How can I force a resolver to get the new value?

You cannot force an external resolver. Wait for TTL expiration. For important changes, lower the TTL 24-48 hours in advance.

What does NXDOMAIN mean?

NXDOMAIN means the domain name doesn't exist in DNS. Check spelling, subdomain, and that the record is properly published.

Online DNS Lookup - A, MX, TXT Records & Propagation

What is DNS lookup used for?

DNS Lookup lets you verify what the Internet actually sees for your domain. Unlike a simple local nslookup that uses your configured resolver, this tool queries multiple viewpoints simultaneously.

Main use cases:

Outage diagnosis -> Is your site down? Check if A/AAAA points to the correct IP
Post-change verification -> After modification, confirm resolvers have the new value
Email authentication audit -> Verify SPF, DKIM, DMARC are correctly published
Migration preparation -> Compare before/after responses to validate the transition

How to use DNS Lookup in 3 steps

Step 1: Enter the domain

Type the domain name to check in the search field. You can enter:

An apex domain: captaindns.com
A subdomain: www.captaindns.com
A specific record: _dmarc.captaindns.com

Step 2: Choose type and resolver

Record types:

A: IPv4 address
AAAA: IPv6 address
CNAME: Alias to another name
MX: Mail servers
TXT: Free text (SPF, DKIM, verifications)
NS: Name servers

Available resolvers:

Google DNS (8.8.8.8)
Cloudflare (1.1.1.1)
Quad9 (9.9.9.9)
OpenDNS
Authoritative server

Step 3: Analyze results

The response displays:

Data: The record value
TTL: Time remaining in cache
Latency: Resolver response time
RCODE: Status (NOERROR, NXDOMAIN, SERVFAIL)

Understanding TTL and propagation

TTL (Time To Live) is often misunderstood. It's not magical "propagation" - it's simply a cache duration.

TTL	Meaning	Use case
300 (5 min)	Changes visible quickly	Migrations, testing
3600 (1h)	Performance/freshness balance	Common usage
86400 (24h)	Maximum performance	Stable records

Migration tip:

48h before: Lower TTL to 300
D-Day: Make the change
After stabilization: Raise TTL to 3600 or more

Iterative trace: understanding resolution

Iterative trace shows each step of DNS resolution, from root to authoritative server.

Example trace for captaindns.com A:

1. Root (.) -> Returns .com servers
   Latency: 15ms

2. TLD (.com) -> Returns captaindns.com NS
   Latency: 25ms

3. Authoritative (ns1.provider.com) -> Responds A = 203.0.113.50
   Latency: 45ms
   TTL: 3600

When to use the trace?

Slow resolution -> Identify which step is slowing down
Intermittent SERVFAIL -> Find the problematic server
Difference between resolvers -> Understand where the gap comes from
Support escalation -> Provide concrete evidence

DNS record types explained

Address records

Type	Description	Example
A	IPv4 address	`203.0.113.50`
AAAA	IPv6 address	`2001:db8::1`

Alias and delegation records

Type	Description	Example
CNAME	Alias to another name	`www -> captaindns.com`
NS	Name servers	`ns1.provider.com`

Email records

Type	Description	Example
MX	Mail servers with priority	`10 mail.captaindns.com`
TXT (SPF)	Sender authentication	`v=spf1 include:_spf.google.com -all`

Security records

Type	Description	Usage
CAA	Authorized certificate authorities	Controls who can issue certificates
DNSKEY	DNSSEC public key	Signature validation
DS	Delegation signer	DNSSEC trust chain

FAQ - Frequently asked questions

Q: How does a DNS lookup work?

A: Your query is sent to the selected resolver (Google, Cloudflare, etc.). The resolver checks its cache or queries the DNS chain (root -> TLD -> authoritative) to get the response.

Q: What's the difference between resolvers?

A: Each resolver has its own cache and may have different responses at any given moment depending on when it cached the value. The authoritative server always provides the freshest response.

Q: What does the displayed TTL mean?

A: TTL (Time To Live) indicates how many seconds the response remains in the resolver's cache before it queries the authoritative server again. Lower TTL = changes visible faster.

Q: When should I use iterative trace?

A: Use the trace to diagnose slow resolution, understand differences between resolvers, or identify delegation or authoritative server issues.

Q: Why do responses differ between resolvers?

A: It's the DNS caching mechanism. If a resolver queried your zone before your modification, it keeps the old response until TTL expiration.

Complementary tools

Tool	Purpose
Propagation Test	Compare responses from dozens of resolvers simultaneously
DNS Audit	Check your domain's complete health
SPF Inspector	Analyze your SPF record in detail
Email Tester	Test SPF/DKIM/DMARC from your server

Useful resources

RFC 1035 - Domain Names Implementation (DNS specification)
Google Public DNS Documentation (usage guide)
Cloudflare 1.1.1.1 Documentation (Cloudflare resolver)
IANA - DNS Parameters (official record type registry)

Available DNS record types

A : Associates a domain name with an IPv4 address.
AAAA : Associates a domain name with an IPv6 address.
MX : Points to the mail servers for the domain.
TXT : Publishes free-form text for SPF, DKIM, DMARC and verifications.
CNAME : Creates an alias to another domain name.
NS : Names the authoritative servers that serve the DNS zone.
SOA : Describes the DNS zone authority and its serial number.
SVCB : Describes a service and its connection parameters.
CAA : Limits which certificate authorities may issue certificates for the domain.
HTTPS : Describes the optimal website access configuration.
PTR : Maps an IP address to a hostname.

DNS Lookup

Check your DNS records and compare resolvers in real time

All record types

Multiple resolvers

Latency and TTL

Iterative trace

History and sharing