Analysis Free · no signup

DNS / WHOIS Lookup

Look up DNS records, IP addresses, nameservers, and WHOIS registration data.

Enter a domain and the DNS / WHOIS Lookup returns both its live DNS records (A, AAAA, MX, TXT, NS, CNAME, SOA) and its WHOIS registration data — registrar, creation and expiry dates, and nameservers — plus the resolved IP and its geolocation. It's a one-stop domain intelligence lookup that answers 'where does this domain point, who registered it, and when does it expire?' in a single query. Useful for troubleshooting, ownership research, and infrastructure recon.

Updated Krawly Editorial TeamIn-house engineers, writers & reviewers

Example output

Pre-computed real result from running DNS / WHOIS Lookup against github.com

Resolves every DNS record type on a domain (A, AAAA, MX, TXT, NS, SOA, CAA) plus full WHOIS registrar and ownership data when available.

A records
140.82.112.3
Nameservers
dns1.p08.nsone.net (+3 more)
MX records
aspmx.l.google.com (Google Workspace)
Registrar
MarkMonitor Inc.
Created
2007-10-09
Expires
2027-10-09

What this tells you: WHOIS data is partially anonymised for most domains due to GDPR — but registrar, nameservers, and creation date remain public. The MX detection alone tells you what mail provider a company uses.

↓ Run the tool below with your own input

Explore More Free Tools

Discover 150+ free tools for web scraping, SEO analysis, OSINT, and more. 30 free uses every day — no signup required.

150+ Free Tools No Signup Required JSON / CSV / Excel 30 Uses / Day
Quick answer

Enter a domain and the DNS / WHOIS Lookup returns both its live DNS records (A, AAAA, MX, TXT, NS, CNAME, SOA) and its WHOIS registration data — registrar, creation and expiry dates, and nameservers — plus the resolved IP and its geolocation. It's a one-stop domain intelligence lookup that answers 'where does this domain point, who registered it, and when does it expire?' in a single query. Useful for troubleshooting, ownership research, and infrastructure recon.

What is DNS / WHOIS Lookup?

The DNS / WHOIS Lookup Tool combines two distinct data sources. The DNS side queries live nameservers to show how a domain resolves — its A/AAAA addresses, MX mail routing, TXT records, NS nameservers, CNAME aliases, and SOA zone authority. The WHOIS side queries registry databases to reveal registration metadata — the registrar, creation, update, and expiry dates, registrant details (where not privacy-protected), and delegated nameservers. Together they answer both 'how does this domain work technically?' and 'who owns it and when does it renew?', making it a core tool for domain research, DNS troubleshooting, and ownership investigation.

How to use DNS / WHOIS Lookup

  1. 1

    Enter the domain

    Type the registered domain (example.com). WHOIS operates at the registrable-domain level, so query the apex rather than a subdomain like www or blog.

  2. 2

    Review the WHOIS registration

    Check the registrar, creation date, and expiry date. A domain expiring soon is at risk of lapsing; a very recent creation date on a domain claiming to be an established brand is a classic phishing red flag.

  3. 3

    Inspect the DNS records

    Confirm the A/MX/NS records match what you expect. The nameservers in DNS should match the nameservers listed in WHOIS — if they differ, the delegation is mid-change or misconfigured.

  4. 4

    Follow the IP and geolocation

    The resolved IP and its location reveal the hosting provider and region. Cross-reference this with the domain's stated business to spot mismatches during due diligence or fraud investigation.

Try it when you need to…

  • Try it when you receive a suspicious email or link and want to check how recently the domain was registered
  • Try it when you're deciding whether to buy a domain and need to know its expiry date and current registrar
  • Try it when DNS changes aren't taking effect and you suspect the domain is still delegated to the wrong nameservers at the registrar

Use cases

  • DNS troubleshooting — verify records are configured correctly and match the registrar's nameservers
  • Domain ownership research — find the registrar, registration age, and expiry for a domain
  • Fraud and phishing investigation — flag suspiciously young domains impersonating known brands
  • Domain acquisition — check when a domain expires and whether it's approaching a drop
  • Infrastructure recon — discover a target's hosting provider and mail setup from public records

Key features

Full DNS record lookup (A, AAAA, MX, TXT, NS, CNAME, SOA)
WHOIS registration data — registrar, creation/update/expiry dates, nameservers
Resolved IP address with geolocation
Nameserver cross-check between DNS delegation and registrar records
Multi-domain support for bulk lookups

Tips & best practices

Since GDPR took effect in 2018, most WHOIS records for individuals show redacted registrant details behind a privacy proxy. This is normal and legal — you'll still see the registrar, dates, and nameservers, just not the person's name and address.

Registry-level WHOIS (from the TLD operator) and registrar-level WHOIS can differ slightly. The registry is authoritative for creation/expiry dates and nameservers; the registrar holds the contact details.

A domain's creation date is one of the strongest phishing signals available. A 'PayPal support' domain registered three days ago is almost certainly fraudulent — legitimate brand domains are typically years old.

The nameservers listed in WHOIS are where the domain is delegated; the NS records returned by DNS are what those nameservers actually serve. During a nameserver migration these will disagree for a while — that's expected, not broken.

Frequently asked questions

DNS is the live system that translates a domain into IP addresses and routes its mail — it answers 'how does this domain work?'. WHOIS is a registration database that records who registered the domain, through which registrar, and when it expires — it answers 'who owns it?'. This tool queries both.

Under GDPR and most registrar privacy policies, personal registrant details (name, email, address) are redacted by default to protect individuals from spam and abuse. You'll still see the registrar, key dates, and nameservers — the technical and administrative data remains public.

The creation date is the tell. Phishing and scam domains are usually registered days or weeks before a campaign, while genuine brand domains are years old. A brand-new domain impersonating an established company is a strong fraud indicator.

The WHOIS nameservers show where the registrar has delegated the domain; the DNS NS records show what those servers currently answer. During a nameserver change the two disagree until propagation completes — usually within 24-48 hours.

Most generic TLDs (.com, .net, .org) and many country-code TLDs expose WHOIS data. Some ccTLDs restrict access or return very limited fields, and privacy-protected domains mask contact details — but registration dates and registrar are almost always available.

It's the date the current registration ends. After it lapses, the domain enters a grace/redemption period before being released for anyone to register. If you're monitoring a domain to acquire it, or protecting your own, the expiry date tells you the critical deadline.