoofing policy), and DKIM public keys.
NS
Nameserver delegation
Specifies which DNS servers are authoritative for your domain. Changing these moves all DNS control to a new provider. Takes up to 48 hours to propagate.
CNAME
Alias to another domain
Creates an alias pointing one name to another — e.g. www → yoursite.com. Cannot be used at the root domain (apex). Use A records there instead.
How a DNS query resolves in 5 steps
You type a domain
Your browser checks its local cache first. If found and TTL hasn't expired, the cached IP is used immediately without any network query.
Recursive resolver
Your ISP's resolver (or 8.8.8.8) receives the query and begins fetching the answer by walking the DNS hierarchy from the top down.
Root nameserver
The resolver asks one of 13 root server clusters which TLD server handles .com, .org, .in etc. — the top of the DNS tree.
Authoritative server
The TLD server delegates to the domain's own authoritative nameserver, which holds the actual final answer — the record you asked for.
IP returned & cached
The record is returned to your browser and cached for the TTL duration. The full resolution process typically takes under 50ms.
Records not propagating
DNS changes can take up to 48 hours to propagate globally due to TTL caching. Lower your TTL to 300s before making changes to speed this up significantly.
NXDOMAIN — domain not found
The domain does not exist in DNS. Either it was never registered, has expired, or was recently deleted. Check the registrar dashboard for status.
Email not delivering
Missing or misconfigured MX records cause email delivery failures. Check your MX, SPF TXT, and DMARC TXT records are all correctly configured.
DNSSEC validation failed
DNSSEC signatures are invalid or missing. This may indicate a misconfiguration at the registrar or an attempt to tamper with DNS responses.

See all VPN reviews

A VPN can fix your IP exposure and WebRTC leaks. These are independently reviewed — we earn a commission if you buy, at no extra cost to you.

Best value Best value
ProtonVPN
Open source · Secure Core servers · No-logs audited
4.5 · 9.2k reviews
No logs 10 devices Kill switch
Budget pick Budget pick
Surfshark
Unlimited devices · CleanWeb ad blocker · 3200+ servers
4.3 · 6.1k reviews
Unlimited devices Ad blocker No logs

Affiliate disclosure: PrivacyTestLab earns a small commission from purchases made through our links. This never affects our test results or scores. Learn more