DNS Intelligence Auditor

Last updated:

Queries Cloudflare and Google DNS-over-HTTPS (free, no auth) to enumerate all DNS record types: A, AAAA, MX, NS, TXT, CNAME, SOA, CAA. Flags security misconfigurations including missing CAA records, SPF ~all vs -all, dangling CNAMEs (subdomain takeover candidates), mail provider identification, and zone configuration issues.

Drag to your bookmarks bar:

🌐 Audit DNS
1
Install — drag to bookmarks bar
2
Visit any website
3
Click — queries DNS-over-HTTPS for all record types and analyzes results

Runs on any website — all processing in your browser.

🌐

Install the bookmarklet, then use it on any website

DNS Intelligence Auditor

DNS records reveal critical infrastructure details: mail providers, hosting services, security configurations, and potential vulnerabilities. This tool queries all record types via DNS-over-HTTPS and performs security analysis without any API keys or authentication.

Security Checks

Missing CAA records (any CA can issue certificates), weak SPF policies (~all vs -all), absent DMARC, dangling CNAMEs pointing to claimable services, single-provider NS records, and mail provider identification.

DNS-over-HTTPS (DoH)
A protocol that sends DNS queries over encrypted HTTPS connections. Cloudflare and Google provide free public DoH resolvers.

🌐 DNS Intelligence Auditor — FAQ

Why use DNS-over-HTTPS instead of regular DNS?

DoH works from JavaScript in the browser without any special permissions. Regular DNS requires OS-level access.

What is a dangling CNAME?

A CNAME pointing to a service (Heroku, GitHub Pages, etc.) where the target resource no longer exists. An attacker can claim it and serve their content on your subdomain.

Why does SPF ~all matter?

~all (softfail) means receiving servers should be suspicious of unauthorized senders but still accept the email. -all (hardfail) tells servers to reject unauthorized senders.

What are CAA records?

Certificate Authority Authorization records specify which CAs are allowed to issue certificates for a domain. Without them, any CA can issue certificates, increasing risk of unauthorized issuance.

Does this check all subdomains?

It checks the root domain plus common subdomains (www, mail, ftp). Full subdomain enumeration is available in the CT Subdomain Enumerator.

📡

CT Subdomain Enum

Discover subdomains via CT logs.
🛰️

Shodan Recon

Open ports and CVEs for any IP.
📧

Email Security Analyzer

SPF, DKIM, DMARC analysis.
🏴

Subdomain Takeover Scanner

Find dangling CNAME records.