Search tools...
Developer Tools

DNS Lookup Tool — Complete Guide (हिंदी)

DNS records, propagation, diagnosis और security सब कुछ एक जगह

14 मिनटUpdated March 19, 2026DNS, networking, developer-tools, security, sysadmin

Jab bhi aap browser mein koi URL type karte ho — jaise github.com — tab ek invisible process start hoti hai jo us human-readable name ko machine-readable IP address mein convert karti hai. Yahi process DNS resolution hai, aur iska backbone hai Domain Name System (DNS). Ek DNS lookup tool aapko directly is system ko query karne deta hai — OS cache ya browser cache ko bypass karke — taaki aap kisi bhi domain ke live DNS records dekh sako.

Chahe aap naye server pe deploy karke site resolve nahi ho rahi ho debug kar rahe ho, ya email delivery issues mein MX/SPF records verify karne ho, ya simply samajhna ho ki DNS propagation mein itna time kyun lagta hai — yeh guide aapke liye hai. Real dig commands, zone file examples aur security best practices ke saath developer-focused explanation.

Free Tool

Abhi DNS Lookup Karo

Kisi bhi domain ke A, AAAA, MX, CNAME, TXT aur sab DNS record types query karo. Free, login required nahi, multiple global resolvers se real-time results.

DNS Lookup Tool Kholein

DNS kya hai aur Domain Name Resolution kaise kaam karta hai?

DNS ek globally distributed, hierarchical database hai. Jab aapka computer api.github.com resolve karna chahta hai, ek multi-step process hoti hai jise recursive resolution kehte hain:

DNS Resolution Steps

  1. Local cache check — Pehle OS apna local DNS cache check karta hai. Linux mein: resolvectl statistics, Windows mein: ipconfig /displaydns
  2. Recursive resolver — Cache miss hone par query configured resolver ko jaati hai (e.g., Google ka 8.8.8.8 ya Cloudflare ka 1.1.1.1)
  3. Root nameservers — Resolver 13 root nameserver clusters se poochta hai ki .com TLD ka nameserver kaun hai
  4. TLD nameservers.com TLD nameserver github.com ke authoritative nameservers return karta hai
  5. Authoritative nameserver — Actual record return hota hai (jaise api.github.com ka A record)
# dig se full resolution trace dekhein
dig +trace api.github.com A

# Output mein dikhega:
# Root → .com TLD → github.com NS → final A record
# api.github.com.  60  IN  A  140.82.112.6
Key point: Final answer authoritative nameserver se aata hai — yahi source of truth hai. Baaki sab caching layers hain. Isliye DNS change hone ke baad bhi purana IP dikhta rehta hai — cache expire nahi hua hota.

DNS Query Types

  • Recursive query — Client → Resolver ko bheja jaata hai. "Mujhe final answer chahiye."
  • Iterative query — Resolvers aur authoritative servers ke beech. "Jo best answer hai do ya referral do."
  • Non-recursive — Resolver ke paas already cache mein answer hai.
# Specific nameserver se query karo (local cache bypass)
dig @8.8.8.8 github.com A

# System ka current DNS server check karo
cat /etc/resolv.conf   # Linux/macOS
ipconfig /all | findstr "DNS Servers"  # Windows

DNS Record Types: A, AAAA, MX, CNAME, TXT, NS, SOA — Poori Explanation

DNS records zone file mein store hoti individual entries hain. Har type ka specific purpose hota hai. Inhe samajhna misconfiguration debugging mein ghanton ki bachat karta hai.

