DNS Lookup tool is a tool that searches for all DNS records such as A, AAAA, CNAME, MX, NS, CAA, and TXT records for a particular domain name.
DNS is an abbreviation for Domain Name System. The system is in charge of transforming a hostname (dnschecker.org) into a computer-friendly IP address.
When a user enters a domain or URL into a browser's search box, DNS servers evaluate the request and convert it into an IP address, allowing browsers to load relevant results.
Consider DNS Lookup as a map or phone book to help you discover your relevant queries.
You are all aware that we require a precise address in order to get at our goal. The same is true in the realm of the internet. All smart gadgets, such as phones, computers, tablets, and televisions, communicate over the internet using a string of digits known as the IP Address. DNS servers remove the need for people to remember complicated IP numeric addresses. DNS resolution entails translating a human-readable domain name into a computer-readable IP address. DNS servers are solely responsible for delivering relevant results to users.
As previously stated, humans are incapable of learning large numerical strings (IP Address). As a result, just inputting the website's name (www.amazon.com) prompts the DNS server to provide the IP address associated with that domain.
The DNS server might be on your ISP's or your local network. Other devices, such as routers, use the translated domain (into IP address) to route your search results.
DNS records are mapping files that include instructions for providing the following domain-related information.
The DNS lookup tool retrieves all of a domain's DNS records and displays them in a priority list.
Use the DNS lookup options to query Google, Cloudflare, OpenDNS, or the domain's authoritative name server (s). As a result, if you alter your web hosting or DNS records, the changes should take effect immediately.
To avoid downtime, utilize the DNS lookup tool to verify that you have configured the right DNS records for your domain. A, AAAA, CNAME, MX, NS, PTR, SRV, SOA, TXT, CAA, DS, DNSKEY, and other DNS entries are available.
Choose any record for lookup or "ALL" to obtain all common DNS entries for a domain.
Let us analyze the two basic forms of DNS Lookup now that we understand how it works...
Forwarding DNS Lookup is the process of searching a domain name to determine its IP address. A common kind allows users to enter the domain name to obtain the corresponding IP addresses.
In contrast to forwarding DNS Lookup, DNS reverse lookup uses the IP Address to identify the domain name. This lookup mechanism is used by email servers to identify qualified recipients.
The letter "A" stands for "address," and it represents the most basic sort of DNS record: it shows the IP address of a specific domain. If you grab the DNS records of cloudflare.com, for example, the A record presently returns the IP address: 104.17.210.9.
Only IPv4 addresses are stored in A records. If a website has an IPv6 address, it will utilize a "AAAA" record instead. Here is an example of an A record:
example.com | record type: | value: | TTL |
---|---|---|---|
@ | A | 192.0.2.1 | 14400 |
The "@" sign indicates that this is a root domain record, and the "14400" number represents the TTL (time to live), stated in seconds. The TTL for A records is 14,400 seconds by default. This means that updating an A record takes 240 minutes (14,400 seconds) to take effect.
Although the great majority of websites only have one A record, it is feasible to have many. Some high-profile websites will use many A records as part of a strategy known as round robin load balancing, which can route request traffic to one of several IP addresses, each hosting identical content.
The most typical application of A records is IP address lookups, which include matching a domain name (such as "cloudflare.com") to an IPv4 address. This allows a user's device to connect to and load a website without the user having to remember and type in the actual IP address. The user's web browser does this automatically by submitting a query to a DNS resolver.
DNS A records are also employed in the operation of a Domain Name System-based Blackhole List (DNSBL). DNSBLs can assist mail servers in identifying and blocking emails from known spammer domains.
If you wish to learn more about DNS A records, you may go to the original 1987 RFC, which defines A records and numerous other DNS record types. See What is DNS? for additional information on how the Domain Name System works.
When a domain or subdomain is an alias of another domain, the 'canonical name' (CNAME) record is used instead of an A record. CNAME records must always point to a domain and never to an IP address. Consider a scavenger hunt in which each clue leads to another, and the last clue leads to the treasure. A CNAME record on a domain is like a hint that can lead you to another clue (another domain with a CNAME record) or to the prize (a domain with an A record).
