DNS Record Lookup - Query A, MX, TXT, CNAME & More
No logs stored • Results not cached on our servers
Query A, AAAA, MX, CNAME, TXT, NS, SOA, and CAA records for any domain. Check DNSSEC status, email security score, and TTL values in one lookup.
Free Online DNS Record Checker with Email Security Analysis
Enter a domain above to get started
We'll show you A, AAAA, MX, CNAME, TXT, NS, SOA, and CAA records
Query All 8 DNS Record Types Instantly
DNS Lookup is the internet's phone book query. When you enter a domain, we translate that human-readable name into the technical records computers use—IP addresses, mail servers, nameservers, and security configurations. Our tool queries 8 record types simultaneously using parallel execution, giving you a complete picture in under a second.
What You'll Discover
Can Find
Cannot Find
How to Use This DNS Lookup Tool
Query all DNS records for any domain in seconds
Enter Domain Name
Type the domain you want to check (e.g., google.com). Protocols (https://) and www are automatically cleaned.
Click Lookup
Press the Lookup button or hit Enter. We query all 8 record types simultaneously using parallel execution.
View All Records
See A, AAAA, MX, CNAME, TXT, NS, SOA, and CAA records with counts. Each record shows TTL in human-readable format.
Filter by Record Type
Use the tabbed interface to filter and focus on specific record types. Counts update automatically.
Check DNSSEC & Email Security
Review DNSSEC status (DNSKEY/DS detection) and email security score (A-F grade) based on SPF/DMARC analysis.
Export Results
Download your DNS lookup results as JSON, CSV, or plain text. Share the URL directly—it includes the domain parameter.
Understanding Your DNS Lookup Results
What each record type reveals about a domain
A Record
Maps the domain to one or more IPv4 addresses (e.g., 93.184.216.34). These are the IP addresses where your web server lives. Multiple A records enable load balancing and redundancy.
93.184.216.34
AAAA Record
Maps the domain to IPv6 addresses (e.g., 2606:2800:220:1:248:...). As IPv4 addresses become scarce, AAAA records ensure your domain works on the modern IPv6 internet.
2606:2800:220:1:248:1893:25c8:1946
MX Record
Specifies mail servers for the domain with priority numbers. Lower priority = tried first. Shows which services handle email (Google Workspace, Microsoft 365, etc.).
10 mail.example.com
CNAME Record
Creates an alias pointing to another domain (canonical name). Common for www subdomains pointing to the apex domain, or CDN configurations.
www → example.com
TXT Record
Holds text data for various purposes. We automatically classify TXT records as SPF (email sender policy), DKIM (signing keys), DMARC (handling policy), or domain verification for Google, Microsoft, Facebook, and Apple.
v=spf1 include:_spf.google.com ~all
NS Record
Lists authoritative nameservers for the domain. These servers are the official source of truth for all DNS records. Typically 2-4 servers for redundancy.
ns1.example.com
SOA Record
Start of Authority contains zone administration info: primary nameserver (mname), admin email (rname), serial number (incremented on changes), and timing values for refresh, retry, expire, and minimum TTL.
Serial: 2024011201, Refresh: 86400
CAA Record
Certificate Authority Authorization specifies which CAs can issue SSL/TLS certificates for this domain. Prevents unauthorized certificate issuance—a security best practice.
0 issue "letsencrypt.org"
TTL Value
Time To Live tells DNS resolvers how long to cache this record. We display in human-readable format: 3600 → '1h', 86400 → '1d'. Lower TTL = faster propagation but more DNS queries.
1h 30m
DNSSEC Status
We check for DNSKEY (cryptographic keys) and DS (Delegation Signer) records that indicate DNSSEC is enabled. DNSSEC protects against DNS spoofing and cache poisoning attacks.
DNSKEY Found ✓, DS Found ✓
Email Security Score
Our unique A-F grade based on SPF and DMARC configuration. Points for: SPF exists (+30), strict policy (+10), DMARC exists (+30), reject policy (+30). Higher scores mean better email authentication.
Grade: A (Score: 95/100)
Key Features
All 8 Record Types in Parallel
Query A, AAAA, MX, CNAME, TXT, NS, SOA, and CAA records simultaneously. While competitors require selecting one type at a time, we fetch all 8 in under a second using parallel execution.
Email Security Analysis (A-F Grade)
Unique feature: We parse SPF and DMARC records to calculate a security score from 0-100, displayed as grades A through F. Get specific recommendations to improve email authentication.
DKIM Selector Discovery
We automatically check 25 common DKIM selectors (default, dkim, google, selector1, selector2, etc.) to find your domain's email signing keys. Most competitors require manual selector input.
