Log in
CaptainDNS

Propagation & diagnostics

Compare resolvers worldwide and inspect returned answers.

Email authentication

Tools to verify and validate your email authentication setup.

SPF syntax validator

Review include chains and DNS query limits before publishing changes.

SPF record inspector

Resolve the published TXT record, flag lookup limits and decode each mechanism.

DKIM syntax validator

Quickly check the syntax of your DKIM records.

DKIM record check

Resolve a selector and analyse the published DKIM TXT record.

DMARC syntax validator

Check rua/ruf destinations, alignment modes and the active policy before publishing.

DMARC record inspector

Resolve the published policy, surface diagnostics and confirm enforcement before switching to reject.

BIMI syntax validator

Validate BIMI tags, the logo fetch and the VMC certificate before publishing.

BIMI record inspector

Resolve the published BIMI record, inspect logo and VMC diagnostics in one place.

Email deliverability audit

Audit MX, SPF, DKIM and DMARC to confirm a domain is ready to send.

Mail header analyzer

Decode participants, authentication results and routing from raw headers.

DMARC record generator

Create compliant DMARC records with all policy and reporting options.

Text

Transform, encode and measure your content in seconds.

Text case converter

Convert any block of text to upper or lower case instantly.

Base64 encoder / decoder

Encode or decode any content in Base64 without leaving the browser.

Slug generator

Transform any sentence into an SEO-friendly slug in seconds.

Word & character counter

Measure the length of any text, with instant word and character counts.

Images

Preview and validate your BIMI logos before publishing.

BIMI logo lookup

Inspect a BIMI logo URL—format, metadata and live rendering—before rollout.

Certificates

Inspect CSRs, BIMI logos and VMC certificates before you deploy.

CSR parser

Inspect a CSR, extract subject details, fingerprints and requested SANs.

VMC inspector

Inspect a Verified Mark Certificate—issuer, validity and SAN coverage—before you publish BIMI.

IP

Look up addresses, owners, reverse records and ranges.

Reverse lookup

Resolve a PTR record and validate DNS consistency.

IP WhoIs

Identify the owner of an IP range and its contacts.

IPv4 netmask

Calculate network, broadcast and usable hosts for any IPv4 block.

My IP address

Detect your IPv4/IPv6 addresses and their geolocation.

AAAA record lookup (IPv6)

In iterative trace mode, the resolver is ignored.
Query multiple public resolvers to compare answers.

How to use the DNS lookup engine options effectively

What is the iterative trace?

The trace performs resolution step by step. The resolver first queries the root servers, then the TLD (.com, .fr, .eu), and then the authoritative servers of the target zone. At each step, the page shows the queried server, the answer, the RCODE, and the latency.

  1. 1. Root

    Discovery of the TLD servers for the requested name.

  2. 2. TLD

    Reference to the zone's NS (delegation).

  3. 3. Authoritative

    Final answer (or error) with TTL and latency.

What is it for?

  • Compare answers across resolvers and regions
  • Detect a hot cache, an overly long TTL, or an incomplete delegation
  • Explain a latency difference or an unexpected RCODE

Tip: keep the trace disabled for quick checks; enable it when investigating or preparing a ticket/post‑mortem.

What is the classic trace?

The classic trace queries only the selected resolver (UDP or DoH) and displays the answer as it is perceived from that network vantage point. You get the RCODE, the response sections, and the latency for the client → resolver leg.

  1. 1. Chosen resolver

    Uses the preset or custom configuration to run the query exactly like your service would.

  2. 2. Protocol preserved

    Respects the selected transport (UDP, TCP, or DoH) so you reproduce the real behaviour.

  3. 3. Detailed answer

    Shows the question, answer, and authority/additional sections when present, together with TTL and useful metadata.

Why use it?

  • Check the view of a specific resolver before suspecting delegation issues
  • Confirm cached values and the impact of a TTL or a flush
  • Document a resolution exactly as a client or microservice sees it

Tip: keep the iterative trace option turned off when auditing a given resolver; enable it afterwards to compare with the root → TLD → authoritative path.

How does the propagation test work?

The test queries a set of public resolvers (Google, Cloudflare, Quad9, OpenDNS, ISPs…) in parallel and groups the answers by content and RCODE. You instantly see who already picked up the update.

  1. 1. Multi-point resolvers

    Enables the propagation presets to question several actors spread around the world.

  2. 2. Automatic comparison

    Groups identical answers and highlights divergences or resolver-specific errors.

  3. 3. Actionable summary

    Provides a clear recap, the resolver list, their latencies, and each group's status.

When to use it?

  • Track how a DNS change propagates worldwide
  • Spot stale caches and decide on a targeted flush
  • Share a propagation snapshot in a ticket or post-mortem

Tip: while the propagation test is active, the resolver selector is frozen. Disable the mode to return to single-resolver diagnostics.

