DNS records control almost everything about how a domain behaves online — from where the website loads to how email is delivered. Knowing how to check DNS records is a fundamental skill for developers, system administrators, and website owners. This guide covers every method to query and verify DNS records.
Why Check DNS Records?
You need to check DNS records when:
- Verifying that a new record has been published and is resolving correctly.
- Troubleshooting email delivery problems (checking MX and SPF records).
- Confirming that a website migration has completed (A/CNAME records).
- Auditing a domain's security configuration (TXT records for SPF, DKIM, DMARC).
- Diagnosing why a website is unreachable.
Method 1: ShowDNS Web Tools
The easiest way to check DNS records is using ShowDNS's suite of lookup tools:
- Check All DNS Records — view every record type for a domain in one page.
- DNS Lookup — query a specific record type (A, MX, TXT, etc.).
- MX Lookup — check mail server records.
- TXT Lookup — check SPF, DKIM, DMARC, and domain verification records.
- NS Lookup — check nameserver records.
Method 2: Using dig
dig is the most powerful command-line DNS tool, available on Linux and macOS:
# A record (IPv4 address)
dig example.com A
# AAAA record (IPv6 address)
dig example.com AAAA
# MX records (mail servers)
dig example.com MX
# TXT records (SPF, DKIM, DMARC, verification)
dig example.com TXT
# CNAME record
dig www.example.com CNAME
# NS records (nameservers)
dig example.com NS
# SOA record
dig example.com SOA
# Query ALL record types
dig example.com ANY
# Short output (value only, no headers)
dig example.com A +short
# Query against a specific resolver
dig example.com A @8.8.8.8Method 3: Using nslookup
nslookup is available on Windows, macOS, and Linux. It is simpler but less detailed than dig:
# A record
nslookup example.com
# MX records
nslookup -type=MX example.com
# TXT records
nslookup -type=TXT example.com
# NS records
nslookup -type=NS example.com
# All records
nslookup -type=ANY example.com
# Query against a specific resolver
nslookup example.com 8.8.8.8How to Check Specific Record Types
Checking A Records (Website IP)
A records map a domain to an IPv4 address. Check them to verify your domain points to the correct server:
dig example.com A +short
# Output: 93.184.216.34Checking MX Records (Email)
MX records specify which servers receive email for a domain. Use the MX Lookup tool or:
dig example.com MX +short
# Output:
# 10 mail1.example.com.
# 20 mail2.example.com.Checking TXT Records (SPF, DKIM, DMARC)
TXT records carry email authentication data and domain verification codes. Use the TXT Lookup tool or:
dig example.com TXT +short
# Output:
# "v=spf1 include:_spf.google.com ~all"
# "google-site-verification=abc123xyz"
# DKIM record (replace 'selector' with your actual selector)
dig selector._domainkey.example.com TXT +short
# DMARC record
dig _dmarc.example.com TXT +shortChecking CNAME Records (Aliases)
dig www.example.com CNAME +short
# Output: example.com.Verifying DNS Propagation
After making a DNS change, records need time to propagate to resolvers worldwide. The time depends on the record's TTL. To verify propagation globally:
- Use the ShowDNS DNS Propagation Checker.
- Enter your domain and select the record type you changed.
- The tool queries from multiple global locations and shows which ones have the new value.
Understanding the dig Output
The full dig output includes several sections:
; <<>> DiG 9.18 <<>> example.com A
;; QUESTION SECTION: ← What you asked for
;example.com. IN A
;; ANSWER SECTION: ← The DNS record values
example.com. 3600 IN A 93.184.216.34
; ↑TTL ↑Type ↑Value
;; Query time: 45 msec ← How long the query took
;; SERVER: 8.8.8.8#53(8.8.8.8) ← Which resolver answeredFrequently Asked Questions
How do I check DNS records on Windows without installing tools?
Use nslookup — it is built into Windows. Open Command Prompt and run nslookup -type=MX example.com. Alternatively, use the ShowDNS DNS Lookup tool in a browser with no installation required.
How long does it take for a new DNS record to be visible?
New records become available on the authoritative nameserver immediately after publishing. However, resolvers worldwide cache responses for the duration of the record's TTL. If the TTL is 3600 seconds (1 hour), resolvers that have cached the old response will not see the new value for up to 1 hour.
Why do I see different results when querying different resolvers?
Each resolver has its own cache. During a DNS change or propagation period, different resolvers may return different values. This is expected and resolves as resolver caches expire.