Is Dns MCP Server safe to use?

Dns MCP Server has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.

How do I install Dns MCP Server?

Dns MCP Server supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.

What can Dns MCP Server do?

Dns MCP Server provides 29 tools: dns_query, dns_dig_style, dns_query_dot, dns_dnssec_validate, nsec_info and 24 more. See the full tools list on the server page for descriptions and parameters.

What AI clients work with Dns MCP Server?

Dns MCP Server is compatible with claude-desktop, cursor, claude-code. It uses stdio and sse and http transport.

Is Dns MCP Server actively maintained?

Dns MCP Server is actively maintained — last commit was 6 days ago. It has 1 GitHub stars.

Dns MCP Server

pre-commit

Real-time DNS security analysis — DNSSEC, email auth, and RDAP. Built for SOC investigations.

1 29 tools GitHub PyPI

No known CVEs

No license

Actively maintained

Last commit 6d ago

Works with most clients

Transport: stdio, sse, http

29 tools · ~1.6k tok

Grade C · 0.8% of 200K ctx

Edit this pageView history

Security

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Supported in Claude Desktopstdio, sse, http · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "dns-mcp": {
      "args": [
        "run",
        "--rm",
        "-i",
        "--dns",
        "9.9.9.9",
        "dns-mcp",
        "python",
        "server.py"
      ],
      "command": "docker"
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/io-github-mclose-dns-mcp)](https://mcppedia.org/s/io-github-mclose-dns-mcp)

Read me

What Dns MCP Server does

Real-time DNS security analysis for AI assistants via MCP. Gives your assistant the ability to investigate domains the way a practitioner would — DNSSEC chain validation, email authentication posture, and registration intelligence — without leaving your chat session.

Test This Server

Run this in your terminal to verify the server starts. Then let us know if it worked — your result helps other developers.

uvx 'pre-commit' 2>&1 | head -1 && echo "✓ Server started successfully"

After testing, let us know if it worked:

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

79/100across 5 weighted dimensions

How we score →

0255075100

−21

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

No known CVEs.

Checked pre-commit against OSV.dev.

Inventory

Tools (29)

Click any tool to inspect its schema.

~1.6k tokens total

Inventory

Resources (3)

output_guide

Field-by-field reference: DNSSEC chain status values, DS vs DNSKEY parent/child relationship, FCrDNS fields, DANE status, RBL listed/clean/error semantics, detect_hijacking passed convention

dns-mcp://output-guide

rbl_reference

Return code tables for all 8 RBLs including Spamhaus quota codes

dns-mcp://rbl-reference

test_zones

Live NSEC/NSEC3 test zones on deflationhollow.net with parameters and risk levels

dns-mcp://test-zones

Inventory

Prompts (4)

email_security_audit

Domain email security audit: SPF, DKIM, DMARC, MTA-STS, BIMI — graded A through F with prioritized recommendations

dnssec_chain_audit

Full DNSSEC chain-of-trust audit from the IANA root trust anchor down to the target domain

soc_email_forensics

Forensic phishing analysis of a raw email (.eml or pasted headers) — returns TRUSTABLE / SUSPICIOUS / PHISHING / FURTHER ANALYSIS REQUIRED

nist_800_81r3_audit

Domain security posture audit aligned with NIST SP 800-81r3 — covers delegation integrity, DNSSEC, CAA, email authentication, reputation, and resolver integrity

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is Dns MCP Server safe to use?: Dns MCP Server has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.
How do I install Dns MCP Server?: Dns MCP Server supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.
What can Dns MCP Server do?: Dns MCP Server provides 29 tools: dns_query, dns_dig_style, dns_query_dot, dns_dnssec_validate, nsec_info and 24 more. See the full tools list on the server page for descriptions and parameters.
What AI clients work with Dns MCP Server?: Dns MCP Server is compatible with claude-desktop, cursor, claude-code. It uses stdio and sse and http transport.
Is Dns MCP Server actively maintained?: Dns MCP Server is actively maintained — last commit was 6 days ago. It has 1 GitHub stars.

Similar servers

Others in security

View all →

Evil Mcp Server93

An evil MCP server used for redteam testing

30 1

Ida Pro Mcp92

AI-powered reverse engineering assistant that bridges IDA Pro with language models through MCP.

