ZenovayTools

DNS Lookup Tool

All-in-one DNS record inspector (A, AAAA, MX, TXT, NS, CNAME, CAA, SOA) using Cloudflare DNS-over-HTTPS. Checks DNSSEC status and CAA certificate authority authorization.

How to Use DNS Lookup Tool

  1. 1Enter a domain name (e.g., example.com).
  2. 2Select which record types to look up or check all at once.
  3. 3See all DNS records with TTLs, DNSSEC status, and CAA policy.
  4. 4Use the results to debug email delivery, verify domain ownership, or audit DNS security.
Zenovay

Track your website performance

Real-time analytics, session replay, heatmaps, and AI insights. 2-minute setup, privacy-first.

Try Zenovay Analytics — Free

Related Tools

JSON Formatter & ValidatorFormat, validate, and beautify JSON data with syntax highlighting and error detection.
JWT DecoderDecode and inspect JWT tokens. View header, payload, and verify signatures.
Base64 Encode/DecodeEncode text to Base64 or decode Base64 back to text. Supports UTF-8 and binary data.
URL Encode/DecodeEncode or decode URL components. Handle special characters, query strings, and full URLs.

Frequently Asked Questions

What DNS record types does this tool check?
It checks 8 record types using Cloudflare DNS-over-HTTPS: A (IPv4 address), AAAA (IPv6), MX (mail servers), TXT (text records — SPF, DKIM, domain verification), NS (nameservers), CNAME (aliases), CAA (certificate authority authorization), and SOA (zone authority info).
What is DNSSEC and why does it matter?
DNSSEC (DNS Security Extensions) adds cryptographic signatures to DNS records, allowing resolvers to verify that DNS responses are authentic and have not been tampered with. Without DNSSEC, attackers on the network path can forge DNS responses (DNS spoofing/cache poisoning), redirecting your domain to malicious servers.
What are CAA records and why should I configure them?
CAA (Certificate Authority Authorization) records specify which Certificate Authorities are allowed to issue SSL certificates for your domain. Without CAA records, any CA in the world can issue a certificate for your domain if they can be tricked or compromised. Setting `0 issue "letsencrypt.org"` (or your preferred CA) prevents unauthorized certificate issuance.
This tool uses Cloudflare DNS — does that affect the results?
This tool queries DNS using Cloudflare's DNS-over-HTTPS resolver (1.1.1.1). Results reflect the authoritative DNS answers as seen from Cloudflare's global anycast network. For propagation checking across multiple geographic locations, use whatsmydns.net. For DNSSEC validation, the "AD" (Authenticated Data) flag in the Cloudflare response indicates DNSSEC is valid.
What do TXT records contain?
TXT records contain arbitrary text data, commonly used for: SPF records (which mail servers can send email on your behalf), DKIM public keys (email signature verification), DMARC policy, Google/Bing/Facebook domain ownership verification, and various SaaS platform verification tokens. They're essentially a "whiteboard" for domain-level configurations.
What does it mean if my MX records point to a third-party mail provider?
If your MX records point to Google Workspace, Microsoft 365, or another hosted email provider, all incoming email is processed by that company's servers. Under GDPR, this makes them a data processor for any personal data contained in emails. You should have a Data Processing Agreement (DPA) in place with your email provider.
What is SOA record and when do I need it?
The SOA (Start of Authority) record contains administrative information about the DNS zone: the primary nameserver, the administrator's email address, and TTL values for zone transfers and negative caching. Every properly configured DNS zone has exactly one SOA record. You typically don't modify it directly — your DNS provider manages it automatically.