Skip to main content
DNS Tool
Engineer's DNS Intelligence Report
Generated 17 Feb 2026, 23:06 UTC
Duration 8.4s
Version v26.19.38
Integrity a809b9b634ea0fc81687eda848209ca3fc5dc09600f75df83a53011989c103203c497a0f315f3a182fcc86226bd5b5c02f8f71c7d17d9af1fce17912d9499597
Subject Domain
swutch.com

Engineer's DNS Intelligence Report

swutch.com
17 Feb 2026, 23:06 UTC · 8.4s ·v26.19.38 · SHA-3-512: a809✱✱✱✱ Verify
Executive Methodology
Recon Mode Snapshot Re-analyze New Domain
Footprint N/A

Non-existent / Undelegated Domain

Domain is not delegated or has no DNS records. This may be an unused subdomain or unregistered domain.

What This Means

  • No authoritative DNS data is available for this domain
  • Security posture cannot be evaluated without DNS records
  • The domain may never have been registered, or has expired
  • If this is your domain, check your registrar to confirm it's active
Try Another Domain
Intelligence Sources

This analysis used 4 DNS resolvers (consensus), reverse DNS (PTR), Team Cymru (ASN attribution), IANA RDAP (registrar), crt.sh (CT logs), and SMTP probing (transport). All using open-standard protocols.

Full List
Verify Report Integrity SHA-3-512 Has this report been altered since generation? Verify below

This cryptographic hash seals the analysis data, domain, timestamp, and tool version into a tamper-evident fingerprint. Any modification to the report data will produce a different hash. This is distinct from the posture hash (used for drift detection) — the integrity hash uniquely identifies this specific report instance.

a809b9b634ea0fc81687eda848209ca3fc5dc09600f75df83a53011989c103203c497a0f315f3a182fcc86226bd5b5c02f8f71c7d17d9af1fce17912d9499597
Evaluations reference 12 RFCs. Methods are reproducible using the verification commands provided. Results reflect DNS state at 17 Feb 2026, 23:06 UTC.
Download Raw Intelligence Download Checksum (.sha3)

Download the intelligence dump and verify its integrity, like you would a Kali ISO or any critical artifact. The SHA-3-512 checksum covers every byte of the download — deterministic serialization ensures identical hashes across downloads.

After downloading, verify with any of these commands:

Tip: cd ~/Downloads first (or wherever you saved the files).

OpenSSL + Sidecar (macOS, Linux, WSL) 
cat dns-intelligence-swutch.com.json.sha3 && echo '---' && openssl dgst -sha3-512 dns-intelligence-swutch.com.json
Python 3 (cross-platform) 
python3 -c "import hashlib; print(hashlib.sha3_512(open('dns-intelligence-swutch.com.json','rb').read()).hexdigest())"
sha3sum (coreutils 9+) 
sha3sum -a 512 dns-intelligence-swutch.com.json
Compare the output against the .sha3 file or the checksum API at /api/analysis/1448/checksum. Hash algorithm: SHA-3-512 (Keccak, NIST FIPS 202).

Every finding in this report is backed by DNS queries you can run yourself. These vetted one-liners reproduce the exact checks used to build this report for swutch.com. Our analysis adds multi-resolver consensus, RFC-based evaluation, and cross-referencing — but the underlying data is always independently verifiable. We are intelligence analysts, not gatekeepers.

DNS Records

Query A records (IPv4) RFC 1035 
dig +noall +answer swutch.com A
Query AAAA records (IPv6) RFC 1035 
dig +noall +answer swutch.com AAAA
Query MX records (mail servers) RFC 1035 
dig +noall +answer swutch.com MX
Query NS records (nameservers) RFC 1035 
dig +noall +answer swutch.com NS
Query TXT records RFC 1035 
dig +noall +answer swutch.com TXT

Email Authentication

Check SPF record RFC 7208 
dig +short swutch.com TXT | grep -i spf
Check DMARC policy RFC 7489 
dig +short _dmarc.swutch.com TXT
Check DKIM key for selector 'default' RFC 6376 
dig +short default._domainkey.swutch.com TXT
Check DKIM key for selector 'google' RFC 6376 
dig +short google._domainkey.swutch.com TXT
Check DKIM key for selector 'selector1' RFC 6376 
dig +short selector1._domainkey.swutch.com TXT
Check DKIM key for selector 'selector2' RFC 6376 
dig +short selector2._domainkey.swutch.com TXT

Domain Security

Check DNSSEC DNSKEY records RFC 4035 
dig +dnssec +noall +answer swutch.com DNSKEY
Check DNSSEC DS records RFC 4035 
dig +noall +answer swutch.com DS
Validate DNSSEC chain (requires DNSSEC-validating resolver) RFC 4035 
dig +dnssec +cd swutch.com A @1.1.1.1

Transport Security

Check TLSA record (replace MX_HOST with actual MX) RFC 7672 
dig +noall +answer _25._tcp.MX_HOST TLSA
Check MTA-STS DNS record RFC 8461 
dig +short _mta-sts.swutch.com TXT
Fetch MTA-STS policy file RFC 8461 
curl -sL https://mta-sts.swutch.com/.well-known/mta-sts.txt
Check TLS-RPT record RFC 8460 
dig +short _smtp._tls.swutch.com TXT

Brand & Trust

Check BIMI record BIMI Draft 
dig +short default._bimi.swutch.com TXT
Check CAA records (certificate authority authorization) RFC 8659 
dig +noall +answer swutch.com CAA

