DNS Lookup

How DNS lookup works

When you type a domain into a browser, your operating system asks a DNS resolver to translate it to an IP address. The resolver — typically provided by your ISP or a public service like Google (8.8.8.8) or Cloudflare (1.1.1.1) — checks its cache. If it has a fresh record within the TTL window, it returns that. Otherwise it walks the DNS hierarchy: first a root name server, then the TLD name server (for .com, .org, etc.), then the authoritative name server for the domain, which holds the actual records.

This tool queries dns.google via DNS-over-HTTPS, bypassing your local resolver entirely. That means results aren't affected by your ISP's caching behaviour, your OS's DNS cache, or local overrides in /etc/hosts. It's the closest thing to "what does the rest of the world currently see for this domain?"

Common DNS record types explained

• A — Maps a hostname to an IPv4 address. The most common type; needed for a domain to have a website.
• AAAA — Maps a hostname to an IPv6 address. Increasingly important as IPv4 exhaustion continues.
• MX — Lists mail servers for the domain with a priority number. Lower priority wins; multiple MX records provide fallback.
• TXT — Free-form text, used for SPF (email sender policy), DKIM keys, domain verification, and DMARC policy.
• NS — The authoritative name servers for the domain. These are set at your registrar and are the "source of truth" for all other records.
• CNAME — An alias pointing one hostname to another. CNAMEs cannot coexist with other record types at the zone apex (bare domain), which is why many CDNs offer "ANAME" or "ALIAS" as workarounds.
• SOA — Administrative metadata for the zone: primary name server, responsible email, serial number, and refresh/retry/expire/minimum timers for secondary name servers.
• CAA — Certificate Authority Authorization. Restricts which CAs may issue TLS certificates for the domain — a useful security control.
• SRV — Service locator records used by protocols like SIP, XMPP, and Microsoft services to discover server addresses and ports.
• PTR — Reverse DNS: maps an IP address back to a hostname. Used mainly by mail servers for spam detection (FCrDNS checks).

Troubleshooting with DNS lookup

DNS lookup is useful any time you need to verify what the world sees for a domain. Common scenarios include:

• Email deliverability — Check MX records to confirm mail is routing to the right server. Check TXT records to verify SPF, DKIM, and DMARC are configured correctly. Misconfigured SPF is one of the most common causes of legitimate email landing in spam.
• Site migration — After pointing DNS to a new server, use this tool to confirm the A or CNAME record has updated. Remember that your local resolver may still be caching the old value — this tool bypasses that.
• Subdomain audit — Check NS records on subdomains to spot delegation you may have forgotten about, or look for dangling CNAMEs pointing to decommissioned services (a common source of subdomain takeover vulnerabilities).
• TLS certificate issues — Check CAA records to see which CAs are permitted to issue certs for a domain. A missing or wrong CAA record can block certificate issuance.

Related tools

• Need to see your own public IP address and connection details? Try What Is My IP — it reads your IP, location, ASN, and TLS version directly from the edge.
• Working with IP address ranges and CIDR notation? The IPv4 Subnet Calculator computes network address, broadcast, host range, and netmask from any CIDR block.

Frequently asked questions

What is a DNS record?

A DNS (Domain Name System) record is an entry in a domain's zone file that maps a human-readable name — like example.com — to a machine-readable value such as an IP address or a mail server. DNS is essentially the internet's phonebook: without it, your browser would have no way of knowing which server to contact when you type a domain into the address bar. Different record types serve different purposes: A records map to IPv4 addresses, MX records point to mail servers, TXT records hold arbitrary text (often used for SPF, DKIM, or domain verification), and so on.

What do A, AAAA, MX, TXT, and NS records mean?

Each record type has a specific job. An A record holds an IPv4 address (e.g. 93.184.216.34) — the most common type, used when browsers connect to a website. AAAA records are the IPv6 equivalent. MX records list the mail servers responsible for receiving email for the domain, along with a priority number (lower = preferred). TXT records store text, most often used for SPF (which servers can send email on your behalf), DKIM public keys, and domain ownership verification tokens for Google Search Console or similar services. NS records name the authoritative name servers for the domain — where all other records are ultimately fetched from. CNAME records are aliases: they point one name to another name rather than directly to an IP. SOA (Start of Authority) records contain administrative information about the zone. CAA records limit which certificate authorities can issue TLS certificates for the domain.

Why don't my just-changed DNS records show up yet?

DNS changes take time to propagate because resolvers around the world cache records for as long as the record's TTL (Time To Live) says they should. If your A record had a TTL of 3600 (one hour), every resolver that cached it before your change will keep serving the old value for up to an hour. Google's resolver (which this tool queries) typically picks up changes quickly, but your ISP's resolver or your OS's DNS cache may lag behind. This is completely normal and not a sign of an error. To speed things up, you can lower the TTL before making a change — many providers recommend dropping to 300 seconds (5 minutes) a day ahead of a migration — then restoring a longer TTL once you're done.

Is this the same as running nslookup or dig?

Functionally, yes — this tool performs the same type of authoritative DNS query that nslookup and dig do from the command line. The key difference is that it queries Google's public DNS-over-HTTPS (DoH) resolver at dns.google rather than your system's configured resolver, so results are consistent regardless of your location or ISP. dig gives you a bit more low-level detail (like the full authority section, query flags, and timing), but for checking whether a record exists and what value it holds, the results are equivalent. dig would be: dig A example.com @8.8.8.8

What does the TTL value mean?

TTL stands for Time To Live and is measured in seconds. It tells DNS resolvers and caches how long they're allowed to cache a record before they must fetch a fresh copy from the authoritative name server. A TTL of 3600 means the record can be cached for up to one hour. A TTL of 86400 means up to one day. Lower TTLs mean changes propagate faster but increase load on name servers (more frequent lookups). Higher TTLs reduce DNS query volume and improve resilience, but make changes slower to roll out. Most records that rarely change — like NS or SOA — use TTLs of 86400 or higher. Records you expect to update, like an A record ahead of a server migration, are often pre-set to 300 (5 minutes) in advance.