Domain Name System (DNS) Trace Analyzer

#	Zone	Nameservers / IP	Copy
{{ idx + 1 }}	{{ s.zone \|\| 'root (.)' }}	{{ s.ns }}

Domain name delegation shows how queries move from the root to a target and which nameservers answer at each step. It helps you check reachability and find slow paths when answers look inconsistent.

You provide one domain and receive a clear list of zones from the root to the full name, the answering nameservers, and the final addresses. Comparing Internet Protocol version 4 and version 6 answers can highlight gaps or missing records.

When the name is an alias the chain of canonical names is displayed so you can see where traffic will land. This makes content delivery setups and redirects easier to verify and easier to explain to others.

Supply a single domain only. Extra lines are ignored with a short notice. A valid looking pattern does not prove that a service is reachable or active, so confirm with a live test when in doubt.

For consistent results rerun the same check with the same resolver and repeat once to rule out transient errors. Small timing differences are normal on cacheable data.

Technical Details:

The Domain Name System (DNS) delegation path is traced by querying nameserver (NS) records for each relevant zone and then resolving address records at the terminal name. Address lookups include IPv4 “A” records and, when enabled, IPv6 “AAAA” records. If a name is an alias, the Canonical Name (CNAME) chain is followed to its terminal target.

The app constructs a zone list from the input host’s successive suffixes plus the root, then queries NS sets for each zone using DNS over HTTPS to a selected public resolver. Optionally, it resolves addresses for each authoritative nameserver to display their IPs. CNAME following is capped at ten hops with loop detection.

Results are presented as an ordered set of hops with zones and their responding nameservers, followed by the terminal name and its addresses. When no address is present, the last row states “No A record” or “No A/AAAA record,” depending on the IPv6 setting. Outcomes reflect the chosen resolver’s view and cache state at the time of the query.

Comparisons are most meaningful when you keep the resolver selection constant. Differences between resolvers may reflect geography, policy, filtering, or timing. This is a snapshot tool and does not model time-to-live or propagation windows.

Processing pipeline

Read the first non‑empty input line and count additional lines.
Extract the hostname from a raw domain or URL‑like string.
Validate label syntax, length, and character set for domain‑likeness.
Build zones: root plus each successive suffix of the hostname.
For each zone, query the NS set via the selected resolver.
Optionally resolve A and AAAA for each nameserver.
If enabled, follow the CNAME chain up to ten hops.
Resolve terminal A and, if enabled, AAAA for the final name.
Assemble hop rows, summary addresses, and the JSON payload.

Worked example. Input: example.com. IPv6 lookups disabled. Nameserver IP display enabled. CNAME following disabled. The trace lists the root, then zones for example.com and com with their NS sets. The last row shows one or more IPv4 addresses. With IPv6 enabled, any available AAAA answers would appear alongside.

Validation and defaults defined by the implementation
Field	Type	Min	Max	Step/Pattern	Error Text / Placeholder
Domain	String	1 char	253 chars	ASCII labels, `[a-z0-9.-]`, ≥ 2 labels, each 1–63, no leading/trailing `-`, no `..`	“Enter a valid domain.” / “example.com”
Resolve IPv6	Boolean	—	—	Default off	Adds AAAA lookups
Show NS IPs	Boolean	—	—	Default off	Resolves A/AAAA for each NS
Follow CNAME	Boolean	—	—	Default off	Up to 10 hops
Resolver	Enum	—	—	Cloudflare, Google, Quad9	DNS over HTTPS endpoints

Input and output structures
Input	Accepted Families	Output	Encoding/Precision	Rounding
Domain / URL‑like text	Domain, `http(s)://`, `mailto:`	Trace table and JSON payload	JSON with 2‑space indentation	Not applicable

Networking & storage behavior

Queries are issued from the browser to the selected DNS over HTTPS resolver.
Resolvers: Cloudflare (https://cloudflare-dns.com/dns-query), Google (https://dns.google/dns-query), Quad9 (https://dns.quad9.net/dns-query).
CSV, JSON, and DOCX are generated client‑side for copying or download.
No server‑side storage is used by this page.

Performance & complexity

Time grows with zone depth, nameserver count, and the “Show NS IPs” option. CNAME following adds up to ten additional lookups.

Diagnostics & determinism

Identical inputs with the same resolver produce the same steps, subject to resolver policy and cache state. A short debounce reduces needless repeats while typing.

Security considerations

Input is sanitized to domain‑likeness before queries are attempted.
Queries reveal the domain names to the chosen resolver. Avoid sensitive targets on untrusted networks.
Only NS, A, AAAA, and CNAME records are handled in this view.

