DNS Lookup (NsLookup)

Use this page to inspect authoritative and recursive DNS answers for a domain or host. It is designed for rapid validation of expected records during deployment, incident response, and migration windows.

What this tool checks

• Record presence across A, CNAME, MX, TXT, NS, SOA, and CAA (with AAAA according to IPv6 mode).
• Consistency signals between expected naming intent and live DNS output.
• Raw answer context you can preserve for change-control evidence.

How to read the output

• Result Summary highlights whether critical record expectations were met.
• Overview is best for fast triage across repeated runs during propagation.
• Technical Details should be used when debugging delegation or policy edge cases.
• Raw Output is useful for provider escalations and incident timeline proof.

Common failure patterns

1. Wrong host label or zone typo returns misleading “missing record” symptoms.
2. Partial resolver visibility after recent change creates split-brain perception.
3. Stale NS delegation causes old answers to persist unexpectedly.
4. Record type confusion (for example CNAME vs. A expectation) delays remediation.

Remediation workflow

1. Confirm exact FQDN and expected record type before editing DNS.
2. Check SOA/NS authority chain for delegation correctness.
3. Wait for TTL windows where appropriate, then re-run from multiple resolvers.
4. Validate dependent layers (HTTP/TLS/mail) once records look correct.

Next steps

• Reverse DNS Lookup
• DNS Propagation Checker
• Back to DNS category

FAQ

Why does the same domain show different answers over time?

DNS caches, resolver policy, and live zone updates can change answers between runs.

Is an empty answer always a DNS outage?

Not always. It can also indicate wrong record type or delegation mismatch.

Should I treat CAA warnings as critical?

For certificate issuance workflows, CAA drift should be resolved quickly to prevent issuance failures.

Can I use this output for provider support tickets?

Yes. Include timestamp, query target, and raw output block for clearer escalation.

What should I run next after NsLookup?

Use propagation checker for spread analysis and TLS test for service-layer validation.