Assume blog.example.com contains a CNAME record with the value 'example.com' (without the 'blog'). This implies that when a DNS server encounters the DNS records for blog.example.com, it actually does another DNS query to example.com, returning the IP address of example.com through its A record. In this scenario, the canonical name (or actual name) of blog.example.com is example.com.
When a site has subdomains such as blog.example.com or shop.example.com, such subdomains will frequently have CNAME records pointing to a base domain (example.com). If the host's IP address changes, just the DNS A record for the root domain has to be updated, and all CNAME records will update in tandem with whatever changes are made to the root.
A common misunderstanding is that a CNAME record must always resolve to the same website as the domain it links to, however this is not always the case. The CNAME record merely directs the client to the root domain's IP address. Once the client reaches that IP address, the web server will continue to process the URL as normal. For example, blog.example.com might have a CNAME that links to example.com, pointing the client to the IP address of example.com. However, when the client connects to that IP address, the web server will examine the URL and determine that it is blog.example.com, and then send the blog page rather than the home page.
A CNAME record looks like this:
blog.example.com | record type: | value: | TTL |
---|---|---|---|
@ | CNAME | is an alias of example.com | 32600 |
You can see in this example that blog.example.com points to example.com, and assuming it is based on our example, We know that a record will finally resolve to the IP address 192.0.2.1.
It is wasteful to point a CNAME record to another CNAME record since it needs numerous DNS lookups before the domain can be loaded, which slows down the user experience, but it is feasible. For example, blog.example.com may have a CNAME record that linked to the CNAME record of www.example.com, which then pointed to the A record of example.com.
The CNAME for blog.example.com is:
blog.example.com | record type: | value: | TTL |
---|---|---|---|
@ | CNAME | is an alias of www.example.com | 32600 |
Which points to a CNAME for www.example.com:
www.example.com | record type: | value: | TTL |
---|---|---|---|
@ | CNAME | is an alias of example.com | 32600 |
This setting adds an extra step to the DNS lookup process and should be avoided if at all feasible. Instead, both blog.example.com and www.example.com's CNAME records should link directly to example.com.
MX and NS records cannot lead to CNAME entries; instead, they must point to an A (for IPv4) or a AAAA record (for IPv6). A mail exchange record (MX record) is a record that routes email to a mail server. An NS record is a 'name server' record that specifies which DNS server is authoritative for a certain domain.
DNS AAAA records are used to map a domain name to an IPv6 address. DNS AAAA records are identical to DNS A records, with the exception that they store a domain's IPv6 address rather than its IPv4 address.
IPv6 is the most recent Internet Protocol version (IP). One significant distinction between IPv6 and IPv4 addresses is that IPv6 addresses are longer than IPv4 addresses. The Internet is running out of IPv4 addresses, just as there are only so many phone numbers that can be assigned to a given area code. However, IPv6 addresses provide exponentially more permutations and hence considerably more IP addresses.
Cloudflare provides a public DNS resolver that anybody may use by changing their device's DNS to 1.1.1.1 and 1.0.0.1 as an illustration of the difference between IPv4 and IPv6 addresses. This is an IPv4 address. This service's IPv6 addresses are 2606:4700:4700::1111 and 2606:4700:4700::1001.
Here is an example of an AAAA record:
example.com | record type: | value: | TTL |
---|---|---|---|
@ | AAAA | 2001:0db8:85a3:0000: 0000:8a2e:0370:7334 |
14400 |
AAAA records, like A records, allow client devices to discover the IP address associated with a domain name. The client device may then connect to the website and load it.
AAAA records are only utilized when a domain has an IPv6 address in addition to an IPv4 address and the client device is IPv6-enabled. While every domain has one or more IPv4 addresses and A records, not every domain has IPv6 addresses, and not all user devices are set to utilize IPv6.
However, IPv6 use is increasing. This is expected to continue since the number of accessible IPv4 addresses is quickly decreasing, frequently causing many devices to share one IPv4 address. In order to tackle this, Cloudflare began enabling IPv6 for all clients in 2016.
All domains will very certainly have AAAA records in the future.
A'mail exchange' (MX) entry in DNS routes email to a mail server. The MX record specifies how email messages should be routed using the Simple Mail Transfer Protocol (SMTP, the standard protocol for all email). An MX record, like a CNAME record, must always refer to another domain.
