DNS Lookup Guide: How to Diagnose Domain and DNS Issues Like a Pro

When a website isn't loading, email isn't delivering, or a domain isn't pointing to the right server, DNS is usually involved. Understanding how to perform and interpret DNS lookups is an essential skill for anyone managing websites, domains, or email systems.

This guide teaches you how DNS works, how to check MX records for email troubleshooting, what each DNS record type means, and how to diagnose common domain issues.

What Is DNS?

DNS (Domain Name System) is the internet's phone book. It translates human-readable domain names (like example.com) into IP addresses (like 93.184.216.34) that computers use to find each other.

Every time you visit a website, your device performs a DNS lookup to find the server's IP address. This happens in milliseconds, invisibly, billions of times per day across the internet.

The DNS Lookup Process

You type example.com in your browser
Your device checks its local DNS cache
If not cached, it asks your ISP's DNS resolver
The resolver queries root DNS servers → TLD servers → authoritative nameservers
The authoritative server returns the IP address (you can inspect any IP with our IP Lookup tool)
Your browser connects to that IP address
The result is cached for future lookups

This entire process typically takes 20-120 milliseconds.

DNS Record Types Explained

A Record (Address)

Maps a domain to an IPv4 address.

example.com → 93.184.216.34

Use: The most fundamental record — points your domain to your web server.

AAAA Record (IPv6 Address)

Maps a domain to an IPv6 address.

example.com → 2606:2800:220:1:248:1893:25c8:1946

Use: IPv6 connectivity. Important as IPv4 addresses become scarce.

CNAME Record (Canonical Name)

Creates an alias pointing to another domain name.

www.example.com → example.com
blog.example.com → myblog.wordpress.com

Use: Pointing subdomains to other services (CDNs, hosting platforms, SaaS tools).

Important: CNAME records cannot coexist with other record types for the same name. You can't have both a CNAME and an A record for www.example.com.

MX Record (Mail Exchange)

Specifies which mail servers handle email for the domain.

example.com → mail.example.com (priority: 10)
example.com → backup-mail.example.com (priority: 20)

Use: Email delivery. Lower priority numbers are preferred. Multiple MX records provide redundancy.

TXT Record (Text)

Stores arbitrary text data. Used for verification and security.

Common TXT records:

SPF: Email authentication — specifies which servers can send email for your domain
DKIM: Email signature verification
DMARC: Email authentication policy
Domain verification: Proving domain ownership to services (Google, Microsoft, etc.)

example.com TXT "v=spf1 include:_spf.google.com ~all"

NS Record (Nameserver)

Specifies which DNS servers are authoritative for the domain.

example.com → ns1.example-dns.com
example.com → ns2.example-dns.com

Use: Set by your domain registrar or DNS provider. Changing NS records delegates DNS control to a different provider.

SOA Record (Start of Authority)

Contains administrative information about the DNS zone.

Includes: primary nameserver, administrator email, serial number, refresh/retry/expire timers.

Use: Mostly for DNS administrators. The serial number must increment with every change.

SRV Record (Service)

Specifies the location of specific services.

_sip._tcp.example.com → sipserver.example.com:5060

Use: VoIP, XMPP chat, Microsoft services, gaming servers.

PTR Record (Pointer)

Reverse DNS — maps an IP address back to a domain name.

34.216.184.93.in-addr.arpa → example.com

Use: Email servers check PTR records to verify sender legitimacy. Important for email deliverability.

Common DNS Problems and Solutions

Problem 1: Website Not Loading After Domain Change

Symptoms: "This site can't be reached" or old site still showing

Cause: DNS propagation delay. Changes take time to spread across all DNS servers worldwide.

Solution:

Wait 24-48 hours for full propagation (most changes propagate within 1-4 hours)
Check propagation status using a DNS lookup tool, and verify the site responds with our URL Status Checker
Clear your local DNS cache: ipconfig /flushdns (Windows) or sudo dscacheutil -flushcache (Mac)
Lower your TTL before making changes to speed up future propagation

Problem 2: Email Not Delivering

Symptoms: Emails bouncing or going to spam

Diagnosis steps:

Check MX records: Are they pointing to the correct mail server?
Check SPF record: Does it include your email provider? Use our DNS Lookup tool to verify
Check DKIM and DMARC: Missing or misconfigured records cause spam classification
Check PTR record: Reverse DNS should resolve to your domain

Problem 3: Subdomain Not Working

Symptoms: blog.example.com returns an error

Diagnosis steps:

Check if an A or CNAME record exists for the subdomain
Verify the record points to the correct destination
Check if the hosting server is configured to accept requests for that subdomain
Look for SSL certificate issues (the cert must cover the subdomain)

Problem 4: SSL Certificate Errors

Symptoms: "Your connection is not private" warnings

Use our SSL Checker to quickly verify certificate status. Common DNS-related causes include:

CAA records restricting which certificate authorities can issue certificates
Domain pointing to wrong server that has a different certificate
CNAME chain pointing through domains with mismatched certificates

For a deeper understanding of how certificates work, see our guide to SSL certificates.

How to Perform a DNS Lookup

Browser-Based Tools

The easiest approach for quick lookups:

Open a DNS lookup tool like EasyWebUtils DNS Lookup
Enter the domain name
View all DNS records (A, AAAA, MX, TXT, NS, CNAME)
Results processed locally — your queries stay private

Command Line

nslookup (Windows, Mac, Linux):

nslookup example.com
nslookup -type=MX example.com
nslookup -type=TXT example.com

dig (Mac, Linux):

dig example.com
dig example.com MX
dig example.com TXT
dig +trace example.com  # Full resolution path

host (Mac, Linux):

host example.com
host -t MX example.com

DNS Best Practices

For Website Owners

Use a reliable DNS provider: Cloudflare, AWS Route 53, Google Cloud DNS
Set appropriate TTL values: 300-3600 seconds for most records
Lower TTL before changes: Set to 60 seconds 24 hours before planned DNS changes
Keep two nameservers minimum: Redundancy prevents outages
Monitor DNS regularly: Changes you didn't make could indicate a compromise

For Email Deliverability

Set up SPF, DKIM, and DMARC: All three together maximize deliverability
Keep MX records updated: Outdated records cause bounces
Configure PTR records: Contact your hosting provider if needed
Test email configuration: Use mail-tester.com after changes

For Security

Enable DNSSEC: Prevents DNS spoofing attacks. You can inspect a domain's security headers with our HTTP Headers tool
Monitor for unauthorized changes: DNS hijacking redirects your traffic
Use CAA records: Restrict which certificate authorities can issue certs for your domain
Register similar domains: Prevent typosquatting

Conclusion

DNS is the foundation of how the internet works. Understanding DNS records and how to diagnose issues saves hours of frustration when websites don't load, emails don't deliver, or domains don't behave as expected.

The key records to remember:

A/AAAA: Domain → IP address
CNAME: Domain → another domain
MX: Email server routing
TXT: Email authentication (SPF, DKIM, DMARC)
NS: DNS server delegation

When something goes wrong, start with a DNS lookup. Most domain issues have a DNS cause, and most DNS problems have straightforward solutions.