Free DNS Records Lookup

Query A, AAAA, MX, TXT, CNAME, NS, SOA, CAA, SRV, and PTR records directly from your browser via DNS-over-HTTPS. Pick Cloudflare, Google, or Quad9 as resolver, or compare all three side by side. SPF and DMARC records are auto-detected and validated against common misconfigurations.

How to use

  1. 01Type a domain such as example.com.
  2. 02Pick a resolver (Cloudflare 1.1.1.1, Google 8.8.8.8, or Quad9 9.9.9.9). Or tick "Compare all three" to query each in parallel.
  3. 03Choose which record types to fetch. The defaults (A, AAAA, MX, TXT, NS, CAA) cover most diagnostics.
  4. 04Click "Look up". Results appear with TTLs and resolver round-trip time.
  5. 05If a TXT record contains SPF (v=spf1...) or DMARC (v=DMARC1...) it is parsed and findings are displayed: hard-fail policy, soft-fail policy, missing all mechanism, missing rua, etc.

FAQ

How does this differ from a command-line dig?

It hits the same public resolvers (1.1.1.1, 8.8.8.8, 9.9.9.9) and asks the same questions, but the queries travel over HTTPS to a JSON API endpoint that the browser can call. The results are equivalent to "dig @1.1.1.1 example.com TXT" for that resolver.

Why does this not show DMARC for the apex domain?

DMARC records are published at the subdomain _dmarc.example.com, not at the apex. Query that subdomain directly to see the DMARC record. The tool flags this in the output when no DMARC is found at the apex.

What does "AD=1" mean?

The Authenticated Data flag indicates the resolver validated the response with DNSSEC. AD=1 is reassuring but not proof: it depends on the resolver telling the truth. To verify yourself, check whether the zone has DNSKEY and DS records.

Why do TTLs differ between resolvers?

Each resolver runs its own cache. The TTL it returns is the remaining time on its cached entry, not the original TTL set by the authoritative server. The first query after a cache flush will show the highest TTL.

Can I look up reverse DNS (PTR)?

Yes. For an IP like 8.8.8.8, query the rfc-style reversed name 8.8.8.8.in-addr.arpa with type PTR. For now the tool expects you to construct that name yourself for IP-based lookups.

Will queries work for internal / private zones?

No. The DoH endpoints used here only resolve public DNS. For internal zones use your corporate VPN-connected resolver from a terminal.

More in Network & Security

📜Log Analyzer📡PCAP Analyzer🛰️HTTP Headers Inspector🧮CIDR / Subnet Calculator📧Email Header Analyzer🌊HAR File Analyzer