An MX record example:
example.com | record type: | priority: | value: | TTL |
---|---|---|---|---|
@ | MX | 10 | mailhost1.example.com | 45000 |
@ | MX | 20 | mailhost2.example.com | 45000 |
For these MX records, the 'priority' numbers preceding the domains indicate preference; the lower the 'priority' value, the better. Because 10 is less than 20, the server will always attempt mailhost1 first. If a message send fails, the server will fall back to mailhost2.
The email service might also arrange this MX record such that both servers get equal amounts of messages and have equal priority:
example.com | record type: | priority: | value: | TTL |
---|---|---|---|---|
@ | MX | 10 | mailhost1.example.com | 45000 |
@ | MX | 10 | mailhost2.example.com | 45000 |
This setting allows the email provider to split the load equally between the two servers.
MX records are queried using message transfer agent (MTA) software. When a user sends an email, the MTA does a DNS query to identify the email recipients' mail servers. The MTA connects to those mail servers through SMTP, beginning with the priority domains (in the first example above, mailhost1).
A backup MX record is just an MX record for a mail server with a greater 'priority' value (which signifies a lower priority), so that mail is routed to the more prioritized servers under normal circumstances. Because email traffic would be handled by mailhost1 as long as it is up and functioning, mailhost2 would be the 'backup' server in the first case above.
MX records can point to CNAMEs.
A CNAME record is used to refer to a domain's alias rather than its real name. CNAME records normally lead to the domain's A record (in IPv4) or AAAA record (in IPv6). MX records, on the other hand, must refer directly to a server's A or AAAA record. The RFC papers that specify how MX records work disallow pointing to a CNAME.
The nameserver record shows which DNS server is authoritative for that domain, and NS stands for 'nameserver' (i.e. which server contains the actual DNS records). NS records basically inform the Internet where to look to locate a domain's IP address. A domain frequently contains numerous NS records, which might identify the domain's primary and secondary nameservers. Users will be unable to access a website or application if NS records are not correctly set.
An example of an NS record is as follows:
example.com | record type: | value: | TTL |
---|---|---|---|
@ | NS | ns1.exampleserver.com | 21600 |
A type of DNS server is a nameserver. All DNS records for a domain, including A records, MX records, and CNAME entries, are stored on this server.
Almost all domains use several nameservers to boost reliability: if one nameserver fails or becomes unavailable, DNS requests may be routed to another. There is usually one major nameserver and multiple secondary nameservers that hold identical duplicates of the DNS entries stored by the primary server. When the primary nameserver is updated, the secondary nameservers are also updated.
When using several nameservers (as is common), NS records should list more than one server. Find out more about DNS servers.
When changing the nameservers for their domain, domain managers should update their NS records. Some cloud providers, for example, supply nameservers and compel their clients to point to them.
If administrators want a subdomain to utilize alternative nameservers, they need edit their NS records. The nameserver for example.com in the above example is ns1.exampleserver.com. If the example.com administrator desired that blog.example.com resolve via ns2.exampleserver.com instead, they could do so by amending the NS record.
When NS records are modified, the changes may take several hours to propagate throughout the DNS.
A domain administrator can use the DNS 'text' (TXT) record to put text into the Domain Name System (DNS). The TXT record was designed to provide a location for human-readable notes. However, it is now feasible to include machine-readable data in TXT records. TXT records can be found on several domains.
TXT record illustration:
example.com | record type: | value: | TTL |
---|---|---|---|
@ | TXT | This is an awesome domain! Definitely not spammy. | 32600 |
Email spam protection and domain ownership verification are two of the most essential uses for DNS TXT records today, despite the fact that TXT records were not created for these purposes originally.
The original RFC simply specifies that 'text strings' should be stored in the 'value' field of a TXT record. Any text that an administrator wants to associate with their domain can be used here.
Because most DNS servers limit the size of TXT records and the number of entries they can keep, administrators cannot utilize TXT records for vast volumes of data.
