DNS lookup
Look up A, AAAA, MX, TXT, and NS records for any domain.
| Name | Type | TTL | Value |
|---|
Enter a domain and choose a record type. Queries are resolved via Cloudflare's DNS-over-HTTPS service, with Google as a fallback.
About this tool
Domain Name System (DNS) records map human-readable names to the machines and services behind them. This tool lets you query any domain's DNS records — A (IPv4), AAAA (IPv6), MX (mail servers), TXT (verification / SPF), NS (nameservers), CNAME, SOA, and CAA — directly from your browser. Queries go to Cloudflare's DNS-over-HTTPS service, so you see authoritative answers rather than whatever your ISP's resolver has cached. Useful for debugging DNS propagation, checking mail routing, and verifying domain ownership records.
How to use this tool
-
Enter a domain
Type any registered domain — with or without
www.. Subdomains work too (mail.example.com,api.example.com) if you want to query a specific host rather than the apex. -
Pick a record type
A for IPv4 hosts, AAAA for IPv6, MX for mail servers, TXT for verification and SPF/DKIM/DMARC, NS for nameservers, CNAME for aliases, or All to fetch every common type in one query.
-
Read the answer
Each record carries a TTL (time-to-live) in seconds. Short TTLs mean caches refresh fast; long TTLs mean changes take a while to propagate. The TTL is the single most useful number when you're trying to work out why a change hasn't appeared yet.
Frequently asked questions
Why use this instead of `dig` or `nslookup`?
No local install required, and the results come straight from Cloudflare's public resolver rather than whatever your OS has cached. Useful when you're on a phone, on a locked-down work machine, or quickly sharing a DNS result with someone.
Why do I see a different IP here than I got from my ISP's DNS?
DNS is cached at many layers — your router, your ISP, the authoritative server. This tool queries a fresh resolver at Cloudflare, which usually has more up-to-date answers during a propagation window (a change can take minutes to hours to appear everywhere).
Is the domain I look up sent to Cloudflare?
Yes — any DNS resolver needs to receive the query to answer it. Cloudflare's public resolver is privacy-respecting (they state they don't log the querying IP beyond 24 hours for abuse prevention), but the query itself is necessarily sent to them. If that's a concern, run `dig` locally instead.
What's the difference between authoritative and recursive DNS?
Authoritative servers hold the original record for a domain (your registrar's nameservers). Recursive servers (Cloudflare, Google, your ISP) cache answers and forward queries on your behalf. This tool talks to a recursive resolver; the answer is whatever Cloudflare currently has cached.
Why use DoH instead of standard DNS?
DNS-over-HTTPS encrypts the query so your ISP can't see what you're looking up. From the browser's perspective, the request looks like normal HTTPS traffic. Standard DNS is plaintext on port 53.
Troubleshooting
- Why don't my new records show up?
TTL plus propagation. A long TTL on the old record means caches at every layer (your OS, your router, your ISP) hold the old value until it expires. Wait out the original TTL, or query a different resolver to bypass the cached answer.
- Why is the answer different from <code>dig</code>?
diguses your system resolver — usually your ISP's — and returns whatever that resolver has cached. This tool talks to Cloudflare's DoH endpoint directly, so the answer skips the chain of caches between you and the authoritative server. ISP resolvers can also be slower to refresh or actively filter results.- What does an empty answer mean?
Two cases. NXDOMAIN: the domain doesn't exist (or has never existed). NODATA: the domain exists but has no record of the type you asked for — e.g. a domain with no MX records can't receive mail. The tool labels which one you've hit.