Public DNS
A, AAAA, MX, NS, TXT, CAA, CNAME, SOA and PTR from authoritative and recursive resolvers.
CheckDomainHealth uses public internet infrastructure and third-party reputation lists. We do not claim ownership of registry, DNS or blacklist data — we query it to produce diagnostic summaries.
Last reviewed: July 5, 2026 · See also Methodology, Editorial Policy and Privacy Policy
Six public data types queried by the Domain Health Checker and individual tools.
A, AAAA, MX, NS, TXT, CAA, CNAME, SOA and PTR from authoritative and recursive resolvers.
Registration, expiry, registrar, status codes and nameserver fields from registry services.
SPF, DKIM and DMARC TXT records plus MX routing targets from public DNS.
Live TLS handshakes for chain, expiry, hostname match and issuance policy signals.
Configured DNSBL and reputation zones for mail and web-related IP targets.
HTTP(S) requests and response headers observed from our servers at lookup time.
Record lookups use standard DNS queries against the global DNS system. Nameserver delegation is read from NS records at the parent zone and verified against responses from the listed nameservers.
Results reflect what public resolvers return at lookup time. TTL values, caching and regional propagation can cause temporary differences from a registrar DNS panel. Use the DNS Lookup tool for record-level detail.
Registration, expiry, registrar, status codes and nameserver fields come from RDAP services operated by registries and registrars. When RDAP is unavailable, a WHOIS fallback may be used.
Privacy services may redact registrant contact fields while expiry, status and nameserver data often remain visible. See the WHOIS Lookup and Domain Expiry Checker for registration-focused views.
SPF, DKIM and DMARC are read from TXT records at the domain and selector locations defined by each standard. MX records identify mail routing targets used for related checks.
These tools inspect published DNS only — they do not send email or connect to SMTP servers. Focused checks: SPF Checker, DKIM Checker, DMARC Checker and MX Lookup.
Blacklist checks query configured DNS-based blocklists and reputation zones. Provider availability depends on network access, API keys where required, and each list’s published policy.
When a provider is not connected, the report marks that check as not connected rather than failed. See the Blacklist Checker and Reverse DNS Checker for reputation-focused results.
Website status and HTTP header checks use HTTP(S) requests from our servers. SSL inspection uses direct TLS connections on port 443 to read certificate chains, expiry and hostname coverage.
Results reflect what our servers observe at request time, which may differ from a visitor’s browser, geographic location or CDN edge. See the SSL Checker, Website Status Checker and HTTP Header Checker.
For how checks interpret these sources, see Methodology. For content standards on guides and tool pages, see Editorial Policy.
Run a free domain health report using the public DNS, registration, TLS, HTTP and reputation sources described on this page.