RBL Blacklist Checking
Mail server IPs are checked against 5 major DNS-based blacklists: Spamhaus ZEN, Spamhaus DBL, Barracuda RBL, SORBS, and SpamCop. Critical for email deliverability troubleshooting.
TXT Record Classification
TXT records are automatically labeled with badges: SPF, DKIM, DMARC, Google verification, Microsoft verification, Facebook, Apple. Instantly identify email authentication records.
MX Provider Detection
We identify 15 email providers from MX record patterns: Google Workspace, Microsoft 365, Zoho, Proofpoint, Mimecast, Barracuda, Cloudflare, Amazon SES, SendGrid, and more.
DNSSEC Detection
We check for DNSKEY and DS records that indicate DNSSEC is enabled. DNSSEC adds cryptographic signatures to prevent DNS spoofing attacks.
Human-Readable TTL
TTL values are displayed in friendly format: 3600 becomes '1h', 86400 becomes '1d', 90061 becomes '1d 1h 1m'. Understand cache duration at a glance.
Tabbed Filtering Interface
Filter results by record type using tabs. Each tab shows the count of records found. Quickly focus on MX records for email issues or TXT for verification troubleshooting.
Export to JSON/CSV/TXT
Download your DNS lookup results in multiple formats. JSON for APIs, CSV for spreadsheets, plain text for documentation and sharing.
When You Need DNS Lookup
DNS Configuration Verification
After making DNS changes at your registrar or hosting provider, verify that records are correctly configured before TTLs expire and changes propagate globally.
Email Deliverability Debugging
Troubleshoot email issues by checking MX records, SPF/DKIM/DMARC configuration, and email security score. Identify misconfigurations causing emails to land in spam.
Security Auditing
Review DNSSEC status for spoofing protection, CAA records for certificate control, and email authentication for phishing prevention. Essential for compliance audits.
Domain Migration
Before and after domain migrations, verify all DNS records transferred correctly to the new DNS provider. Compare record counts and values between old and new configurations.
Competitive Research
Analyze competitors' DNS setups to understand their email providers (Google Workspace vs Microsoft 365), CDN usage, hosting infrastructure, and security posture.
Development & Testing
Verify DNS configurations for staging environments, API domains, and microservices. Check that A records point to correct IPs before deploying changes.
How DNS Lookup Works
Parallel Query Architecture
<p>Our DNS Lookup uses <code>ThreadPoolExecutor</code> with 8 workers to query all record types simultaneously. While a sequential approach would take 1-4 seconds (8 × 0.1-0.5s per query), parallel execution delivers complete results in 100-500ms. The <code>dnspython</code> library handles DNS protocol details with industry-standard reliability.</p>
Email Security Scoring Algorithm
<p>We calculate a 0-100 score converted to A-F grades:</p><ul><li><strong>SPF exists:</strong> +30 points</li><li><strong>SPF strict policy (-all):</strong> +10 points</li><li><strong>SPF soft fail (~all):</strong> +5 points</li><li><strong>SPF permissive (+all):</strong> -10 points (insecure)</li><li><strong>DMARC exists:</strong> +30 points</li><li><strong>DMARC p=reject:</strong> +30 points</li><li><strong>DMARC p=quarantine:</strong> +20 points</li><li><strong>DMARC p=none:</strong> +5 points</li></ul><p>Score 90+ = A, 80-89 = B, 70-79 = C, 60-69 = D, Below 60 = F</p>
DKIM Selector Discovery Method
<p>DKIM public keys are stored at <code>[selector]._domainkey.[domain]</code>. Since selectors are not publicly listed, we check 25 common patterns in parallel: <code>default</code>, <code>dkim</code>, <code>mail</code>, <code>email</code>, <code>k1</code>, <code>s1</code>, <code>s2</code>, <code>google</code>, <code>selector1</code> (Microsoft), <code>selector2</code>, <code>mandrill</code>, and others. This catches most major email providers' selectors automatically.</p>
RBL Blacklist Check Process
<p>We extract IPv4 addresses from MX records and query them against 5 DNS-based blacklists:</p><ul><li><strong>Spamhaus ZEN:</strong> Critical severity (combined SBL+XBL+PBL)</li><li><strong>Spamhaus DBL:</strong> Critical severity (domain-based)</li><li><strong>Barracuda RBL:</strong> High severity</li><li><strong>SORBS:</strong> Medium severity (open relays, spam sources)</li><li><strong>SpamCop:</strong> Medium severity (user-reported)</li></ul><p>Being listed on critical severity lists may severely impact email delivery.</p>
Resolution Method & Caching
<p>We use recursive DNS resolution through the system's default resolver (with 8.8.8.8 fallback). Results are cached for 5 minutes to balance freshness with performance. For propagation verification after DNS changes, use our <a href="/dns-checker/">DNS Checker</a> tool which queries 24 global servers directly.</p>
Technical Specifications
- Record Types
- A, AAAA, MX, CNAME, TXT, NS, SOA, CAA
- Query Method
- Recursive DNS resolution (dnspython)
- Parallelization
- 8 concurrent threads
- DNSSEC Detection
- DNSKEY and DS record check
- Email Authentication
- SPF, DMARC parsing, 25 DKIM selectors
- Blacklist Checks
- 5 RBLs (Spamhaus, Barracuda, SORBS, SpamCop)
- Response Time
- 100-500ms typical
- Cache Duration
- 5 minutes (TTL=300)
- Query Timeout
- 5 seconds per record type
- Rate Limit
- 100 lookups/hour (free)
- Export Formats
- JSON, CSV, Plain Text
- API Access
- REST API, no key required
Frequently Asked Questions
What is a DNS lookup?
