Free · No signup · Instant
DNS Lookup
A complete DNS snapshot is the starting point for any security review. This tool resolves A, AAAA, MX, NS, TXT, and CAA records via Cloudflare's public DoH resolver, shows TTLs, and flags missing CAA (which lets anyone issue a TLS cert for your domain) and missing MX (which means you can't receive email).
Frequently asked questions
What's a CAA record and why do I need one?
Certification Authority Authorization tells CAs (Let's Encrypt, DigiCert, etc.) which ones are allowed to issue certs for your domain. Without it, any CA can issue — an open door for cert mis-issuance attacks.
Should TXT records have low TTLs?
Lower TTLs (300–3600s) make changes propagate faster but increase load on resolvers. 3600s is a sane default for SPF/DMARC TXT records.
Other free tools
SPF Record Checker
Check any domain's SPF record for syntax errors, lookup-count violations, and policy weakness. Free, instant, no signup.
DMARC Record Checker
Look up any domain's DMARC record. We check the policy strength (none/quarantine/reject), aggregate reporting, and percentage enforcement.
HTTP Security Headers Checker
Scan any URL for HSTS, Content-Security-Policy, X-Frame-Options, X-Content-Type-Options, Referrer-Policy and Permissions-Policy. Get a 0-100 score.