A comprehensive utility to query, analyze, and understand DNS records for any domain. Get instant insights into your domain's configuration and security.
Enter a domain name and click "Analyze". The tool will query for common DNS record types and present them with an analysis of their purpose and potential issues.
A (Address) & AAAA (IPv6 Address): These are the most fundamental DNS records. They act like an address book for the internet, mapping a human-readable domain name (like `google.com`) to a server's numeric IP address (IPv4 for A, IPv6 for AAAA). A domain can have multiple A/AAAA records for load balancing.
CNAME (Canonical Name): This record acts as an alias, pointing a subdomain (like `www.example.com`) to another domain name (`example.com`). It's a way to point multiple names to a single server without creating multiple A records. A CNAME record cannot be placed on a root domain.
MX (Mail Exchanger): These records are essential for email. They specify the mail servers responsible for accepting email messages on behalf of a domain. The priority number (e.g., 10, 20) indicates preference; mail is sent to the server with the lowest priority number first.
TXT (Text): A versatile record that can hold arbitrary text. It's widely used for email security policies like SPF (Sender Policy Framework), DKIM (DomainKeys Identified Mail), and DMARC. It's also used by services like Google and Microsoft to verify domain ownership.
NS (Name Server): These records delegate a domain or subdomain to a set of authoritative DNS servers. The NS records for `google.com`, for example, point to Google's own name servers, which hold the master copy of all other records for that domain.
SOA (Start of Authority): This record contains important administrative information about the DNS zone, including the primary name server, the email of the domain administrator, the domain serial number (which tracks changes), and timers for how often secondary servers should check for updates.
CAA (Certificate Authority Authorization): A critical security record that allows domain owners to specify which Certificate Authorities (CAs) are permitted to issue SSL/TLS certificates for their domain. This helps prevent the mis-issuance of certificates.
SRV (Service): These records provide information about available services for a domain, such as VoIP or instant messaging. They specify the hostname and port number of servers for specific services.
DNSSEC (DS & DNSKEY): DNS Security Extensions provide a way to verify that DNS responses are authentic and have not been tampered with. `DNSKEY` records contain public keys, and `DS` (Delegation Signer) records create a chain of trust to the parent zone.
Why are my MX records important?
Without correct MX records, you won't be able to receive email at your domain. They are essential for any email functionality.
What's the difference between an A record and a CNAME?
An A record points a name to an IP address. A CNAME points a name to another name. You use an A record for your root domain (`example.com`) and CNAMEs for subdomains (`www`, `blog`) that should point to the same server as the root or another service.
Why does the tool say "No CAA record found"?
This is a common warning. While not strictly required, adding a CAA record is a security best practice that helps protect your domain from having unauthorized SSL certificates issued for it. You can specify one or more CAs (e.g., Let's Encrypt) that you trust.
What is DNSSEC and do I need it?
DNSSEC adds a layer of trust to DNS by cryptographically signing records. It prevents attackers from forging DNS responses and redirecting your users to malicious sites. While not yet universally adopted, enabling DNSSEC is a strong security enhancement.