☀️ 🌙

🔧 DNS Tools

Professional DNS troubleshooting and analysis tools

Tool Categories: Subnet Calculator & IP Tools DNS Resolver & Traversal Zone File Validator

🔐 SSL Certificate Chain Resolver

Analyze SSL/TLS certificate chains, verify trust paths, and detect issues with certificate validation.

⚖️ DNS Migration Validator

Compare DNS records between two servers to verify migration integrity and detect discrepancies.

🌍 Global DNS Propagation Checker

Check DNS propagation across multiple global nameservers to verify changes have propagated worldwide.

🕵️ Dark Web Monitoring

Monitor for domain mentions, data breaches, and leaked credentials on dark web forums and marketplaces.

🗺️ Visual Traceroute

Trace network path with real-time geolocation mapping and latency analysis.

🔒 DNSSEC Validation Debugger

Validate DNSSEC chain of trust, verify signatures, and troubleshoot DNSSEC configuration issues.

⚠️ Domain Risk Scorecard

Get comprehensive risk assessment (0-100) based on email security, SSL/TLS, domain age, service verifications, and threat intelligence.

🔍 Subdomain Discovery

Discover subdomains from Certificate Transparency logs, DNS bruteforce, and certificate SANs. Check for subdomain takeover vulnerabilities.

🔍 Reverse WHOIS Lookup

Search for all domains registered by a specific person, organization, registrar, or using specific nameservers. Similar to SecurityTrails reverse WHOIS.

🔗 Associated Domains Finder

Discover related domains through shared infrastructure: IP addresses, nameservers, SSL certs, WHOIS registrant, email security, services, and more.

Domain Name

Relationship Types

Shared IP (75%) Shared Nameservers (85%) Shared SSL (60%) Shared WHOIS (90%) Shared Email Security (70%) Shared Services (80%) Certificate SAN (95%) CNAME Chain (85%)

Minimum Confidence Score (%)

🔬 Network Fingerprinting

NEW FLAGSHIP

Industry-first SaaS API combining JA4 + proprietary DNS4 suite for comprehensive network traffic analysis. Detect malware C2, track certificate reuse, identify VPNs/proxies, and correlate network behavior with DNS intelligence.

✨ Unique Capabilities (No Competitor Has This)

JA4 TLS Fingerprinting - BSD-licensed client identification
DNS4-CERT - Certificate behavior + threat intelligence correlation
DNS4-TLS - Server response pattern analysis
DNS4-HTTP - Bot vs. human detection
DNS4-SSH - SSH client identification & scanner detection
DNS4-TCP - OS fingerprinting via TCP stack analysis
DNS4-LAT - VPN/Proxy detection via latency anomalies

Free Tier

10K JA4 fingerprints/month

$199

Professional

Full DNS4 Suite + 90 day retention

🎯 Detection Use Cases:

🔴 Cobalt Strike C2
Certificate + TLS patterns

🎣 Phishing Campaigns
Certificate reuse tracking

🤖 Bot Detection
HTTP fingerprinting

🔒 VPN/Proxy Users
Latency analysis

📖 View Documentation 🔌 API Reference

🚀 Quick Start: Get your API key and start fingerprinting in 5 minutes:

curl -X POST https://api.dnsscience.io/v1/fingerprint/submit \
  -H "X-API-Key: YOUR_KEY" \
  -H "Content-Type: application/json" \
  -d '{"source_ip":"1.2.3.4","fingerprints":{"ja4":"..."}}'

🌐 DNSNet Enterprise Toolkit

OPEN SOURCE

Enterprise-grade CLI for managing DNS and DHCP across Infoblox, BlueCat, Route53, Cloudflare, Azure DNS, and 20+ platforms with built-in compliance, auditing, and ticketing integration.

