DNS Lookup
DNS record lookup using DNS-over-HTTPS via Cloudflare 1.1.1.1. Queries 7 record types in parallel: A, AAAA, MX, TXT, CNAME, NS, SOA. No backend server — queries go directly from your browser to Cloudflare.
DNS Lookup
How the DNS lookup works
Enter a domain
Just the bare domain (example.com) — no https:// prefix, no path. Subdomains work too (www.example.com).
7 record types fetched in parallel
The tool queries A, AAAA, MX, TXT, CNAME, NS, and SOA records simultaneously via Cloudflare\'s public DoH endpoint (1.1.1.1).
Read the results
Each record type appears in its own section with TTL values. Empty sections mean the domain has no records of that type — that\'s often normal (most domains lack CNAME, for example).
Privacy note
The only server contacted is Cloudflare DoH (one.one.one.one). Your domain query is sent there but no other tracking. The tool sends no data to any other server.
DNS lookup — debugging the internet\'s phone book
DNS (Domain Name System) is what translates human-readable domains (recatools.com) into the IP addresses computers actually use. When something on the internet "isn\'t working" — a website unreachable, an email bouncing, a service mysteriously timing out — DNS is usually the first thing to check. This tool surfaces all the common records in one place, so you can diagnose without firing up dig or nslookup.
The 7 record types this tool queries
A: IPv4 address. AAAA: IPv6 address. MX: where to send email (with priority). TXT: arbitrary text — used for SPF, DKIM, DMARC, domain verification (Google/Microsoft/Cloudflare). CNAME: alias to another domain. NS: authoritative nameservers. SOA: start-of-authority — contact info, refresh schedule, serial number.
"\'It\'s always DNS\' is a sysadmin truism — and like most truisms, it\'s true. When a thing breaks unexpectedly, check DNS records before checking anything else."
Why DoH (DNS-over-HTTPS)?
Traditional DNS queries (port 53 UDP) are unencrypted — anyone on your network can see what domains you\'re looking up. DoH tunnels DNS through HTTPS (port 443), making queries indistinguishable from regular web traffic. Cloudflare\'s 1.1.1.1 is the most popular public DoH endpoint — fast, free, and explicitly privacy-respecting (logs anonymised within 24 hours).
Privacy stance
This tool sends one query to Cloudflare\'s DoH endpoint per record type — that\'s 7 queries total. No other server is contacted. Your queried domain is visible to Cloudflare (which is unavoidable — DNS queries by definition reach a resolver), but no other party.
10 facts about DNS
DNS was invented in 1983 (RFC 882-883) — replacing a single HOSTS.TXT file that was getting unmanageable as the ARPANET grew.
The 13 logical root servers (a.root-servers.net through m.root-servers.net) are the top of the DNS hierarchy — actually hundreds of physical servers via anycast.
"It\'s always DNS" is the canonical sysadmin truism — and one of the most-repeated jokes at SRE conferences.
Cloudflare 1.1.1.1 was launched on 1 April 2018 — not a joke. Now serves over 1 trillion DNS queries per day.
DoH (DNS-over-HTTPS) was standardised in 2018 (RFC 8484) — encrypting DNS to defeat network-level eavesdropping.
The TXT record was meant for human-readable notes — but became the dumping ground for SPF, DKIM, DMARC, and dozens of domain-verification systems.
The SOA serial number is conventionally the date the zone was last updated (YYYYMMDDNN format).
DNSSEC (DNS Security Extensions, 2005) signs records to prevent tampering — but adoption remains under 30% of zones globally.
TTL (Time To Live) on a DNS record tells resolvers how long to cache it. Low TTL = fast change propagation but more DNS traffic.
The 2016 Dyn DDoS took down DNS for Twitter, Netflix, Reddit, Spotify, and Airbnb — by attacking a single managed DNS provider.
Frequently asked questions
DNS-over-HTTPS — DNS queries tunneled through HTTPS port 443 instead of unencrypted UDP port 53. Prevents network eavesdroppers from seeing what domains you look up.
Free, fast (typically < 15ms), privacy-respecting (logs anonymised within 24 hours, no selling of data), supports DoH and DoT, and reliable (anycast across 250+ cities).
A = IPv4 address (32-bit). AAAA = IPv6 address (128-bit). Most domains have both nowadays.
TXT was the original "arbitrary text" record type. Email auth (SPF, DKIM, DMARC), domain verification (Google Search Console, Microsoft 365, Cloudflare), and many other systems repurpose TXT records since adding new record types is a slow IETF process.
Either the domain has no records of that type (normal — most domains have no CNAME), or DNS resolution failed (rare with Cloudflare). The "DNS status" code helps distinguish.
Time To Live in seconds — how long resolvers should cache this record. Common values: 300 (5 min) for fast change propagation, 3600 (1 hour) typical, 86400 (1 day) for stable records.
No. This tool queries public DNS only via Cloudflare. Internal/private DNS zones aren't visible to public resolvers.
You're hitting Cloudflare's 1.1.1.1 which is global anycast — should be < 50ms from anywhere. Slowness usually means the domain's authoritative nameservers are slow, not Cloudflare.
No. Queries go directly to Cloudflare from your browser. This tool doesn't see them. Cloudflare logs anonymised within 24 hours.
Same DNS lookups, just in a browser-friendly UI. Power users still use dig for deeper diagnostics. This tool is for quick checks without firing up a terminal.
Related News
You may be interested in these recent stories from our newsroom.
No related news yet for this tool. Our editorial team publishes new pieces every week.
Browse all news →75 more free tools
Calculators, converters, security tools — no signup.