DNS Security Checker
Analyze your domain's DNS security configuration including DNSSEC validation, CAA records, and subdomain takeover risks. Detect misconfigurations that could expose your domain to hijacking.
What We Check
DNSSEC validation check
CAA record verification
Subdomain takeover detection
DANE/TLSA record analysis
MTA-STS policy check
DNS configuration audit
How It Works
1
Enter your domain name
2
We query DNS records across multiple record types
3
DNSSEC chain is validated for integrity
4
Subdomain takeover patterns are checked
5
You receive a full DNS security assessment with recommendations
Security Checks Included
This tool runs the following security checks on your website
Frequently Asked Questions
What is DNSSEC?
DNSSEC (DNS Security Extensions) adds cryptographic signatures to DNS records, preventing attackers from forging DNS responses. It protects against DNS spoofing and cache poisoning attacks.
What is a CAA record?
A CAA (Certification Authority Authorization) record specifies which Certificate Authorities are allowed to issue SSL certificates for your domain. It prevents unauthorized certificate issuance.
What is subdomain takeover?
Subdomain takeover occurs when a DNS record points to a deprovisioned service (like a deleted cloud instance). Attackers can claim that service and serve content on your subdomain.
What is MTA-STS?
MTA-STS (Mail Transfer Agent Strict Transport Security) enforces TLS encryption for email delivery to your domain. Without it, emails can be intercepted via downgrade attacks.
Ready to Check Your Website?
Run a free security scan now and get instant results with actionable fix recommendations.