Is your domain set up correctly?

Q: How do I point a custom domain to systeme.io?

You keep the domain at your existing registrar. Inside systeme.io, go to Settings, then Domains, and add your custom domain. systeme.io will show you the exact DNS records to copy into your registrar's DNS panel: two CNAMEs to load your funnels, pages, and courses on the domain, plus three more CNAMEs and a DMARC TXT record if you also want to send email from the domain. Propagation is usually instant on Cloudflare and within minutes on most registrars. You can verify each record using this checker before going live.

Look up any DNS record on any domain. A, CNAME, MX, NS, TXT, DMARC, SPF, DKIM, CAA, SOA, AAAA. Runs in your browser via Cloudflare DNS-over-HTTPS. No signup, no API limits.

Result Awaiting query

Run a lookup

Pick a record type, paste a domain, press Check. Results show the records returned, the query path, and a quick read on what they mean.

The seven records, briefly

What each record actually does.

DNS records control two things: where your domain points (A, CNAME, NS) and whether your email is allowed to be trusted (DMARC, SPF, DKIM, MX). Get them right and your funnel loads, your emails land in the inbox, and senders trust your domain.

DMARC Email auth

_dmarc.yoursite.com TXT v=DMARC1; p=none; rua=mailto:reports@yoursite.com

Tells receiving mail servers what to do with email that fails SPF or DKIM. As of February 2024, Google and Yahoo require DMARC for bulk senders. Start with p=none to monitor, then move to p=quarantine or p=reject once you confirm legitimate senders pass.

SPF Email auth

yoursite.com TXT v=spf1 include:_spf.google.com include:sendgrid.net -all

Lists every server allowed to send email as your domain. Add an include for each email service you use (Google Workspace, SendGrid, Mailchimp, your ESP). End with -all to reject anything not on the list. Only one SPF record per domain.

DKIM Email auth

google._domainkey.yoursite.com TXT v=DKIM1; k=rsa; p=MIIBIjANBgkqh...

A cryptographic signature on every outgoing email. The public key sits in DNS at a selector subdomain (google._domainkey for Google Workspace, selector1 for Microsoft 365, k1 for SendGrid). Each provider gives you the exact record to paste.

MX Mail server

yoursite.com MX 10 mail.yoursite.com

Routes incoming email to your mail server. Lower priority numbers come first. Without MX records you cannot receive email on the domain. Google Workspace, Microsoft 365, and most email hosts give you the exact MX entries during setup.

A Domain setup

yoursite.com A 192.0.2.1

The IPv4 address your apex domain resolves to. Required for the root (yoursite.com without www) to load anything. If you host your site on a platform, the platform gives you the IP or asks you to use a CNAME flattening service instead.

CNAME Domain setup

www.yoursite.com CNAME yoursite.com

Points a subdomain at another hostname. Used to send www to the apex, or to point a funnel subdomain (offer.yoursite.com) at a hosted platform. CNAMEs cannot live on the apex itself, only on subdomains.

NS Domain setup

yoursite.com NS ns1.cloudflare.com ns2.cloudflare.com

The nameservers that publish all your other DNS records. Set at your registrar. If you moved DNS to Cloudflare or a host, NS records tell the internet to ask them instead of the registrar's default DNS.

Why this actually matters

75%

of phishing attacks rely on domains that lack proper DMARC enforcement, according to Valimail's State of DMARC 2024 report.

Feb 2024

Google and Yahoo started requiring SPF, DKIM, and DMARC on any domain sending more than 5,000 emails per day. Bulk senders without all three see significant inbox-rate drops.

~30%

of small-business domains have no DMARC record at all, based on aggregated Mail-Tester and Postmark scans across 2024.

Sources: Valimail State of DMARC 2024, Google Postmaster Tools sender requirements (Feb 2024), Postmark deliverability report.

Common questions

Honest answers.

What does this domain health checker check?

It checks seven DNS records: DMARC, SPF, and DKIM (the three email-authentication records that determine whether your emails land in the inbox), MX (your mail server), A (the IP address your apex domain resolves to), CNAME (where a subdomain like www or offer points), and NS (which nameservers control your domain). Every check returns a green or red status, the raw record value, and a fix suggestion if the record is missing or invalid.

What is a DMARC record and do I need one?

DMARC (Domain-based Message Authentication, Reporting, and Conformance) tells mail servers what to do with email that fails SPF or DKIM checks. Yes, you need one. As of February 2024, Google and Yahoo require DMARC on any domain that sends bulk email. Without DMARC, your messages are increasingly likely to land in spam or be rejected outright. The minimum viable record is v=DMARC1; p=none; rua=mailto:reports@yourdomain.com placed on _dmarc.yourdomain.com.

What is the difference between SPF, DKIM, and DMARC?

SPF lists which servers are allowed to send email from your domain. DKIM signs each outgoing email cryptographically so receivers can verify it was not modified in transit. DMARC ties the two together by telling receivers what to do when SPF or DKIM fails (allow, quarantine, or reject) and where to send reports. You need all three. SPF and DMARC are TXT records on the root domain; DKIM is a TXT record at a selector subdomain like google._domainkey.yourdomain.com.

How do I add these records to my domain?

Log into the DNS settings of whoever manages your domain (often the registrar, sometimes Cloudflare or a hosting provider). Add a new TXT record for SPF (on the root), a new TXT record for DMARC (on _dmarc), and follow your email provider's instructions for DKIM (they usually give you a selector name and a long public-key value to paste). Changes propagate within minutes on most modern DNS providers, though full global propagation can take up to 48 hours.

Why does the CNAME on a subdomain matter for my funnel or course?

When you host a funnel, landing page, or membership site on a platform like systeme.io, the platform asks you to point a subdomain (often offer.yoursite.com or pages.yoursite.com) at their servers using a CNAME record. If the CNAME is missing or pointing to the wrong host, the page returns a 404 or a security warning instead of your funnel. This checker confirms the CNAME exists and shows what it currently points to.

How do I point a custom domain to systeme.io?

You keep the domain at your existing registrar (GoDaddy, Namecheap, Cloudflare, whoever). Inside systeme.io, go to Settings, then Domains, and add your custom domain. systeme.io will show you the exact DNS records to copy into your registrar's DNS panel: two CNAMEs to load your funnels, pages, and courses on the domain, plus three more CNAMEs and a DMARC TXT record if you also want to send email from the domain. Propagation is usually instant on Cloudflare and within minutes on most registrars. You can verify each record using this checker before going live.

Does this tool check global DNS propagation across multiple resolvers?

No. This tool queries one DNS resolver (Cloudflare's public DNS-over-HTTPS endpoint) to give you a fast pass or fail. For propagation across regions, use a tool like dnschecker.org that polls dozens of resolvers worldwide. The two are complementary: this checker tells you whether the record exists and is well-formed; propagation checkers tell you how widely it has spread.

Are my results private?

Yes. All checks run from your browser directly to Cloudflare's public DNS resolver. Nothing about the domain you check is stored on systeme.io's servers, and there is no signup required.

Use your own domain inside systeme.io

Point your domain at systeme.io.

Use your domain inside systeme.io and run your funnels, pages, courses, and email on it. Free to start with 2,000 contacts and three funnels.

Start free