8.7k 3

Iam Policy Autopilot90

IAM Policy Autopilot is an open source static code analysis tool that helps you quickly create baseline AWS IAM policies that you can refine as your application evolves. This tool is available as a command-line utility and MCP server for use within AI coding assistants for quickly building IAM policies.

361 1

io.github.peacprotocol/peac90

Signed receipts for agent, API, and MCP interactions. Portable and offline-verifiable.

11 5

MCP Security Weekly

Get CVE alerts and security updates for Dns MCP Server and similar servers.

Community

Discussion

Start a conversation

Ask a question, share a tip, or report an issue.

Has anyone used this with Cursor?How do you handle auth?Any alternatives?

Edit this pageView history

Security

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Supported in Claude Desktopstdio, sse, http · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "dns-mcp": {
      "args": [
        "run",
        "--rm",
        "-i",
        "--dns",
        "9.9.9.9",
        "dns-mcp",
        "python",
        "server.py"
      ],
      "command": "docker"
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/io-github-mclose-dns-mcp)](https://mcppedia.org/s/io-github-mclose-dns-mcp)

Read me

What Dns MCP Server does

Test This Server

Run this in your terminal to verify the server starts. Then let us know if it worked — your result helps other developers.

uvx 'pre-commit' 2>&1 | head -1 && echo "✓ Server started successfully"

After testing, let us know if it worked:

README

DNS MCP Server

Built by a cybersecurity professional for SOC investigation workflows. Not a toy — the same queries you would run at the command line, accessible through any MCP-compatible assistant in real time.

Architecture (2.0.0)

dns-mcp is a Streamable HTTP MCP server with OAuth via Pocket ID. Tool implementations are thin wrappers around the dns_tool Python library, which owns all DNS logic. The server itself is ~430 lines of code: auth bootstrap, tool registration, and prompt loading.

Claude.ai / Claude Code / any MCP client
              │
              │ Streamable HTTP + OAuth bearer (JWT)
              ▼
       Caddy reverse proxy           (TLS, DNS-01 / Let's Encrypt)
              │
              ▼
     dns-mcp container               (FastMCP, OAuth verifier)
              │
              ▼
        dns_tool library             (DoH client, validators, parsers)
              │
              ▼
   doh.lab.deflationhollow.net      (Unbound DoH resolver, optional)

Three benefits over the previous stdio-only architecture:

Network-accessible — hosted MCP servers can serve any client, not just ones that can spawn a local subprocess.
OAuth-protected — bearer JWTs verified against Pocket ID JWKS; per-user identity available to tools via whoami.
Library-first — dns_tool is published independently and reusable. The same code powers a CLI, this MCP server, and (eventually) a REST API.

The old stdio architecture lives at server.py.legacy for porting reference. The remote branch (mcp-shim Go bridge) is deprecated.

Tools

dns-mcp 2.0.0 currently exposes 19 tools. Ten additional tools from the 1.x stdio architecture are pending port into dns_tool — see Open work.

Tool	Description
`ping`	Server uptime, current timestamp, dns_tool version + commit hash
`whoami`	Authenticated user identity from JWT claims

DNS

Tool	Description
`dns_query`	Standard DNS lookup over DoH — 20 record types (A, AAAA, MX, TXT, NS, SOA, CNAME, PTR, SRV, CAA, DNSKEY, DS, RRSIG, NSEC, NSEC3, TLSA, SSHFP, HTTPS, SVCB, NAPTR)
`dnssec_validate`	Full DNSSEC chain walk from IANA root trust anchor down to target. Real cryptographic validation at every zone cut. Returns structured `verdict` + per-zone findings + event transcript
`nsec_info`	NSEC / NSEC3 denial-of-existence analysis — zone walkability assessment, NSEC3 hash parameters, opt-out detection

Email security

Tool	Description
`check_spf`	SPF record parsing with recursive include resolution (RFC 7208 10-lookup limit)
`check_dmarc`	DMARC policy retrieval with organizational domain fallback
`check_dkim`	DKIM public key record verification for a selector + domain pair
`enumerate_dkim_selectors`	Probe a domain for DKIM keys at well-known selector names; returns the selectors that resolve
`check_dane`	DANE TLSA records for all MX hosts of a domain
`check_tlsa`	Standalone TLSA record lookup at `_<port>._<proto>.<host>`

