How to Check DNS Records for a Domain Using OpDeck's Tool
If you need to check DNS records for a domain, you've come to the right place. Whether you're troubleshooting email delivery issues, verifying a domain migration, debugging a misconfigured nameserver, or simply trying to understand how a website is set up, DNS records hold the answers. This guide walks you through everything you need to know — what DNS records are, which types matter most, and exactly how to look them up quickly using both command-line tools and OpDeck's DNS Lookup tool.
What Are DNS Records and Why Do They Matter?
DNS stands for Domain Name System. Think of it as the internet's phone book — it translates human-readable domain names like example.com into machine-readable IP addresses like 93.184.216.34. Without DNS, you'd need to memorize numeric addresses for every website you visit.
DNS records are the individual entries stored in this system. Each record type serves a specific purpose, and understanding them is essential for anyone managing a website, configuring email, or handling server infrastructure.
Here's a quick breakdown of the most important DNS record types:
A Record
Maps a domain name to an IPv4 address. This is the most fundamental record — it tells browsers where to find your website.
example.com. 3600 IN A 93.184.216.34
AAAA Record
Same as an A record, but for IPv6 addresses. As IPv6 adoption grows, these are increasingly important.
example.com. 3600 IN AAAA 2606:2800:220:1:248:1893:25c8:1946
CNAME Record
A "Canonical Name" record that aliases one domain to another. Often used for subdomains like www pointing to the root domain, or for services like Shopify or HubSpot where you point a subdomain to their infrastructure.
www.example.com. 3600 IN CNAME example.com.
MX Record
Mail Exchange records define which mail servers handle email for a domain. If you're troubleshooting email delivery problems, this is the first record to check.
example.com. 3600 IN MX 10 mail.example.com.
TXT Record
Text records hold arbitrary text data. They're widely used for domain ownership verification (Google Search Console, for example), SPF records (email spam prevention), DKIM signatures, and DMARC policies.
example.com. 3600 IN TXT "v=spf1 include:_spf.google.com ~all"
NS Record
Nameserver records specify which DNS servers are authoritative for a domain. If you've recently migrated a domain to a new registrar or hosting provider, NS records tell you where DNS is being managed.
example.com. 3600 IN NS ns1.nameserver.com.
SOA Record
The Start of Authority record contains administrative information about a zone — including the primary nameserver, the email of the domain admin, and various timing parameters.
PTR Record
Pointer records are used for reverse DNS lookups — mapping an IP address back to a domain name. These are particularly relevant for email servers, where a missing or mismatched PTR record can cause emails to be flagged as spam.
SRV Record
Service records define the location of specific services like SIP, XMPP, or other protocols. Commonly used in VoIP and messaging setups.
CAA Record
Certification Authority Authorization records specify which certificate authorities are allowed to issue SSL certificates for a domain — an important security measure.
How to Check DNS Records for a Domain Using OpDeck
The fastest and most user-friendly way to check DNS records for any domain is with OpDeck's DNS Lookup tool. You don't need to install anything, open a terminal, or remember command-line syntax. Here's how to use it:
Step 1: Navigate to the DNS Lookup Tool
Go to https://www.opdeck.co/tools/dns in your browser.
Step 2: Enter the Domain Name
Type the domain name you want to investigate into the input field. You can enter:
- A root domain:
example.com - A subdomain:
mail.example.comorwww.example.com - Any fully qualified domain name (FQDN)
Step 3: Select the Record Type
Choose the DNS record type you want to query. If you're not sure where to start, selecting "ANY" or "A" is a good default. For email issues, jump straight to MX and TXT records.
Step 4: Review the Results
The tool returns the DNS records in a clean, readable format — including the record type, TTL (Time to Live), and the record value. You can quickly scan through A, AAAA, MX, TXT, NS, CNAME, and other record types without needing to interpret raw terminal output.
This is especially useful when you need to share results with a colleague or client who isn't comfortable with command-line tools.
How to Check DNS Records Using Command-Line Tools
For developers and sysadmins who prefer working in the terminal, there are several powerful tools built into most operating systems.
Using dig (Linux/macOS)
dig (Domain Information Groper) is the go-to DNS query tool on Unix-based systems. It's precise, flexible, and returns detailed output.
Check A records:
dig example.com A
Check MX records:
dig example.com MX
Check all record types:
dig example.com ANY
Query a specific nameserver:
dig @8.8.8.8 example.com A
Get a short, clean answer:
dig example.com A +short
Check TXT records (useful for SPF/DKIM):
dig example.com TXT
Check NS records:
dig example.com NS
A typical dig response looks like this:
; <<>> DiG 9.10.6 <<>> example.com A
;; ANSWER SECTION:
example.com. 3600 IN A 93.184.216.34
The number 3600 is the TTL in seconds (1 hour). This tells you how long DNS resolvers will cache this record before checking again.
Using nslookup (Windows/macOS/Linux)
nslookup is available on virtually every operating system and is a quick alternative to dig.
Basic lookup:
nslookup example.com
Check MX records:
nslookup -type=MX example.com
Check TXT records:
nslookup -type=TXT example.com
Query against a specific DNS server:
nslookup example.com 8.8.8.8
Using host (Linux/macOS)
The host command is simpler and produces cleaner output than dig.
host example.com
host -t MX example.com
host -t NS example.com
host -t TXT example.com
Using PowerShell (Windows)
On Windows, Resolve-DnsName is a powerful built-in cmdlet:
Resolve-DnsName -Name example.com -Type A
Resolve-DnsName -Name example.com -Type MX
Resolve-DnsName -Name example.com -Type TXT
Common DNS Troubleshooting Scenarios
Knowing how to check DNS records for a domain is most valuable when you're solving a real problem. Here are the most common scenarios and which records to check.