🏢 Supported Platforms

Enterprise DDI: Infoblox, BlueCat, EfficientIP

Cloud DNS: Route53, Cloudflare, Azure, GCP, OCI

Load Balancers: A10 Thunder, F5 BIG-IP GTM

Local DNS: BIND, PowerDNS, NSD, Unbound

✨ Key Features

Unified CLI - One tool for all your DNS/DHCP platforms
Compliance Built-In - SOX, HIPAA, PCI-DSS, GDPR audit trails
Ticketing Integration - Jira, ServiceNow, BMC Remedy
Format Conversion - BIND, NSD, PowerDNS, tinydns, JSON
Visual Traceroute - ASCII art network path visualization
Security Testing - Propagation, DNSSEC, DoH/DoT validation

⚡ Quick Install

pip install dnsscience-dnsnet

# Initialize configuration
dnsnet config init

# List zones from Infoblox
dnsnet infoblox dns zones list

# Check DNS propagation globally
dnsnet test propagation example.com A

📖 Full Documentation ⭐ GitHub Repository

📡 DNS Monitoring & Analysis Tools

Deploy DNS monitoring on client networks, analyze packet captures, and integrate with our API for comprehensive DNS security.

🔍 dnsscience_snifferd

Real-Time DNS Traffic Monitoring Daemon

Deploy on client networks to capture and analyze ALL DNS queries in real-time. Automatically detects threats, blacklisted DNS servers, and suspicious traffic patterns.

Key Features:

Real-time packet capture with scapy
Threat detection via DNS Science API
Blacklisted DNS server detection
Multiple monitoring locations
Web dashboard integration

Quick Start:

git clone https://github.com/dnsscience/dnsscience_snifferd.git
cd dnsscience_snifferd
sudo pip3 install -r requirements.txt
sudo python3 dnsscience_snifferd.py -c config.yaml

📖 View Documentation

📊 dnsscience_analyze

PCAP Analysis Tool for Forensic Investigation

Offline analysis of DNS traffic from packet captures. Perfect for security incident investigation and historical traffic analysis.

Key Features:

Parse PCAP files and extract DNS queries
Detect malicious domains using threat intelligence
Identify blacklisted DNS servers
Beautiful terminal output with rich library
Export results to JSON

Usage:

# Analyze a PCAP file
python3 dnsscience_analyze.py -c config.yaml capture.pcap

# Output includes:
# • Total packets and DNS queries
# • Unique domains and IPs
# • Threat detection summary
# • Query type breakdown
# • Top DNS servers used

🔌 DNS Monitoring API

REST API for Programmatic Access

Manage monitoring locations, retrieve threat data, and integrate DNS monitoring into your applications.

Endpoints:

GET /api/v1/dns-monitoring/locations - List monitoring locations
POST /api/v1/dns-monitoring/locations - Create new location
POST /api/v1/dns-monitoring/queries - Ingest DNS queries
GET /api/v1/dns-monitoring/threats - Retrieve detected threats
GET /api/v1/dns-monitoring/stats - Get statistics

Example:

curl -X POST https://www.dnsscience.io/api/v1/dns-monitoring/locations \
  -H "X-API-Key: YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"location_name": "Office HQ"}'

# Returns API key for dnsscience_snifferd deployment

📖 Full API Documentation

🚀 Get Started

All DNS monitoring tools are available in the dnsscience_snifferd/ directory. Create a free account to get your API key and start monitoring DNS traffic today!

🛡️ Unbound DNS Resolver Integration

Deploy intelligent DNS resolvers with integrated threat intelligence, policy enforcement, and real-time analytics using our Unbound Python module.

🐍 DNS Science Unbound Module

Python-Powered DNS Security & Intelligence

Custom Unbound Python module that integrates DNS Science threat intelligence directly into your DNS resolver for real-time protection and analytics.

Key Features:

Real-time threat intelligence integration
Malware/phishing domain blocking
DNS tunneling detection
DGA (Domain Generation Algorithm) detection
Policy-based filtering and rate limiting
Query analytics and reporting
Custom response generation

Architecture:

Modular design with 6 sub-modules
Threat Intelligence Module
Policy Engine Module
Analytics Collector Module
Response Override Module
Geo-Location Module
DNS Firewall Module

🐳 Docker Deployment

Containerized DNS Resolver with DNS Science Integration

Pre-built Docker container with Unbound DNS resolver and DNS Science Python module pre-configured for immediate deployment.

