Real-time DNS security analysis — DNSSEC, email auth, and RDAP. Built for SOC investigations.
Real-time DNS security analysis — DNSSEC, email auth, and RDAP. Built for SOC investigations.
Is it safe?
No known CVEs for pre-commit.
No authentication — any process on your machine can connect to this server.
License not specified.
Last scanned 0 days ago.
Is it maintained?
Last commit 4 days ago. 1 GitHub stars.
Will it work with my client?
Transport: stdio, sse, http. Works with Claude Desktop, Cursor, Claude Code, and most MCP clients.
How much context will it use?
29 tools. Estimated ~1,600 tokens of your context window (0.8% of 200K). Consider loading selectively — this is a heavy server.
What if it doesn't work?
Common issues: JSON syntax errors in config, Python version mismatch, network or firewall blocking. Setup guide covers troubleshooting. Or check GitHub issues for known problems.
{
"mcpServers": {
"dns-mcp": {
"args": [
"run",
"--rm",
"-i",
"--dns",
"9.9.9.9",
"dns-mcp",
"python",
"server.py"
],
"command": "docker"
}
}
}Run this in your terminal to verify the server starts. Then let us know if it worked — your result helps other developers.
uvx pre-commit 2>&1 | head -1 && echo "✓ Server started successfully"
After testing, let us know if it worked:
dns_queryStandard DNS lookups (A, AAAA, MX, TXT, NS, SOA, CNAME, PTR, SRV, DNSKEY, DS, TLSA, CAA, SSHFP, RRSIG, CDS, CDNSKEY, HTTPS, SVCB, NAPTR)
dns_dig_styleDetailed dig-style output with DNSSEC flags (DO flag set) — same 20 record types
dns_query_dotDNS over TLS (DoT) query — TLS session info, EDNS pseudosection, DNSSEC flags — same 20 record types
dns_dnssec_validateChain-of-trust validation like `delv +vtrace`; cross-checks verdict against resolver AD flag and flags discrepancies
nsec_infoNSEC/NSEC3 denial-of-existence analysis and zone walkability assessment
reverse_dnsPTR lookup + forward-confirmed rDNS (FCrDNS) verification — essential for mail server identity
timestamp_converterConvert between ISO, epoch, and human-readable timestamps
detect_hijackingTest a resolver for DNS hijacking/tampering (NXDOMAIN probe, known record, DNSSEC, identity)
check_spfSPF record parsing with recursive include resolution (RFC 7208 10-lookup limit)
check_dmarcDMARC policy retrieval with organizational domain fallback
output_guideField-by-field reference: DNSSEC chain status values, DS vs DNSKEY parent/child relationship, FCrDNS fields, DANE status, RBL listed/clean/error semantics, detect_hijacking `passed` convention
dns-mcp://output-guide
rbl_referenceReturn code tables for all 8 RBLs including Spamhaus quota codes
dns-mcp://rbl-reference
test_zonesLive NSEC/NSEC3 test zones on deflationhollow.net with parameters and risk levels
dns-mcp://test-zones
email_security_auditDomain email security audit: SPF, DKIM, DMARC, MTA-STS, BIMI — graded A through F with prioritized recommendations
dnssec_chain_auditFull DNSSEC chain-of-trust audit from the IANA root trust anchor down to the target domain
soc_email_forensicsForensic phishing analysis of a raw email (.eml or pasted headers) — returns TRUSTABLE / SUSPICIOUS / PHISHING / FURTHER ANALYSIS REQUIRED
nist_800_81r3_auditDomain security posture audit aligned with NIST SP 800-81r3 — covers delegation integrity, DNSSEC, CAA, email authentication, reputation, and resolver integrity
Last scanned 2h ago
No known vulnerabilities.
Have you used this server?
Share your experience — it helps other developers decide.
Sign in to write a review.
Start a conversation
Ask a question, share a tip, or report an issue.
Sign in to join the discussion.