What DNS records should I check to verify a domain is safe?

Check A record (IP address), MX record (mail server), SPF and DMARC (email authentication), and NS record (nameserver). Phishing domains often have no SPF/DMARC and use suspicious nameservers.

How to check if an email domain is spoofed?

Use PhishGuard's DNS Lookup to check the domain's SPF and DMARC records. Missing or broken SPF/DMARC means the domain can be easily spoofed in phishing emails.

What is DNS spoofing?

DNS spoofing redirects users from a real website to a fake one by corrupting DNS records. Attackers use it to steal bank credentials and OTPs. DNS Lookup lets you verify if records match expected values.

What is DNS spoofing and how is it used to steal UPI and net banking credentials?

DNS spoofing (cache poisoning) is an attack where hackers corrupt DNS records to redirect legitimate domain lookups to malicious servers. When an Indian user types 'onlinesbi.sbi', a poisoned DNS server sends them to a fake IP hosting a perfect clone of the SBI login page. The URL looks correct but the IP is controlled by attackers. PhishGuard's DNS lookup shows the real IP and hosting provider so you can verify the server is operated by the legitimate organisation.

How do I use DNS records to verify if an email from SBI or HDFC is genuine?

Check the SPF, DKIM, and DMARC TXT records for the domain. Legitimate Indian banks publish SPF records listing authorised mail servers. If an email claims to be from sbi.co.in but the domain has no SPF record, or the sending IP doesn't match the SPF allowlist, it is likely a phishing email. Use PhishGuard's DNS Lookup, enter the sender domain, and check the TXT records for 'v=spf1' and 'v=DMARC1'.

What is a DMARC record and how does it protect Indian bank customers?

DMARC (Domain-based Message Authentication, Reporting & Conformance) is a DNS policy that tells email servers what to do with emails that fail SPF or DKIM checks. A 'p=reject' DMARC policy prevents fraudulent emails from even reaching inboxes. Many Indian banks including HDFC, ICICI, and Axis have strong DMARC policies, but smaller fintechs often do not. PhishGuard DNS lookup shows DMARC policy instantly — 'p=none' means no protection and that domain is spoofable.

How do scammers create fake domains that look like real Indian bank websites?

Common techniques include: typosquatting (hdfcbamk.com, icic1bank.com), homoglyph attacks (using Cyrillic 'а' that looks like Latin 'a'), subdomain abuse (sbi.com.secure-login.xyz), TLD swapping (sbi.net instead of sbi.co.in), and hyphen insertion (hdfc-bank-login.com). DNS Lookup reveals the registration date — fake domains are almost always registered within 30 days of a phishing campaign. A 3-day-old domain claiming to be SBI is definitively fake.

What DNS record types should I check when verifying a suspicious e-commerce site?

Check these records: A record (points to IP — verify hosting country), MX records (legitimate stores have professional mail servers, not free Gmail/Yahoo MX), TXT records for SPF and DMARC, NS records (nameservers from parking or free hosting are red flags), and SOA record (check the admin email — legitimate Indian businesses use corporate emails, not Gmail). A new .in or .com domain with Cloudflare nameservers and no MX records is a strong phishing indicator.

What is a subdomain takeover and how does it put Indian users at risk?

Subdomain takeover happens when a company removes a cloud service (like Heroku, AWS S3, or Azure) but keeps the DNS CNAME pointing to it. Attackers register that unclaimed cloud resource and host phishing content under the legitimate company's subdomain. For example, 'support.legitimatebank.co.in' could be hijacked if the bank removed its Heroku app but left the CNAME. DNS lookup shows dangling CNAMEs pointing to unclaimed cloud resources.

How does DNS over HTTPS (DoH) protect Indian users from phishing redirects?

Traditional DNS queries are unencrypted — ISPs, network admins, and attackers on the same Wi-Fi can see every site you visit and redirect your queries. DNS over HTTPS encrypts DNS queries, preventing ISP-level hijacking. In India, public Wi-Fi at airports, malls, and cafés is high risk. Using DoH-enabled browsers like Chrome or Firefox with Cloudflare (1.1.1.1) or Google (8.8.8.8) DNS adds a significant layer of phishing redirect protection.

How can I tell if a .in or .co.in domain is a newly registered scam site?

Use PhishGuard's DNS lookup to check the SOA record timestamp and then cross-reference with our WHOIS checker. Legitimate Indian businesses typically have domains registered for 1+ years. Red flags include: domain registered within 30 days, WHOIS privacy enabled on a financial site, nameservers from free hosting providers, and no MX records (meaning the 'company' cannot even receive email). Scam domains for festivals like Diwali sales are often registered 1–2 weeks beforehand.

What does the TTL (Time To Live) in DNS records reveal about a suspicious website?

A very low TTL (under 300 seconds) means DNS records change frequently — legitimate businesses rarely need this. Fast-flux phishing networks change their IP addresses every few minutes using low TTLs to evade IP blacklists. If PhishGuard's DNS lookup shows a TTL of 60 or less on a financial site's A record, treat it as a strong phishing indicator. Legitimate Indian bank servers use TTLs of 3600 seconds or higher.

How do I check if a domain impersonating Paytm, PhonePe, or Google Pay is fake?

Enter the suspicious domain in PhishGuard's DNS Lookup. Verify: (1) The A record points to an IP owned by the legitimate company's ASN (Paytm uses specific AS numbers), (2) NS records use official nameservers — paytm.com uses Akamai/AWS, not free DNS, (3) MX records show corporate mail servers, (4) No CNAME chains pointing to random cloud platforms. Domains like 'paytm-cashback-offer.com' or 'phonepereward.in' will immediately show mismatched infrastructure.

PhishGuard requires JavaScript to work. Please enable JavaScript in your browser settings.

DNS Lookup

Free DNS Lookup Tool India — Check All DNS Records

Query A, AAAA, MX, NS, TXT, CNAME records — plus SPF and DMARC email authentication. Detect misconfigured and suspicious domains.

DNS Lookup Tool India — Check A, MX, NS, TXT, SPF & DMARC Records Free

Use PhishGuard's free DNS lookup tool to check MX record domain configuration, verify SPF and DMARC email authentication, and query A, AAAA, NS, CNAME, and TXT records instantly. Our DNS records checker online is built for Indian security researchers, developers, and everyday users who want to verify domain configurations. Phishing domains often have missing DMARC records and suspicious NS configurations — use our DNS lookup India tool to spot anomalies before they affect you.

Also check: SSL Checker · IP Reputation · Domain Age Checker

DNS Lookup

Try:

DNS Records Guide

🟢

SPF + DMARC configured

Domain has email authentication records — means it's harder to spoof email from this domain. Legitimate organisations always configure these.

⚠️

No SPF or DMARC

Anyone can send emails pretending to be from this domain. Common on phishing domains — they skip email auth to avoid traceability.

🚨

No A records found

Domain has no IP address. Either parked, unused, or DNS is being queried through a privacy shield. Highly suspicious if combined with other signals.