Regardless of what kind of web hosting you have, you likely have a website, and you likely use your domain name for email. Web and email hosting both depend on you configuring your Domain Name System (DNS) settings correctly and making changes when appropriate.
Whenever you make a change, it's important to get the DNS changes right. Sometimes DNS misconfigurations don't cause your website to crash or your email not to work, but instead cause annoying and sometimes costly more subtle problems such as a website that loads too slowly or your email not reliably making it to the recipient's Inbox.
This article assumes you know some DNS basics. To learn about DNS, check out this Guide to managing DNS for web hosting.
Misconfigured DNS can cause your website to go down, email to stop working, or more subtle problems such as your email going to spam. As a web hosting user, it's important to check your DNS configuration to make sure it's working.
There are some tools you can use to check the health of your DNS and to detect problems.
Some Common DNS problems
Domain name expiration - If your website, email, and other services abruptly stop working, make sure that you remembered to renew your domain name. Check the whois database to check the expiration date. If it's expired, login to your registrar and immediately renew your domain name.
Neglecting to save DNS changes. Check that your nameservers are pointing at your web hosting provider's name servers. When changing hosts, it's possible to think you changed the name servers but made a mistake or failed to save the change. The whois database will list your name servers as well a query using Dig or other DNS tool.
Editing DNS records at the old host. Make sure you're editing the records at the right host. Sometimes people move their DNS host (where their authoritative DNS records are located) to another host and mistakenly go to the old host to edit the DNS records. The records look the same, but they're the old records at the old host. To confirm where your DNS records should be edited check the name servers using whois, dig or another tool.
Note: You can speed this process up by temporarily lowering the Time to Live (TTL) usually measured in seconds, so that other name servers won't cache the outdated records as long before querying your name servers for the updated information. For example, if the default TTL is 4200 you could change it to 300 seconds. It's important to come back and change the TTL back to the higher value later as a low TTL will cause a lot of unnecessary DNS lookups, which could slow down your website and other services.
Section 1 - DNS Tools
The Whois database
The Whois database is the official database of domain names maintained by ICANN (The Internet Corporation for Assigned Names and Numbers)., the organization that coordinates the administration of the Domain Name System (DNS) and IP addresses.
It maintains a database of every domain name, including who owns the domain name, when they registered it, and the addresses of the authoritative name servers.
You can run whois from a command line on your computer.
$ whois google.com
You can find the official whois database at ICANN's website.
Or you can query the whois database via other sites that connect to the whois database like HostAdvice's own Whois Lookup tool.
Mxtoolbox - The DNS Swiss Army Knife
Mxtoolbox is any easy to use and comprehensive tool for checking the health of your domain name and troubleshooting specific problems.< Periodically and whenever you make changes, it's a good idea to run your domain name through Mxtoolbox's DNS Health check Tool, running through checking each record, returning a green light for good, and a red light for problems, along with details. Mxtoolbox displays the errors in red, with warnings and minor issues in orange.
Here are some of MXToolBox's Network Tools
DMARCIAN for email authentication
Setting up a Sender Policy Framework (SPF) record, DKIM, and DMARC, are essential to protect your domain name from spoofing and helps prevent deliverability problems. For a more in depth treatment of email authentication, please see <Why email authentication is critical for every domain name>.
Dmarcian is a service that makes it easy to read DMARC reports, which are reports on who's sending email out using your domain name and whether they're authorized to send email on your behalf. Also, DMARC has some excellent tools to check the validity of email authentication records.
* SPF Survey - Checks the validity of your SPF record
* DKIM Inspector - Checks the validity of your DKIM record (or records)
* DKIM Validator - You can use this tool to test your DKIM record before you enter it as a TXT record.
* a href="https://dmarcian.com/dmarc-inspector/">DMARC Inspector - Checks the validity of your DMARC record
* DMARC Generator - if you enter your domain, this tool will generate a DMARC record you can use.
If you're a Mac or Linux user, Dig is installed by default. If you're a Windows user, nslookup is installed by default. The problem with nslookup is that it has some known flaws that cause it to sometimes return inaccurate information. If you're a Windows user, you can easily download and install Dig.
Dig is a powerful command line utility that enables you to check each type of DNS record. Dig comes with some options so you can specify the type of DNS records you want to look at, and whether you want verbose or more sparse output. Dig returns DNS zone files (the files that contain all the resource records) in the same format as the zone file itself.< The output is essentially the entire zone file. The most common type of DNS records the A (often called an Address record), which shows what, IP address your domain name's pointed to. For your website to work, you need the A record to point to the IP address of your virtual server. Use the +short option for most queries to exclude extraneous information.
$ dig google.com +short 220.127.116.11
Note that since the A record is the default record returned by dig, you don't have to specify it.
There are times when you want to review your entire zone file, so you'd use any option.
