🇮🇳 PhishGuard — Free cybersecurity tool for India. Cybercrime Helpline: 1930 Security Guide →
DNS Lookup

Free DNS Lookup Tool India — Check All DNS Records

Query A, AAAA, MX, NS, TXT, CNAME records — plus SPF and DMARC email authentication. Detect misconfigured and suspicious domains.

DNS Lookup Tool India — Check A, MX, NS, TXT, SPF & DMARC Records Free

Use PhishGuard's free DNS lookup tool to check MX record domain configuration, verify SPF and DMARC email authentication, and query A, AAAA, NS, CNAME, and TXT records instantly. Our DNS records checker online is built for Indian security researchers, developers, and everyday users who want to verify domain configurations. Phishing domains often have missing DMARC records and suspicious NS configurations — use our DNS lookup India tool to spot anomalies before they affect you.

Also check: SSL Checker · IP Reputation · Domain Age Checker

DNS Lookup
Try:
DNS Records Guide
🟢
SPF + DMARC configured
Domain has email authentication records — means it's harder to spoof email from this domain. Legitimate organisations always configure these.
⚠️
No SPF or DMARC
Anyone can send emails pretending to be from this domain. Common on phishing domains — they skip email auth to avoid traceability.
🚨
No A records found
Domain has no IP address. Either parked, unused, or DNS is being queried through a privacy shield. Highly suspicious if combined with other signals.

DNS Lookup Tool — Frequently Asked Questions

Common questions about DNS records, email authentication, SPF, DMARC, and how to use DNS lookups to detect phishing and spoofed domains.

What is a DNS lookup and why would I need one in India?

A DNS lookup queries the Domain Name System to retrieve records for any domain — such as its IP address (A record), mail server (MX record), and email authentication rules (SPF and DMARC). In India, DNS lookups help verify whether an email claiming to be from SBI or IRCTC actually originates from the bank's real mail servers, or whether a domain is newly registered and suspicious.

How do I check if an email from SBI or HDFC is genuine using DNS?

Enter the sender's domain (e.g., sbi.co.in or hdfcbank.com) in PhishGuard's DNS Lookup tool and check the SPF and DMARC TXT records. Genuine bank domains have strict SPF records listing their authorised mail servers and DMARC policies set to 'reject' or 'quarantine'. If SPF or DMARC are missing entirely, the domain can be spoofed by anyone.

What is an SPF record and how does it prevent email fraud in India?

An SPF (Sender Policy Framework) record is a DNS TXT record that lists which mail servers are allowed to send email on behalf of a domain. If a scammer tries to send a phishing email claiming to be from hdfc.com but uses a different server, email providers that check SPF will reject or mark the email as spam. Missing SPF records are a major red flag in phishing detection.

What is a DMARC record and why is it important for Indian bank customers?

DMARC (Domain-based Message Authentication, Reporting and Conformance) tells email servers what to do when they receive a message that fails SPF or DKIM checks — reject it, quarantine it, or let it through. Banks and government portals with DMARC set to 'p=reject' make it technically impossible for scammers to send convincing emails impersonating them from unauthorised servers.

How can I tell if a domain is newly registered and suspicious using DNS?

Use PhishGuard's DNS Lookup to check the SOA (Start of Authority) record, which contains the domain's creation timestamp. Then cross-check with the Website Age tool for full WHOIS data. Phishing domains impersonating SBI, IRCTC, or Paytm are almost always registered within 1–30 days before use. A brand-new domain for an 'established bank' is an immediate red flag.

What does it mean if a domain has no MX record?

An MX record points to the mail server responsible for accepting email for a domain. If a domain has no MX record, it cannot legitimately receive email. A site claiming to be a company with no MX record is suspicious — real businesses have email infrastructure. Phishing domains often skip MX records since they only need the web server to collect credentials, not to receive replies.

What is DNS spoofing and how does it affect Indian internet users?

DNS spoofing (also called DNS cache poisoning) is an attack where hackers corrupt DNS records to redirect users from a real website to a fake one. When you type sbi.co.in, DNS spoofing can make your browser open a fake SBI page instead. Using DNSSEC-validated resolvers and checking DNS records with PhishGuard helps detect anomalies in DNS configuration that may indicate an active spoofing attack.

How do I check if a .in or .co.in domain is fake using DNS lookup?

Enter the suspicious domain in PhishGuard's DNS Lookup tool and check: (1) SOA record age — newly created .in domains are suspicious when claiming to be established brands. (2) NS records — fake Indian domains often use generic nameservers like Cloudflare or Namecheap rather than dedicated corporate DNS like the real brands use. (3) Missing DMARC — legitimate Indian companies all have DMARC configured.

What is a CNAME record and how do scammers misuse it?

A CNAME (Canonical Name) record points one domain to another. Scammers sometimes use CNAME chains to make a phishing domain appear to be associated with a legitimate one. Subdomain takeover attacks — where a scammer claims an abandoned subdomain of a real company — also rely on dangling CNAME records. PhishGuard's DNS Lookup reveals the full CNAME chain for any domain.

How do I verify if a Paytm, PhonePe, or Google Pay domain is genuine?

Enter the suspicious domain in PhishGuard's DNS Lookup. Real Paytm (paytm.com), PhonePe (phonepe.com), and Google Pay (pay.google.com) domains have consistent, long-standing NS records pointing to their corporate nameservers, strict SPF and DMARC records, and A records pointing to well-known hosting infrastructure. Any domain with different NS records or missing email authentication is fake.

What is the TTL value in DNS records and what does a very low TTL mean?

TTL (Time To Live) is how long a DNS record is cached before being refreshed. Legitimate businesses set TTL values of 3600 seconds (1 hour) or higher. A very low TTL — under 300 seconds — means DNS records are changing frequently. This is called 'fast-flux' and is a common technique used by phishing infrastructure to quickly switch between different servers to evade blocklists.

Can I check the DNS records of an Aadhaar or Income Tax portal?

Yes. Enter uidai.gov.in or incometax.gov.in in PhishGuard's DNS Lookup to see their real DNS configuration. Any site claiming to be these portals but with different A record IPs, different NS providers, or missing DMARC records is a phishing page. The genuine .gov.in domains are all managed by NIC (National Informatics Centre) with consistent, verified DNS infrastructure.

Found a suspicious link? Scan it free with PhishGuard or report to India's national cyber crime helpline: 1930 · cybercrime.gov.in