TOOLS / DNS LOOKUP
DNS Records Lookup
Query all common DNS record types (A, AAAA, MX, NS, TXT, SOA, CNAME, CAA) via Cloudflare DNS-over-HTTPS.
What it does
DNS records describe how a domain resolves and behaves. Different record types serve different roles: A/AAAA for IP resolution, MX for mail routing, TXT for verification + SPF + DKIM, NS for delegation, CAA for certificate issuance authorization. Our lookup queries all 8 common record types in parallel via Cloudflare DNS-over-HTTPS (encrypted, no local DNS cache interference). Useful when troubleshooting DNS propagation, validating new records, or investigating suspicious domains.
How to use it
- Enter any domain (no http://, no protocol prefix).
- Click "Lookup" — all 8 record types query in parallel.
- Each record type is shown in its own collapsible section with TTL.
- Empty sections mean no records of that type are published (normal for most types).
- CAA records (Certification Authority Authorization) deserve attention — they restrict which CAs can issue certificates for your domain.
Common use cases
DNS propagation verification
After updating a record at your registrar, check that your authoritative response matches the expected value globally (Cloudflare DoH has resolvers in 300+ cities).
Email delivery troubleshooting
Failed mail? Check MX records first, then SPF/DKIM in TXT.
Subdomain takeover prevention
Audit CNAME records pointing to abandoned cloud resources (e.g. example.cdn.aws.amazonaws.com that’s no longer claimed).
Certificate issuance audit
Verify your CAA records permit only the CAs you trust (e.g. only Let’s Encrypt or DigiCert).
Frequently asked questions
What is DNS-over-HTTPS? +
DoH wraps DNS queries in encrypted HTTPS instead of plaintext UDP, so neither your ISP nor man-in-the-middle attackers can see what domains you resolve.
Why no PTR / reverse lookup? +
PTR records are not domain-scoped — they live under in-addr.arpa. Our tool is for forward lookups. Use whois.arin.net or similar for reverse lookup.
What is a CAA record? +
Certification Authority Authorization. Specifies which Certificate Authorities are allowed to issue SSL/TLS certificates for your domain. Without CAA, any CA can issue a cert for you.
How current is the data? +
Live — Cloudflare DoH resolves each query in real-time. No cache on our side.
Why are TXT records sometimes massive? +
TXT is the catch-all record. It hosts SPF (v=spf1), DKIM (v=DKIM1), DMARC (under _dmarc subdomain), domain verification tokens, and any vendor-specific metadata.
Related tools
DMARC / SPF / DKIM Analyzer
Check a domain’s SPF, DMARC, and DKIM posture. Graded A–F. Cloudflare DoH backend.
WHOIS / RDAP Lookup
Modern WHOIS via RDAP. Registration date, registrar, nameservers, plus "newly registered" flag.
Subdomain Finder
Passive enumeration via certificate transparency logs. No port scanning, no DNS brute-force.
Related coverage on Ciphers Security
- Instructure Removed from ShinyHunters' Leak Site as Canvas Breach Deadline Passes
- Costa Rica Joins Have I Been Pwned as the 42nd Government
- LummaC2 Infostealer Targets US Critical Infrastructure: CISA-FBI Advisory AA25-141B and DOJ Domain Seizures
- MacSync Stealer: Hackers Abuse Google Ads and Claude.ai Chats to Push Mac Malware
- JDownloader Site Hacked, Installers Swapped with Python RAT Malware
Free for everyone, no signup required. Tool runs at /tools/dns-lookup/ — bookmark or share.