DNS Trace Analyzer

#	Zone	Nameservers / IP	Copy
{{ idx + 1 }}	{{ s.zone \|\| 'root (.)' }}	{{ s.ns }}

Domain names resolve through a chain of authoritative servers that delegate responsibility from the root to your zone. Seeing the DNS delegation path for a domain helps explain where answers come from and why records may differ across resolvers.

Delegation tracing reveals each zone and its nameservers, then shows the final addresses that a hostname returns. You provide one domain and the analyzer builds the step by step picture so you can compare what should happen with what you observe.

Results are practical when diagnosing missing glue, spotting loops, or confirming a recent change. For example, entering a hostname after moving nameservers should show the new delegation and the expected addresses so you know propagation has taken effect.

Use consistent inputs and repeat a check if you change options. Treat a valid structure as a necessary condition only, since an address that resolves can still be unreachable due to unrelated issues like firewalls or application errors.

Choose this trace when you need the delegation story rather than a single record lookup. A simple habit is to include IPv6 lookups when you expect dual stack service so the address view stays complete.

Technical Details:

The analysis observes the Domain Name System delegation chain and the address answers for a single hostname. It inspects nameserver sets at each zone cut and collects Internet Protocol version 4 and, when enabled, Internet Protocol version 6 addresses. The snapshot reflects the moment of the query.

Computation proceeds by deriving all suffix zones of the hostname, querying nameserver records at each zone, and optionally resolving addresses for those nameservers. If the hostname is an alias, the tool can follow the canonical name chain before asking for addresses on the terminal name. This transformation clarifies where delegation hands off and where address records live.

Results consist of an ordered list of zones with their nameservers and a final line with the collected addresses. Near a transition, brief differences may appear due to caching or negative answers. Comparing runs with the same resolver setting makes changes easier to spot.

Scope and comparability depend on the chosen DNS service. The delegation story is resolver specific and timing sensitive, so caches and upstream policies can influence intermediate answers. The output is a point in time view rather than an authoritative audit.

Processing pipeline

Normalize the first non empty input line and extract the hostname without a trailing dot.
Reject inputs that are not domain like based on label length and allowed characters.
Build the zone list from the root to the full hostname using suffixes.
For each zone, request the nameserver set and record it for the trace.
Optionally, resolve addresses for each nameserver and display them alongside.
Optionally, if the hostname is an alias, follow the canonical chain up to 10 hops.
Request version 4 addresses for the terminal name and, if enabled, version 6.
Summarize addresses at the end of the trace or note when none are present.

Symbols & units

Symbols and meanings
Symbol	Meaning	Unit/Datatype	Source
`host`	Input hostname without trailing dot	string	Input
`zones`	Ordered suffix zones from root to `host`	string[]	Derived
`NS(z)`	Nameserver set for zone `z`	string[]	Derived
`CNAME`	Alias mapping for a name when present	string	Derived
`A(name)`	IPv4 address answers for `name`	IPv4[]	Derived
`AAAA(name)`	IPv6 address answers for `name`	IPv6[]	Derived

Worked example

Example inputs and structure are illustrative. Actual answers depend on your resolver and current zone data.

\begin{matrix} host & = & example.com \\ zones & = & {⋅ (root), com, example.com} \\ NS (\cdot) & \to & root nameserver set \\ NS (com) & \to & com nameserver set \\ NS (example.com) & \to & authoritative nameserver set \\ A (example.com) & \to & [v4 addresses] \\ AAAA (example.com) & \to & [v6 addresses, if requested] \end{matrix}

Interpretation: the zone list shows delegation from the root to the hostname, and the final address lines reveal what clients will receive using the same resolver setting.

Variables & parameters

Parameters and effects
Parameter	Meaning	Unit/Datatype	Typical Range	Sensitivity	Notes
Resolver	DNS service used for all lookups	enumeration	Cloudflare, Google, Quad9	High	Controls all answers returned.
Resolve IPv6	Include AAAA lookups	boolean	Off or On	Medium	Off by default.
Show NS IPs	Resolve addresses for each nameserver	boolean	Off or On	Low	Adds context to delegation.
Follow CNAME	Walk alias chain before address lookup	boolean	Off or On	Medium	Up to 10 hops.

Validation & bounds

Input validation rules
Field	Type	Min	Max	Step/Pattern	Error Text	Placeholder
Domain	string	2 labels	253 chars	`^[a-z0-9.-]+$` with label length 1–63, no leading or trailing hyphen, no consecutive dots	Enter a valid domain.	example.com

I/O formats

Inputs and outputs
Input	Accepted Families	Output	Encoding/Precision	Rounding
Hostname text	Plain ASCII domain, optional trailing dot removed	Trace table	UTF‑8 text	Not applicable
—	—	JSON export	Pretty printed with two‑space indent	Not applicable
—	—	CSV export	Comma separated values	Not applicable

Networking & storage

All lookups are issued from the browser to the selected DNS‑over‑HTTPS resolver endpoint.
Resolver options include Cloudflare, Google, and Quad9 endpoints labeled “dns‑query”.
No persistent browser storage is used by the trace itself; clipboard and file downloads are explicit actions.

