Full DNS Audit in Seconds
DNS Health Report

Enter a domain to audit nameservers, mail security, DNSSEC and more — get a scored health grade with actionable recommendations.

❓

Frequently Asked Questions

What does the DNS health report check?

The report audits NS delegation, SOA record, A/AAAA records, MX configuration, SPF, DMARC, DKIM (common selectors), CAA records and DNSSEC — giving you a comprehensive view of your domain's DNS health.

How is the health grade calculated?

Each check is weighted by importance. Critical items like NS delegation and A records carry more weight, while optional features like DKIM or CAA contribute less. The grade ranges from A (excellent) to F (critical issues).

Why is DKIM sometimes not found?

DKIM records are published under a specific selector (e.g. 'default._domainkey.example.com'). The tool tests common selectors like 'default', 'google', and 'selector1', but your domain may use a different selector name.

What is DNSSEC and why does it matter?

DNSSEC (DNS Security Extensions) adds cryptographic signatures to DNS responses, preventing attackers from tampering with DNS answers. Without DNSSEC, users are vulnerable to DNS spoofing and cache poisoning attacks.

Should I fix all warnings?

Critical failures (NS, A records) should be fixed immediately as they affect site availability. Mail security (SPF, DMARC) is essential for email delivery. Optional items like CAA and DNSSEC are strong security enhancements worth implementing.

Complete Guide: How to Use the DNS Health Report

Run a comprehensive DNS audit for any domain. Our health report checks NS delegation, SOA configuration, MX records, SPF, DMARC, DNSSEC, and more — then generates a detailed report with pass/fail grades and remediation guidance. Essential for maintaining reliable DNS infrastructure.

Step-by-Step Instructions

1
Enter a domain name
Type the domain you want to audit (e.g., example.com). The tool performs a comprehensive multi-check analysis.
2
Wait for the full scan
The tool runs 15+ checks covering nameservers, SOA records, mail configuration, security records, and DNSSEC. This takes 10-30 seconds.
3
Review the health grade
See an overall health grade (A to F) with individual pass/fail status for each check category.
4
Fix identified issues
Each failed check includes an explanation of why it matters, the impact on your domain, and step-by-step remediation instructions.

Common Use Cases

✓Regular audit — run monthly DNS health checks to catch configuration drift
✓Post-migration — verify DNS is healthy after migrating to a new registrar or DNS provider
✓Email deliverability — ensure DNS records support reliable email delivery (MX, SPF, DMARC)
✓DNSSEC verification — check that DNSSEC is properly configured with valid signatures
✓Pre-launch — audit DNS before launching a new website or service
✓Vendor DNS — verify that clients or partners have healthy DNS configurations

Pro Tips

💡Your domain should have at least 2 nameservers at different IP addresses for redundancy.

💡SOA serial numbers should use the YYYYMMDDNN format and increment with each change.

💡DNSSEC adds cryptographic signatures to DNS — it prevents cache poisoning but requires careful key management.

💡Run this report after every DNS change to catch issues before they affect users.

Related Tools

🛡️

DMARC Record Checker

Validate your domain's DMARC policy. Check alignment, policy mode, reporting URIs and configuration issues.

✅

SPF Record Checker

Validate SPF records and detect issues — too many lookups, syntax errors, and missing includes.

🔑

DKIM Record Checker

Look up and validate DKIM public key records. Verify selector, key length, algorithm and flags.

📋

Full DNS Record Lookup

Retrieve every DNS record type for a domain in one query — A, AAAA, MX, NS, TXT, SOA, CAA and more.

Full DNS Audit in SecondsDNS Health Report