🌐 DNS Lookup
Query DNS records via Cloudflare 1.1.1.1 DNS-over-HTTPS.
Last updated: June 9, 2026 · By Λ
By Λ · Updated June 9, 2026 · ~3 min read
What this tool does
Queries Cloudflare's public DNS resolver (1.1.1.1) over HTTPS and shows the results. Each lookup travels straight from your browser tab to Cloudflare's resolver endpoint, with no BoltQuickTools server in the path, so this site keeps no record of the domains you check. Cloudflare's DoH endpoint is privacy-friendly and does not require authentication.
DNS record types, briefly
- A: IPv4 address. The most common.
example.com → 93.184.216.34 - AAAA: IPv6 address. Becoming more common as v6 deploys.
- CNAME: alias.
www → example.com. Cannot coexist with other records at the same name. - MX: mail exchanger. Tells SMTP where to deliver mail. Has a priority number.
- TXT: arbitrary text. Used for SPF, DKIM, DMARC, domain verification, and various other auth tokens.
- NS: nameservers. Authoritative servers for the zone.
- SOA: start of authority. Zone metadata including the serial number.
- CAA: certificate authority authorization. Lists which CAs can issue certs for this domain.
- DS / DNSKEY: DNSSEC chain-of-trust records.
- SRV: service location. Used by SIP, XMPP, Minecraft, etc.
- PTR: reverse lookup (IP → hostname).
Common patterns to check
Domain not loading? Check A/AAAA against the IPs you expect. Check NS to confirm you are looking at the right DNS provider.
Email bouncing? Check MX (mail routing) plus the TXT records for SPF (v=spf1 ...), DKIM (cf2024-1._domainkey style subdomain), and DMARC (_dmarc subdomain).
HTTPS cert issuance failing? Check CAA. If you have 0 issue "letsencrypt.org" but you are trying to issue from a different CA, that explains the failure.
DNSSEC validation issues? Check DS at the parent zone and DNSKEY at your zone. Mismatched records break the chain.
How the lookups are made
Pressing Lookup requests cloudflare-dns.com/dns-query with your domain and record type as URL parameters, asking for application/dns-json. Cloudflare replies with JSON, and each entry in its Answer array becomes one line: type, value, and remaining cache TTL in seconds. Numeric wire-format type codes, such as 15 for MX, are translated back to readable names first. The All Common Types button walks through eight queries in order (A, AAAA, MX, TXT, NS, CAA, SOA, DS), silently skipping any that fail, for a fast one-screen zone audit. A sample lookup fires automatically when the page loads.
Worked example
Enter gmail.com, pick MX, press Lookup. As of this writing the result panel shows five lines:
MX 5 gmail-smtp-in.l.google.com. (TTL 3258)
MX 10 alt1.gmail-smtp-in.l.google.com. (TTL 3258)
MX 20 alt2.gmail-smtp-in.l.google.com. (TTL 3258)
MX 30 alt3.gmail-smtp-in.l.google.com. (TTL 3258)
MX 40 alt4.gmail-smtp-in.l.google.com. (TTL 3258)
The leading number is the delivery priority; lower gets tried first.
Edge cases worth knowing
- PTR lookups expect the reversed form:
8.8.8.8.in-addr.arpareturnsdns.google., while a bare IP returns nothing useful. - "(no records)" appears both when the name lacks that record type and when the name does not exist at all; an A query helps tell which.
- The TTL shown is what remains in Cloudflare's cache, not the zone's published value, so repeated queries count down.
- Privacy extensions that intercept
cloudflare-dns.commake every lookup fail instantly; pause them for this page.
Frequently asked questions
Why do my dig results disagree with this page?
Your terminal asks the resolver your OS is configured for, while this page always asks Cloudflare. Caches expire at different moments, and split-horizon networks or router overrides can change answers entirely.
Can I use this to confirm a DNS change has propagated?
It confirms Cloudflare has picked the change up, which covers a large slice of real traffic. For a fuller picture, compare against your authoritative nameserver and one more public resolver.
What does "Lookup failed: HTTP 400" mean?
Cloudflare rejected the query, usually because the domain holds a stray space or bad character; other codes point to a network problem.
Related
For subnet math and IP space planning, see the IPv4 subnet calculator and the subnet math blog post. For HTTP-level diagnostics, see the API tester.