DNS Lookup Tool: How to Query DNS Records for Any Domain
Look up DNS records including A, AAAA, CNAME, MX, NS, TXT, and SOA. Diagnose DNS issues and verify domain configuration.
What is DNS?
The Domain Name System (DNS) is the phonebook of the internet. When you type example.com into your browser, DNS translates that human-readable name into a machine-readable IP address like 93.184.216.34.
Without DNS, you'd need to memorize IP addresses for every website you visit. DNS works silently in the background, typically in milliseconds.
Why Perform a DNS Lookup?
DNS lookups help you:
Types of DNS Records
A Record (Address)
Maps a domain to an IPv4 address:
example.com → 93.184.216.34This is the most fundamental record type. Every website needs at least one A record.
AAAA Record (IPv6 Address)
Same as A record, but for IPv6 addresses:
example.com → 2606:2800:220:1:248:1893:25c8:1946CNAME Record (Canonical Name)
Aliases one domain to another:
www.example.com → example.comThe alias domain inherits all DNS settings from the target.
MX Record (Mail Exchange)
Specifies mail servers for the domain:
| Priority | Mail Server |
|---|---|
| 10 | mail.example.com |
| 20 | backup-mail.example.com |
Lower priority numbers are tried first.
NS Record (Name Server)
Identifies authoritative DNS servers:
example.com → ns1.example.com, ns2.example.comTXT Record (Text)
Stores arbitrary text data, commonly used for:
SOA Record (Start of Authority)
Contains administrative information:
| Field | Meaning |
|---|---|
| MNAME | Primary name server |
| RNAME | Admin email address |
| Serial | Version number (increment for changes) |
| Refresh | How often to check for updates |
| Retry | How long to wait after a failed refresh |
| Expire | When to stop using the zone if no updates |
| Minimum TTL | Default cache duration |
How to Perform a DNS Lookup
Using ToolboxPro
Visit our DNS Lookup Tool.
Step 1: Enter a domain
example.com
google.com
github.comStep 2: Select record type (optional)
By default, the tool returns all common record types. You can filter to see only:
Step 3: Click Lookup
Results appear in a structured table within 1-2 seconds.
Step 4: Analyze results
Each record shows:
Understanding TTL (Time To Live)
TTL tells DNS resolvers how long to cache a record before checking for updates.
| TTL Value | Cache Duration | Use Case |
|---|---|---|
| 300 (5 min) | Short | Migration/testing, change frequently |
| 3600 (1 hour) | Medium | Standard production |
| 86400 (24 hours) | Long | Stable records, rarely change |
| 604800 (7 days) | Very long | SOA records, NS records |
Lower TTL before planned changes. If you're migrating servers, reduce TTL to 300 seconds at least 24 hours before the change. This ensures the old records expire quickly when you switch.
Common DNS Issues
Propagation Delay
After changing DNS records, it takes time to propagate worldwide. Factors:
Typical propagation: 1-48 hours. Using our lookup tool from different locations helps confirm propagation.
Missing Records
Common mistakes:
| Symptom | Likely Cause |
|---|---|
| Website not loading | Missing or wrong A/AAAA record |
| Email not delivering | Missing or incorrect MX records |
| Emails marked as spam | Missing SPF/DKIM/DMARC TXT records |
| Subdomain not working | Missing CNAME record |
DNS Resolution Failure
If a lookup returns no results:
1. Check that the domain is registered and active
2. Verify nameservers are correct and responding
3. Confirm the specific record exists
4. Check for DNSSEC validation issues
DNS and Security
DNSSEC
DNS Security Extensions add cryptographic signatures to DNS records, preventing DNS spoofing and cache poisoning. Our tool shows whether a domain has DNSSEC enabled.
SPF, DKIM, and DMARC
These three TXT records protect your domain from email spoofing:
| Record | Purpose |
|---|---|
| SPF | Lists authorized mail servers |
| DKIM | Provides cryptographic verification |
| DMARC | Tells receivers how to handle unauthenticated email |
Example SPF record:
v=spf1 include:_spf.google.com ~allThis says: "Only Google's servers can send email for this domain. Others should be marked as suspicious (~all)."
FAQ
What's the difference between public DNS and authoritative DNS? Public DNS resolvers (like Google 8.8.8.8) answer queries from users. Authoritative DNS servers hold the actual zone records. Our tool queries authoritative servers for the most accurate results.
Can I look up DNS for internal/private domains? No — private DNS zones that aren't published to public DNS servers won't be visible. Use local command-line tools (nslookup, dig) for internal DNS.
How long does DNS propagation take? Typically 1-48 hours, but modern CDNs and global DNS providers often complete propagation in minutes. Lower TTL values speed up future changes.
Why do I see different results from different locations? Cached records at various DNS resolvers. Some resolvers may still have the old TTL cached. Wait for propagation or use a tool that queries authoritative servers directly.
Does DNS lookup work for internationalized domain names (IDN)? Yes — the tool automatically converts IDN characters (like 中国) to Punycode format before querying.
Try it yourself with our free online tool:
Try DNS Lookup Tool: How to Query DNS Records for Any Domain →