Skip to main content

DNS Tool Research

Domain Confessions

Case studies in DNS security drawn from real public records. Every observation is independently verifiable. Every claim is backed by data you can pull yourself with standard tools.

Domain Confessions #1 Forgotten Domain A domain registered for ten years with no published mail policy is not dormant — it is exposed. Reputation systems do not distinguish between negligence and compromise. They only see the absence of published policy. Video February 2026 SPF · DMARC · Null MX Domain Confessions #2 The Intelligence Agency That Chose to Watch Two intelligence agencies are the only federal agencies in our survey that have not upgraded to DMARC reject — eight years after the binding directive. Their DNS records suggest this may be deliberate. Case Study March 2026 DMARC · BOD 18-01 · Forensic Reporting · 13 Federal Agencies
Straight talk about your data.

We use two cookies, both essential:

  • _csrf — Prevents cross-site request forgery. Required for form submissions. Security-only.
  • _dns_session — Only exists if you choose to sign in. No account required to use DNS Tool.

We log your IP address for two reasons: rate limiting (so nobody abuses the service) and security (identifying malicious actors and complying with legal obligations). We check source geography for analysis accuracy — DNS responses vary by region, and knowing which resolver answered from where makes the science better.

No tracking cookies. No analytics cookies. No ad networks. No data brokers. Our code is open-core — the application framework is publicly available under BUSL-1.1 with timed Apache-2.0 conversion. Verify it yourself.

If you create an account and want out, account deletion removes your login and scan history. Public domain analyses remain available because they contain only public DNS records, already hashed. Full details: Privacy Policy.