How to Check Your Website DNS Settings for Optimal Performance

If you need to check website DNS settings, you've come to the right place. Whether you're troubleshooting a site that's not loading, verifying a recent domain migration, or simply making sure your DNS records are configured correctly for security and deliverability, this guide walks you through everything you need to know — step by step. DNS (Domain Name System) is the backbone of how your website is found on the internet, and even small misconfigurations can cause significant downtime, email failures, or security vulnerabilities.

What Is DNS and Why Do Your DNS Settings Matter?

DNS is essentially the internet's phone book. When someone types your domain name into a browser, DNS translates that human-readable name into an IP address that servers can understand. Without correctly configured DNS records, your website won't load, your emails won't deliver, and services like CDNs or third-party integrations won't work properly.

Here's why checking your DNS settings regularly matters:

• Downtime prevention: Incorrect or missing records can make your site unreachable
• Email deliverability: SPF, DKIM, and DMARC records are DNS-based and critical for email authentication
• Security: Misconfigured DNS can expose you to DNS hijacking, cache poisoning, or phishing attacks
• Domain migrations: After moving hosts or registrars, DNS propagation must be verified
• CDN and load balancing: Services like Cloudflare require specific DNS records to function

Understanding the Types of DNS Records You Need to Check

Before you start checking your DNS settings, it helps to know what you're looking for. Here's a breakdown of the most common DNS record types:

A Records

An A record maps your domain name to an IPv4 address. This is the most fundamental DNS record — it tells the world where your website lives. Every domain should have at least one A record pointing to a valid server IP.

AAAA Records

Similar to A records but for IPv6 addresses. As IPv6 adoption grows, having AAAA records configured properly is increasingly important for performance and accessibility.

CNAME Records

A CNAME (Canonical Name) record maps one domain name to another. For example, www.yourdomain.com might be a CNAME pointing to yourdomain.com. CNAMEs are also commonly used for subdomains like mail.yourdomain.com or shop.yourdomain.com.

MX Records

Mail Exchange (MX) records specify which mail servers handle email for your domain. If your MX records are wrong, no emails will reach you — or worse, they'll be silently dropped.

TXT Records

TXT records store arbitrary text data. They're used for:

• SPF (Sender Policy Framework) — prevents email spoofing
• DKIM — email signature verification
• DMARC — email authentication policy
• Domain verification for services like Google Search Console or HubSpot

NS Records

Name Server (NS) records define which DNS servers are authoritative for your domain. If your NS records are wrong, none of your other DNS records will resolve correctly.

SOA Records

The Start of Authority (SOA) record contains administrative information about the domain, including the primary name server and the email of the domain administrator.

PTR Records

Pointer (PTR) records are used for reverse DNS lookups — mapping an IP address back to a domain name. These are particularly important for mail servers to prevent spam flagging.

---

How to Check Website DNS Settings: Step-by-Step Methods

Now let's get into the actual process of checking your DNS settings using multiple methods, from browser-based tools to command-line utilities.

Method 1: Use OpDeck's DNS Lookup Tool

The fastest way to check website DNS settings without installing anything is to use the DNS Lookup tool from OpDeck. It lets you query any domain's DNS records in seconds, including A, AAAA, MX, CNAME, TXT, NS, and SOA records — all from a clean, easy-to-read interface.

Here's how to use it:

1. Navigate to the DNS Lookup tool
2. Enter your domain name (e.g., example.com) in the search field
3. Select the record type you want to check, or choose "ALL" to see everything at once
4. Click Lookup and review the results

The tool shows you the exact values returned by authoritative DNS servers, which is particularly useful when you've made recent changes and need to confirm they've propagated correctly. Unlike some command-line tools that might return cached results, OpDeck queries fresh DNS data so you're always seeing the current state.

