Full DNS Audit in Seconds
DNS Health Report
Enter a domain to audit nameservers, mail security, DNSSEC and more — get a scored health grade with actionable recommendations.
Frequently Asked Questions
What does the DNS health report check?
The report audits NS delegation, SOA record, A/AAAA records, MX configuration, SPF, DMARC, DKIM (common selectors), CAA records and DNSSEC — giving you a comprehensive view of your domain's DNS health.
How is the health grade calculated?
Each check is weighted by importance. Critical items like NS delegation and A records carry more weight, while optional features like DKIM or CAA contribute less. The grade ranges from A (excellent) to F (critical issues).
Why is DKIM sometimes not found?
DKIM records are published under a specific selector (e.g. 'default._domainkey.example.com'). The tool tests common selectors like 'default', 'google', and 'selector1', but your domain may use a different selector name.
What is DNSSEC and why does it matter?
DNSSEC (DNS Security Extensions) adds cryptographic signatures to DNS responses, preventing attackers from tampering with DNS answers. Without DNSSEC, users are vulnerable to DNS spoofing and cache poisoning attacks.
Should I fix all warnings?
Critical failures (NS, A records) should be fixed immediately as they affect site availability. Mail security (SPF, DMARC) is essential for email delivery. Optional items like CAA and DNSSEC are strong security enhancements worth implementing.
Related Tools
Full DNS Record Lookup
Retrieve every DNS record type for a domain in one query — A, AAAA, MX, NS, TXT, SOA, CAA and more.
DMARC Record Checker
Validate your domain's DMARC policy. Check alignment, policy mode, reporting URIs and configuration issues.
SPF Record Checker
Validate SPF records and detect issues — too many lookups, syntax errors, and missing includes.
DKIM Record Checker
Look up and validate DKIM public key records. Verify selector, key length, algorithm and flags.