DNS Records

Check HTTPS/SVCB records RFC 9460 
dig +noall +answer swutch.com HTTPS

Domain Security

Check CDS/CDNSKEY automation records RFC 7344 
dig +noall +answer swutch.com CDS

Infrastructure Intelligence

RDAP domain registration lookup RFC 9083 
curl -sL 'https://rdap.org/domain/swutch.com' | python3 -m json.tool | head -50
Search Certificate Transparency logs RFC 6962 
curl -s 'https://crt.sh/?q=%25.swutch.com&output=json' | python3 -c "import json,sys; [print(e['name_value']) for e in json.load(sys.stdin)]" | sort -u | head -20
Check security.txt RFC 9116 
curl -sL https://swutch.com/.well-known/security.txt | head -20

AI Surface

Check for llms.txt 
curl -sI https://swutch.com/llms.txt | head -5
Check robots.txt for AI crawler rules 
curl -s https://swutch.com/robots.txt | grep -i -E 'GPTBot|ChatGPT|Claude|Anthropic|Google-Extended|CCBot|PerplexityBot'
Commands use dig, openssl, and curl — standard tools available on macOS, Linux, and WSL. Results may vary slightly due to DNS propagation timing and resolver caching.
Intelligence Confidence Audit Engine Verified · 9/9 Evaluated
How confident are these results? Each protocol is independently verified against RFC standards. No self-awarded badges.
SPF
Verified 4843 runs
DKIM
Verified 4662 runs
DMARC
Verified 4827 runs
DANE/TLSA
Verified 4646 runs
DNSSEC
Verified 4824 runs
BIMI
Verified 4661 runs
MTA-STS
Verified 4664 runs
TLS-RPT
Verified 4666 runs
CAA
Verified 4658 runs
Maturity: Development Verified Consistent Gold Gold Master

Appendix: Verification Commands

The core DNS queries behind this report can be independently verified using these standard terminal commands (dig, openssl, curl). DNS Tool adds multi-resolver consensus, RFC-based evaluation, and cross-referencing on top of the raw data shown here.

DNS Records

Query A records (IPv4) (RFC 1035) 
dig +noall +answer swutch.com A
Query AAAA records (IPv6) (RFC 1035) 
dig +noall +answer swutch.com AAAA
Query MX records (mail servers) (RFC 1035) 
dig +noall +answer swutch.com MX
Query NS records (nameservers) (RFC 1035) 
dig +noall +answer swutch.com NS
Query TXT records (RFC 1035) 
dig +noall +answer swutch.com TXT

Email Authentication

Check SPF record (RFC 7208) 
dig +short swutch.com TXT | grep -i spf
Check DMARC policy (RFC 7489) 
dig +short _dmarc.swutch.com TXT
Check DKIM key for selector 'default' (RFC 6376) 
dig +short default._domainkey.swutch.com TXT
Check DKIM key for selector 'google' (RFC 6376) 
dig +short google._domainkey.swutch.com TXT
Check DKIM key for selector 'selector1' (RFC 6376) 
dig +short selector1._domainkey.swutch.com TXT
Check DKIM key for selector 'selector2' (RFC 6376) 
dig +short selector2._domainkey.swutch.com TXT

Domain Security

Check DNSSEC DNSKEY records (RFC 4035) 
dig +dnssec +noall +answer swutch.com DNSKEY
Check DNSSEC DS records (RFC 4035) 
dig +noall +answer swutch.com DS
Validate DNSSEC chain (requires DNSSEC-validating resolver) (RFC 4035) 
dig +dnssec +cd swutch.com A @1.1.1.1

Transport Security

Check TLSA record (replace MX_HOST with actual MX) (RFC 7672) 
dig +noall +answer _25._tcp.MX_HOST TLSA
Check MTA-STS DNS record (RFC 8461) 
dig +short _mta-sts.swutch.com TXT
Fetch MTA-STS policy file (RFC 8461) 
curl -sL https://mta-sts.swutch.com/.well-known/mta-sts.txt
Check TLS-RPT record (RFC 8460) 
dig +short _smtp._tls.swutch.com TXT

Brand & Trust

Check BIMI record (BIMI Draft) 
dig +short default._bimi.swutch.com TXT
Check CAA records (certificate authority authorization) (RFC 8659) 
dig +noall +answer swutch.com CAA

DNS Records

Check HTTPS/SVCB records (RFC 9460) 
dig +noall +answer swutch.com HTTPS

Domain Security

Check CDS/CDNSKEY automation records (RFC 7344) 
dig +noall +answer swutch.com CDS

Infrastructure Intelligence

RDAP domain registration lookup (RFC 9083) 
curl -sL 'https://rdap.org/domain/swutch.com' | python3 -m json.tool | head -50
Search Certificate Transparency logs (RFC 6962) 
curl -s 'https://crt.sh/?q=%25.swutch.com&output=json' | python3 -c "import json,sys; [print(e['name_value']) for e in json.load(sys.stdin)]" | sort -u | head -20
Check security.txt (RFC 9116) 
curl -sL https://swutch.com/.well-known/security.txt | head -20

AI Surface

Check for llms.txt 
curl -sI https://swutch.com/llms.txt | head -5
Check robots.txt for AI crawler rules 
curl -s https://swutch.com/robots.txt | grep -i -E 'GPTBot|ChatGPT|Claude|Anthropic|Google-Extended|CCBot|PerplexityBot'
Running Multi-Source Intelligence Audit

swutch.com

0s
DNS records — Cloudflare, Google, Quad9, OpenDNS, DNS4EU
Email auth — SPF, DMARC, DKIM selectors
DNSSEC chain of trust & DANE/TLSA
Certificate Transparency & subdomain discovery
SMTP transport & STARTTLS verification
MTA-STS, TLS-RPT, BIMI, CAA
Registrar & infrastructure analysis
Intelligence Classification & Interpretation

Every result includes terminal commands you can run to independently verify the underlying data. No proprietary magic.