; <<>> DiG 9.10.6 <<>> google.com any ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32754 ;; flags: qr rd ra; QUERY: 1, ANSWER: 11, AUTHORITY: 0, ADDITIONAL: 16 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 512 ;; QUESTION SECTION: ;google.com. IN ANY ;; ANSWER SECTION: google.com. 199 IN AAAA 2607:f8b0:400a:808::200e google.com. 200414 IN NS ns2.google.com. google.com. 200414 IN NS ns3.google.com. google.com. 200414 IN NS ns1.google.com. google.com. 200414 IN NS ns4.google.com. google.com. 128 IN A 18.104.22.168 google.com. 445 IN MX 30 alt2.aspmx.l.google.com. google.com. 445 IN MX 10 aspmx.l.google.com. google.com. 445 IN MX 50 alt4.aspmx.l.google.com. google.com. 445 IN MX 20 alt1.aspmx.l.google.com. google.com. 445 IN MX 40 alt3.aspmx.l.google.com. ;; ADDITIONAL SECTION: ns4.google.com. 76150 IN A 22.214.171.124 ns4.google.com. 307019 IN AAAA 2001:4860:4802:38::a ns2.google.com. 75838 IN A 126.96.36.199 ns2.google.com. 307149 IN AAAA 2001:4860:4802:34::a ns3.google.com. 76126 IN A 188.8.131.52 ns3.google.com. 307128 IN AAAA 2001:4860:4802:36::a ns1.google.com. 76096 IN A 184.108.40.206 ns1.google.com. 306828 IN AAAA 2001:4860:4802:32::a alt2.aspmx.l.google.com. 89 IN A 220.127.116.11 alt2.aspmx.l.google.com. 149 IN AAAA 2607:f8b0:4002:c08::1a aspmx.l.google.com. 149 IN A 18.104.22.168 aspmx.l.google.com. 269 IN AAAA 2607:f8b0:400e:c03::1a alt4.aspmx.l.google.com. 139 IN A 22.214.171.124 alt1.aspmx.l.google.com. 29 IN A 126.96.36.199 alt1.aspmx.l.google.com. 29 IN AAAA 2607:f8b0:4001:c1e::1b ;; Query time: 16 msec ;; SERVER: 2001:558:feed::1#53(2001:558:feed::1) ;; WHEN: Mon Apr 23 03:18:29 PDT 2018 ;; MSG SIZE rcvd: 587
Most of the time you'll want to be more precise in your dig query and you'll want to use the +short option.. Let's say you've just changed email hosts or you're having some trouble with email, and you want to check what the domain name's mailXchanger (MX) records are.
To query a specific record type enter it like this, including "short if you want to cut out a lot of the extraneous information that's often returned along with the data you need
$ dig google.com mx +short
30 alt2.aspmx.l.google.com. 50 alt4.aspmx.l.google.com. 10 aspmx.l.google.com. 40 alt3.aspmx.l.google.com. 20 alt1.aspmx.l.google.com.
This shows the mail servers that Google's using. If you're checking your domain and the records don't show up as you'd expect or those specified in your email host's documentation, then check to make sure that you entered them correctly.
If you've been having problems with email deliverability, you may want to check your SPF record, DKIM record, and DMARC record all of which are typically TXT records.
$ dig google.com txt +short
Google's SPF record shows they only send outgoing email through their servers. You might use more than one outgoing email service. For example, you might use your web host or a service like Google to send your day-to-day email, and an ESP like MailChimp for your email newsletters. All outgoing email services need to be included in your SPF record.
"v=spf1 include:_spf.google.com ~all"
Another common record type is called a CNAME (canonical name), which is typically used to forward one domain or subdomain to another domain.
$ dig www.example.com cname
www.example.com. 14400 IN CNAME example.com.
This means that www.example.com is an alias at example.com. As a practical matter, it means they point at the same IP address and load the same website.
More Web-based DNS tools
Dig Web Interface - This is a web interface to Dig.
G Suite Toolbox - G Suite toolbox has a few DNS tools, including a web-based Dig and an MX record checker.
Additional Google Tools - This set of tools includes a tool to flush Google DNS cache for your domain name. This means if you recently made a change to your DNS records, your old records may still be out on the web as various DNS servers flush their caches and query your Name servers for the updated information. To hurry this process along, flush Google's cache, making google check your name servers, querying your name servers sooner for any DNS changes you've made.
DNS Stuff - This site includes domain name tools, IP tools, networking tools, and email tools. This site can be very useful for troubleshooting, so it's worth spending some time on the site getting familiar with the various tools.
DNS Tools - This set of tools is easy-to-use enabling you to query each type of DNS record.
Wise Tools - This tool set includes, among other things, DNS query tools and email authentication validation tools. The interface is clean and intuitive to use.
You now know about some powerful tools available for you to perform DNS queries, DNS health checks, troubleshoot web hosting problems and validate email authentication.
To use tools effectively, spend some time learning more about how DNS works and about the various kinds of DNS records. There are a lot of DNS tutorials on the web. A good starting point might be this <introduction to DNS for web hosting.>
It's best practice to use these tools before there's a problem to feel comfortable with the tools and become familiar with the output.