Threat intelligence

Tool	Description
`check_rbl`	IP reputation against 8 DNS-based RBLs (Spamhaus ZEN, SpamCop, UCEProtect L1/L2, Mailspike, PSBL, Barracuda, SORBS)
`check_dbl`	Domain reputation against DNS-based Domain Block Lists (Spamhaus DBL, URIBL, SURBL)
`cymru_asn`	ASN lookup via Team Cymru DNS service — BGP prefix, org, country
`check_fast_flux`	Fast-flux detection — repeated A/AAAA queries to identify rotating IPs and short TTLs
`detect_hijacki

... View full README on GitHub

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

79/100across 5 weighted dimensions

How we score →

0255075100

−21

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

No known CVEs.

Checked pre-commit against OSV.dev.

Inventory

Tools (29)

Click any tool to inspect its schema.

~1.6k tokens total

Inventory

Resources (3)

output_guide

Field-by-field reference: DNSSEC chain status values, DS vs DNSKEY parent/child relationship, FCrDNS fields, DANE status, RBL listed/clean/error semantics, detect_hijacking passed convention

dns-mcp://output-guide

rbl_reference

Return code tables for all 8 RBLs including Spamhaus quota codes

dns-mcp://rbl-reference

test_zones

Live NSEC/NSEC3 test zones on deflationhollow.net with parameters and risk levels

dns-mcp://test-zones

Inventory

Prompts (4)

email_security_audit

Domain email security audit: SPF, DKIM, DMARC, MTA-STS, BIMI — graded A through F with prioritized recommendations

dnssec_chain_audit

Full DNSSEC chain-of-trust audit from the IANA root trust anchor down to the target domain

soc_email_forensics

Forensic phishing analysis of a raw email (.eml or pasted headers) — returns TRUSTABLE / SUSPICIOUS / PHISHING / FURTHER ANALYSIS REQUIRED

nist_800_81r3_audit

Domain security posture audit aligned with NIST SP 800-81r3 — covers delegation integrity, DNSSEC, CAA, email authentication, reputation, and resolver integrity

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is Dns MCP Server safe to use?: Dns MCP Server has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.
How do I install Dns MCP Server?: Dns MCP Server supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.
What can Dns MCP Server do?: Dns MCP Server provides 29 tools: dns_query, dns_dig_style, dns_query_dot, dns_dnssec_validate, nsec_info and 24 more. See the full tools list on the server page for descriptions and parameters.
What AI clients work with Dns MCP Server?: Dns MCP Server is compatible with claude-desktop, cursor, claude-code. It uses stdio and sse and http transport.
Is Dns MCP Server actively maintained?: Dns MCP Server is actively maintained — last commit was 6 days ago. It has 1 GitHub stars.

Similar servers

Others in security

View all →

Evil Mcp Server93

An evil MCP server used for redteam testing

30 1

Ida Pro Mcp92

AI-powered reverse engineering assistant that bridges IDA Pro with language models through MCP.

8.7k 3

Iam Policy Autopilot90

361 1

io.github.peacprotocol/peac90

Signed receipts for agent, API, and MCP interactions. Portable and offline-verifiable.

11 5

MCP Security Weekly

Get CVE alerts and security updates for Dns MCP Server and similar servers.

Community

Discussion

Start a conversation

Ask a question, share a tip, or report an issue.

Has anyone used this with Cursor?How do you handle auth?Any alternatives?

Dns MCP Server

Install in your client

What Dns MCP Server does

Test This Server

Why this score

79/100across 5 weighted dimensions

Security

Tools (29)

Resources (3)

Prompts (4)

Reviews

Frequently Asked Questions

Similar servers

Discussion

Dns MCP Server

Install in your client

What Dns MCP Server does

Test This Server

DNS MCP Server

Architecture (2.0.0)

Tools

Meta

DNS

Email security

Threat intelligence

Why this score

79/100across 5 weighted dimensions

Security

Tools (29)

Resources (3)

Prompts (4)

Reviews

Frequently Asked Questions

Similar servers

Discussion

DNS MCP Server

Architecture (2.0.0)

Tools

Meta

DNS

Email security

Threat intelligence