DNS Lookup - Test DNS Configuration with Online Query

◈ DNS Lookup

Ready

⬡ DNS Records

◉ About DNS

Reference

What is DNS?

The Domain Name System (DNS) is the phonebook of the Internet. It translates human-readable domain names (like example.com) into IP addresses that computers use to identify each other on the network. Without DNS, you'd need to remember numerical addresses for every website.

Common DNS Record Types

A - Maps domain to IPv4 address
AAAA - Maps domain to IPv6 address
MX - Mail exchange servers (with priority)
NS - Nameservers authoritative for the domain
TXT - Text records (SPF, DKIM, verification)
CNAME - Canonical name (alias to another domain)
SOA - Start of Authority (zone information)
PTR - Reverse DNS (IP to hostname)

Command Line Tools

Query DNS records from your terminal:

dig example.com ANY
dig example.com MX +short
nslookup example.com
host -a example.com

13

Root Servers

~370M

Registered Domains

1983

DNS Invented

How DNS Resolution Works

When you type a URL into your browser, a complex chain of queries begins. Your device first checks its local cache, then queries your configured DNS resolver (often your ISP's or a public resolver like 8.8.8.8 or 1.1.1.1).

If the resolver doesn't have the answer cached, it starts a recursive lookup: first querying a root server, then the TLD (top-level domain) server for .com/.org/etc., and finally the authoritative nameserver for the specific domain.

This entire process typically completes in under 100 milliseconds, and the result is cached at multiple levels to speed up future requests. TTL (Time-To-Live) values control how long each record stays cached.

DNS Security Considerations

DNSSEC: DNS Security Extensions add cryptographic signatures to DNS records, allowing resolvers to verify that responses haven't been tampered with. This prevents attackers from redirecting traffic to malicious servers.

DNS over HTTPS (DoH): Encrypts DNS queries to prevent eavesdropping and manipulation by parties between you and the resolver. Major browsers now support DoH.

DNS over TLS (DoT): Similar to DoH but uses a dedicated port (853) for encrypted DNS traffic, making it easier for network administrators to identify DNS traffic while maintaining privacy.

Email-Related DNS Records

MX Records: Mail Exchange records specify which servers handle email for a domain, with priority values determining fallback order. Lower priority numbers indicate preferred servers.

SPF (TXT Record): Sender Policy Framework lists which servers are authorized to send email for your domain, helping prevent email spoofing.

DKIM: DomainKeys Identified Mail uses public key cryptography to sign outgoing emails. The public key is published as a TXT record for recipients to verify signatures.

DMARC: Domain-based Message Authentication builds on SPF and DKIM, specifying how receivers should handle authentication failures.

Practical DNS Lookup Uses

Troubleshooting Email: When email isn't working, checking MX records often reveals misconfigured mail servers or expired domains.

Verifying Domain Ownership: Many services require adding a specific TXT record to prove you control a domain before enabling features.

Finding CDN or Hosting: A records and CNAME records reveal which infrastructure serves a website—useful for identifying hosting providers or CDN services.

Investigating Phishing: Comparing DNS records of suspicious domains with legitimate ones can reveal fraudulent sites mimicking trusted brands.