VSPIC
DNS Tools

Domain DNS Audit — Two-Domain Record Comparison

Side-by-side DNS audit of two domains — match or different per record type with full lists

How to Use This Tool

  1. Enter the first domain in Domain A (for example staging.example.com).
  2. Enter the second domain in Domain B (for example www.example.com).
  3. Parallel lookups fetch six record types for both names.
  4. Values sort alphabetically per type before comparison.
  5. match true means identical sets; false means drift or empty mismatch.
  6. Review each type — MX and TXT diffs often block mail parity.

About This Tool

Domain DNS audits answer whether staging matches production, whether a backup domain mirrors primary mail authentication, or whether acquisition targets align with corporate standards. VSPIC domain DNS audit calls dns-compare with domainA and domainB, queries A, AAAA, MX, TXT, NS, and CNAME for both names in parallel, and returns comparison object with per-type domainA values, domainB values, and match boolean after sorted comparison.

The audit does not judge which side is correct — it surfaces equality per type so engineers document intentional drift. Use before go-live promotions, quarterly compliance reviews, or incident response when comparing suspect versus known-good domains.

Common use cases

  • View all DNS records of a domain after migration
  • Confirm DNS records after domain changes
  • Test for DNS leaks when using a VPN
  • Debug email delivery with MX and TXT records

Why use VSPIC for ?

  • Full six-type audit in one submission.
  • Clear match badges per record type.
  • Both value lists shown for remediation.
  • Staging versus production workflows supported.
  • Free read-only compare — no zone edits.
  • JSON suitable for compliance evidence exports.

Why audit DNS between two domains

Organizations maintain staging, DR, and brand variants. Audits before promotion catch missing SPF on staging, extra MX on DR, or AAAA only on production. Acquisitions compare acquired zones against corporate templates.

domain-dns-audit automates side-by-side diff — faster than manual dig loops in tickets.

Record types in scope

A and AAAA cover web hosting targets. MX defines mail routing. TXT holds SPF, DKIM when at same label, DMARC when published on name, and verification tokens. NS shows delegation. CNAME reveals CDN aliases.

SRV, CAA, and PTR require dedicated lookups outside this audit.

How match is computed

Values extract per type, sort, and compare as lists. Empty versus empty is match. One side empty and the other populated is different — critical for missing SPF on a clone zone.

Duplicate TXT strings appear as separate entries if published multiple times.

MX and mail authentication parity

Mail fails when staging lacks DMARC or SPF present on production. TXT mismatch flags require human review to identify authentication strings.

Follow TXT diffs with email-dns-health-check on each domain individually.

NS delegation surprises in audits

NS mismatch means different DNS providers even if some records match. Escalate NS diffs before go-live — delegation changes outweigh single-record edits.

Child zones may diverge from apex NS while serving correct A records.

Staging versus production runbooks

Run audit weekly on paired environments. Document intentional differences — staging MX to sink server — so future audits do not false alarm.

Block release when critical types differ without approved exception.

Migration and acquisition workflows

Compare old and new hostnames during parallel running. After cutover, audit new production against saved baseline export.

Pair TTL awareness — match in DNS does not mean all clients stopped using cached old IPs.

Relationship to dns-compare-tool

Same dns-compare API and JSON shape. domain-dns-audit uses domainA and domainB field labels with audit-oriented SEO. dns-compare-tool is the catalog equivalent.

Combine with website-dns-checker snapshots for point-in-time baselines.

Compliance documentation

Export comparison results into SOC2 change evidence. Match on MX and TXT for mail domains before declaring audit pass.

Store domainA, domainB, and timestamp in ticket permanence.

API action dns-compare

GET /ip-tools/api/extended?action=dns-compare&domainA=staging.example.com&domainB=www.example.com returns comparison map. Automate nightly drift detection in CI.

Fail pipelines when match false on MX or TXT for release candidates.

Important notes & limitations

  • Only A, AAAA, MX, TXT, NS, CNAME — not SRV, CAA, or PTR.
  • Sorted comparison ignores record order in DNS responses.
  • Both inputs must be valid domain names.
  • One resolver path — geo-steering may differ by region.
  • TXT diff does not classify SPF versus verification tokens automatically.

Frequently Asked Questions

Yes. VSPIC offers this domain DNS audit at no cost with no account required. Results load in real time.

We do not permanently store your queries on our servers. Some tools run entirely in your browser; others fetch public data for the request only.

Yes. Open the page in any modern phone or tablet browser. Results work on Wi‑Fi and mobile data.

Match means DNS record values agree for that type. Firewalls, TLS, and app config can still differ.

Domain A and Domain B — both required valid domain names. Order does not affect comparison logic.

Yes — any TXT difference marks TXT as not match. Review strings to see if SPF or verification tokens changed.

This audit compares A, AAAA, MX, TXT, NS, and CNAME only.

Yes — same dns-compare API. This page targets domain DNS audit search workflows.

dns-compare with domainA and domainB parameters.

Next step for your check

Continue with dns compare tool on VSPIC.

DNS Compare Tool

Related Tools

Explore more free VSPIC tools for IP, DNS, security, and network diagnostics.

Browse all toolsComparison guides

Trusted by Users Who Value Privacy

Always Free

No premium plan ever

100% Private

Files processed in browser

Instant Results

Convert in seconds

Works Everywhere

Any device, any OS