How to do a DNS lookup (and why you'd want to)
DNS lookups are the first step in almost every network troubleshooting flow. Here's how they work, the record types that matter, and how to run them from your browser.
A DNS lookup is the act of asking a nameserver: "what's the A record for example.com?" — and getting back an IP address. It's the first thing that happens every time you type a URL into your browser, and it's the first thing you should check when something is "broken but I don't know why."
When you'd actually run one
Three common scenarios:
- You just changed a DNS record and want to see if it has propagated.
- You're seeing intermittent failures and suspect DNS — for example, a CDN node returning the wrong IP, or an MX record pointing to a server you've decommissioned.
- You're investigating a domain for security research — looking at what nameservers it uses, what mail servers it accepts, or whether it has SPF/DKIM/DMARC set up.
Which record types matter
There are dozens of DNS record types but you'll spend 99% of your time on these:
- A — IPv4 address. The most basic. "What IP does this domain resolve to?"
- AAAA — IPv6 address. Same as A, but for the v6 protocol.
- MX — Mail server. "Where does email to this domain get delivered?"
- TXT — Free-form text. SPF, DKIM, DMARC, domain verification records (Google Workspace, Microsoft 365, etc.) all live here.
- NS — Nameserver. "Which servers are authoritative for this domain?"
- CNAME — Canonical name. An alias from one name to another. Common at the apex of subdomains (e.g.
www→@). - SOA — Start of authority. The "primary" record for a zone. Includes the admin email and various timers.
- PTR — Reverse DNS. Maps an IP back to a name. Used by mail servers to check that the sending IP "looks legitimate."
Choosing a nameserver
By default, your computer uses the DNS servers provided by your ISP or network. That's fine for browsing, but for troubleshooting you often want to query a specific server — usually:
1.1.1.1— Cloudflare. Fast, privacy-focused, global anycast.8.8.8.8— Google. Widely used, well-cached.9.9.9.9— Quad9. Security-focused, blocks known malicious domains.- The domain's authoritative nameserver (shown in the
NSrecord) — for the most authoritative answer.
Command-line vs. web tools
On a server, you'll use dig or host. On your laptop, those work too, but you may not always have a terminal handy. A web-based DNS lookup lets you check from anywhere — including from your phone when you're SSH'd out of a coffee shop.
Our DNS Lookup tool runs dig server-side against the nameserver of your choice, so the results are the same you'd see on the command line — but with a cleaner display and copy-paste friendly output.
Keep reading
- How to check DNS propagation (and how long it actually takes)Just changed an A record and your friend in another country still sees the old site? That's DNS propagation. Here's how to verify when it's actually done — and how long it can take.
- How to read an open port (and when to actually worry)An 'open port' isn't a vulnerability by itself — it's information. Here's how to tell whether a port being open is fine, suspicious, or actively dangerous, and what to do about each case.
- WHOIS lookup explained: what's actually in a domain registration recordWHOIS is the public directory of who owns a domain. Here's what each field means, why some of them are redacted, and how to read a registration record.