A DNS lookup queries the Domain Name System to retrieve records associated with a domain. These records tell computers how to route traffic (A/AAAA), where to send email (MX), which nameservers are authoritative (NS), and security configurations (TXT, CAA). Our tool queries 8 record types simultaneously to give you a complete picture.
What DNS record types does this tool check?
We query 8 record types in parallel: A (IPv4 addresses), AAAA (IPv6 addresses), MX (mail servers with priority), CNAME (aliases), TXT (text records including SPF, DKIM, DMARC), NS (nameservers), SOA (start of authority with serial, refresh, retry, expire), and CAA (certificate authority authorization).
What is TTL in DNS?
TTL (Time To Live) is a value in seconds that tells DNS resolvers how long to cache a record. A TTL of 3600 means 1 hour caching. We display TTL in human-readable format like '1h' or '1d 2h'. Lower TTLs allow faster propagation of changes but increase DNS query traffic.
What is DNSSEC and why does it matter?
DNSSEC (DNS Security Extensions) adds cryptographic signatures to DNS records to prevent spoofing and cache poisoning attacks. When enabled, resolvers can verify responses haven't been tampered with. We detect DNSSEC by checking for DNSKEY (domain's keys) and DS (delegation signer) records.
What are MX records and priority?
MX (Mail Exchange) records specify which servers receive email for a domain. The priority number indicates preference—lower numbers are tried first. If the primary server (priority 10) is unavailable, mail routes to backup servers (priority 20, 30, etc.).
What are TXT records used for?
TXT records hold text data for various purposes: SPF for email sender verification, DKIM public keys for email signing, DMARC policies for email handling, and domain verification for Google, Microsoft, Facebook, and Apple services. We automatically classify and label each TXT record type.
What is the SOA record?
SOA (Start of Authority) contains zone administration information: primary nameserver (mname), admin email (rname), serial number (incremented on changes), refresh interval, retry interval, expire time, and minimum TTL. These values control how secondary nameservers synchronize with the primary.
What are CAA records?
CAA (Certificate Authority Authorization) records specify which certificate authorities are allowed to issue SSL/TLS certificates for a domain. This prevents unauthorized CAs from issuing certificates, protecting against certain types of man-in-the-middle attacks. It's a security best practice to set CAA records.
How is DNS Lookup different from DNS Checker?
DNS Lookup queries your local/recursive DNS resolver to show what records are currently configured. DNS Checker queries 24 global DNS servers to verify if changes have propagated worldwide. Use Lookup to see records; use Checker after making changes to verify global propagation.
What does the email security score mean?
Our unique email security score (A-F grade) analyzes SPF and DMARC records. Points are awarded for: SPF exists (+30), strict SPF policy (+10), DMARC exists (+30), reject/quarantine policy (+20-30). A score of 90+ = A grade. We also provide specific recommendations to improve your score.
What DKIM selectors do you check?
We check 25 common DKIM selectors in parallel: default, dkim, mail, email, k1, s1, s2, google, selector1 (Microsoft), selector2, mandrill, cm, pm, smtp, mx, and others. This covers most major email providers but may miss custom selectors specific to your domain.
What blacklists do you check for mail servers?
We check MX server IPs against 5 DNS-based blacklists: Spamhaus ZEN (critical—combined SBL+XBL+PBL), Spamhaus DBL (critical—domain-based), Barracuda RBL (high severity), SORBS (medium—open relays, spam sources), and SpamCop (medium—user-reported spam). Being listed on Spamhaus may severely impact email delivery.
Query Any Domain's DNS Records Now
Get a complete picture of any domain's DNS configuration with all 8 record types, email security analysis, and export options.
Try Another Lookup