DNS Lookup: a beginner's guide
Query any of 22 DNS record types or ALL at once with DNSSEC validation
DNS, the internet's address book — explained without the jargon
Every action you take on the internet — typing a URL into a browser, clicking a link, opening an app on your phone, sending an email — quietly starts with a tiny background conversation called a DNS lookup. Computers do not actually know what `example.com` is. They only know how to talk to numeric addresses, like `203.0.113.10` (or the longer IPv6 form, like `2001:db8::1`). The job of DNS — the Domain Name System, designed by Paul Mockapetris in 1983 — is to translate human-friendly names into the numeric addresses computers actually use. It is the world's biggest, oldest, and most-used translation service, and it runs every single time you open anything on the internet.
You should care because everything you care about online depends on DNS being correct, and DNS is invisible until it breaks. When DNS is right, you don't notice it. When it's wrong, nothing works in the same confusing way: emails bounce, websites show error pages, security certificates are rejected, apps fail to load, and the error messages rarely point at DNS as the actual cause. Understanding the basics of DNS is one of the highest-leverage pieces of technical literacy a non-technical person can learn — because it lets you skip past hours of confusion the next time something "just stopped working."
The five things every DNS lookup actually checks:
A records — map a domain to an IPv4 address. The most common record type, and the one you usually mean when you say "point this domain at this server."
AAAA records ("quad-A") — same idea, but for the newer IPv6 address format.
CNAME records — alias one name to another ("`www.example.com` is the same as `example.com`"). Useful for hosted services.
MX records — list the mail servers that handle email for a domain.
TXT records — hold arbitrary text used by SPF, DKIM, DMARC, domain-verification handshakes, and dozens of other systems.
Three questions every DNS lookup answers in real life:
Is this domain pointing to the right server right now?
Did the DNS change I just made actually take effect?
Is anything in my DNS misconfigured in a way that would break my website or my email?
The cost of getting DNS wrong is total: a misconfigured A record can take a website offline; a missing MX record can stop every customer reply from arriving; a wrong nameserver setting can break the entire domain. The cost of checking DNS is two seconds and a free tool. This is the most fundamental layer of the internet, and the one that most rewards a small amount of curiosity. The DNS protocol itself is documented in RFC 1034 and RFC 1035, and the architecture has been remarkably stable for over forty years.
The DNS Lookup endpoint, in plain language
In one sentence: Query any of 22 [DNS (Domain Name System)](/guides/dns-lookup) record types or ALL at once with [DNSSEC (Domain Name System Security Extensions)](/guides/dns-dnssec) validation
Performs comprehensive DNS (Domain Name System) lookups via DNS-over-HTTPS (the official internet standard) using Cloudflare's global anycast infrastructure. Returns results in a format your code or AI can read easily with TTL (time to live), priority values, and DNSSEC (Domain Name System Security Extensions) validation status across 22 record types — no need to write code to clean up the results. Use type=ALL to query all record types in a single call.
Don't worry if some of the words above are still unfamiliar — there's a plain-language glossary at the bottom of this page, and most of the terms link to their own beginner guides if you want to learn more.
What is actually happening when you call it
Here's what's actually happening behind the scenes when you call this endpoint:
Queries DNS (Domain Name System) records through Cloudflare's DNS-over-HTTPS service, supporting 22 record types: A, AAAA, CNAME (Canonical Name record), MX, NS, TXT, SOA, SRV, CAA, PTR, DNSKEY (DNS public key record), DS, TLSA, NAPTR, SSHFP, HTTPS (secure HyperText Transfer Protocol), SVCB, DNAME, LOC, URI, CERT, and SMIMEA. Use type=ALL to query all 22 types in parallel and get a complete DNS profile in one request. Follows CNAME chains automatically and includes DNSSEC (Domain Name System Security Extensions) authentication verification and resolver metadata in every response.
If you're using an AI assistant through MCP, you don't need to understand any of the technical details — the assistant calls the tool and translates the result for you.
Why this specific tool matters
Let's skip the marketing fluff and answer the only question that actually matters: why should you, a real human with a real to-do list, care about the DNS Lookup tool? Here's the plain-English version, written the way you'd hear it from a friend who happens to do this for a living.
Unlike old command-line tools (which are powerful but show raw, hard-to-read output), EdgeDNS returns results in a format your code or AI can read easily with resolver metadata — no need to write code to clean up the results. Integrates directly into automated deployment workflows, monitoring dashboards, and security automation workflows. Essential for domain verification, email deliverability checks, infrastructure audits, and security assessments at scale.
Picture this in real life. Imagine an email marketing team. Here's the situation they're walking into: Before sending campaigns, verify that recipient domains have properly configured MX records pointing to active mail servers and are not configured with Null MX (the official internet standard). Without the right tool, that person would be stuck copy-pasting between five browser tabs, reading documentation written for engineers, and crossing their fingers that the answer they cobble together is correct. With the DNS Lookup tool, the same person gets a clear answer in seconds — no spreadsheets, no guessing, no waiting for someone on the infrastructure team to free up.
Three questions this tool answers in plain English. If any of these have ever crossed your mind, the DNS Lookup tool is built for you:
Is my domain pointing to the right place right now?
Did the DNS change I just made actually take effect everywhere in the world?
Is anything in my DNS misconfigured in a way that could break email or break the website?
You can either click the tool and get the answer yourself, or ask your AI assistant — connected through MCP (Model Context Protocol) — to ask the question for you and translate the answer into something you can paste into Slack.
Who gets the most out of this. Founders running their own infrastructure, marketers coordinating launches, IT admins inheriting domains from a former employee, and ops engineers troubleshooting live outages. If you see yourself in that list, this is one of the EdgeDNS tools you should bookmark today.
What happens if you skip this entirely. Skip it and you're flying blind on the one piece of config that decides whether your website and email work at all. That's why running this check — even once a month — is one of the cheapest forms of insurance you can give your domain.
Available on the free plan. The technical details: `GET /v1/dns/lookup`.
When would I actually use this?
If you're still on the fence about whether the DNS Lookup tool belongs in your toolbox, this section is for you. Below you'll meet three real people — an email marketing team, a devops engineer, and a security engineer — facing three real situations where this tool turns a stressful afternoon into a five-minute task. Read whichever story sounds closest to your week.
Story 1: Email Deliverability Pre-Check
Imagine you're an email marketing team. Before sending campaigns, verify that recipient domains have properly configured MX records pointing to active mail servers and are not configured with Null MX (the official internet standard).
Why it matters: Reduce bounce rates by 15-20% by pre-validating recipient domains and detecting domains that explicitly reject email.
Story 2: Domain Migration Monitoring
Imagine you're a devops engineer. During domain migrations, continuously query multiple record types to verify changes propagated correctly.
Why it matters: Catch misconfigurations before they impact users, reducing migration-related downtime.
Story 3: Security Configuration Audit
Imagine you're a security engineer. Automated scanning of TLSA (DANE), DNSKEY (DNS public key record), DS, and CAA records across organization domains to verify DNSSEC (Domain Name System Security Extensions) chains, certificate pinning, and CA authorization policies.
Why it matters: Maintain security policy compliance across hundreds of domains with automated checks covering the full DNS (Domain Name System) security stack.
Common situations across teams. Beyond the three stories above, here are the everyday workplace moments when people across the company reach for the DNS Lookup tool — or one of the tools right next to it in this category. If any of these are on your calendar this month, that's your sign:
Right before launching a new website or migrating to a new host.
After making any DNS change, to confirm the new settings are live everywhere.
When customers report that your site or email "just stopped working" out of nowhere.
As a recurring monthly health check to catch silent misconfigurations early.
If you can see yourself in even one of those bullets, the DNS Lookup tool will pay for itself the first time you use it.
