DNS Record Auditor
Audit any domain’s DNS records, email security (SPF, DMARC, DKIM), DNSSEC, and CAA policies — graded A–F with actionable recommendations. Powered by Google DNS-over-HTTPS.
Enter a Domain
How It Works
Enter Your Domain
Type any domain name. We query Google’s public DNS-over-HTTPS API to fetch A, AAAA, MX, NS, TXT, SOA, CNAME, and CAA records.
Analyse Security
We check for SPF, DMARC, and DKIM records, verify DNSSEC validation, and inspect CAA policies — the essentials of domain security.
Get Your Grade
Receive an A–F grade, colour-coded record breakdown, and actionable recommendations to harden your domain’s DNS configuration.
FAQ
Is my data sent anywhere?
DNS queries go to Google’s public DNS-over-HTTPS API (dns.google). No data is stored on our servers and no account is required. Everything else runs in your browser.
What does the grade mean?
The grade (A–F) is based on eight checks: A/AAAA records exist, MX redundancy, SPF record, DMARC policy strength, DKIM presence, CAA records, DNSSEC validation, and NS redundancy. Each check contributes to a 100-point security score.
Why might DKIM not be found?
We check five common DKIM selectors (google, default, selector1, selector2, k1). If your provider uses a custom selector, it may not be detected. DKIM presence is still scored positively when any selector matches.
Can I audit internal or private domains?
This tool queries public DNS records via Google’s resolver. Internal domains that are not resolvable on the public internet will return no results. For internal audits, use your own DNS tooling.
Stay ahead of infrastructure changes
Track releases, EOL dates, and breaking changes across your entire stack — delivered when new versions land.