Method 2: Use dig on Linux/macOS

The dig (Domain Information Groper) command is the gold standard for DNS lookups on Unix-based systems. Here's how to use it:

Check A records:

dig yourdomain.com A

Check MX records:

dig yourdomain.com MX

Check all DNS records:

dig yourdomain.com ANY

Query a specific DNS server (e.g., Google's public DNS):

dig @8.8.8.8 yourdomain.com A

Get a short, clean answer:

dig yourdomain.com A +short

The output of a typical dig command looks like this:

; <<>> DiG 9.16.1 <<>> yourdomain.com A
;; ANSWER SECTION:
yourdomain.com.    300    IN    A    93.184.216.34

The number 300 is the TTL (Time to Live) in seconds — how long DNS resolvers cache this record before fetching a fresh copy.

Method 3: Use nslookup on Windows

If you're on Windows, nslookup is your built-in DNS checking tool:

Basic lookup:

nslookup yourdomain.com

Check MX records:

nslookup -type=MX yourdomain.com

Check TXT records (for SPF, DKIM, DMARC):

nslookup -type=TXT yourdomain.com

Query against a specific DNS server:

nslookup yourdomain.com 8.8.8.8

Method 4: Use host Command

The host command is another simple option on Linux/macOS:

host yourdomain.com
host -t MX yourdomain.com
host -t TXT yourdomain.com
host -t NS yourdomain.com

Method 5: Check DNS Propagation Across Multiple Locations

When you change DNS records, propagation can take anywhere from a few minutes to 48 hours depending on your TTL settings. To verify that your DNS changes have propagated globally, you can check from multiple geographic locations.

Using dig with different DNS servers simulates how users in different regions see your DNS:

# Check against Google DNS (US)
dig @8.8.8.8 yourdomain.com A

# Check against Cloudflare DNS
dig @1.1.1.1 yourdomain.com A

# Check against OpenDNS
dig @208.67.222.222 yourdomain.com A

If you see different IP addresses returned by different servers, your DNS is still propagating — some servers have the old record cached.

---

Verifying Critical DNS Records for Security and Email

Checking Your SPF Record

Your SPF record lives in a TXT record and looks something like this:

v=spf1 include:_spf.google.com include:sendgrid.net ~all

To check it:

dig yourdomain.com TXT | grep spf

Or with nslookup:

nslookup -type=TXT yourdomain.com

Common SPF issues to watch for:

• Missing SPF record: Your emails may be marked as spam
• Multiple SPF records: Only one SPF record is allowed per domain — having two will break email authentication
• Too many DNS lookups: SPF allows a maximum of 10 DNS lookups; exceeding this causes failures

Checking Your DKIM Record

DKIM records are stored as TXT records under a specific selector subdomain. The format is:

selector._domainkey.yourdomain.com

For example, if your email provider uses the selector google:

dig google._domainkey.yourdomain.com TXT

A valid DKIM record looks like:

v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQ...

Checking Your DMARC Record

DMARC records are always found at _dmarc.yourdomain.com:

dig _dmarc.yourdomain.com TXT

A typical DMARC record looks like:

v=DMARC1; p=quarantine; rua=mailto:[email protected]; pct=100

The p= tag defines the policy:

• none — monitor only, no action taken
• quarantine — suspicious emails go to spam
• reject — suspicious emails are outright rejected

Checking NS Records to Verify Authoritative Nameservers

If you've recently moved your domain to a new registrar or DNS provider, verifying your NS records is critical:

dig yourdomain.com NS

This should return the nameservers your registrar has on file. If they don't match what your DNS provider expects, none of your DNS records will work correctly.

---

Common DNS Problems and How to Diagnose Them

Problem: Website Not Loading After DNS Change

Symptoms: Your site was working, you changed hosting, and now it's unreachable.

Diagnosis steps:

1. Check your A record: dig yourdomain.com A — does it point to the new server IP?
2. Check if the old IP is still cached: dig @8.8.8.8 yourdomain.com A vs dig @1.1.1.1 yourdomain.com A
3. Check your TTL — if it was set to 86400 (24 hours) before you made changes, you may need to wait

Fix: Lower your TTL to 300 seconds (5 minutes) before making DNS changes. This reduces propagation time significantly.

Problem: Emails Not Being Received

Symptoms: Emails sent to your domain bounce or disappear.

