FreeNestTools.
Home

DNS Lookup Tool

Query DNS records for any domain � A, AAAA, CNAME, MX, NS, TXT, SOA, SRV, CAA, and PTR records. Get instant results with TTL values and authority status.

All A AAAA CNAME MX NS TXT SOA SRV CAA PTR

Querying DNS records...

Lookup Failed

Unable to retrieve DNS records for this domain. Please check the domain name and try again.

Recent DNS Lookups

No lookups yet. Enter a domain above and click "Lookup".
Advertisement
[ Google AdSense Code Here ]

How to Use the DNS Lookup Tool

1

Enter a Domain

Type any domain name (e.g. google.com, github.com, wikipedia.org) into the input field above. You can also enter a subdomain or hostname.

2

Select Record Type

Choose a DNS record type from the dropdown or click one of the quick-select pills. Select "All Records" to see every DNS record type at once.

3

Review Results

View a clean table of DNS records showing the record type, name, value, and TTL (time to live in seconds). Copy all results with one click or refer to recent lookups from history.

Advertisement
[ Google AdSense Code Here ]

About the DNS Lookup Tool

The FreeNestTools DNS Lookup is a free, browser-based tool that queries the Domain Name System (DNS) to retrieve DNS records for any domain name. Whether you're a web developer debugging DNS configuration, an IT administrator checking DNS propagation, a cybersecurity professional investigating domain infrastructure, or a website owner verifying your DNS setup, this tool provides accurate, real-time results.

DNS (Domain Name System) is often described as the "phonebook of the internet." It translates human-readable domain names (like google.com) into machine-readable IP addresses (like 142.250.80.46). DNS records are the instructions that tell the internet how to handle your domain � which server hosts your website, where your email should be delivered, and which services are authorized to send email on your behalf.

This tool uses Google's DNS-over-HTTPS (DoH) API to perform secure, encrypted DNS queries. This means your DNS lookups are private and cannot be intercepted or modified by third parties. The API returns DNSSEC-authenticated results where available, providing an additional layer of security and trust.

Understanding your DNS records is essential for website management, email delivery troubleshooting, domain migration, security audits, and performance optimization. Common use cases include verifying A record changes before updating live DNS, checking MX records for email server configuration, inspecting TXT records for SPF/DKIM/DMARC email authentication, and monitoring SOA records for DNS zone management.

The supported DNS record types include: A (IPv4 address mapping), AAAA (IPv6 address mapping), CNAME (canonical name/domain alias), MX (mail exchange servers), NS (authoritative nameservers), TXT (text data for verification and security), SOA (start of authority � zone management details), SRV (service-specific records), CAA (certification authority authorization), and PTR (reverse DNS/pointer records).

All queries are processed in real-time using Google's secure DNS resolver (dns.google). We do not store, log, or share the domains you search. There are no registration requirements, no API keys, and no usage limits.

For detailed geolocation and ISP information about any IP address, try the IP Address Lookup tool.

For detailed geolocation and ISP information about any IP address, try the IP Address Lookup tool.

DNS Record Types Explained

DNS records are instructions that live on authoritative DNS servers and provide information about a domain. Here is what each record type does:

A
Address Record
Maps a domain to an IPv4 address (e.g., 142.250.80.46). The most fundamental DNS record type.
AAAA
IPv6 Address Record
Maps a domain to an IPv6 address (e.g., 2607:f8b0:4004:80b::200e). Used for the next-generation internet protocol.
CNAME
Canonical Name
Aliases one domain to another. For example, www.example.com might point to example.com.
MX
Mail Exchange
Specifies mail servers responsible for receiving email on behalf of the domain. Includes priority values.
NS
Nameserver
Identifies the authoritative DNS servers for the domain. Essential for DNS delegation.
TXT
Text Record
Stores arbitrary text data. Commonly used for SPF, DKIM, DMARC email authentication, and domain verification.
SOA
Start of Authority
Contains administrative information about the DNS zone � primary nameserver, admin email, serial number, and timing values.
SRV
Service Record
Specifies the location of specific services like SIP, XMPP, or LDAP. Includes port number and priority.
CAA
CA Authorization
Restricts which Certificate Authorities (CAs) can issue SSL/TLS certificates for the domain. Enhances security.
PTR
Pointer Record
Used for reverse DNS lookups � maps an IP address back to a domain name. Often used for email server verification.

Frequently Asked Questions

A DNS Lookup is a query sent to the Domain Name System to retrieve DNS records associated with a domain name. When you enter a domain like google.com into this tool, it sends a DNS query to a DNS resolver (in this case, Google's DNS-over-HTTPS service at dns.google), which then queries the authoritative nameservers for that domain and returns all matching DNS records. The process typically takes milliseconds and involves querying the domain's root servers, TLD servers, and authoritative nameservers to find the requested DNS record type. The results are displayed in an easy-to-read table showing each record's type, name, value, and time-to-live (TTL).

