| Type | Name | TTL | Data | Copy |
|---|---|---|---|---|
| {{ r.type }} | {{ r.name }} | {{ r.ttl }} | {{ r.data }} | |
| No records. | ||||
| Field | Value | Copy |
|---|---|---|
| {{ row.k }} | {{ row.vs.join('; ') }} | |
| No fields available. | ||
Domain Name System records describe how a name points to addresses, mail servers, and other services. Reading them shows where traffic is directed and why a host behaves a certain way.
Enter one domain or an internet address, choose what you want to inspect, and review the answers in a tidy table. A quick domain record lookup for email deliverability and basic routing checks can spotlight configuration gaps early.
You provide a single line and the tool reads only the first non blank line so you can paste from logs or tickets without cleanup. Optional checks reveal whether mail policy entries exist and what action a receiver would see.
Results reflect the resolver you select and the moment you query, so very recent changes may take time to appear. For consistent comparisons, test the same name with the same settings.
The Domain Name System (DNS) maps hostnames to resource records (RRs). This utility retrieves the contents of selected RR types and surfaces what matters for day‑to‑day troubleshooting: each record’s time to live, the data string, counts by type, whether any response carried the DNSSEC Authenticated Data (AD) flag, and whether common mail policy entries are published (DMARC policy and a DKIM selector check).
The computation is straightforward: queries are issued for the chosen types, answers are normalized by trimming trailing dots, then simple aggregates are derived — counts for A, AAAA, MX, NS, TXT, SOA, CAA, SRV, and PTR, a total record count, and a first CNAME target if present. Mail policy checks look for a DMARC tag set to v=DMARC1 and a policy of none, quarantine, or reject, and for a DKIM TXT that declares v=DKIM1.
Interpretation notes: the AD indicator reflects what the resolver asserts after validation; it is not a signature itself. DMARC shows only whether a policy exists and which action is stated; it does not evaluate alignment or reporting tags. The DKIM check reports presence by selector, not key strength or rotation.
Comparability and scope: IPv4 addresses are handled directly, and reverse lookups are used for PTR. IPv6 input accepts compressed forms; the zone identifier is ignored during reverse‑name construction. Domain validation is conservative and aims to filter obvious typos rather than enforce every edge of the standard.
ip6.arpa._dmarc.<domain> for a policy and a DKIM selector TXT.example.org with default types. Derived counts might read A 1, AAAA 0, MX 1, NS 2, TXT 1, total 5; AD false; DMARC present with policy none. Treat these numbers as a demonstration only.
| Field | Type | Min | Max | Step/Pattern | Error Text / Placeholder |
|---|---|---|---|---|---|
| Domain or IP | text | — | 253 chars (domain) | Domain labels 1–63, letters digits hyphen, no leading or trailing hyphen; IPv4 dotted decimal; IPv6 compressed accepted | “Enter a domain or IP to query.” • Placeholder “example.com or 8.8.8.8” |
| Record types | text | — | — | Comma or space separated; sanitized to [A‑Z0‑9_-]; default A, AAAA, CNAME, TXT, MX, NS, SOA, CAA, SRV |
Tooltip only |
| Resolver | select | — | — | Google • Cloudflare • Auto (fallback between both) | Tooltip “DNS‑over‑HTTPS provider.” |
| DNSSEC DO bit | switch | off | on | Adds do=1 to request DNSSEC records |
Tooltip “Neutral default: off.” |
| DNSSEC CD bit | switch | off | on | Adds cd=1 to disable checking at resolver |
Tooltip “Neutral default: off.” |
| Timeout | number | 0 | — | Step 50; units ms | Tooltip “0 means no extra timeout.” |
| Check DMARC | switch | off | on | Queries _dmarc.<domain> for policy |
Tooltip notes “none/quarantine/reject”. DKIM selector field appears when enabled. |
| Input | Accepted Families | Output | Encoding/Precision | Rounding |
|---|---|---|---|---|
| Domain or IP | Domains, IPv4, IPv6; URLs are reduced to hostname | Records table and derived fields | Names and data trimmed of trailing dots; TTL as integer | No rounding beyond integer TTL display |
| JSON snapshot | — | Inputs, single result, records, warnings, batch stub | Pretty‑printed; safe to copy | N/A |
Accept: application/dns‑json header; Google uses a JSON endpoint.No data is transmitted or stored server‑side by this app. DNS queries you initiate are sent from your browser to the selected resolver. Avoid pasting sensitive hostnames from private environments.
Behavior aligns with core concepts from the DNS specifications and security extensions, mail authentication policies, and selector records (e.g., the base DNS RRs, DNSSEC validation semantics, DMARC policy tags, and DKIM TXT markers).
Domain records are retrieved and summarized to show where a name points and whether mail policies exist.
Example. Input mail.example; enable DMARC and selector default. Review MX targets, note AD, confirm DMARC policy, and see whether that selector is published.
You now have concrete answers to share or archive.
No. All processing occurs in your browser and requests go directly to the chosen resolver. Nothing is saved on a server.
They reflect what the resolver returns at query time. Caches, TTLs, and propagation windows can make answers differ across networks.
By default A, AAAA, CNAME, TXT, MX, NS, SOA, CAA, and SRV. You can add or remove types using a simple comma or space list.
Yes. Enable the DMARC option to see the published policy and, optionally, test whether a DKIM selector record exists.
No. It must contact a public resolver to retrieve answers.
The resolver returned no records for the requested types. Try different types, confirm the name, or wait for propagation after changes.
Toggle the DMARC option, run the query, and read the policy badge or the Fields view. It will show none, quarantine, or reject when present.
AD means the resolver considers the response validated by DNSSEC. It is a signal from the resolver, not a signature you can verify locally.