Assumptions & limitations

Heads‑up Internationalized domains are not parsed; only ASCII labels are accepted.
At least two labels are required for a host to be considered domain‑like.
Label length is limited to 63 characters; overall length to 253 characters.
Trailing dots are stripped; consecutive dots are rejected.
Only the first non‑empty input line is used; extras are ignored with a notice.
NS IP resolution is optional and may be slower on large NS sets.
CNAME chains are limited to ten hops with loop detection.
Results reflect resolver perspective and may differ across providers.

Edge cases & error sources

Resolver unreachable or blocked by network policy.
Temporary resolver cache differences producing inconsistent answers.
CNAME loops truncated at the hop limit.
No A record when IPv6 only targets exist.
“No A/AAAA record” when terminal has no matching addresses.
Mixed‑case or whitespace in input before parsing.
URL parsing failures on malformed http(s):// inputs.
Large nameserver lists delaying “Show NS IPs.”
Typing changes mid‑trace cancel and restart the run.
Domains with single label or invalid characters are rejected.

Scientific & standards backing

DNS concepts follow the core specifications for naming and delegation (RFC 1034 and RFC 1035), IPv6 AAAA records (RFC 3596), and DNS over HTTPS behavior (RFC 8484).

Privacy & compliance

Processing occurs in the browser. DNS queries are sent to the selected public resolver. No data is transmitted or stored server‑side beyond those lookups.

How to Use:

Domain delegation tracing and address comparison in five quick steps.

Enter a domain such as example.com.
Pick a resolver to match your investigation.
Optionally enable Resolve IPv6 and Show NS IPs.
Turn on Follow CNAME if aliases are suspected.
Run the trace, then copy JSON or table rows as needed.

Example: With IPv6 enabled, a terminal name may show both A and AAAA answers on the last row, making dual‑stack gaps easy to spot.

Copy a single row to compare specific hops across resolvers.
Download JSON to preserve inputs, warnings, steps, and addresses together.

FAQ:

Is my data stored?

No. Queries are issued from your browser to the chosen resolver, and the page does not store results on a server.

Downloads are created on your device.

How accurate is the trace?

It reflects the resolver’s immediate view. Caches, geography, and policy can change answers. Recheck with the same settings for comparability.

Consider running it twice to smooth transient effects.

What does “No A/AAAA record” mean?

The terminal name had no address of the requested family. Enable IPv6 to include AAAA or verify that the service publishes addresses.

Can I use a full URL?

Yes. The hostname is extracted from http(s):// or mailto: formats before validation and lookups.

Why do results differ across resolvers?

Providers vary in cache, policy, and filtering. If you need alignment with a network, choose the resolver that best reflects that environment.

How do I trace a suspected CNAME loop?

Enable the CNAME option and look for repeated names. The chain is capped at ten hops and will stop when a loop is detected.

What formats can I save?

You can copy or download CSV and JSON, and export a DOCX summary that includes key settings and the trace table.

Does this run offline?

No. It needs network access to query the selected public resolver.

Troubleshooting:

“Enter a valid domain.” — Check for at least two labels and ASCII characters only.
Empty answers — Try a different resolver or rerun to bypass cache timing.
Slow run — Disable “Show NS IPs” to cut extra lookups.
Unexpected terminal — Enable “Follow CNAME” to reveal alias targets.
IPv6 missing — Turn on the IPv6 toggle and rerun.
Copy feedback not shown — Wait briefly; the status resets after confirmation.

If every lookup fails immediately, a firewall or network policy may be blocking DNS over HTTPS to the selected provider.

Advanced Tips:

Tip Keep the resolver fixed when comparing before and after changes.
Tip Turn on nameserver IP display to spot anycast diversity or gaps.
Tip Follow the CNAME chain when fronted by a CDN to confirm the landing host.
Tip Rerun after a change to observe cache coherence across zones.
Tip Copy single rows to compare specific zones across different traces.
Tip Use a URL input to avoid mistakes when the host is embedded in a link.

Glossary:

Delegation: Authority passed from a parent zone to child nameservers.
Nameserver (NS): A host that answers queries for a zone.
A record: An address mapping to an IPv4 host.
AAAA record: An address mapping to an IPv6 host.
CNAME: An alias that points one name to another.
Root zone: The apex of the naming hierarchy, written as a dot.
Zone: A contiguous section of the namespace served by an authority.
Resolver: A service that performs queries on your behalf.

Domain Name System (DNS) Trace Analyzer

{{ domain || '—' }}

Introduction:

Technical Details:

Processing pipeline

Networking & storage behavior

Performance & complexity

Diagnostics & determinism

Security considerations

Assumptions & limitations

Edge cases & error sources

Scientific & standards backing

Privacy & compliance

How to Use:

FAQ:

Troubleshooting:

Advanced Tips:

Glossary: