Query DNS records from the Cloudflare and Google resolvers side by side, compare TTLs and spot propagation differences, and check DNSSEC authentication. Only the domain and record type you enter are sent to the public resolvers.
Enter a domain and choose a record type. Results from both resolvers appear side by side, with differences highlighted and a DNSSEC check.
Dangling records, missing CAA, weak email authentication, and unmonitored changes are common attack paths. Our IT security audit reviews your DNS and email posture end to end.
A DNS lookup asks the Domain Name System for the records attached to a domain, such as the A record (its IPv4 address), MX records (mail servers), or TXT records (which hold SPF, DKIM, and verification data). This tool queries the public Cloudflare and Google resolvers over encrypted DNS-over-HTTPS.
Comparing Cloudflare and Google side by side helps you spot propagation delays after a change, split-horizon or GeoDNS differences, and caching issues. If the record data differs between resolvers, a recent change may still be propagating.
DNSSEC adds cryptographic signatures so resolvers can verify that DNS answers were not tampered with. When the resolver validates those signatures it sets the AD (Authenticated Data) flag. This tool reports whether the AD flag is set, indicating the domain is DNSSEC-signed and validated.
Only the domain name and record type you enter are sent to the public Cloudflare and Google DNS-over-HTTPS resolvers to perform the lookup. Nothing is stored on our servers.