HowIsMyDNS.com is a service providing free online tools that can be used to:
- Check and validate your DNS data
- Perform DNS and WHOIS lookups
- Make certain IP calculations and checks
Please note: the tests can only be performed on public DNS zones - private zones cannot be tested.
With these tools you can check whether the domain's name services are functioning correctly, validate the name servers from different sources and compare the data available. You do not need an in-depth knowledge of name server technology to run the tests. Simply input the domain name and the name server(s) it uses and you would be presented with the results.
Please input domain name and click the "Perform Query" button. It may take a few minutes for all configured name servers to respond.
Unregistered Domain Test
- Checks if the target is a host (i.e. whether either NS or SOA record is not defined). The result displays only the A-record instead of performing a full test.
- Checks the existence of the zone.
- The exact results of these tests are not displayed. If there is a mismatch a waning is issued to the user. If everything is ok the results of the next tests are displayed.
- Checks the NS records for the zone, and subsequently A records for these NS records
- Checks the status of the current SOA record
- Displays the zone's A and/or AAAA records if they exist
- This part of the test is not displayed if either A or AAAA record do not exist
- Checks that there are at least two authoritative name servers for the zone
- Displays the SOA Record, formatted and with detailed information
- Serial number format check (low priority)
- NS agreement on SOA serial number
- Checks that the SOA values returned by NS records are the same
- SOA MNAME Check
- Checks that MNAME exists in NS records
These tests check that there are at least two authoritative name servers for the zone.
NS Record tests verify that your NS record (Authoritative Name Server) information is the same in all sources, that is Whois, DNS, and on the servers themselves. Unmatched NS records are displayed with "Warning" status. If an authoritative server does not answer as it should, it's called a "Lame Server". These servers are also shown in the report.
All servers are also tested using normal DNS Query to see if they provide a normal answer. A failure to do so, usually indicates either a configuration problem or a firewall issue.
A-records for NS Servers are checked. A warning is given if the IP addresses are private or if the NS records are CNAMEs. The reverse records for the NS records are also tested and a warning is issued if either the PTRs resolve to multiple addresses or to no addresses at all.
The parent zone may contain glue records for the NS records. This is usually necessary when the NS records reside in the delegated zone; for example google.com NS records are ns1, ns2, ns3 and ns4.google.com. This check requires a non-recursive search to be performed on the parent zones' NS server.
Servers listed as NS record are also queried for their DNS server version identifier; this is informational only and does not produce warnings.
The zone transfer enables the extraction of all DNS data available for the zone. According to DNS best practices, it is advisable to disable zone transfers for public slave zones.
The DNSSEC tests ensure that the name servers' DNSSEC is in use. The tests are performed when the Top Level domain contains the DS records for the tested DNS Zone.
When the DS records are found, they are verified against the name servers' DNSKEY records. This is done by creating a checksum from the DNSKEY record and then comparing it to the checksum of the Top Level domain's DS record.
The RRSIG records acquired from the name server are verified against the signatures generated from the NS, SOA and DNSKEY records. The test does not check other DNS record signings. This is because name servers do not allow zone transfers for testing tools. As such, it is up to the administration to ensure that the DNS record signatures are up to date.
If the DNSSEC tests are performed successfully on all name servers, the domain name is considered DNSSEC-compatible.
Email / MX Test
This tool can be used to validate the mail servers of a certain DNS domain by checking their MX records and sending a message to all mail servers. The message is sent from the address "tester (at) howismydns (dot) com". To perform this test, input the domain name and click the "Perform Query" button. If you don't specify the nameserver(s) to query the default server for the zone is used.
It is hard to measure DNS Performance over a network. This tool performs four DNS queries to the authoritative name server (either given or automatically resolved) for the record you have specified and presents the user with the response time for each query. A response time of less than 100 ms is considered as very good.
To run the test, input a domain or host name, choose a record type and click the "Perform Query" button. If you don't specify a name server to query, the default server for the zone is used.
This tool performs a WHOIS Lookup using a public whois registry, which provides the domain name's (or host/name server name's) public information. Whois query can be performed for a DNS Zone or IP Address/Network. IP networks are resolved from IP registry databases while queries about DNS Zones are resolved from various Whois databases depending on their the Top level domain. The query resolves information about DNS Zone/IP Address contact information, Name Servers, creation and expiration dates, and current status. To run the test, input either an IP address or the domain, host or primary name server's name and click the "Perform Query" button.
This tool performs a basic forward DNS Lookup for all major RRs (A, AAAA, CNAME, MX, TXT, SOA, SPF, SRV, NS, etc.). You can also query ANY record, in which case the tool will resolve all types of Records found for the target. To run the test, input the domain or host name, choose a record type and click "Perform Query" button.
This tool performs a basic reverse DNS lookup. It determines the IP address to which a PTR record is pointing to. To run the test, input an IP address or ".in-addr.arpa" host name and click the "Perform Query" button.
With this tool you can test the reachability of a host on an IP network and measure the round-trip time for messages sent from the originating host to a destination computer. To run the test, input the host name or IP address and click the "Perform Query" button.
With this tool you can discover the route the TCP/IP protocol packets take when transferring to a specific server. To run the test, input the host name or IP address and click the "Perform Query" button. The final result might be delayed by a few minutes, depending on the response time of the routers along the way.
CIDR / Netmask
With this tool you can calculate Inverse Netmask, Network Address/Mask and address range. To run the test, input an IP Address, select Netmask and the number of Mask Bits. You may also select the Maximum number of Subnets and Addresses. Each time you change one of the above parameters, the results are automatically updated accordingly.