What Is a DNS Checker?

DNS (Domain Name System) translates human-readable domain names into IP addresses and other resource records. A DNS checker queries these records to verify configurations, troubleshoot issues, or monitor changes.

Our DNS checker goes beyond basic lookups. You can check multiple domains simultaneously, verify records against expected values, and monitor DNS propagation with auto-refresh. Whether you are a system administrator, developer, or security professional-this tool gives you the visibility you need.

How to Use the DNS Checker

Getting started is straightforward:

1. Enter one or more domain names (one per line)
2. Select the DNS record type you want to check
3. Optionally set an expected value and match type
4. Configure threads for concurrent processing
5. Click 'Start DNS Check' to begin

Understanding DNS Record Types

Address Records (A and AAAA)

A records map domain names to IPv4 addresses (like 192.168.1.1). AAAA records do the same for IPv6 addresses (like 2001:db8::1). These are the most fundamental DNS records-every website needs them to be reachable.

CNAME (Canonical Name)

CNAME records create aliases from one domain to another. For example, www.example.com might be a CNAME pointing to example.com. When you resolve the CNAME, DNS continues to the target domain for the actual address.

MX (Mail Exchanger)

MX records specify which servers handle email for a domain. They include priority values-lower numbers indicate higher priority. Email servers try the lowest priority first, then fall back to higher numbers if needed.

NS (Nameserver)

NS records delegate a domain to specific nameservers. These servers are authoritative for the domain DNS records. When you register a domain, you set NS records pointing to your DNS provider.

TXT (Text)

TXT records store arbitrary text data. Common uses include:

• SPF: Email sender verification (v=spf1...)
• DKIM: Email signing keys
• DMARC: Email authentication policies
• Domain verification: Proving domain ownership to services

SOA (Start of Authority)

SOA records contain administrative information about a DNS zone: primary nameserver, contact email, serial number, and timing parameters for zone transfers and caching. Every DNS zone has exactly one SOA record.

CAA (Certification Authority Authorization)

CAA records specify which certificate authorities (CAs) can issue SSL/TLS certificates for a domain. This helps prevent unauthorized certificate issuance-a crucial security control.

DNSSEC Records (DS and DNSKEY)

DS (Delegation Signer) and DNSKEY records enable DNSSEC-cryptographic verification of DNS responses. DNSKEY contains public keys used for signing, while DS records link parent and child zones in the DNSSEC chain of trust.

Expected Value Matching

One powerful feature is the ability to verify DNS records against expected values. This is invaluable for:

• Configuration verification: Confirm records contain correct values after changes
• Compliance monitoring: Ensure required records (like SPF) are present
• Security auditing: Detect unexpected DNS modifications
• Migration validation: Verify DNS matches new infrastructure

Match Types Explained

• Contains: Any record containing your value matches. Use for partial matches like checking if an IP appears in A records.
• Exact Match: Records must match your value exactly. Use for precise verification.
• Regex: Use regular expressions for complex patterns. Check for specific formats or multiple acceptable values.

Practical Use Cases

DNS Propagation Monitoring

After updating DNS records, changes do not appear instantly everywhere. TTL (Time to Live) values control how long records are cached. Use auto-refresh to monitor when new values propagate:

• Make your DNS change
• Enter the domain and select the record type
• Set expected value to the new record value
• Enable auto-refresh with a 20-30 second interval
• Watch as status changes from NO_MATCH to MATCH

Email Configuration Verification

Email deliverability depends on correct DNS. Use the checker to verify:

• MX records: Confirm mail servers are configured correctly
• TXT records: Verify SPF, DKIM, and DMARC are present and correct
• A/AAAA records: Ensure mail server hostnames resolve properly

Security Auditing

Regular DNS audits catch misconfigurations and unauthorized changes:

• Verify CAA records restrict certificate issuance to authorized CAs
• Check DNSSEC deployment with DS and DNSKEY lookups
• Confirm SPF records haven't been weakened (look for -all not +all)
• Monitor for unexpected record additions or modifications

The CD Flag Explained

The CD (Checking Disabled) flag is a DNSSEC-related option. When enabled:

• DNS resolvers skip DNSSEC signature validation
• You see raw responses even if DNSSEC validation would fail
• Useful for debugging DNSSEC configuration issues
• Helps identify whether problems are DNS or DNSSEC related

Keep CD disabled for normal use. Enable it only when troubleshooting DNSSEC or when you specifically need unvalidated responses.

Concurrent Processing

Checking many domains one at a time is slow. Our tool processes multiple domains concurrently:

• Threads: Configure 1-20 concurrent lookups
• Recommended: 5-10 threads balances speed and reliability
• High thread counts: Faster but may trigger rate limiting on some resolvers

Results stream in as each lookup completes-you do not have to wait for all domains to finish before seeing data.

Understanding Results

Results are categorized by status:

• MATCH: Records found and match expected value (or no expected value set)
• NO_MATCH: Records found but do not match expected value
• NO_RECORD: No records of the requested type exist
• ERROR: Lookup failed (DNS timeout, NXDOMAIN, etc.)

Each result includes timing information showing how long the lookup took-useful for identifying slow DNS responses.