🌐 DNS Lookup

Query DNS records via Cloudflare 1.1.1.1 DNS-over-HTTPS.

Last updated: June 9, 2026 · By Λ

By Λ · Updated June 9, 2026 · ~3 min read

What this tool does

Queries Cloudflare's public DNS resolver (1.1.1.1) over HTTPS and shows the results. Each lookup travels straight from your browser tab to Cloudflare's resolver endpoint, with no BoltQuickTools server in the path, so this site keeps no record of the domains you check. Cloudflare's DoH endpoint is privacy-friendly and does not require authentication.

DNS record types, briefly

Common patterns to check

Domain not loading? Check A/AAAA against the IPs you expect. Check NS to confirm you are looking at the right DNS provider.

Email bouncing? Check MX (mail routing) plus the TXT records for SPF (v=spf1 ...), DKIM (cf2024-1._domainkey style subdomain), and DMARC (_dmarc subdomain).

HTTPS cert issuance failing? Check CAA. If you have 0 issue "letsencrypt.org" but you are trying to issue from a different CA, that explains the failure.

DNSSEC validation issues? Check DS at the parent zone and DNSKEY at your zone. Mismatched records break the chain.

How the lookups are made

Pressing Lookup requests cloudflare-dns.com/dns-query with your domain and record type as URL parameters, asking for application/dns-json. Cloudflare replies with JSON, and each entry in its Answer array becomes one line: type, value, and remaining cache TTL in seconds. Numeric wire-format type codes, such as 15 for MX, are translated back to readable names first. The All Common Types button walks through eight queries in order (A, AAAA, MX, TXT, NS, CAA, SOA, DS), silently skipping any that fail, for a fast one-screen zone audit. A sample lookup fires automatically when the page loads.

Worked example

Enter gmail.com, pick MX, press Lookup. As of this writing the result panel shows five lines:

MX    5 gmail-smtp-in.l.google.com. (TTL 3258)
MX    10 alt1.gmail-smtp-in.l.google.com. (TTL 3258)
MX    20 alt2.gmail-smtp-in.l.google.com. (TTL 3258)
MX    30 alt3.gmail-smtp-in.l.google.com. (TTL 3258)
MX    40 alt4.gmail-smtp-in.l.google.com. (TTL 3258)

The leading number is the delivery priority; lower gets tried first.

Edge cases worth knowing

Frequently asked questions

Why do my dig results disagree with this page?

Your terminal asks the resolver your OS is configured for, while this page always asks Cloudflare. Caches expire at different moments, and split-horizon networks or router overrides can change answers entirely.

Can I use this to confirm a DNS change has propagated?

It confirms Cloudflare has picked the change up, which covers a large slice of real traffic. For a fuller picture, compare against your authoritative nameserver and one more public resolver.

What does "Lookup failed: HTTP 400" mean?

Cloudflare rejected the query, usually because the domain holds a stray space or bad character; other codes point to a network problem.

Related

For subnet math and IP space planning, see the IPv4 subnet calculator and the subnet math blog post. For HTTP-level diagnostics, see the API tester.