Quick Start:

# Pull DNS Science Unbound container
docker pull dnsscience/unbound:latest

# Run with your API key
docker run -d \
  -p 53:53/udp \
  -p 53:53/tcp \
  -e DNSSCIENCE_API_KEY=your_key_here \
  --name dnsscience-resolver \
  dnsscience/unbound:latest

Configuration:

Mount custom config: -v /path/to/config:/etc/unbound/dnsscience.conf
Enable/disable modules via environment variables
Volume for persistent cache and logs
Health check endpoint included

🔌 Unbound API Endpoints

REST API for Unbound Module Management

Manage your Unbound resolvers, retrieve threat data, and configure policies via our specialized API endpoints.

Endpoints:

POST /api/v1/unbound/register - Register new resolver instance
POST /api/v1/unbound/query - Submit query for threat analysis
POST /api/v1/unbound/analytics - Batch upload query statistics
GET /api/v1/unbound/policy - Download latest policy rules
POST /api/v1/unbound/alerts - Submit security alerts
GET /api/v1/unbound/stats - Get resolver statistics

Example Registration:

curl -X POST https://www.dnsscience.io/api/v1/unbound/register \
  -H "X-API-Key: YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "resolver_name": "Office DNS",
    "location": "HQ Data Center",
    "modules_enabled": [
      "threat_intel",
      "analytics",
      "policy"
    ]
  }'

# Returns resolver ID and module-specific API key

📖 Full Unbound API Documentation

🏗️ Use Cases

Enterprise DNS Security: Deploy threat-intelligent resolvers across your corporate network
ISP/Carrier DNS: Protect customers from malicious domains at the DNS layer
Security Research: Analyze DNS queries and detect emerging threats
Compliance: Enforce content filtering and maintain audit logs
Performance: Geo-aware responses and intelligent caching

🔄 Zone File Converter

Convert between DNS zone file formats: BIND (named.conf), NSD (nsd.conf), and DNS Science JSON. Upload your zone files and download in your desired format.

Input Format:

Output Format:

Domain Name (optional):

Input Zone Data:

Output:

Supported Conversions

BIND Zone File ↔ DNS Science JSON - Convert RFC 1035 zone files to/from JSON
NSD Zone File ↔ DNS Science JSON - NSD zone syntax is compatible with BIND
named.conf → nsd.conf - Migrate BIND server config to NSD
nsd.conf → named.conf - Migrate NSD server config to BIND

🔗 Service Integration & Platform Usage Tracking

📊 Overview

DNS Science automatically tracks which services and platforms domains have verified with by analyzing TXT records. This provides unique insights into technology adoption, platform usage, and business intelligence across your domain portfolio.

                    📧 Email & Productivity
                    Google Workspace: Site & domain verification
Microsoft 365: Domain ownership verification
Slack: Workspace verification
Zoom: Video conferencing setup
Atlassian: Cloud product verification
DocuSign: Digital signature platform

                

                    🔒 Security & Compliance
                    GlobalSign: S/MIME certificate validation
OneTrust: Privacy platform verification
Cisco: Security service integration
Proofpoint: Email security platform

                

                    💳 Payments & E-commerce
                    Stripe: Payment processing verification
Shopify: E-commerce platform setup

                

                    📢 Marketing & Analytics
                    HubSpot: CRM & marketing automation
Facebook Business: Social media verification
Apple: App Store & services verification

                

                    📨 Email Service Providers
                    Amazon SES: Email sending service
SendGrid: Email delivery platform
Mailgun: Email automation service
Brevo: (Sendinblue) Email marketing

                

                    🆔 Identity & Verification
                    Keybase: Cryptographic identity
Brave Rewards: Creator verification

                

🎯 Use Cases & Insights

📈 Business Intelligence

Identify which platforms your domains use
Track technology adoption across portfolio
Discover shadow IT and unauthorized services
Audit compliance with approved vendors

