HomeSecurity ToolsDNS Security Analyzer
DNS Security Analyzer
Audit domain name service bindings for SPF/DMARC email defenses and DNSSEC validation.
DNS Auditing Console Ready
Scan public name servers to audit CAA, SPF, and DMARC setups.
Frequently Asked Questions
Learn more about how this tool works and standard configurations
It scans public DNS servers for critical authentication configurations (SPF, DMARC), cryptographic signature defenses (DNSSEC), Certificate Authority restriction options (CAA), and potential misconfigurations like AXFR open zone transfers.
Sender Policy Framework (SPF) lists IP addresses and mail servers authorized to send emails on your domain's behalf. DMARC sets rules for recipient servers on how to handle emails failing SPF or DKIM checks (e.g., reject or quarantine), protecting your brand from spoofing.
A Certification Authority Authorization (CAA) record defines exactly which Certificate Authorities (CAs) are allowed to issue SSL/TLS certificates for your domain, preventing unauthorized or malicious certificate issuance.