Diagnosis steps:

1. Check MX records: dig yourdomain.com MX
2. Verify the MX records point to valid mail server hostnames (not IP addresses)
3. Confirm the hostnames in your MX records have their own A records
4. Check that your SPF record includes your mail provider

Problem: Subdomain Not Resolving

Symptoms: shop.yourdomain.com or app.yourdomain.com doesn't load.

Diagnosis steps:

1. Check for a CNAME or A record for the subdomain: dig shop.yourdomain.com
2. Verify the CNAME target itself resolves: dig target.example.com
3. Make sure you haven't accidentally created a CNAME for the root domain (this is not allowed per DNS standards — use ALIAS or ANAME records instead)

Problem: SSL Certificate Not Issuing

Many SSL providers (like Let's Encrypt) use DNS-based validation. If your DNS is misconfigured, certificate issuance will fail.

Diagnosis steps:

1. Check for a _acme-challenge TXT record if using DNS validation
2. Verify your domain resolves to the correct IP where the certificate will be installed
3. Check that your CAA records (if any) allow the certificate authority you're using: dig yourdomain.com CAA

---

Advanced DNS Checking: Using Multiple Tools Together

For a thorough DNS audit, you shouldn't rely on just one tool. Here's a recommended workflow:

1. Start with OpDeck's DNS Lookup tool to get a quick overview of all your current records
2. Use dig with multiple DNS resolvers to check propagation status
3. Cross-reference your registrar's DNS panel to make sure the records you see in lookups match what you've configured
4. Verify email records using dedicated SPF/DKIM/DMARC validators to catch syntax errors that a basic DNS lookup won't flag
5. Document your baseline — screenshot or export your current DNS records so you have a reference point before making future changes

Checking TTL Values

TTL (Time to Live) is often overlooked but critically important. Low TTLs mean faster propagation when you make changes; high TTLs reduce DNS query load but slow down changes.

dig yourdomain.com A | grep -A5 "ANSWER SECTION"

The second column in the ANSWER SECTION shows your current TTL in seconds. Best practices:

• Normal operation: 3600–86400 seconds (1–24 hours)
• Before planned changes: Lower to 300 seconds (5 minutes) at least 24 hours before the change
• After changes are confirmed: Raise back to 3600+ seconds

Checking DNS with curl

You can also use curl to do a quick connectivity check that involves DNS resolution:

curl -v --resolve yourdomain.com:80:NEW_IP_ADDRESS http://yourdomain.com/

This forces curl to use a specific IP for the domain, letting you test your new server before DNS has fully propagated.

---

Keeping Your DNS Healthy Long-Term

Checking your DNS settings isn't a one-time task. Here are some ongoing practices to keep your DNS healthy:

• Monitor DNS changes: Set up alerts for unexpected DNS changes, which can indicate a security breach
• Audit unused records: Remove stale DNS records for services you no longer use — they can be exploited in subdomain takeover attacks
• Use DNSSEC where possible: DNSSEC adds a layer of cryptographic signing to your DNS records, preventing tampering
• Keep your registrar account secure: Enable two-factor authentication on your domain registrar — if someone gains access, they can redirect your entire domain
• Review NS records after any registrar change: It's easy to accidentally leave old nameservers in place after a migration

---

Conclusion

Knowing how to check website DNS settings is a fundamental skill for anyone managing a website, whether you're a developer, site owner, or IT administrator. From verifying that your A records point to the right server, to ensuring your SPF, DKIM, and DMARC records are properly configured for email security, DNS underpins almost everything your website does.

The good news is that checking DNS settings doesn't require specialized software. Between command-line tools like dig and nslookup, and browser-based utilities like OpDeck's DNS Lookup tool, you have everything you need to diagnose and verify your DNS configuration in minutes.

Ready to audit your DNS right now? Head over to OpDeck's DNS Lookup tool and enter your domain — you'll have a complete picture of your DNS records in seconds, with no setup required. And while you're there, explore OpDeck's full suite of web analysis tools to keep your site performing, secure, and properly configured at every layer.