Network tools for DNS lookups, IP information, WHOIS queries, and more. DNS lookups use Cloudflare's DNS-over-HTTPS service. IP geolocation data provided by ipapi.co. Some features may be limited due to browser security restrictions (CORS).
$
Network Tools
DNS lookup, WHOIS, IP info, reverse DNS, HTTP headers, and subnet calculator.
What is included in this network toolkit?
Six diagnostics in one interface: DNS lookup for A, AAAA, CNAME, MX, TXT, NS, SOA, and PTR records; reverse DNS for IPv4 addresses; IP geolocation showing city, ISP, and timezone; WHOIS registration data; an HTTP header checker; and an IPv4 subnet calculator. Together they cover the questions you would otherwise answer by juggling dig, whois, curl -I, and ipcalc across terminal windows.
How are the lookups performed?
Everything runs from your browser. DNS and reverse DNS queries go to Cloudflare's DNS-over-HTTPS resolver (1.1.1.1), IP geolocation comes from ipapi.co, and WHOIS uses a public lookup API. The HTTP header check sends a HEAD request directly from your browser, and the subnet calculator is pure local JavaScript โ no network call at all. There is no caching layer in between, so you always see live answers.
When should I use ping, traceroute, or dig?
Match the tool to the layer. If a name will not resolve, that is DNS โ use dig or the lookup here. If the name resolves but the host is unreachable, ping tests basic reachability, and traceroute or mtr shows where along the path packets die. If the host answers but the service does not, check the port with ss -tlnp on the server or nc -zv host 443 from outside. Working top-down like this prevents hours of debugging the wrong layer.
How do I check if my DNS changes have propagated?
Propagation is really cache expiry: resolvers keep your old record until its TTL runs out. Query authoritative and public resolvers directly to compare โ dig example.com @1.1.1.1 versus dig example.com @8.8.8.8 โ or run the same lookup here, which uses Cloudflare's resolver. The TTL column in the results shows how long the answer may still be cached. Before a planned migration, lower the TTL to 300 seconds a day in advance to make the cutover fast.
What is reverse DNS and why does it matter?
Reverse DNS maps an IP address back to a hostname via a PTR record in the in-addr.arpa zone โ the CLI equivalent is dig -x 8.8.8.8. It matters most for mail: many receiving servers reject or spam-flag messages from IPs whose PTR record is missing or does not match the sending hostname (forward-confirmed reverse DNS). PTR records are controlled by whoever owns the IP block, usually your hosting provider, not by your domain's DNS.
Why does the HTTP header check fail for some sites?
Because the request is sent from your browser, the target server must allow cross-origin reads via CORS headers โ many sites do not, and some also refuse HEAD requests. When the check fails here, fall back to curl -I https://example.com in a terminal, which has no such restriction. The headers worth reading: cache-control and etag for caching behavior, strict-transport-security and content-security-policy for security posture, and server for the stack.
What does a /24 subnet actually mean?
CIDR notation counts the leading bits that form the network portion. A /24 fixes 24 bits, leaving 8 host bits: 256 addresses, of which 254 are usable โ the first is the network address and the last is broadcast. A /16 gives 65,534 usable hosts; a /30 gives just 2, which is why it is used for point-to-point links. Enter any address with a prefix, like 10.0.4.17/22, and the calculator returns the network, broadcast, host range, and netmask instantly.