🔍 Security & Compliance

Detect unauthorized third-party integrations
Monitor email security platform adoption
Verify security tool deployment
Track privacy platform implementation

💼 Portfolio Management

Understand domain usage patterns
Identify active vs dormant domains
Track service migrations
Optimize licensing and costs

🌐 Market Research

Analyze competitor technology stacks
Track platform adoption trends
Identify emerging services
Benchmark against industry standards

🤖 How It Works

Our system automatically:

Collects TXT Records: The DNS record daemon gathers TXT records from all monitored domains
Parses Verification Tokens: Service verification daemon analyzes TXT records against 24+ known patterns
Tracks Over Time: Maintains first seen/last seen timestamps for all verifications
Provides Analytics: Aggregates data by service, category, and domain for insights
Updates Continuously: Runs 24/7 to detect new verifications and service changes

🏠 View Service Integration Dashboard

🤖 DNS Science MCP Server

BY DNS SCIENCE

Built by DNS Science: A comprehensive Model Context Protocol (MCP) server that brings expert DNS knowledge and powerful DNS tools directly into your Claude Desktop conversations.

✨ What We Built

The Model Context Protocol (MCP) is an open standard that lets Claude Desktop access external knowledge bases and tools. DNS Science created this powerful MCP server to extend Claude with comprehensive DNS expertise, real-time DNS queries, zone validation, and debugging capabilities. Think of it as having a DNS expert assistant built right into Claude Desktop!

📚 Expert Knowledge Base

BIND - ISC BIND configuration & management
NSD - NLnet Labs authoritative DNS
Unbound - Validating recursive resolver
PowerDNS - Authoritative & Recursor
DJBDNS - Dan Bernstein's DNS suite
DNSSEC - Signing & validation
DANE/TLSA - Certificate pinning
Registrar APIs - OpenSRS, GoDaddy, EPP

🛠️ Powerful DNS Tools

dns_query - Real-time DNS lookups (like dig)
analyze_zone - Zone file validation
validate_config - Server config checking
debug_dns - Comprehensive DNS debugging
generate_config - Auto-generate server configs

// Ask Claude in Desktop:
"Query the MX records for gmail.com"
// Claude uses dns_query tool automatically!

🚀 Quick Start

1. Install from GitHub:

git clone https://github.com/straticus1/dnsscience-dnsmcp.git
cd dnsscience-dnsmcp
npm install
npm run build

2. Add to Claude Desktop config:

{
  "mcpServers": {
    "dns": {
      "command": "node",
      "args": ["/path/to/dnsscience-dnsmcp/dist/index.js"]
    }
  }
}

Config location:
• macOS: ~/Library/Application Support/Claude/claude_desktop_config.json
• Windows: %APPDATA%/Claude/claude_desktop_config.json
• Linux: ~/.config/Claude/claude_desktop_config.json

3. Restart Claude Desktop

Completely quit and reopen Claude Desktop to load the MCP server.

💡 Example Use Cases

DNSSEC Deployment

"Help me set up DNSSEC for my domain using BIND"

Zone Validation

"Check this zone file for errors: [paste zone]"

DNS Migration

"I'm migrating from BIND to PowerDNS, what do I need to know?"

DANE/TLSA Setup

"How do I implement DANE for my mail server?"

DNS Debugging

"My domain returns SERVFAIL, help me debug it"

Config Generation

"Generate a BIND configuration for authoritative DNS"

📖 View on GitHub 📚 Full Documentation

🎯 Why We Built This

DNS Science is committed to making DNS expertise accessible to everyone. We built this MCP server to bring our years of DNS knowledge directly into your Claude conversations.

Instant Expert Knowledge: Access DNS Science's comprehensive DNS documentation without searching
Real-Time Tools: Execute DNS queries and validations directly in conversations
Learn by Doing: Claude explains concepts while showing you practical commands
Save Time: No context switching between docs, terminals, and chat
Free & Open Source: DNS Science gives this tool to the community under MIT license