The Internet Engineering Task Force (IETF) standardized a format for storing characteristics and their matching values within TXT records' value field in 1993. The attribute and value were simply enclosed in quotation marks (") and separated by an equal sign (=), as in:
"attribute=value"
RFC 1464, the 1993 document that defines this format, includes these examples:
host.widgets.com | record type: | value: |
---|---|---|
@ | TXT | "printer=lpr5" |
sam.widgets.com | record type: | value: |
---|---|---|
@ | TXT | "favorite drink=orange juice" |
However, this concept was deemed experimental, and it is not commonly used in practice. Some DNS administrators, if they utilize TXT records at all, employ their own forms within TXT entries. TXT records may also be prepared differently for the purposes specified below; for example, DMARC rules must be written in a defined manner.
Spammers frequently attempt to fabricate or spoof the domains from which they send email messages. TXT records are a critical component of various email authentication schemes that assist an email server in determining if a message is from a trustworthy source.
Domain Keys Identified Mail (DKIM), Sender Policy Framework (SPF), and Domain-based Message Authentication, Reporting, and Conformance are all common email authentication mechanisms (DMARC). Domain owners can make it more difficult for spammers to spoof their domains and trace efforts to do so by modifying these records.
SPF records: SPF TXT records show all the servers permitted to deliver email from a domain.
DKIM records: DKIM uses a public-private key pair to digitally sign each email. This helps to confirm that the email is indeed from the domain it claims to be from. The public key is stored in a domain-associated TXT record. (To learn more about public key encryption, go here.)
DMARC records: A DMARC TXT record refers to the SPF and DKIM rules for the domain. It should be saved as _dmarc.example.com, with 'example.com' replaced with the real domain name. The record's 'value' is the domain's DMARC policy (a guide to creating one can be found here).
While domain ownership verification was not originally a component of TXT records, certain webmaster tools and cloud providers have embraced this method.
An administrator can demonstrate domain authority by uploading a new TXT record with specified information included, or by modifying the current TXT record. The tool or cloud provider can verify that the TXT record has been modified as required. This is similar to when a person validates their email account by opening and clicking a link given to that address, indicating they possess it.
The DNS'start of authority' (SOA) record maintains critical information about a domain or zone, such as the administrator's email address, the last time the domain was updated, and how long the server should wait between refreshes.
To comply with IETF standards, every DNS zones must have a SOA record. Zone transfers rely on SOA information as well.
An SOA record example:
name | example.com |
record type | SOA |
MNAME | ns.primaryserver.com |
RNAME | admin.example.com |
SERIAL | 1111111111 |
REFRESH | 86400 |
RETRY | 7200 |
EXPIRE | 4000000 |
TTL | 11200 |
The 'RNAME' field here reflects the administrator's email address, which may be perplexing due to the absence of the '@' symbol, but in a SOA record admin.example.com is identical to [email protected].
A 'zone' is a namespace control region in the DNS. A zone may include a single domain name, a single domain and several subdomains, or many domain names. In certain circumstances, 'zone' and 'domain' are fundamentally comparable, however this is not always the case.
A zone serial number is a SOA record version number. The serial number is listed next to 'SERIAL' in the preceding example. When the serial number in a zone file changes, secondary nameservers are notified that they must update their copies of the zone file through zone transfer.
A DNS zone transfer is the process of transmitting DNS record data from one nameserver to another. The SOA record is moved first. The serial number informs the secondary server whether or not its version needs to be updated. Zone transfers are carried out via the TCP protocol.
A Certification Authority Authorization (CAA) record specifies which certificate authorities (CAs) may issue certificates for a domain.
CAA records enable domain owners to specify which certificate authority are permitted to issue certificates for their domain. They also allow you to specify notification rules in the event that someone seeks a certificate from an unapproved certificate authority. If no CAA record exists, any CA may issue a certificate for the domain. Only the CAs specified in the CAA record(s) are permitted to issue certificates for that hostname if one is available.
CAA records can be used to define policy for the entire domain or for individual hostnames. Subdomains inherit CAA entries as well. A CAA record set on example.com, for example, likewise applies to any subdomain, such as subdomain.example.com (unless overridden). CAA records can govern whether single-name certificates, wildcard certificates, or both are issued.
RFC 6844 defines the DNS CAA record.
Other interesting tools related to this one. More tools are coming soon!