Yes, the FreeNestTools DNS Lookup is 100% free with no hidden costs, no registration, no API key requirements, and no usage limits. You can look up DNS records for any domain as many times as you need, for both personal and professional use. The tool uses Google's free DNS-over-HTTPS API, which is a public service with generous rate limits suitable for individual use. There are no premium tiers, no account creation needed, and no data caps.

This tool supports 10 major DNS record types. A (IPv4 address mapping), AAAA (IPv6 address mapping), CNAME (canonical name/domain alias), MX (mail exchange server), NS (authoritative nameserver), TXT (text data for SPF, DKIM, DMARC, verification), SOA (start of authority � zone management details), SRV (service locator), CAA (certification authority authorization), and PTR (reverse DNS pointer). You can also select "All Records" to query and display all supported record types in a single lookup.

DNS propagation is the time it takes for DNS record changes to be distributed across all DNS servers worldwide. When you update a DNS record on your authoritative nameserver, the change is not immediate everywhere. DNS resolvers around the world cache records for the duration of their TTL (Time To Live) value before checking for updates. Propagation can take anywhere from a few minutes to 48 hours, depending on the TTL set on the original records, the responsiveness of DNS resolvers, and the specific DNS record type. To minimize propagation delays during DNS changes, it is recommended to lower the TTL value (e.g., to 300 seconds / 5 minutes) at least 24-48 hours before making the actual change, then raise it back after propagation is complete.

A records (Address records) map a domain name to an IPv4 address � a 32-bit address written as four decimal numbers separated by dots (e.g., 192.0.2.1). IPv4 is the traditional and most widely used internet protocol. AAAA records (sometimes called "quad-A" records) map a domain name to an IPv6 address � a 128-bit address written as eight groups of hexadecimal numbers separated by colons (e.g., 2001:db8:85a3::8a2e:370:7334). IPv6 was developed to address the shortage of IPv4 addresses and provides a vastly larger address space. Most modern websites support both record types, with AAAA records increasingly required as IPv4 addresses become scarce.

MX (Mail Exchange) records are critical for email delivery because they specify which mail servers are responsible for receiving email on behalf of your domain. When someone sends an email to user@yourdomain.com, the sending mail server looks up your domain's MX records to find where to deliver the message. MX records include a priority value where lower numbers indicate higher priority. If the primary mail server (lowest priority) is unavailable, the email is routed to the backup server (next lowest priority). Misconfigured MX records are one of the most common causes of email delivery failures. This tool also helps verify related TXT records like SPF (authorized senders), DKIM (email signing), and DMARC (email authentication policy), which are essential for email deliverability and security.

A CNAME (Canonical Name) record creates an alias that maps one domain name to another. For example, you might create a CNAME record for www.example.com that points to example.com, so visitors who type www.yourdomain.com are directed to the same server as yourdomain.com. CNAME records are useful for pointing multiple domain names to the same server without configuring each one individually. However, there are important limitations: CNAME records cannot coexist with other record types at the same domain name (so you cannot have both a CNAME and an MX record for the same root domain), and CNAME records cannot be used on the root domain (the bare domain like example.com). For the root domain, you must use an A or AAAA record. Modern best practice often favors using ALIAS or ANAME records (if your DNS provider supports them) which combine the flexibility of CNAME with root domain support.

TXT (Text) records are versatile DNS records that store arbitrary text data associated with a domain. They are widely used for several important purposes: SPF (Sender Policy Framework) records list which mail servers are authorized to send email for your domain, helping prevent email spoofing. DKIM (DomainKeys Identified Mail) records store public keys used to verify that emails are legitimately signed by the sending domain. DMARC (Domain-based Message Authentication, Reporting & Conformance) records specify how email receivers should handle messages that fail SPF or DKIM checks. TXT records are also commonly used for domain ownership verification (e.g., proving you own a domain for Google Search Console or Microsoft 365), and for various other authentication and configuration purposes like Google Site Verification, Apple App Site Association, and Let's Encrypt ACME challenges.

The SOA (Start of Authority) record is a fundamental DNS record that contains administrative information about a DNS zone. Every DNS zone must have exactly one SOA record, which includes: MNAME � the primary (master) nameserver for the zone, RNAME � the email address of the zone administrator (formatted as a domain name), SERIAL � a revision number that increments whenever the zone is updated (used by secondary nameservers to detect changes), REFRESH � how often secondary nameservers should check for updates (in seconds), RETRY � how long to wait before retrying after a failed refresh, EXPIRE � how long secondary nameservers can serve stale data before discarding it, and MINIMUM TTL � the default TTL for negative caching (NXDOMAIN responses). The SOA record is essential for DNS zone management and proper synchronization between primary and secondary nameservers.

