Log in
CaptainDNS

Propagation & diagnostics

Compare resolvers worldwide and inspect returned answers.

Email authentication

Tools to verify and validate your email authentication setup.

SPF syntax validator

Review include chains and DNS query limits before publishing changes.

SPF record inspector

Resolve the published TXT record, flag lookup limits and decode each mechanism.

DKIM syntax validator

Quickly check the syntax of your DKIM records.

DKIM record check

Resolve a selector and analyse the published DKIM TXT record.

DMARC syntax validator

Check rua/ruf destinations, alignment modes and the active policy before publishing.

DMARC record inspector

Resolve the published policy, surface diagnostics and confirm enforcement before switching to reject.

BIMI syntax validator

Validate BIMI tags, the logo fetch and the VMC certificate before publishing.

BIMI record inspector

Resolve the published BIMI record, inspect logo and VMC diagnostics in one place.

Email deliverability audit

Audit MX, SPF, DKIM and DMARC to confirm a domain is ready to send.

Mail header analyzer

Decode participants, authentication results and routing from raw headers.

DMARC record generator

Create compliant DMARC records with all policy and reporting options.

Text

Transform, encode and measure your content in seconds.

Text case converter

Convert any block of text to upper or lower case instantly.

Base64 encoder / decoder

Encode or decode any content in Base64 without leaving the browser.

Slug generator

Transform any sentence into an SEO-friendly slug in seconds.

Word & character counter

Measure the length of any text, with instant word and character counts.

Images

Preview and validate your BIMI logos before publishing.

BIMI logo lookup

Inspect a BIMI logo URL—format, metadata and live rendering—before rollout.

Certificates

Inspect CSRs, BIMI logos and VMC certificates before you deploy.

CSR parser

Inspect a CSR, extract subject details, fingerprints and requested SANs.

VMC inspector

Inspect a Verified Mark Certificate—issuer, validity and SAN coverage—before you publish BIMI.

IP

Look up addresses, owners, reverse records and ranges.

Reverse lookup

Resolve a PTR record and validate DNS consistency.

IP WhoIs

Identify the owner of an IP range and its contacts.

IPv4 netmask

Calculate network, broadcast and usable hosts for any IPv4 block.

My IP address

Detect your IPv4/IPv6 addresses and their geolocation.

DNS propagation

Watch everywhere*

Check how your DNS records are seen worldwide within seconds. The propagation test queries public resolvers, ISP caches and the authoritative name servers at the same time to reveal remaining cache delays. You instantly know whether a change is already visible and you keep a documented timeline.

Instant resolver comparison.
Run parallel checks on major networks and spot caches that still return the old answer.
Clear propagation timeline.
Read the timestamp and remaining TTL to understand when responses will align.
Alerts on critical records.
Flag sensitive entries and follow their rollout during a migration.
Shareable export.
Download a ready-to-send report for your team or provider in one click.
Test propagation screenshot

Why run a DNS propagation test?

You have just updated a record and need to know how it looks from another country.
You are moving a critical service and want to ensure caches expire according to the planned TTL.
You must reassure stakeholders after a sensitive change on a domain.
You are about to launch an email campaign and you double-check SPF, DKIM or DMARC entries.

Quick reminder
Propagation is not magic spreading: caches simply expire. The test shows which resolvers still hold the old value and how long they will keep it.

What the propagation tool measures

Simultaneous queries to the main public resolvers (Google, Cloudflare, Quad9, OpenDNS, Yandex...).
Comparison with the authoritative server to detect discrepancies.
Tracking of remaining TTL and refresh date on every checkpoint.
Timestamped history to document a migration or an incident.

How the verification works

Each resolver returns its current answer and the TTL still in cache.
The test displays when the data was fetched from the authoritative server.
If a resolver keeps the old value, you immediately see how many minutes are left before expiry.
Results are compared with the authoritative response to confirm the final state.

Tip
Run the test again a few minutes later to see the progress. You can share a public link so everyone watches the same view.

When to launch a propagation test

Before switching to a new host or CDN.
When adding a TXT record for a domain verification.
After updating an MX record to validate mail delivery.
During an incident to prove that the fix is propagating.
As a routine to check that TTL values follow your policy.

Reading the results

All resolvers show the new value

Propagation is done: close the incident or inform your customers.

Some resolvers still deliver the old answer

Wait for the reported TTL to expire. Check for extra local caches on ISP side if delays persist.

A public resolver returns NXDOMAIN

The authoritative server does not serve the record yet. Check the SOA serial and trigger a zone reload if required.

Very long TTL

Consider lowering the TTL ahead of a major change. Raise it back afterwards to reduce load on authoritative servers.

Best practices

Plan the change window with a reduced TTL in advance.
Document every measurement and archive screenshots of your tests.
Automate a verification after each major deployment.
Invite support teams or providers to follow the shared report.

Quick FAQ

How long does DNS propagation take?
It depends on the configured TTL and resolver policies. Most changes appear within minutes, but some ISPs can keep the previous value until the maximum TTL.

Can I force propagation?
No, but you can lower TTL beforehand and purge the caches you control (for example your own recursive resolvers) to accelerate visibility.

Do I need to test every record?
Focus on critical records: A, AAAA, CNAME, MX, TXT, NS, SOA. Add CAA, PTR, SRV or SVCB depending on your context.

DNS record types list

  • A : Links a domain name to an IPv4 address.
  • AAAA : Links a domain name to an IPv6 address.
  • MX : Specifies the servers that receive the domain's email.
  • TXT : Publishes text for verifications, email policies, etc.
  • CNAME : Creates an alias to another domain name.
  • NS : Names the authoritative servers for the zone
  • SOA : Describes the zone's authority and its serial number.
  • SVCB : Describes a service and its connection parameters.
  • CAA : Limits which certificate authorities may issue for the domain.
  • HTTPS : Describes the website access configuration.
  • PTR : Maps an IP address to a hostname.