~/tools/dns
> dns lookup
resolve dns records — a, aaaa, mx, txt, ns, cname — for any hostname. backed by cloudflare's dns-over-https (doh) resolver at 1.1.1.1. queries run from our server, not yours.
## overview
dns (domain name system) translates hostnames into ip addresses and other metadata. every time you visit a site, your os asks a resolver (usually your isp's) for the a record (ipv4) or aaaa record (ipv6) of the hostname. this tool asks cloudflare's public resolver at 1.1.1.1 directly over https (dns-over-https, rfc 8484), bypassing your local resolver. it returns: a records (ipv4), aaaa (ipv6), mx (mail servers, with priorities), txt (arbitrary text — spf, dkim, domain verification), ns (nameservers for the zone), and cname (canonical alias). results reflect what cloudflare's resolver currently has cached, which is usually close to authoritative but may lag a few minutes on recent changes. use it to verify dns changes from a third-party viewpoint, debug email delivery (mx + spf + dkim), check domain verification tokens, or confirm a cname points where you expect.
## how to use
- enter a hostname — a domain like drwho.me or a subdomain like api.example.com. no protocol, no path.
- pick a record type — a for ipv4, aaaa for ipv6, mx for email, txt for notes and verification, ns for nameservers, cname for aliases.
- click resolve — the query is sent to cloudflare's doh endpoint and the answer shown.
- interpret the ttl — each record has a time-to-live (ttl) in seconds. resolvers will cache the record for at most that long.
## examples
$ in
drwho.me (a)# out
76.76.21.21, ttl 300$ in
gmail.com (mx)# out
5 gmail-smtp-in.l.google.com.
10 alt1.gmail-smtp-in.l.google.com.
20 alt2.gmail-smtp-in.l.google.com.$ in
drwho.me (txt)# out
v=spf1 include:amazonses.com ~all\ngoogle-site-verification=…## common mistakes
caching & ttl— dns is aggressively cached. a new record may take up to the old record's ttl to propagate. if you just changed a record, wait or query an authoritative nameserver directly.cname restrictions— a hostname with a cname cannot have other records (a, mx, etc.) at the same name. cname at the apex (example.com directly) is technically invalid — use an 'alias' or 'aname' record type from your dns provider, or an a record.trailing dots— in raw dns, hostnames end with `.` (the root). most tools accept both forms. ns and mx records always include the trailing dot in the answer.spf length— txt records are limited to 255 chars per string; multiple strings in one record are concatenated. long spf records must be split.doh vs udp— this tool uses doh over cloudflare. your os uses udp/53 by default. results should match, but if your isp does dns filtering, you may see different answers locally.
## faq
whose resolver does this use?
cloudflare's public resolver at 1.1.1.1 via dns-over-https (rfc 8484). doh is used so the service can query dns without raw-udp access.
why does my result differ from `dig`?
caching. `dig @1.1.1.1` would match this tool. `dig` with the system resolver uses whatever your isp or router configured — which may lag or filter.
what is the difference between a and aaaa?
a is ipv4 (32-bit address). aaaa is ipv6 (128-bit). many domains have both; modern clients prefer aaaa when available.
can i query subdomains?
yes. api.example.com, mail.example.com, any fully qualified name.
does this support dnssec?
cloudflare validates dnssec automatically; a failure returns an error. we display the answer as-is but do not show dnssec status fields.
why is mx returning nothing?
the domain may accept no mail (no mx set). or the domain may use null mx (`0 .`) to declare it never receives mail.
can ai agents call this?
yes — dns_lookup on the mcp endpoint at drwho.me/mcp/mcp.
## related tools
ip lookup— look up any IP's geolocation, ASN, and ISP (via ipinfo.io).what is my ip— your public ip address, location, and timezone.