Performance & complexity

Zone tracing is linear in the number of labels.
Nameserver address display adds at most one address query per nameserver and record family.
Canonical chain following is bounded to 10 hops.

Diagnostics & determinism

Identical inputs with the same resolver normally yield identical structures subject to caching.
Feedback cues indicate copied rows, JSON, and CSV actions.

Security considerations

Inputs are normalized to a hostname and filtered to a conservative character set.
Answers come from the chosen resolver; trust and logging policies are resolver specific.
No secrets are handled; do not paste sensitive tokens where a domain is expected.

Assumptions & limitations

Heads‑up Only the first non empty line is used; extra lines are ignored with a notice.
Unicode domain names must be provided in ASCII form.
Only HTTP and mailto prefixes are stripped when extracting a hostname.
Alias following is optional and limited in length.
IPv6 lookups are optional and off by default.
Delegation does not guarantee reachability or service health.
Resolver caches may briefly mask recent changes.
Zones without nameservers will appear with an empty set indicator.

Edge cases & error sources

Inputs longer than 253 characters are rejected.
Labels longer than 63 characters are rejected.
Consecutive dots or leading or trailing hyphens invalidate input.
Uppercase input is lowered; mixed case has no effect on answers.
Trailing dot is removed before validation and lookup.
Non HTTP schemes in URLs are not stripped and may fail validation.
No address records produce a clear end message rather than empty output.
Resolver timeouts or network errors surface as a trace failure.
Alias loops are stopped by the hop limit.
Nameserver address resolution can fail independently of delegation queries.

Privacy & compliance

Queries are issued from the browser to the selected DNS service. No application account, upload, or persistent storage is required for tracing.

Step‑by‑Step Guide

DNS delegation and address resolution for one hostname produce a readable trace of zones, nameservers, and final addresses.

Enter a single domain in the input field host.
(Optional) Choose a resolver and whether to include IPv6 lookups.
(Optional) Enable nameserver address display and alias following as needed.
Run the trace and review zones from the root to your hostname.
Copy a row, copy the JSON, or download CSV for sharing.

If you paste multiple lines, only the first non empty line is used.

Example: Input example.com, enable IPv6, and follow aliases to compare address families on the final line.

Tip: keep resolver settings fixed when comparing changes over time.

FAQ

Is my data stored?

No account or server storage is used by this trace. Lookups are sent from your browser to the DNS service you select, and downloads occur locally.

Resolver providers may keep their own logs.

How accurate is the trace?

It reflects what the chosen resolver returns at the time you query. Caches, negative responses, and policy can affect intermediate steps briefly.

What formats are supported?

Input is a hostname in plain ASCII. Output appears as a trace table and can be copied as JSON or downloaded as CSV.

Can I use it offline?

No. It must contact a DNS service to fetch delegation data and addresses.

Does it cost anything?

There is no sign‑in or payment step. Normal network usage applies with your chosen DNS service.

How do I trace a CNAME target?

Enable alias following, run the trace, and read the inserted lines that show each hop from the alias to the terminal name before address resolution.

What does a borderline result mean?

A borderline case is when delegation is present but addresses are missing or stale. Check resolver choice, cache timing, and authoritative zone content.

Troubleshooting

“Enter a valid domain” appears: check labels, remove spaces, and ensure at least two labels.
No nameservers listed for a zone: verify the parent zone publishes delegation.
No addresses on the final line: confirm records exist at the terminal name.
Alias chain looks short: a hop limit stops loops and very long chains.
Nameserver IPs missing: enable the nameserver address option or try again later.
Different results across runs: keep the resolver setting fixed to compare.

If every step is empty or fails, switch resolver and run the trace again to isolate upstream outages.

Advanced Tips

Tip Compare traces before and after a nameserver change to confirm delegation updates.

Tip Include IPv6 when verifying dual stack content delivery.

Tip Use nameserver IP display to spot mismatches between delegation and actual hosting endpoints.

Tip Rerun after a few minutes when caches may delay new answers.

Tip Read the final line closely when a CNAME target differs from the zone apex.

Tip Copy the JSON payload to attach a reproducible trace to change tickets.

Glossary

Zone: A portion of the namespace served by a nameserver set.
Delegation: The parent pointing to child nameservers for authority.
Authoritative nameserver: A server that answers for its configured zone data.
A record: An address record that returns IPv4 addresses.
AAAA record: An address record that returns IPv6 addresses.
Canonical name: An alias that points one name to another name.
Resolver: A service that receives queries and returns DNS answers.
Root zone: The top of the DNS hierarchy, represented by a dot.

DNS Trace Analyzer

{{ domain || '—' }}

Introduction:

Technical Details:

Processing pipeline

Symbols & units

Worked example

Variables & parameters

Validation & bounds

I/O formats

Networking & storage

Performance & complexity

Diagnostics & determinism

Security considerations

Assumptions & limitations

Edge cases & error sources

Privacy & compliance

Step‑by‑Step Guide

FAQ

Troubleshooting

Advanced Tips

Glossary