Our website has a DNS lookup tool for doing DNS queries and reporting DNS results in various formats. It is a useful tool if you don't have immediate shell access as a powerful-replacement to dig. Plus it provides several output features not available in common DNS query tools including parsing and presenting DNS Wire Data. Its explanations are useful for troubleshooting DNS and also for teaching DNS.
Select the checkboxes at the bottom of the form to select how the DNS results should be presented. It also displays the clock time of the query, the time needed to get the result in microseconds, the server IP used, protocols and port, and the responding message size in bytes.
This is for viewing in a zone file format with dig-style comments. This includes the HEADER section, the OPT pseudosection, the QUESTION, any ANSWERs, AUTHORITY and ADDITIONAL section records, and other details. The non-record details are prefixed with semicolons for comments.
For Internationalized Domain Names, this will show the original punycode domain names by default. To have it display the Unicode characters instead, select the Show Internationalized Domain Name (IDN) for DiG Output checkbox.
This web DNS query tool does not use BIND9 nor dig code and its output may have slight formatting or presentation differences.
The explanatory format option uses descriptive terminology for the different parts of the DNS header, EDNS details, and individual records within the question, answer, authority, and additional sections. For several resource record types, the resource record data is parsed and explained.
The Explanatory format will show punycode domain names and their Unicode character representation by default for Internationalized Domain Names.
The DNS packets are sent in a binary, non-human-readable format. This option is to output this wire data in a hexadecimal string. Each number is delimited by a space, e.g., 65 C1 81 80 00 01 00 01 00 00 00 00 0C 64 6E 73 69 6E 73 74 69 74 75 74 65 03 63 6F 6D 00 00 01 00 01 C0 0C 00 01 00 01 00 00 00 2D 00 04 5E 82 BA 7D.
This is to view the same output similar to hexdump -C style showing 16 columns of hexadecimal bytes followed by their ASCII characters. (A period is used for non-displayable characters.) The top header shows the offset count in hex per each byte in the line and the left column shows the offset per line (also in hex).
This is to show the wire headers in a binary format. The top header shows the 16 bit counters and the following rows show each bit as on (1) or off (0) for two bytes at a time. The right column explains its corresponding DNS header details. The first two bytes is the transaction ID (TXID).
The next two bytes represent several flags (aka bits): query or response (QR), the kind of query (operation code OPCode), authoritative answer (AA), truncation (TC), recursion desired (RD), recursion available (RA), future reserved (unused) bit (Z), authentic data (AD), checking disabled (CD), and response code (RCODE).
The last four two bytes are for the record counts for the question (QDCOUNT), answer (ANCOUNT), authority (NSCOUNT), and additional (ARCOUNT) sections. This format option does not show the data, but only the header.
This format option again shows the header bits or flags with some brief explanations. It also gives details about the record sections including the byte positions (in decimal) and the lengths of individual labels. If DNS compression is used, it will show the compression offsets and show what it points to (length and the label itself).
The resource record data is also displayed in ASCII decimal numbers, hexadecimal numbers, and as printable characters. (Non-printable ASCII is displayed as a box.) Note that the wire records format doesn't show the resource record data parsed for its applicable class/rrtype presentation format. See the DiG (Zone file) or Explanatory format options to see record data presented differently.
This DNS Lookup tool has several options for defining the DNS query and how it will be done. Some of these options are only available for free logged in users. Signup using your email address for the free account for the further options.
The domain name to lookup can be in Unicode characters and will be convered to punycode as applicable.
Use the drop down menu to select a standard resource record type, like A for IPv4 address or MX for a mail exchanger record.
Or enter a rrtype number (from 0 to 65535) in the Custom RR Type Number field.
Use the drop down menu to select the DNS class, such as diagnostic and historical CH (Chaos) and HS (Hesiod) choices. The default DNS class is IN (Internet).
Logged in users can also enter a class number (from 0 to 65535) in the Custom Query Class Number field. (This feature is available via the free login.)
To find the in-addr.arpa or ip6.arpa PTR name for an IPv4 or IPv6 address, check this checkbox and enter the address in the domain name to query input box. (This implies the class as IN and the rrtype as PTR.)
Let the DNS server know you can accept DNSSEC data by setting the DNSSEC OK bit.
The Z bit is currently unused and marked as reserved. This checkbox may be used to set this "Z flag" in the query header.
This may be used to let the remote server know you understand the AD bit. This may be used to request the AD bit set without receiving DNSSEC record data (above).
If you don't want a DNSSEC validating resolver to verify DNSSEC records, this may be set. Note that this tool won't validate DNSSEC but will just display what it received.
If you want the target nameserver to hunt down answers, set this option.
Uncheck this to not use Extension Mechanisms for DNS (EDNS). Note that various features, like DNSSEC, require EDNS and it will be turned on automatically if otherwise requested.
This is for requesting the Name Server Identifier from servers that support it. This is to help identify an individual server in a pool of servers with the same IP address.
This is to use EDNS Cookies which is a lightweight security method by using a 64-bit cookie during transactions. This is used to request the server's cookie.
To set the cookie to use for communicating with a Cookie-aware server enter the hexadecimal string. It is normally 16 hex digits for 8 bytes for the Client Cookie, plus optional 8 to 32 bytes for Server Cookie. The maximum is 80 hex digits. (This feature is available via the free login.)
Use this field to share an IP address to identify your query which is used by some ECS-aware nameservers to provide different answers. (This feature is available via the free login.)
The ECS source prefix defaults to 24 bits for IPv4 and 56 for IPv6. The allowed subnet range is 0 to 32 for IPv4 and 0 to 128 for IPv6. This requires the above ECS address set. (This feature is available via the free login.)
To indicate what byte size of a UDP payload you can receive enter it here. This defaults to 1232 bytes. (This feature is available via the free login.)
By default, this free DNS query tool will do its query against a random free recursive caching service. To query against a specific server, enter it here. You may enter an IP address or a nameserver hostname. (This feature is available via the free login.)
This will use IPv4 by default. You can select IPv6 if desired. (This feature is available via the free login.)
This uses UDP (datagram) by default. You can select TCP (virtual circuit) instead. (This feature is available via the free login.)
This raw wire data string entered in hexadecimal will be parsed and presented instead of doing a live query. When using this feature, above form inputs for doing a query will not be used as a query will not be done. (This feature is available via the free login.)
This free DNS query tool is not the DNS Institute DNS Analyzer which is used to exhaustively and recursively check nameservers and results based on IETF/RFC standards, registry polices, government mandates, and vendor best practices, including for IPv6 and DNSSEC. Our DNS analyzer suite with over 145 tests has been used to analyze tens of thousands of domains for Fortune 500 companies, S&P Global Banks, various complete TLDs, and national governments. We have detected hundreds of thousands of DNS anomalies including real security vulnerabilities with General Motors, Walmart, Fandango, Qurate, SEB Bank, L'Oreal, NYU, Nordea Bank, DigiBank, Deutsche Bank, Kaspersky, and many others. (Our website has several summaries of our research.)