Record Type Purpose Example Value Use Case
ADomain → IPv4 address93.184.216.34Web servers, APIs
AAAADomain → IPv6 address2606:2800:220:1:248:...Dual-stack sites
CNAMEAlias → dusre domain ka naammyapp.vercel.app.CDN, subdomains
MXEmail routing with priority10 mail.example.com.Email delivery
TXTArbitrary text / verificationv=spf1 include:_spf.google.com ~allSPF, DKIM, DMARC
NSAuthoritative nameserversns1.cloudflare.com.Domain delegation
SOAZone metadataSerial, refresh, retryZone management
PTRReverse DNS (IP → domain)mail.example.com.Email reputation

Real Zone File Examples

; A record — website ka IP
example.com.    3600  IN  A      93.184.216.34

; MX records — email routing (priority jitni kam, utna prefer)
example.com.    3600  IN  MX     1  aspmx.l.google.com.
example.com.    3600  IN  MX     5  alt1.aspmx.l.google.com.

; SPF TXT record — email spoofing prevent karta hai
example.com.    3600  IN  TXT    "v=spf1 include:_spf.google.com ~all"

; DMARC TXT record
_dmarc.example.com. 3600 IN TXT "v=DMARC1; p=reject; rua=mailto:dmarc@example.com"

; CNAME — subdomain alias
blog.example.com. 3600 IN CNAME myapp.vercel.app.
CNAME restriction yaad rakho: Zone apex (root domain jaise example.com) pe CNAME nahi lagta — sirf subdomains pe lagta hai. Root domain ke liye ALIAS/ANAME ya Cloudflare CNAME flattening use karo.

DNS Propagation: Changes Mein Time Kyun Lagta Hai aur Status Kaise Check Karein

DNS record change karne ke baad naya value instantly everywhere nahi dikhta. Har resolver ne old value cache ki hoti hai aur tab tak serve karta rehta hai jab tak cache expire nahi ho jaata — yahi DNS propagation hai.

Propagation Math Simple Tarike Se

Purana A record TTL: 3600 seconds (1 ghanta)

T+0    — Aapne registrar mein IP change kiya. Authoritative NS updated.
T+0    — Jo resolvers abhi query karein woh naya IP paayein.
T+60m  — Pichle 1 ghante mein query karne wale resolvers ka cache expire.
T+60m  — Propagation complete (TTL=3600 ke saath).

Agar TTL=86400 (24h) tha, toh worst case 24–48 ghante lag sakte hain.

Smart Migration: Pehle TTL Kam Karo

# Step 1: 48 ghante pehle TTL 300s kar do
# (DNS provider ke dashboard mein)

# Step 2: Verify karo ki low TTL propagate hua
dig +nocmd +noall +answer example.com A
# example.com.    300   IN  A  203.0.113.10  ← 5 minute TTL

# Step 3: DNS change karo
# Step 4: 5 minute wait karo
# Step 5: Confirm hone ke baad TTL wapas 3600+ karo

Multiple Resolvers Se Propagation Check

# Different global resolvers se query karo
for resolver in 8.8.8.8 1.1.1.1 9.9.9.9 208.67.222.222; do
  echo -n "$resolver: "
  dig @$resolver +short example.com A
done

# Propagation ke dauran output:
# 8.8.8.8: 203.0.113.10    (purana — cached)
# 1.1.1.1: 198.51.100.20   (naya — update hua)
# 9.9.9.9: 198.51.100.20   (naya)
# 208.67.222.222: 203.0.113.10  (purana — still cached)

Common DNS Issues aur Diagnosis Kaise Karein

Zyaadatar DNS problems kuch specific categories mein aati hain. Systematic diagnostic playbook:

Problem 1: NXDOMAIN — Domain Not Found

dig example-newsite.com A  # status: NXDOMAIN

# Diagnose karo:
whois example-newsite.com | grep -E "Expir|Status|Name Server"
dig example-newsite.com NS

Problem 2: SERVFAIL

dig example.com A  # status: SERVFAIL

# DNSSEC issue check karo:
dig +cd example.com A  # +cd = checking disabled
# Agar yeh succeed kare toh DNSSEC broken hai

Problem 3: Local Cache Mein Purana IP

# macOS cache flush
sudo dscacheutil -flushcache && sudo killall -HUP mDNSResponder

# Linux (systemd-resolved)
sudo resolvectl flush-caches

# Windows
ipconfig /flushdns

Problem 4: Email Delivery Issues

dig example.com MX         # Email routing
dig example.com TXT        # SPF record
dig _dmarc.example.com TXT # DMARC policy
dig google._domainkey.example.com TXT  # DKIM key

DNS Security: DNSSEC, DNS over HTTPS aur DNS Hijacking

DNS 1980s mein design hua tha — security consider nahi ki gayi thi. Modern DNS security layers teen attack vectors address karti hain: cache poisoning, man-in-the-middle aur DNS hijacking.

DNSSEC — Cryptographic Integrity

# DNSSEC enabled hai ya nahi check karo
dig +dnssec example.com A
# RRSIG record dikhne chahiye answer mein

# DNSSEC chain verify karo
dig example.com DS      # Parent zone mein DS record
dig example.com DNSKEY  # Zone signing keys

DNS over HTTPS (DoH)

# Traditional DNS port 53 pe plaintext jaata hai
# DoH HTTPS ke andar encrypt karta hai

# Cloudflare DoH direct query (curl se)
curl -s "https://cloudflare-dns.com/dns-query?name=github.com&type=A"   -H "accept: application/dns-json" | jq '.Answer[]'

DNS Hijacking Attack Types

AttackKaise Kaam Karta HaiDefense
Cache PoisoningAttacker resolver cache mein galat records inject karta haiDNSSEC enable karo
Registrar HijackingRegistrar account hack karke NS changeRegistrar 2FA, Registry Lock
ISP InterceptionISP NXDOMAIN responses hijack karta haiDoH/DoT use karo
Malware DNS ChangerMalware system DNS server badal deta haiNetwork monitoring, DoH at browser

Developer aur Sysadmin Workflows mein DNS Lookup Kab Use Karein

DNS lookup tool sirf troubleshooting ke liye nahi — deployment verification, security auditing aur infrastructure planning ka core part hai.

Deployment ke Waqt DNS Checklist

# 1. A record correct server pe point kar raha hai?
dig +short api.myapp.com A
# Expected: 198.51.100.42

# 2. CAA record check — SSL cert kaun issue kar sakta hai?
dig myapp.com CAA
# 0 issue "letsencrypt.org"

# 3. CDN CNAME correctly set hai?
dig +short static.myapp.com CNAME
# myapp.azureedge.net.

# 4. Email infrastructure verify karo
dig myapp.com MX
dig myapp.com TXT

CI/CD Pipeline mein DNS Health Check

#!/bin/bash
DOMAIN="api.myapp.com"
EXPECTED_IP="198.51.100.42"
ACTUAL_IP=$(dig +short $DOMAIN A | head -1)

if [ "$ACTUAL_IP" = "$EXPECTED_IP" ]; then
  echo "DNS OK: $DOMAIN → $ACTUAL_IP"
  exit 0
else
  echo "DNS MISMATCH: expected $EXPECTED_IP, got $ACTUAL_IP"
  exit 1
fi

Reverse DNS aur Email Reputation

# Mail server ka PTR record check karo
dig -x 198.51.100.42 +short
# mail.myapp.com.  ← Hostname match hona chahiye

# PTR mismatch = emails spam folder mein jaayenge!

Advanced DNS Security aur Best Practices

Production domains ke liye DNS security layered approach mein implement karni chahiye.

High-Value Domain Security Checklist

  • Registry Lock enable karo — DNS changes ke liye out-of-band verification required hogi
  • DNSSEC enable karo — Registrar aur DNS provider dono support karte hain toh zaroor lagao
  • 2FA on registrar account — TOTP app use karo, SMS nahi (SIM swap attack possible)
  • CAA records lagao — Sirf authorized CAs hi SSL cert issue kar sakein
  • DMARC p=reject set karo — Email spoofing completely block ho
  • Monitoring lagao — DNS changes ke liye alerts set karo (Cloudflare, AWS Route53 notifications)
# CAA record set karo (DNS provider dashboard mein)
# Sirf Let's Encrypt SSL issue kar sake:
example.com.  CAA  0 issue "letsencrypt.org"
example.com.  CAA  0 issuewild "letsencrypt.org"
example.com.  CAA  0 iodef "mailto:security@example.com"

# Verify karo:
dig example.com CAA

How to Use the Tool (Step by Step)

  1. 1

    Domain name enter karo

    DNS Lookup tool ke input field mein koi bhi domain type karo (jaise github.com ya api.stripe.com). Subdomains bhi supported hain.