Still not sure? Here's the easiest test in the world. Open Claude, ChatGPT, Gemini, or any other AI assistant connected to the EdgeDNS MCP server and ask, in your own words: "Is the DNS Lookup tool useful for my job?" The assistant will look at the tool, ask you a couple of follow-up questions about what you're trying to accomplish, and give you a straight answer in plain English. No commitment, no signup forms, no jargon.
The easiest way: just ask your AI assistant
If you've connected the EdgeDNS MCP server to Claude, ChatGPT, Gemini, Cursor, or any other AI assistant, you don't need to write any code. Just ask in plain English:
"Use the DNS Lookup tool to check example.com and explain anything that looks wrong in plain language."
The AI will figure out which tool to call, fill in the right parameters, run it, and then explain the result back to you. No copy-pasting between tabs. No reading raw JSON. No memorizing endpoint names.
MCP (Model Context Protocol) access is free on every plan, including the free tier. One API key works for both REST and AI — you do not have to choose.
The technical way: call it from code
If you're a developer and want to call the endpoint from a script or your own application, here's the simplest possible example. Replace the placeholder API key with the real one from your dashboard.
# Replace edns_live_YOUR_KEY with your real API key from the dashboard
curl -H "Authorization: Bearer edns_live_YOUR_KEY" \
"https://api.edgedns.dev/v1/dns/lookup?domain=example.com"What you need to provide
You need to provide 2 pieces of information when you call this tool. The table below lays them out side by side, with a real example for each one so you can see exactly what to send.
| Field | Type | Required? | What it means | Example |
|---|---|---|---|---|
domain | string | Yes | The domain name to query (e.g., example.com) | example.com |
type | string | Optional | DNS (Domain Name System) record type to query. Use ALL to query all 22 types at once. Defaults to A if not specified. Allowed values: ALL, A, AAAA, CAA, CERT, CNAME, DNAME, DNSKEY, DS, HTTPS, LOC, MX, NAPTR, NS, PTR, SMIMEA, SOA, SRV, SSHFP, SVCB, TLSA, TXT, URI | A |
What you get back
When you call this tool, you'll get back a JSON object with the fields below. If you're talking to it through an AI assistant, the assistant reads these for you and explains them in plain language — you don't need to memorize them.
| Field | Type | What you'll see in it |
|---|---|---|
domain | string | The queried domain |
record_type | string | The DNS (Domain Name System) record type queried |
records | array | Array of DNS (Domain Name System) records with type, value, TTL (time to live), priority, weight (SRV), and port (SRV) |
authenticated | boolean | DNSSEC (Domain Name System Security Extensions) validation status (AD flag) |
resolver | string | The DNS (Domain Name System) resolver used for the query |
duration_ms | number | Time taken for DNS (Domain Name System) query in milliseconds |
Words you might be wondering about
If any words on this page felt like jargon, here's a plain-language version. Click any linked term to read a full beginner-friendly guide.
DNS (Domain Name System) — The internet's address book. When you type a website name, DNS turns it into the actual numeric address computers use to find each other.
TTL (time to live) — How long, in seconds, a piece of information should be remembered before being looked up again.
HTTPS (secure HyperText Transfer Protocol) — HTTP with encryption — the little padlock in your browser. It means nobody between you and the website can read what you're sending.
CNAME (Canonical Name record) — A DNS entry that says "this name is just an alias for that other name."
DNSKEY (DNS public key record) — A DNS entry that holds the public key used to verify DNSSEC signatures — part of the chain that proves your DNS records haven't been tampered with.
DNSSEC (Domain Name System Security Extensions) — A way to digitally sign DNS records so attackers can't trick your computer into looking up the wrong server.
JSON (JavaScript Object Notation) — A lightweight format for sending data between programs. Looks like { "name": "example", "age": 5 }. Used by basically every modern web API.
RFC (Request for Comments) — The official internet standards documents. When someone says 'RFC 8484' they mean a specific numbered standards document — in that case, the one defining DNS over HTTPS.
Need Programmatic Access?
Automate domain intelligence with 100+ API endpoints and a free MCP server for AI integration.