DNS & nameservers
A, AAAA, MX, NS, TXT, CAA, CNAME and SOA records plus delegation checks.
CheckDomainHealth queries public DNS, registration, certificate and reputation data, then summarizes findings in plain language. Results are diagnostic and informational — not a guarantee of deliverability, security or uptime.
Last reviewed: July 5, 2026 · See also Data Sources, Editorial Policy and Privacy Policy
Six diagnostic areas combined in the Domain Health Checker, or available as focused tools.
A, AAAA, MX, NS, TXT, CAA, CNAME and SOA records plus delegation checks.
SPF syntax, DKIM selectors, DMARC policy and MX routing from public DNS.
Live TLS handshake, certificate expiry, hostname match and chain issues.
HTTP status, redirects, response time and common security headers.
RDAP and WHOIS for expiry, registrar, status codes and nameserver fields.
DNSBL listings for mail and web IPs plus PTR / forward-confirmed rDNS.
DNS lookups query authoritative and recursive resolvers for record types such as A, AAAA, MX, NS, TXT, CAA, CNAME and SOA. We normalize the domain, follow standard DNS semantics, and flag missing records, conflicting values, long TTLs or obvious misconfigurations.
Nameserver checks compare delegation (NS at the parent zone) with the records returned by those nameservers. Propagation delays and split DNS can cause temporary differences between what you see in a registrar panel and what public resolvers return. Use the DNS Lookup tool for record-level detail.
SPF, DKIM and DMARC tools fetch and parse TXT records from public DNS. SPF validation includes syntax checks, mechanism analysis and DNS lookup counting against the 10-lookup limit. DKIM checks resolve the selector you provide (or common selectors when scanning). DMARC checks read the policy, alignment settings and reporting addresses.
MX lookups list mail exchangers and priorities. These checks do not send email or log into your mail provider — they only inspect published DNS configuration. For focused checks, use the SPF Checker, DKIM Checker, DMARC Checker and MX Lookup.
SSL checks connect to the host on port 443, inspect the certificate chain, expiry, hostname match and common chain issues. The SSL Checker and CAA Record Checker provide certificate-only and issuance-policy detail.
Website status and HTTP header checks perform HTTP(S) requests and review response codes, redirects, security headers and mixed-content signals where applicable. See the Website Status Checker and HTTP Header Checker for single-purpose tests.
Blacklist checks query configured DNSBL and reputation providers against related IPv4 addresses and mail targets derived from MX and A records. The Blacklist Checker shows which lists returned a match when providers are connected.
Reverse DNS checks resolve PTR records and compare forward-confirmed rDNS where possible via the Reverse DNS Checker. Listing status can change quickly — a clear result at lookup time does not guarantee future reputation.
Registration, expiry, registrar, status codes and nameserver fields come from RDAP services with WHOIS fallback where RDAP is unavailable. Privacy services may redact registrant contact fields while expiry and status remain visible.
The WHOIS Lookup shows full registration context; the Domain Expiry Checker focuses on renewal urgency bands.
The Domain Health Checker combines individual check outcomes into a 0–100 score with passed, review, warning and not-connected states. Scoring weights critical issues (such as missing MX, invalid SSL or blacklist listings) more heavily than informational gaps.
Scores are meant to prioritize what to review first — not to replace provider dashboards or professional assessment. A domain can score well on DNS while still failing email authentication checks if SPF, DKIM or DMARC are incomplete.
See Data Sources for the systems we query and Editorial Policy for how guides are maintained.
Run a free domain health report covering DNS, email authentication, SSL, website response and reputation in one scan.