  2. 2

    Record type select karo

    A, AAAA, MX, CNAME, TXT, NS, SOA, PTR, SRV ya ALL mein se choose karo. ALL select karne par ek hi lookup mein sab record types dikhenge.

  3. 3

    DNS resolver choose karo (optional)

    Default resolver override karo. 8.8.8.8 (Google), 1.1.1.1 (Cloudflare) ya 9.9.9.9 (Quad9) choose karke local cache bypass karo.

  4. 4

    Lookup run karo

    'Lookup' click karo. Tool real-time mein DNS query karta hai. 1–3 seconds mein record values, TTL aur response status dikhega.

  5. 5

    Results interpret karo

    Har record ki value, TTL (cache expire hone ke seconds) aur class (IN honi chahiye) review karo. NOERROR = success; NXDOMAIN = record exist nahi karta.

  6. 6

    Multiple resolvers se compare karo

    Same lookup alag-alag resolvers se run karo. Agar answers different hain toh aapka DNS change abhi bhi propagate ho raha hai.

Frequently Asked Questions

DNS propagation mein kitna time lagta hai?+

Propagation time = purane record ka TTL. Agar old A record ka TTL 3600 (1 ghanta) tha toh propagation 1 ghante mein complete hogi. TTL 86400 (24h) hone par 24–48 ghante lag sakte hain. Best practice: koi bhi planned DNS change se 24–48 ghante pehle TTL 300 seconds kar do.

A record aur CNAME mein kya difference hai?+

A record domain ko directly IPv4 address se map karta hai (example.com → 93.184.216.34). CNAME dusre domain name ka alias banata hai (www.example.com → example.com). CNAME mein ek extra DNS lookup hota hai lekin multiple subdomains ek target pe point kar sakte ho. Zone apex (root domain) pe CNAME nahi lagta.

DNSSEC kya hai aur kya mujhe enable karna chahiye?+

DNSSEC DNS records mein digital signatures add karta hai taaki resolvers verify kar sakein ki records tamper nahi hue. Production domains ke liye — especially financial, healthcare ya government sites — DNSSEC definitely enable karna chahiye. Agar registrar aur DNS provider dono support karte hain toh enable karo.

Email deliver nahi ho raha — DNS se kaise check karoon?+

Teen cheezein check karo: (1) MX record: dig example.com MX — email routing server, (2) SPF: dig example.com TXT | grep spf — authorized senders list, (3) DMARC: dig _dmarc.example.com TXT — policy. Teeno sahi hone chahiye warna emails spam mein jaayengi.

Free — No Signup Required

Abhi DNS Lookup Karo

Kisi bhi domain ke A, AAAA, MX, CNAME, TXT aur sab DNS record types query karo. Free, login required nahi, multiple global resolvers se real-time results.

DNS Lookup Tool Kholein

Related Guides

Developer Tools4 मिनट पढ़ें

URL Encode & Decode — क्या होता है और कब Use करें? (Developer Guide)

URL encoding (percent-encoding) की पूरी जानकारी हिंदी में

URL EncodingDeveloper ToolsWeb Development
Read Guide
Developer Tools7 मिनट पढ़ें

JSON फॉर्मेटर गाइड

JSON क्या है, कैसे format करें, common errors कैसे fix करें — developers और beginners दोनों के लिए।

DeveloperJSONAPI
Read Guide
Developer Tools8 min read

Regex Tester — Regular Expressions Test करें Free (2026)

Regex patterns test और debug — real-time matching, cheat sheet। Free, browser-based।

DeveloperRegexTesting
Read Guide