Your privacy is important to us. This tool uses Google's DNS-over-HTTPS (DoH) service which encrypts your DNS queries within HTTPS traffic, preventing third parties from intercepting or tampering with your lookups. The domain name you enter is sent to dns.google for DNS resolution purposes only. We do not store, log, or share any domain names you search on our servers. No account, registration, or personal information is required. Google's DNS-over-HTTPS service has its own privacy policy governing how they handle lookup requests. For maximum privacy, consider using a VPN or the Tor browser when performing sensitive DNS lookups. Additionally, because this is a client-side tool, your browser's DNS cache and history may locally store domain names you search � you can clear your browser history to remove this local data.

Authoritative DNS refers to DNS servers that hold the actual DNS records for a domain. These servers are the "source of truth" for the domain's DNS data. When you register a domain and configure its DNS records with your hosting provider, those records are stored on authoritative nameservers. Recursive DNS (also called a DNS resolver or caching DNS) is the server that your computer or ISP uses to look up DNS records on your behalf. When you visit a website, your computer queries a recursive resolver, which then queries multiple authoritative servers (root, TLD, and domain nameservers) to find the answer. The recursive resolver caches the results to speed up future queries. This tool queries Google's recursive DNS resolver (dns.google), which performs the full recursive resolution chain and returns the cached or live results. For truly authoritative results, you would need to query the domain's authoritative nameservers directly, bypassing any caching.

DNSSEC (DNS Security Extensions) is a set of security protocols that adds cryptographic authentication to DNS queries and responses. Without DNSSEC, DNS responses can be forged or tampered with in transit through a technique called DNS spoofing or cache poisoning, where an attacker redirects users to malicious websites without their knowledge. DNSSEC uses digital signatures to verify that DNS records are authentic and have not been modified. When a domain has DNSSEC enabled, each DNS response is signed with a private key and can be verified using a public key that is stored in the DNS hierarchy. Google's DNS-over-HTTPS API used by this tool supports DNSSEC validation, and results are marked with the "Authenticated Data" (AD) flag when DNSSEC validation is successful. DNSSEC adoption is growing but is not yet universal � many domains still do not have DNSSEC configured. You can check DNSSEC status in the SOA record or by looking for the DO (DNSSEC OK) flag in the response.

DNS lookups may return no results for several common reasons: Non-existent domain � the domain may not be registered or may have expired. No records of the requested type � the domain exists but has no DNS records matching the selected type (e.g., looking up MX records for a domain that doesn't handle email). DNSSEC validation failure � if the domain has misconfigured DNSSEC, the resolver may return an error instead of the records. Network connectivity issues � your internet connection may be preventing the tool from reaching the DNS resolver. Invalid domain format � ensure the domain is entered correctly without spaces or special characters. If a lookup returns no results, first verify the domain name is correct, then try selecting "All Records" to see if any DNS records exist at all. If the domain is recently registered, it may take a few hours for DNS records to propagate.

TTL (Time To Live) is a value in seconds that tells DNS resolvers how long to cache a DNS record before requesting a fresh copy. Higher TTL values (e.g., 86400 seconds = 24 hours) reduce DNS query load and improve performance by allowing resolvers to serve cached results. Lower TTL values (e.g., 300 seconds = 5 minutes) ensure that changes propagate quickly but increase DNS query volume. Best practices for TTL configuration: use high TTL (1-24 hours) for stable, infrequently changed records like NS and MX records; use low TTL (5-30 minutes) temporarily when planning DNS changes, then increase it after propagation; use moderate TTL (1-4 hours) for A/AAAA records that may change during server migrations or CDN updates. Always lower the TTL at least 24 hours before making DNS changes to ensure smooth propagation.

Yes, this tool supports PTR (Pointer) records for reverse DNS lookups. Reverse DNS is the opposite of a standard forward DNS lookup � instead of querying a domain name to find its IP address, you query an IP address to find the domain name associated with it. To perform a reverse DNS lookup, select the PTR record type and enter an IP address in the domain input field. The tool will perform a reverse DNS lookup by querying the .arpa zone (the reverse DNS domain hierarchy). PTR records are commonly used for: email server verification (many email servers reject messages from IPs without valid reverse DNS), network troubleshooting (identifying the hostname associated with an IP), log analysis (converting IP addresses to hostnames in server logs), and security investigations (verifying the identity of connecting hosts).
Advertisement
[ Google AdSense Code Here ]