Additional information about DNS AAAA records

An AAAA DNS record links a domain name to an IPv6 address. It's the response from this record that allows the browser to reach the correct server over IPv6 to visit a website. For an IPv4 address, you use an A DNS record. A PTR record for IPv6 does the opposite and associates an IPv6 address with a name.
An AAAA record, also called an AAAA record, consists notably of a name, a type, a value, and a TTL. The TTL indicates how long the response stays cached in the local resolver.

Example of an AAAA DNS record

NameTypeIPv6 addressTTL in seconds
wwwAAAA2001:db8::103600

In this example, the name www designates a subdomain. To target the domain root, use the at sign. The value must be a valid IPv6 address that is routable on the Internet. A TTL of 3600 corresponds to one hour.

Example with multiple addresses

Publishing several AAAA records for the same name is possible. The local resolver receives a list and picks one. This provides simple load distribution.

NameTypeIPv6 addressTTL in seconds
wwwAAAA2001:db8::103600
wwwAAAA2001:db8::113600

This rotation does not replace true automatic failover. In the event of an outage, some visitors may still receive the offline IPv6 address for a short time.

TTL explained plainly

A short TTL speeds up the visibility of a change. Using a TTL of 60 seconds during a migration can help.
A medium or long TTL reduces queries to the authoritative DNS servers, which is particularly suitable for a stable service.
It is recommended to lower the TTL a few hours before a switchover, then raise it again once the migration is complete.

Good to know
TTL is not a promise of immediate propagation. Caches honor the specified duration. The update appears when the counter reaches zero on the resolver's side.

Where to use an AAAA record

At the root of a domain name, called the apex, you publish AAAA records. Placing a CNAME there is not compliant.
For www, you can use an AAAA record when you control the address. Otherwise, it is appropriate to use a CNAME if you point to another name, often managed by a third-party provider.
AAAA and A can coexist on the same name. Modern systems use IPv6 when available and fall back to IPv4 if necessary.
For other subdomains such as api, cdn, or blog; you can use CNAME, A, or AAAA records. Each service keeps its own address. Changes remain simple.

To avoid
Mixing CNAME and AAAA on the same name is not RFC-compliant.
Publishing a non-routable address in a public zone.
Leaving an old AAAA record after a migration.

Check online

An online DNS lookup lets you enter a domain name to obtain the list of IPv6 addresses associated with an AAAA record, as well as the TTL as seen from the Internet. This is a useful first check. Then, it is always helpful to perform a local test from your machine.

Check on Windows

Windows provides nslookup. You can use it in interactive mode.

Local resolver
nslookup
set q=aaaa
www.example.com
Specific resolver
nslookup
set q=aaaa
server 1.1.1.1
www.example.com

The first part queries an AAAA record according to the machine's network configuration. The second part forces the use of a third-party resolver, here Cloudflare's.

Check on Linux and on Mac

On these systems, the dig command is handy and easy to use.

Local resolver
dig aaaa www.example.com

Specific resolver

dig aaaa www.example.com

Quick reading of responses

The presence of IPv6 addresses alongside one or more IPv4 address(es) is called a dual-stack configuration.
A TTL that remains high can imply a delay after a change.
An empty response or a resolution failure often signals a typo or an IPv6 address removed too early.

Simple migration procedure

  1. Prepare the new IPv6 service with its new address.
  2. Lower the TTL to 300 seconds, or even down to 60 seconds, on the relevant name a few hours before the switchover.
  3. Publish the IPv6 address in the AAAA record while keeping the A record; services generally should remain accessible over IPv4.
  4. Verify with the nslookup or dig command from multiple networks.
  5. Raise the TTL to a comfortable value once everything is stable.

Practical tip
Keep a tracking sheet for each domain name and change. It should indicate the person in charge, the date, the chosen TTL, and the reason for the change. This tracking sheet prevents oversights and makes a rollback easier if needed.

Common cases

Site behind a CDN provider

Use a CNAME for www to follow provider changes and keep A and AAAA records at the domain root, depending on the features offered by the platform used.

Multi-region environment

Publish several addresses close to visitors. The local resolver picks one from the list. For precise routing based on location, you need advanced features on the DNS side or the application network side.

Mail server

Hosts referenced by MX records can publish AAAA records. The IPv6 reverse PTR improves deliverability. The information must match.

Quick troubleshooting

  1. If the site does not respond over IPv6, first check local resolution.
  2. If the response shows an unreachable address, fix the public zone or the network route.
  3. If the response alternates between an active address and an offline address, remove the failing address.
  4. If the response remains old despite the update, wait for the TTL to expire and purge the local resolver's cache if possible.

To summarize, an AAAA record associates a name with an IPv6 address. The TTL controls cache duration in the local resolver. A and AAAA can coexist to offer dual-stack access. CNAME does not coexist with AAAA on the same name. At the apex, you publish A and AAAA records as needed. Verification is done with an online tool, then with nslookup on Windows and with dig on Linux and on Mac.
With these guidelines, management remains simple. Changes proceed without stress. Visitors access the site without incident.