DNS Lookup
Query DNS records and review security relevant configuration. Checks SPF and DMARC, and can optionally check a DKIM selector. Also reports DNSSEC signals where available.
Public hostnames only. Private and local targets are blocked for security.
Export
Download results as PDF, CSV, or JSON.
Run the tool to enable exports.
Understanding DNS Security
What is SPF?
Sender Policy Framework is a DNS record that specifies which mail servers are authorised to send email for your domain. Without SPF, attackers can easily spoof emails appearing to come from your domain.
What is DMARC?
Domain-based Message Authentication builds on SPF and DKIM to tell receiving servers what to do with emails that fail authentication. It also provides reporting so you can monitor for spoofing attempts.
Why DNSSEC matters
DNSSEC adds cryptographic signatures to DNS records, preventing attackers from poisoning DNS caches and redirecting your users to malicious sites. It is particularly important for financial and healthcare organisations.
Common misconfigurations
The most common issues I see are missing or overly permissive SPF records, no DMARC policy, and dangling CNAME records that could allow subdomain takeover. This tool helps identify all of these.