DNS Lookup — Query Domain DNS Records
Look up DNS records for any domain using Cloudflare DNS-over-HTTPS. Query A, AAAA, MX, TXT, CNAME, NS, SOA records with SPF and DMARC analysis.
How to Use
Query DNS records for any domain in three steps:
- Enter a domain name — Type or paste a domain like
example.cominto the input field. Subdomains work too — trymail.google.comor_dmarc.example.com. Quick-try buttons are provided for popular domains. - Select a record type — Choose a specific record type (A, AAAA, MX, TXT, CNAME, NS, SOA, SRV, CAA) or select "ALL" to scan all major record types simultaneously. Each type reveals different information about the domain's DNS configuration.
- Review the results — Records are displayed in a structured table showing the record name, data value, and TTL (time to live). TXT records containing SPF or DMARC policies are automatically parsed into human-readable analysis cards showing authorized senders, policy actions, and alignment settings. Copy individual record values or entire record groups with a single click.
Query time is displayed for each lookup. When using "ALL" mode, the total record count across all types is shown in the summary bar. If a domain does not exist, the tool displays the NXDOMAIN status clearly.
About This Tool
How DNS-over-HTTPS Works
Traditional DNS queries travel over unencrypted UDP port 53, making them visible to network operators and vulnerable to interception. DNS-over-HTTPS (DoH) wraps DNS queries inside standard HTTPS requests, encrypting them with TLS. This tool queries Cloudflare's public resolver at cloudflare-dns.com/dns-query using the application/dns-json content type, which returns structured JSON responses that the browser can parse directly.
Your browser sends HTTPS requests directly to Cloudflare's resolver — no server proxy is involved. This means queries are protected by TLS encryption in transit, and Cloudflare's privacy policy for 1.1.1.1 states that client IP addresses are not logged and query data is purged within 24 hours.
DNS Record Types Explained
A records map a domain to an IPv4 address (e.g., 93.184.216.34). AAAA records serve the same purpose for IPv6 addresses. CNAME records create aliases — when you see www.example.com CNAME example.com, it means the www subdomain redirects to the apex domain's IP. MX records specify which mail servers handle email for the domain, with priority values indicating failover order (lower numbers are tried first).
TXT records store arbitrary text data and are widely used for email authentication (SPF, DKIM, DMARC), domain verification (Google, Microsoft, Cloudflare), and other machine-readable metadata. NS records identify the authoritative nameservers for the domain. SOA records contain administrative information including the primary nameserver, contact email, serial number, and refresh/retry/expire timers. CAA records specify which Certificate Authorities are permitted to issue SSL certificates for the domain.
Email Security Analysis
When TXT records are returned, the tool automatically detects and parses SPF (Sender Policy Framework) and DMARC (Domain-based Message Authentication, Reporting & Conformance) records. The SPF analysis shows which IP addresses and domains are authorized to send email on behalf of the domain, along with the default policy (-all for hard fail, ~all for soft fail). The DMARC analysis displays the enforcement policy, alignment modes for DKIM and SPF, reporting addresses, and the percentage of messages to which the policy applies.
Understanding TTL Values
TTL (Time to Live) indicates how long a DNS record is cached by resolvers and clients before they must re-query the authoritative server. Values are in seconds: 300s means 5 minutes, 3600s means 1 hour, 86400s means 1 day. This tool displays TTL values in human-readable format (e.g., "5m", "1h", "1d"). Low TTL values are used during DNS migrations to ensure changes propagate quickly, while high TTL values reduce DNS query load for stable records. For tools that check specific network configurations, see also Subnet Calculator and MAC Address Lookup.
Why Use This Tool
Troubleshoot DNS Issues
DNS misconfigurations are one of the most common causes of website and email outages. When a site won't load, the first step is to verify that A/AAAA records point to the correct server IPs. When emails bounce, check MX records for the correct mail server priority chain. When SSL certificates fail to issue, check CAA records to confirm the Certificate Authority is authorized. This tool provides instant visibility into all of these without installing dig or nslookup.
Common Use Cases
- Website migration: Verify that A/AAAA and CNAME records are updated after migrating to a new hosting provider. Compare TTL values to estimate propagation time before cutting over.
- Email deliverability: Audit SPF, DKIM, and DMARC records to ensure email authentication is correctly configured. Missing or misconfigured records are the primary cause of emails landing in spam folders.
- SSL certificate issuance: Check CAA records before requesting a certificate from a new CA. If the CA is not listed in CAA, the issuance will fail per RFC 8659.
- Domain verification: Many services (Google Workspace, Microsoft 365, Cloudflare) require adding a TXT record for domain ownership verification. Use this tool to confirm the record is published and visible.
- Security auditing: Identify domains using weak or missing email authentication, exposed nameserver configurations, or unauthorized mail servers. The SPF and DMARC analysis cards make this assessment immediate.
- DNS propagation checking: After making DNS changes, query the domain to see if Cloudflare's resolver has picked up the new records. Compare with expected values to confirm propagation.
No Installation Required
Command-line DNS tools like dig, nslookup, and host require terminal access and are not available on many managed or mobile devices. This tool runs entirely in the browser and works on desktop, tablet, and mobile. DNS queries go directly from your browser to Cloudflare's resolver — no proxy server, no data retention, no account required. Related network tools include Subnet Calculator, IPv4 Converter, and MAC Address Lookup.