DNS over HTTPS Lookup

Query DNS records via public DoH resolvers (Cloudflare & Google). Runs entirely in your browser — your queries go directly to the resolver, not through our servers.

Enter a domain and click Lookup to query DNS records.

Enter one domain per line. All domains will be queried for the same record type.

Quick reference for common DNS record types and their uses.

TypeFull NamePurposeExample Value
AAddressMaps a domain to an IPv4 address93.184.216.34
AAAAIPv6 AddressMaps a domain to an IPv6 address2606:2800:220:1:248:1893:25c8:1946
CNAMECanonical NameAlias pointing to another domain namewww.example.com → example.com
MXMail ExchangeSpecifies mail servers for the domain10 mail.example.com
TXTTextArbitrary text; used for SPF, DKIM, DMARC, domain verificationv=spf1 include:_spf.google.com ~all
NSNameserverAuthoritative nameservers for the domainns1.cloudflare.com
TTLTime To LiveCache duration in seconds (not a record type)3600 = 1 hour

Common TXT Record Prefixes

PrefixProtocolPurpose
v=spf1SPFAuthorised senders for email (reduces spam)
v=DKIM1DKIMEmail signing key for origin verification
v=DMARC1DMARCEmail policy: reject/quarantine/monitor unverified mail
google-site-verification=GoogleProves domain ownership to Google Search Console
MS=msMicrosoftProves domain ownership for Microsoft 365

DoH Resolver Endpoints

ResolverEndpointPrivacy
Cloudflare 1.1.1.1https://cloudflare-dns.com/dns-queryLogs purged within 24 h
Google 8.8.8.8https://dns.google/resolveLogs retained per Google policy
Enter a domain and click Lookup to query DNS records.

How to Use the DNS over HTTPS Lookup Tool

  1. Enter a domain name — type any domain (e.g. example.com, mail.google.com) in the input field. Do not include http:// or a trailing slash.
  2. Select the record type — choose A, AAAA, MX, TXT, CNAME, or NS from the dropdown.
  3. Choose a resolver — query Cloudflare 1.1.1.1, Google 8.8.8.8, or both simultaneously to compare results.
  4. Click Lookup — results appear in a table showing the record data, TTL, and which resolver returned it.
  5. Batch mode — paste multiple domains (one per line) to look them all up in one click. Download results as CSV.

What is DNS over HTTPS?

DNS over HTTPS (DoH, RFC 8484) encrypts DNS queries inside standard HTTPS traffic, preventing your ISP or network observer from seeing which domains you look up. Traditional DNS runs over UDP port 53 with no encryption, making every domain lookup visible to anyone on your network path. With DoH, queries are sent to a resolver's HTTPS endpoint — the same port (443) used by regular web traffic — so lookups are indistinguishable from any other HTTPS request.

Cloudflare launched the first major public DoH resolver at 1.1.1.1 in 2018, followed by Google at 8.8.8.8. Both provide JSON-over-HTTPS APIs, which is what this tool uses. When you click Lookup, your browser makes a direct fetch() call to https://cloudflare-dns.com/dns-query?name=...&type=... or https://dns.google/resolve?name=...&type=.... ThisDevTool's servers are never involved.

Understanding DNS Record Types

A records are the most common DNS record type. They map a domain name to an IPv4 address (four groups of numbers, e.g. 93.184.216.34). Most websites have at least one A record. When you visit a website, your computer starts by looking up its A record to find which server to connect to.

AAAA records do the same thing as A records but for IPv6 addresses — the next-generation Internet Protocol that uses 128-bit addresses (e.g. 2606:2800:220:1:248:1893:25c8:1946). As IPv4 addresses become scarce, more services are adding AAAA records alongside their A records.

MX records (Mail Exchange) tell sending mail servers which server handles email for a domain. MX records include a priority number — lower numbers are tried first. A domain can have multiple MX records for redundancy. If you're setting up email or troubleshooting delivery problems, MX records are the first thing to check.

TXT records store arbitrary text associated with a domain. They're widely used for SPF (which servers can send email on your behalf), DKIM (cryptographic email signature keys), DMARC (email authentication policy), and domain ownership verification for services like Google Search Console and Microsoft 365. TXT records have no specific format requirement, though individual protocols define their own prefixes.

CNAME records (Canonical Name) create an alias from one domain name to another. For example, www.example.com might be a CNAME pointing to example.com. CNAMEs can only point to other domain names, never directly to IP addresses. You cannot put a CNAME on a root domain (the zone apex) — that's why many DNS providers offer proprietary CNAME-like records (ALIAS, ANAME, FLATTENED-CNAME) for root domains.

NS records (Nameserver) list the authoritative DNS servers for a domain. These are the servers that hold the actual DNS records for the domain. When you register a domain and point it to Cloudflare, Route 53, or any other DNS provider, the registrar updates the NS records for your domain at the top-level domain (TLD) level.

Checking DNS Propagation

After changing DNS records, propagation can take anywhere from a few minutes to 48 hours depending on the TTL of the old record and how quickly resolvers worldwide flush their caches. Use the "Both" resolver option to compare Cloudflare and Google simultaneously — if they return different results, propagation is still in progress. Query repeatedly over time to watch the new records appear. Reducing your TTL to 300 seconds (5 minutes) before making changes speeds up propagation significantly.

Common Use Cases

  • Verifying SSL certificate ownership — check TXT records after adding a DNS-01 challenge for Let's Encrypt
  • Email troubleshooting — confirm MX, SPF, DKIM, and DMARC records are correct when emails are being rejected
  • Domain migration — compare old and new A records to verify a site has been moved
  • Security audits — enumerate NS and MX records to understand a domain's infrastructure
  • Checking CDN setup — verify CNAME records point to the correct CDN edge hostname

Frequently Asked Questions

DNS over HTTPS (DoH) is a protocol that sends DNS queries over an encrypted HTTPS connection instead of the traditional plaintext UDP/TCP channel. This prevents eavesdropping and manipulation of DNS requests by intermediaries. Cloudflare (1.1.1.1) and Google (8.8.8.8) both offer public DoH endpoints anyone can query.
No. This tool runs entirely in your browser. When you perform a lookup, your browser sends the DNS query directly to Cloudflare's or Google's public DoH endpoint (cloudflare-dns.com/dns-query or dns.google/resolve). ThisDevTool's servers are never involved in the query.
This tool supports A (IPv4), AAAA (IPv6), MX (mail exchange), TXT (text records including SPF/DKIM/DMARC), CNAME (canonical name alias), and NS (nameserver). For less common types like SRV, CAA, or SOA, use a command-line tool like dig.
Different resolvers may have different cached results, especially if a DNS record was recently changed. Both Cloudflare and Google follow the TTL value set by the domain owner, but their caches refresh independently. Comparing both resolvers is a quick way to verify DNS propagation after a change.
TTL stands for Time To Live and is measured in seconds. It tells resolvers how long to cache a DNS record before re-querying the authoritative nameserver. A TTL of 3600 means the record is cached for one hour. Lower TTLs (60–300) allow faster DNS propagation; higher TTLs (86400 = 24 h) reduce nameserver load but slow propagation.