sysadmintools
· Sysadmin Tools

How to do a DNS lookup (and why you'd want to)

DNS lookups are the first step in almost every network troubleshooting flow. Here's how they work, the record types that matter, and how to run them from your browser.

A DNS lookup is the act of asking a nameserver: "what's the A record for example.com?" — and getting back an IP address. It's the first thing that happens every time you type a URL into your browser, and it's the first thing you should check when something is "broken but I don't know why."

When you'd actually run one

Three common scenarios:

  • You just changed a DNS record and want to see if it has propagated.
  • You're seeing intermittent failures and suspect DNS — for example, a CDN node returning the wrong IP, or an MX record pointing to a server you've decommissioned.
  • You're investigating a domain for security research — looking at what nameservers it uses, what mail servers it accepts, or whether it has SPF/DKIM/DMARC set up.

Which record types matter

There are dozens of DNS record types but you'll spend 99% of your time on these:

  • A — IPv4 address. The most basic. "What IP does this domain resolve to?"
  • AAAA — IPv6 address. Same as A, but for the v6 protocol.
  • MX — Mail server. "Where does email to this domain get delivered?"
  • TXT — Free-form text. SPF, DKIM, DMARC, domain verification records (Google Workspace, Microsoft 365, etc.) all live here.
  • NS — Nameserver. "Which servers are authoritative for this domain?"
  • CNAME — Canonical name. An alias from one name to another. Common at the apex of subdomains (e.g. www@).
  • SOA — Start of authority. The "primary" record for a zone. Includes the admin email and various timers.
  • PTR — Reverse DNS. Maps an IP back to a name. Used by mail servers to check that the sending IP "looks legitimate."

Choosing a nameserver

By default, your computer uses the DNS servers provided by your ISP or network. That's fine for browsing, but for troubleshooting you often want to query a specific server — usually:

  • 1.1.1.1 — Cloudflare. Fast, privacy-focused, global anycast.
  • 8.8.8.8 — Google. Widely used, well-cached.
  • 9.9.9.9 — Quad9. Security-focused, blocks known malicious domains.
  • The domain's authoritative nameserver (shown in the NS record) — for the most authoritative answer.

Command-line vs. web tools

On a server, you'll use dig or host. On your laptop, those work too, but you may not always have a terminal handy. A web-based DNS lookup lets you check from anywhere — including from your phone when you're SSH'd out of a coffee shop.

Our DNS Lookup tool runs dig server-side against the nameserver of your choice, so the results are the same you'd see on the command line — but with a cleaner display and copy-paste friendly output.

Keep reading