Skip to main content
SecScannerSecScanner
Security ChecksFree ToolsPricingBlog
Get Started
Sign InGet Started

DNS Security Checker

Free online DNS security checker. Scan any domain to validate DNSSEC signatures, check CAA records, detect subdomain takeover risks, verify DANE/TLSA records, and test MTA-STS policy. Get instant DNS security analysis with actionable fix recommendations.

No https:// needed · Free · No credit card

What We Check

DNSSEC validation check
CAA record verification
Subdomain takeover detection
DANE/TLSA record analysis
MTA-STS policy check
DNS configuration audit

How It Works

1

Enter your domain name

2

We query DNS records across multiple record types

3

DNSSEC chain is validated for integrity

4

Subdomain takeover patterns are checked

5

You receive a full DNS security assessment with recommendations

Security Checks Included

This tool runs the following security checks on your website

DNS SecuritySubdomain Takeover RiskEmail Domain Security (SPF/DKIM/DMARC)DANE / TLSA RecordsMTA-STS PolicyCAA Records

Frequently Asked Questions

What is a DNS security checker?
A DNS security checker is a free online tool that analyzes your domain's DNS configuration for security vulnerabilities. It checks DNSSEC signatures, CAA records, subdomain takeover risks, DANE/TLSA records, and MTA-STS policy — showing pass/fail results with specific fix instructions.
How do I check my DNS security?
Enter your domain name (e.g. example.com) in the DNS security checker above. We'll query multiple DNS record types, validate DNSSEC, check for subdomain takeover indicators, and provide a comprehensive security report.
What is DNSSEC?
DNSSEC (DNS Security Extensions) adds cryptographic signatures to DNS records, preventing attackers from forging DNS responses. It protects against DNS spoofing and cache poisoning attacks that could redirect your users to malicious sites.
What is a CAA record?
A CAA (Certification Authority Authorization) DNS record specifies which Certificate Authorities are allowed to issue SSL certificates for your domain. It prevents unauthorized certificate issuance even if a CA is compromised.
What is subdomain takeover?
Subdomain takeover occurs when a DNS record points to a deprovisioned external service (like a deleted cloud instance or GitHub Pages). Attackers can claim that service and serve malicious content from your trusted subdomain.
What is MTA-STS?
MTA-STS (Mail Transfer Agent Strict Transport Security) enforces TLS encryption for email delivery to your domain. Without it, emails can be intercepted via downgrade attacks that strip TLS from SMTP connections.
Is this DNS security checker free?
Yes, our DNS security checker is completely free. It tests 6 DNS security configurations and is part of SecScanner's free toolkit that also covers SSL, HTTP headers, email authentication, and 60+ other security checks.

Ready to Check Your Website?

Run a free security scan now and get instant results with actionable fix recommendations.

No https:// needed · Free · No credit card

Product

  • Security Checks
  • Free Tools
  • SSL Checker
  • Vulnerability Scanner
  • Email Security
  • Pricing
  • Compliance
  • Security Reports

Popular Checks

  • CSP Check
  • HSTS Check
  • TLS Version Check
  • SSL Expiry Check
  • SPF/DKIM/DMARC Check
  • Cookie Security Check
  • JS Vulnerability Scan
  • OCSP Stapling Check

Resources

  • Blog
  • Glossary
  • Contact

Legal

  • Terms of Use
  • Privacy Policy
  • Refund Policy
  • Cookie Policy

© 2025-2026 SecScanner. All rights reserved.