Star Computers

DNS Lookup

Inspect A, AAAA, CNAME, MX, TXT, NS, SOA, CAA, PTR, and SRV records for any domain, with response codes and TTLs, from your browser.

DNS Networking

Look up a DNS record

Queries Google Public DNS over HTTPS. Runs entirely in your browser — we never see the query.

Try:

How it works

The lookup runs entirely in your browser. When you submit a domain, your browser fetches https://dns.google/resolve?name=<domain>&type=<type> — Google’s public DNS-over-HTTPS endpoint — and renders the raw JSON response as a readable table. No request hits our servers.

Each result shows the DNS response code (NOERROR, NXDOMAIN, SERVFAIL, etc.), the response flags, the round-trip time from your browser to the resolver, and every record returned in the Answer, Authority, and Additional sections.

Record types supported

  • A — IPv4 address for a host.
  • AAAA — IPv6 address for a host.
  • CNAME — alias to another hostname.
  • MX — mail exchangers for a domain, with priorities.
  • TXT — arbitrary text records (SPF, DKIM, domain verification).
  • NS — authoritative name servers for a zone.
  • SOA — start-of-authority metadata (serial, refresh, retry, expire, minimum TTL).
  • CAA — certificate authorities permitted to issue for the domain.
  • PTR — reverse lookup (use the reverse-notation name, e.g. 8.8.8.8.in-addr.arpa).
  • SRV — service records (_service._proto.domain).

Reading the TTL

The TTL shown is the remaining time the resolver will keep this answer in its cache, not the authoritative TTL set at the zone. If you just changed a record and the TTL looks low, the resolver is already close to refetching. For a longer take on why “DNS propagation” is a misleading mental model, see The DNS propagation myth.

Common tasks

  • Verify an email setup. Look up MX, then TXT to confirm SPF (v=spf1 …) and DKIM (selector._domainkey.domain.com, TXT).
  • Check a domain’s authoritative nameservers. Look up NS on the apex domain. If Authority contains SOA but Answer is empty, you’re looking at a subdomain that isn’t delegated.
  • Audit certificate issuance. Look up CAA to see which CAs are allowed to issue TLS certs for a domain.
  • Debug CDN or load-balancer routing. Look up A and AAAA. If you see a CNAME chain, follow it and query the target.

Privacy

This tool is client-side only. Your query goes straight from your browser to Google’s public resolver — we don’t proxy it, log it, or store it. If you need a resolver that doesn’t involve Google, you can run the same query against any DoH-compatible provider (Cloudflare, Quad9, NextDNS) using curl and the application/dns-json accept header.