Log in
CaptainDNS

Propagation & diagnostics

Compare resolvers worldwide and inspect returned answers.

Email authentication

Tools to verify and validate your email authentication setup.

SPF syntax validator

Review include chains and DNS query limits before publishing changes.

SPF record inspector

Resolve the published TXT record, flag lookup limits and decode each mechanism.

DKIM syntax validator

Quickly check the syntax of your DKIM records.

DKIM record check

Resolve a selector and analyse the published DKIM TXT record.

DMARC syntax validator

Check rua/ruf destinations, alignment modes and the active policy before publishing.

DMARC record inspector

Resolve the published policy, surface diagnostics and confirm enforcement before switching to reject.

BIMI syntax validator

Validate BIMI tags, the logo fetch and the VMC certificate before publishing.

BIMI record inspector

Resolve the published BIMI record, inspect logo and VMC diagnostics in one place.

Email deliverability audit

Audit MX, SPF, DKIM and DMARC to confirm a domain is ready to send.

Mail header analyzer

Decode participants, authentication results and routing from raw headers.

DMARC record generator

Create compliant DMARC records with all policy and reporting options.

Text

Transform, encode and measure your content in seconds.

Text case converter

Convert any block of text to upper or lower case instantly.

Base64 encoder / decoder

Encode or decode any content in Base64 without leaving the browser.

Slug generator

Transform any sentence into an SEO-friendly slug in seconds.

Word & character counter

Measure the length of any text, with instant word and character counts.

Images

Preview and validate your BIMI logos before publishing.

BIMI logo lookup

Inspect a BIMI logo URL—format, metadata and live rendering—before rollout.

Certificates

Inspect CSRs, BIMI logos and VMC certificates before you deploy.

CSR parser

Inspect a CSR, extract subject details, fingerprints and requested SANs.

VMC inspector

Inspect a Verified Mark Certificate—issuer, validity and SAN coverage—before you publish BIMI.

IP

Look up addresses, owners, reverse records and ranges.

Reverse lookup

Resolve a PTR record and validate DNS consistency.

IP WhoIs

Identify the owner of an IP range and its contacts.

IPv4 netmask

Calculate network, broadcast and usable hosts for any IPv4 block.

My IP address

Detect your IPv4/IPv6 addresses and their geolocation.

DNS LOOKUP

Search faster*

DNS lookup displays the actual response from the Internet for a domain name. The principle is simple. The tool queries public resolvers in multiple countries as well as the domain's authoritative server. It traces the entire resolution chain and can show the complete trace with latency at each step. You can thus see what the records return at the precise moment of the query.

Quick record selection.
Select type, resolver and protocol with one click to launch a targeted test.
Clear latency graph.
Measure each query and follow a readable chart to compare responses and regions.
History and saved queries.
Find your past searches with the time, chosen resolver and seen responses.
Optional detailed iterative trace.
Display server hops and latency at each step to explain a discrepancy.
Product screenshot

What DNS lookup is used for

Diagnose the origin of a site outage.
Verify a change before a production release.
Confirm domain ownership during TXT verification.
Set up SPF DKIM DMARC BIMI and control visibility.
Prepare a migration with reduced TTL and track the real effect on the network.
Compare the response seen from your workstation with that seen from other regions.

Good to know
We often talk about DNS propagation. In reality, the system caches responses according to TTL. As long as this delay has not expired, some resolvers keep the old value. The word propagation remains practical to describe this effect.

What the tool does

Complete recursive resolution from the root to authoritative servers.
Choice of a public resolver like Google Cloudflare Quad9 OpenDNS Yandex or the authoritative server when relevant.
Display of raw responses with TTL and data.
Optional iterative trace that shows each hop and latency.
Clear reading when no structured response is found.

How DNS lookup works

Your device requests the response from the resolver configured on the workstation or router.
The resolver first consults its local cache.
Without a response, it queries a root server which indicates the top-level domain server.
The TLD server refers to the authoritative servers of the searched name.
The resolver queries an authoritative server which returns the requested record with its TTL.
The resolver caches the response to speed up future queries and returns it to your device.

Quick tip
To verify a result from your workstation, you can use nslookup on Windows and dig on Mac and Linux. These commands read the local configuration or a chosen resolver.

Understanding TTL and the famous propagation

TTL is a duration expressed in seconds. It indicates how long a response can remain in cache.
A short TTL makes a change visible faster. Very useful during a migration.
A medium or long TTL reduces the load on authoritative servers. Good for a stable service.
An ISP may keep a response longer, according to its own cache policy. It happens that the update takes longer than expected.

Practical tip
Before a switchover, reduce the TTL a bit in advance. Make the change. Control responses from multiple networks. Then raise the TTL chosen for operation.

When to launch a DNS lookup

A site no longer responds even though the server is online.
You just modified a record and want to see the actual response.
You're deploying a new service and need to validate A AAAA CNAME or MX.
You're installing SPF DKIM DMARC or BIMI and want to confirm public visibility.
You're preparing a migration and want to measure end-to-end latency and trace.

Reading a response

Presence of one or more addresses for A or AAAA

The client chooses an address from the list which distributes the load in a simple way.

Presence of a CNAME

The response shows the target. Then verify that the target indeed publishes A or AAAA.

Presence of NS and SOA

The zone is served by these hosts. The SOA serial must advance after each update.

Empty response or NXDOMAIN

No record for this name. Check spelling, subdomain and zone.

High TTL

A delay after a change is possible as long as the cache has not expired.

Limitations and points of attention

A CNAME must not coexist with A AAAA MX or TXT in the same place.
At the apex of a domain, avoid CNAME. Use an equivalent offered by the provider if present.
An MX must target a name that resolves to A or AAAA. No CNAME as MX target.
A PTR must return a name that resolves to the original address to maintain good consistency.
SVCB and HTTPS parameters guide the client but do not replace A and AAAA.

Best practices to save time

Document each change with date, TTL and reason.
Test from your network then from public resolvers.
Compare the authoritative server response with a public resolver response.
Monitor critical names and set alerts for unexpected changes.
Keep a capture of the trace when an incident occurs to share it with a provider.

Frequently asked questions

How does this differ from local commands?
The tool queries public resolvers and can display the complete trace. Local commands remain useful for quick control from your workstation.

How long to see a change?
From a few minutes to several hours depending on TTL and caches in place at ISPs and at certain public resolvers.

What to do if the response differs by region?
Wait for TTL expiration. Flush the local cache if possible. Check consistency on the authoritative servers side.

What record types to check as priority?
A AAAA CNAME MX TXT NS SOA remain the base. Depending on need, add CAA PTR SRV SVCB or HTTPS. With DNSSEC, control DS and DNSKEY.

List of DNS record types

  • A : Links a domain name to an IPv4 address.
  • AAAA : Links a domain name to an IPv6 address.
  • MX : Specifies the servers that receive the domain's email.
  • TXT : Publishes text for verifications, email policies, etc.
  • CNAME : Creates an alias to another domain name.
  • NS : Names the authoritative servers for the zone
  • SOA : Describes the zone's authority and its serial number.
  • SVCB : Describes a service and its connection parameters.
  • CAA : Limits which certificate authorities may issue for the domain.
  • HTTPS : Describes the website access configuration.
  • PTR : Maps an IP address to a hostname.