Retrieve Email DNS records using PowerShell

I have been doing a lot of Exchange on-prem to Exchange Online migrations over the last few years, and because of that, I use a lot for querying MX, SPF, DMARC, and DKIM records. Wouldn’t it be convenient to get a simple overview of those records in a PowerShell function? This blog post will show you how 🙂

How it works

PowerShell has a built-in cmdlet for retrieving DNS records, Resolve-DnsName. With this, you can query records and specify what DNS server to connect to and what type of record (A, CNAME, MX, NS, etc.) to retrieve. The function Get-MailDomainInfo that I made uses this cmdlet and shows you the information you need to get a good overview of the servers and options used for a specific domain. By default, it connects to the (CloudFlare) DNS server, but you can specify another one using the -DNSServer parameter.

Example output

In the screenshot below, the output is shown for

If you specify a domain that can’t be found, it will show an error message:

If the domain does exist but does not have all records or services configured… It will return ‘Not enabled’ for those. In this example, for my domain, it only returns the Domain Name, the autodiscover, and the DKIM records seem to be there by default on a WordPress site. (I used the -DNSserver parameter here to specify another DNS server in this example)

The script

Below is the script, which you can save and use as a function in all your PowerShell sessions by adding it to your profile (notepad $profile) by using. c:\data\Get-MailDomainInfo.ps1, for example.

function Get-MailDomainInfo {
        [parameter(Mandatory = $true)][string]$DomainName,
        [parameter(Mandatory = $false)][string]$DNSserver
    #Use DNS server when parameter DNSserver is not used
    if (-not ($DNSserver)) {
        $DNSserver = ''
    #Retrieve all mail DNS records
    $autodiscoverA = (Resolve-DnsName -Name "autodiscover.$($domainname)" -Type A -Server $DNSserver -ErrorAction SilentlyContinue).IPAddress
    $autodiscoverCNAME = (Resolve-DnsName -Name "autodiscover.$($domainname)" -Type CNAME -Server $DNSserver -ErrorAction SilentlyContinue).NameHost
    $dkim1 = Resolve-DnsName -Name "selector1._domainkey.$($domainname)" -Type CNAME -Server $DNSserver -ErrorAction SilentlyContinue
    $dkim2 = Resolve-DnsName -Name "selector2._domainkey.$($domainname)" -Type CNAME -Server $DNSserver -ErrorAction SilentlyContinue
    $domain = Resolve-DnsName -Name $DomainName -Server $DNSserver -ErrorAction SilentlyContinue
    $dmarc = (Resolve-DnsName -Name "_dmarc.$($DomainName)" -Type TXT -Server $DNSserver -ErrorAction SilentlyContinue).Strings
    $mx = (Resolve-DnsName -Name $DomainName -Type MX -Server $DNSserver -ErrorAction SilentlyContinue).NameExchange
    $spf = (Resolve-DnsName -Name $DomainName -Type TXT -Server $DNSserver -ErrorAction SilentlyContinue | Where-Object Strings -Match 'v=spf').Strings
    #Set variables to Not enabled or found if they can't be retrieved
    #and stop script if domainname is not valid 
    $errorfinding = 'Not enabled'
    if ($null -eq $domain) {
        Write-Warning ("{0} not found" -f $DomainName)
    if ($null -eq $dkim1 -and $null -eq $dkim2) {
        $dkim = $errorfinding
    else {
        $dkim = "$($dkim1.Name) , $($dkim2.Name)"
    if ($null -eq $dmarc) {
        $dmarc = $errorfinding
    if ($null -eq $mx) {
        $mx = $errorfinding
    if ($null -eq $spf) {
        $spf = $errorfinding
    if (($autodiscoverA).count -gt 1) {
        $autodiscoverA = $errorfinding
    if ($null -eq $autodiscoverCNAME) {
        $autodiscoverCNAME = $errorfinding
    $info = [PSCustomObject]@{
        'Domain Name'             = $DomainName
        'Autodiscover IP-Address' = $autodiscoverA
        'Autodiscover CNAME '     = $autodiscoverCNAME
        'DKIM Record'             = $dkim
        'DMARC Record'            = "$($dmarc)"
        'MX Record(s)'            = $mx -join ', '
        'SPF Record'              = "$($spf)"
    return $info

Download the script(s) from GitHub here

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.