Scenario 1: Website Not Loading After Migration
When a site isn't loading after moving to a new host, the A record is your first stop. Check whether it points to the new server's IP address:
dig example.com A +short
Also verify the NS records to confirm DNS is being served from the correct nameservers:
dig example.com NS
Remember that DNS changes can take time to propagate globally — typically anywhere from a few minutes to 48 hours, depending on the TTL value of the previous record.
Scenario 2: Email Not Delivering
Email issues almost always trace back to DNS. Check these records in order:
- MX records — confirm they point to the correct mail server
- TXT records — verify your SPF record exists and is correctly configured
- CNAME or TXT records — check for DKIM selector records (e.g.,
google._domainkey.example.com) - TXT records — look for a DMARC policy at
_dmarc.example.com
dig example.com MX
dig example.com TXT
dig _dmarc.example.com TXT
dig google._domainkey.example.com TXT
Scenario 3: SSL Certificate Errors
If you're getting SSL errors, check the CAA records to see which certificate authorities are authorized:
dig example.com CAA
Also verify that the A or CNAME record for the domain matches what your SSL certificate covers.
Scenario 4: Verifying a Third-Party Service Integration
Services like Google Workspace, HubSpot, Mailchimp, and others require you to add specific DNS records to verify ownership or enable functionality. After adding these records, use OpDeck's DNS Lookup tool to confirm the records are live and returning the expected values.
Scenario 5: Checking DNS Propagation
After making a DNS change, you might want to check whether the new record has propagated globally. Tools like OpDeck query authoritative DNS servers directly, so you can see what's currently published. Keep in mind that individual users may still see cached old values until the TTL expires.
Understanding TTL and DNS Propagation
TTL (Time to Live) is one of the most misunderstood aspects of DNS. It's a value in seconds that tells DNS resolvers how long to cache a record before requesting a fresh copy.
- Low TTL (e.g., 300 seconds / 5 minutes): Changes propagate quickly, but DNS servers make more frequent queries. Useful before planned migrations.
- High TTL (e.g., 86400 seconds / 24 hours): Fewer queries, but changes take longer to propagate globally.
Best practice: Before a planned domain migration or DNS change, reduce your TTL to 300 seconds at least 24–48 hours in advance. After the migration is complete and stable, you can increase it back to a higher value.
When you run a DNS lookup with dig, always check the TTL column in the ANSWER SECTION. If you see a very low number, it means the cached record is about to expire. If you see a high number, old records may persist for hours.
Tips for Reading DNS Records Like a Pro
Once you start checking DNS records regularly, a few tips will help you interpret results faster:
1. Always check the authoritative nameserver
To get the definitive answer (not a cached response), query the authoritative nameserver directly:
# First, find the authoritative NS
dig example.com NS +short
# Then query it directly
dig @ns1.example-nameserver.com example.com A
2. Watch out for CNAME chains
Long CNAME chains (where one CNAME points to another, which points to another) can slow down DNS resolution. Ideally, keep chains to one or two hops.
3. Check for duplicate or conflicting records
Multiple A records for the same hostname are valid (they enable round-robin load balancing), but conflicting MX records with incorrect priorities can cause email delivery issues.
4. Verify both root domain and www
Many issues stem from inconsistencies between example.com and www.example.com. Always check both.
dig example.com A
dig www.example.com A
5. Use the +trace flag for deep debugging
The +trace flag in dig follows the entire DNS resolution chain from root servers down to the authoritative answer, which is invaluable for diagnosing complex issues:
dig example.com A +trace
Checking Reverse DNS Records
Reverse DNS (rDNS) is the opposite of a standard DNS lookup — instead of resolving a domain to an IP, it resolves an IP to a domain. This is handled by PTR records and is particularly important for mail servers.
To check a reverse DNS record manually:
# For IPv4 address 93.184.216.34
dig -x 93.184.216.34
# Or with nslookup
nslookup 93.184.216.34
If you're managing a mail server and your emails are landing in spam, a missing or incorrect PTR record is a common culprit. Your hosting provider or ISP typically controls PTR records for IP addresses they own, so you'll need to contact them to set or update reverse DNS.
Security Considerations When Checking DNS Records
DNS records are publicly accessible by design — anyone can look them up. However, there are a few security-related things to keep in mind:
- DNSSEC: Check whether a domain has DNSSEC enabled by looking for RRSIG, DNSKEY, and DS records. DNSSEC adds cryptographic signatures to DNS responses, protecting against cache poisoning attacks.
- Exposed subdomains: DNS records can reveal internal infrastructure. Zone transfers (AXFR queries) on misconfigured nameservers can expose all subdomains — a common reconnaissance technique.
- SPF/DMARC gaps: Missing or overly permissive TXT records (like
v=spf1 +all) can make your domain vulnerable to email spoofing.
Conclusion
Knowing how to check DNS records for a domain is a foundational skill for developers, sysadmins, marketers, and anyone who manages web infrastructure. Whether you're debugging email delivery, verifying a site migration, confirming a third-party integration, or investigating a security issue, DNS records give you the ground truth about how a domain is configured.
For the fastest, no-fuss DNS lookups without touching a terminal, OpDeck's DNS Lookup tool lets you query any record type for any domain in seconds and presents the results in a clean, readable format. And if you need to go deeper — checking SSL certificates, scanning for security vulnerabilities, or analyzing site performance — OpDeck's full toolkit has you covered. Head over to opdeck.co and start diagnosing your domain today.