Free DNS Lookup Tool

Resolve A, AAAA, MX, NS, CNAME, CAA and TXT records for any domain — instantly, from a hosted resolver.

How Does a DNS Lookup Work?

Three steps, all in your browser.

1

Enter a domain

Type a bare domain like example.com — you can paste a full URL and the tool will strip the protocol and path for you. For a DKIM key, enter the full selector hostname such as selector._domainkey.example.com.

2

We query all seven record types

A single lookup fans out to A, AAAA, MX, NS, CNAME, CAA and TXT over encrypted DNS-over-HTTPS, so you see the full configuration without running seven separate commands.

3

Read grouped results

Each record type is grouped with its value and TTL. Empty types are labelled clearly so you can tell "no record" from "not checked". Need to test reachability next? Try the Ping Tool.

Frequently Asked Questions

What is a DNS lookup, and why would I run one?
A DNS lookup asks the Domain Name System what records a domain publishes — the IP addresses it points to, the mail servers that accept its email, the name servers that are authoritative for it, and more. You run one to verify that a domain is configured correctly, to debug why a site or email is not reaching the right server, to confirm a change has propagated, or simply to see who hosts a domain. This tool queries a hosted DNS-over-HTTPS resolver and shows every common record type in one place.
Which DNS record types does this tool resolve?
It resolves the seven record types most people need: A (IPv4 address), AAAA (IPv6 address), MX (mail exchangers), NS (authoritative name servers), CNAME (canonical alias), CAA (which certificate authorities may issue certificates), and TXT (free-form text records, which is where SPF, DKIM and domain verification strings live). Each type is grouped separately with its value and TTL so you can scan the whole picture at a glance.
What is a CAA record, and why should I check it?
A CAA (Certification Authority Authorization) record lists which certificate authorities are allowed to issue TLS certificates for your domain. If a CA that is not listed tries to issue a certificate, a compliant CA will refuse. Checking your CAA record helps you confirm that only your intended certificate provider can issue certs, which reduces the risk of mis-issuance. A missing CAA record means any public CA may issue, which is the historical default but less restrictive.
How is this different from running dig or nslookup locally?
The output is the same data, but this tool needs no install and runs from a hosted resolver rather than your local one, which is useful when your own network or VPN returns different answers. It queries over DNS-over-HTTPS, so the lookup is encrypted in transit, and it resolves all seven record types in a single click instead of one dig command per type. For scripting and advanced flags, dig is still the right tool; for a fast readable check from any browser, this is quicker.
Can I look up SPF, DKIM, or DMARC records?
Yes — they are all TXT records. SPF and your DMARC policy live at the domain root and at _dmarc respectively, and they appear in the TXT group here. DKIM records live at a selector subdomain such as selector._domainkey.example.com, so to see a DKIM key, enter that full selector hostname rather than the bare domain. Anything published as TXT will show up in the TXT section of the results.
Do I need an account to use this DNS checker?
No. There is no account, no login, and no payment. The tool is free and runs straight from your browser against a hosted resolver, with lookups rate-limited per IP to keep it fast for everyone. Nothing you look up is stored.