What is DNS-over-HTTPS (DoH)?

DNS-over-HTTPS is a security protocol that encrypts DNS queries inside HTTPS traffic, protecting user privacy and preventing DNS hijacking.

TTL (Time to Live) is a value in seconds indicating how long a DNS resolver should cache a record before querying the authoritative servers again.

What is the difference between A and AAAA records?

An A record maps a hostname to an IPv4 address, whereas a AAAA record maps a hostname to an IPv6 address.

What are TXT records used for?

TXT records hold arbitrary text notes on a domain, commonly used for SPF email security records and domain ownership verification.

What is a CNAME record?

A CNAME (Canonical Name) record aliases one domain name to another, mapping a subdomain (like www.example.com) to a target domain (like example.com).

Why does DNS propagation take time?

DNS records are cached by local routers, ISPs, and recursive servers according to their TTL values. Changes are not visible until these caches expire.

What is DNS-over-TLS (DoT)?

Similar to DoH, DNS-over-TLS encrypts DNS queries, but it uses dedicated TCP port 853 instead of wrapping queries inside standard HTTPS port 443.

How do I clear local DNS resolver cache?

In Windows, run ipconfig /flushdns in the command prompt. In macOS, use the sudo killall -HUP mDNSResponder command in terminal.

Infrastructure Hub Tools

IPv4 Subnet Calculator DNS Lookup MAC Address Generator Wake-on-LAN Packet Generator View all Infrastructure Hub tools →

DNS Lookup

Resolve DNS records using DNS over HTTPS from your browser.

DNS Lookup

What This Tool Does

The Domain Name System (DNS) is the phonebook of the internet, translating human-friendly hostnames (like scriptpulse.tools) into machine-routable IP addresses (like 192.0.2.1). When a client requests a web resource, the operating system queries recursive DNS resolvers to find the authoritative records. Developers and operators frequently check these records to debug mail routing, verify domain ownership, and troubleshoot CDN rollouts.
Standard DNS queries are sent over unencrypted UDP on port 53, making them vulnerable to snooping, interception, and DNS spoofing attacks. To address these vulnerabilities, modern security frameworks use DNS-over-HTTPS (DoH). DoH encrypts DNS queries inside HTTPS sessions, protecting user privacy and preventing middlebox tampering. For developers working behind local enterprise proxies, running traditional command-line utilities (like nslookup or dig) can fail or return cached records.
The ScriptPulse DNS Lookup utility provides a browser-based client that queries authoritative records using secure DNS-over-HTTPS endpoints. It allows developers to check DNS entries without leaving the browser, bypass local caching, and inspect raw record values.
The integrity of the Domain Name System is vital for application availability. When domains are configured incorrectly, websites can go offline, emails can bounce, and APIs can fail. Using public DNS-over-HTTPS tools allows administrators to check DNS resolution from the perspective of an external resolver, bypassing internal corporate caching servers that might show stale or local-only configurations.

How It Works

The DNS Lookup tool takes a domain name and query record type (such as A, AAAA, MX, TXT, CNAME, NS) as inputs.
It sends an HTTP GET query to a public DNS-over-HTTPS endpoint (like Cloudflare DoH or Google DNS) using the standard Fetch API.
The request headers ask for a JSON response containing the resolved DNS answer blocks.
The tool parses the HTTP response and renders the records, including TTL (Time to Live), type identifiers, and target routing strings in a clean, filterable dashboard.
Finally, the parsed records are displayed with detailed color-coded badges indicating the type and TTL. Users can toggle between clean table views and the raw JSON response returned by the DoH server, providing both quick visual checks and the deep detail necessary for advanced protocol troubleshooting.

Usage

Enter domain and select record type.
Run lookup via DNS-over-HTTPS response parsing.
Inspect JSON output for troubleshooting.

Examples

Check TXT records for domain verification.
Compare A vs AAAA responses during rollout debugging.
Verify MX handlers for mail server configuration.

Real-World Use Cases

Checking A/AAAA record propagation during website migrations and hosting cutovers.
Verifying domain ownership TXT records (e.g., for Google Search Console, GitHub, or Sendgrid).
Inspecting MX records to debug email delivery issues and routing configs.
Checking CNAME configurations when setting up custom domains for CDNs or object storage.
Resolving name servers (NS) to identify the authoritative DNS provider of a domain.

Best Practices

Compare results across multiple DoH providers to verify global record propagation.
Check the TTL (Time to Live) value to determine how long resolvers will cache old records before fetching updates.
Keep TXT record values enclosed in quotes when configuring them in your registrar dashboard.
Configure both A (IPv4) and AAAA (IPv6) records to support dual-stack network clients.
Bypassing local enterprise DNS cache by querying public DoH servers directly.

Common Mistakes

Confusing CNAME records with redirects: CNAME only aliases a host name, it does not send the client to a different URL path.
Forgetting to include the trailing dot in CNAME target strings, which can cause routing errors in some registrar dashboards.
Pointing MX records directly to CNAME aliases, which violates RFC specifications.
Expecting local intranet DNS records to resolve on public DoH resolvers.
Setting TTL values too high right before a migration, delaying propagation.

Limitations

Results should be validated in your target runtime before production use.
Extremely large input payloads may be constrained by browser memory and performance limits.

Technical Reference Guide

A Record: Maps a hostname string to a 32-bit IPv4 address (e.g., 192.0.2.1).
AAAA Record: Maps a hostname string to a 128-bit IPv6 address (e.g., 2001:db8::1).
CNAME Record: Aliases one domain name to another canonical domain name.
MX Record: Specifies mail exchange servers responsible for receiving email on behalf of the domain.
TXT Record: Holds arbitrary text metadata, used for email sender authentication (SPF/DKIM) and verification.

FAQ

What is DNS-over-HTTPS (DoH)?
DNS-over-HTTPS is a security protocol that encrypts DNS queries inside HTTPS traffic, protecting user privacy and preventing DNS hijacking.
What does TTL mean?
TTL (Time to Live) is a value in seconds indicating how long a DNS resolver should cache a record before querying the authoritative servers again.
What is the difference between A and AAAA records?
An A record maps a hostname to an IPv4 address, whereas a AAAA record maps a hostname to an IPv6 address.
What are TXT records used for?
TXT records hold arbitrary text notes on a domain, commonly used for SPF email security records and domain ownership verification.
What is a CNAME record?
A CNAME (Canonical Name) record aliases one domain name to another, mapping a subdomain (like www.example.com) to a target domain (like example.com).
Why does DNS propagation take time?
DNS records are cached by local routers, ISPs, and recursive servers according to their TTL values. Changes are not visible until these caches expire.
What is DNS-over-TLS (DoT)?
Similar to DoH, DNS-over-TLS encrypts DNS queries, but it uses dedicated TCP port 853 instead of wrapping queries inside standard HTTPS port 443.
How do I clear local DNS resolver cache?
In Windows, run ipconfig /flushdns in the command prompt. In macOS, use the sudo killall -HUP mDNSResponder command in terminal.

Related Tools

Explore related utilities inside the Infrastructure Hub workshop for complementary engineering workflows.

IPv4 Subnet Calculator URL Parser HTTP Status Codes Roman Numeral Converter

View all Infrastructure Hub tools