Skip to content
Free tool · no signup

DNS checker

Live DNS-over-HTTPS lookup. Get A, AAAA, CNAME, MX, TXT, NS, SOA, and CAA records for any domain in one query. No signup, no rate-limit hassle.

Live DNS lookup from UptimePad monitoring probes · 8 record types · authoritative chase

What this tool actually tells you

A one-shot DNS lookup answers a snapshot question: "what does the DNS look like right now from one resolver?" That is enough to debug a misrouted domain or audit a TXT record. To know your DNS is healthy, you need continuous checks that diff every record and alert when something changes (NS hijack, MX deletion, expired CAA). UptimePad runs both: this tool (free, anonymous) and continuous DNS monitoring (free for 50 domains).

QuestionOne-shot lookupContinuous monitoring
What is the current MX record?YesYes
Did my nameservers change last Tuesday?NoYes (with timestamp + diff)
Is the new A record propagated everywhere?No (one resolver)Yes - multi-resolver check
Did someone add an unauthorized TXT?NoYes - diff alert
Is my SPF record still under the 10-lookup limit?NoYes - SPF audit on every change
Did the SSL CAA pinning still match my issuer?NoYes - CAA + cert correlation

The 8 record types and why each one breaks production

  • A / AAAA - IPv4 / IPv6 addresses. If these point at the wrong server, your site is technically reachable but lands somewhere else. Common after a botched migration.
  • CNAME - alias. Common breaking pattern: a CNAME points at a service that was decommissioned, taking the entire subdomain offline.
  • MX - mail servers. If MX disappears or points at a misconfigured host, email starts bouncing silently. Customers stop hearing back. Hard to detect without monitoring.
  • TXT - SPF, DKIM, domain verification. A removed SPF entry is the classic "all our mail goes to spam suddenly" cause.
  • NS - authoritative nameservers. Changes here are the single most dangerous DNS event: a wrong NS = full domain hijack. Always alert on NS changes.
  • SOA - start of authority. Tells you the master nameserver and the serial number - the serial bumps every time DNS is edited, which is a useful audit trail.
  • CAA - certificate-authority authorization. Locks down which CAs can issue TLS certs. Missing CAA = anyone can buy a cert for your domain.

When the tool says "no records" but the domain works

Three common reasons. (1) You queried the apex (example.com) but the actual records live on www (www.example.com) or another subdomain. Try the specific subdomain. (2) The records are geo-located, and the recursive resolver we used was served a different answer than your local resolver. (3) The query just hit a TTL boundary and the cache was empty - re-run in 30 seconds. Continuous monitoring with multi-resolver checks separates "geo-located answer" from "actually missing."

What to do next when something looks wrong

  1. Note the SOA serial number - if it just bumped, someone edited DNS recently. Check your provider's audit log.
  2. Re-run the lookup in 5 minutes. If TTLs are short, propagation is finishing.
  3. Use a different resolver (Google 8.8.8.8, Quad9 9.9.9.9) to confirm the answer is consistent globally.
  4. If MX is gone or wrong, freeze outbound mail until it is fixed. Otherwise replies and password resets bounce silently.
  5. Set up continuous DNS monitoring on the apex AND any production subdomain. Free plan covers 50 monitors.

FAQ

Is this DNS checker free?+

Yes. Anyone can run a DNS lookup on any public domain, no signup, no email. UptimePad runs the resolver behind the tool, the same way the paid product checks DNS for monitored domains.

How does it work?+

When you submit a domain, the request goes to an UptimePad probe server. That server uses Node's native DNS resolver to query the system or configured upstream resolvers for all 8 record types in parallel. Same code path as our continuous monitoring product. We do not store your domain.

What record types do you check?+

A (IPv4), AAAA (IPv6), CNAME (aliases), MX (mail servers), TXT (SPF, DKIM, verification), NS (authoritative nameservers), SOA (zone master), and CAA (certificate-authority authorization). One lookup, all eight types.

Why does my dig output disagree with this tool?+

Three usual reasons: (1) you are querying a different resolver. Local resolvers, ISP resolvers, and the upstream we use can have different cached values during a propagation window; (2) your dig is hitting an authoritative nameserver directly while we go through a recursive resolver, which can show stale cache; (3) the record was just changed and TTLs are still in flight. Continuous monitoring catches propagation lag from multiple regions.

Why does the tool show no records but my domain works?+

The most common case is that you queried the apex when the records live on a subdomain (or vice versa). Another case is that the record exists but is filtered by a DNSSEC validation issue or geofencing rule that the recursive resolver does not match. Try the specific subdomain that hosts the service.

Can I monitor DNS changes continuously instead of one-shot?+

Yes. UptimePad's free plan covers 50 monitors at 5-minute intervals with email alerts. You get a record-level diff when something changes, useful for catching nameserver hijacks and accidental MX deletions before email starts bouncing.

What is a CAA record and why does it matter?+

A CAA record tells certificate authorities which CAs are allowed to issue certificates for your domain. If you have a CAA record for "letsencrypt.org" only, no other CA can issue a cert. Missing or misconfigured CAA records are how unauthorized certificates get issued - checking yours is a 10-second security audit you should run every quarter.

Why does the tool not show TTL values?+

Node's native DNS resolver does not surface TTLs through its high-level API. The continuous-monitoring product reads raw DNS packets to capture TTLs separately. If you need TTL data right now, run dig from the command line: "dig +noall +answer example.com MX" shows you the TTL in the second column.

uptimePAD

Watch your DNS continuously, not when something breaks.

Record-level diffs, NS-change alerts, MX-deletion alerts, SPF audit, CAA enforcement. Free plan, no card required.

Start monitoring free