Domain Intelligence Scanner
Instant reconnaissance on any domain. DNS records, mail configuration, security headers, and hosting infrastructure — all from public sources.
No data is stored. All queries use public DNS resolvers.
What the Domain Intelligence Scanner Does
The Domain Intelligence Scanner is a free OSINT reconnaissance tool that queries public DNS resolvers to map a domain's externally visible footprint. For any domain you enter, it retrieves the A and AAAA address records, the MX mail servers, the authoritative nameservers, and the TXT records that hold email-authentication policies such as SPF, DMARC, and DKIM. It then runs a lightweight security assessment that flags whether core email-spoofing protections and modern DNS hygiene are present. Everything it reports comes from open, queryable infrastructure data — no intrusive scanning, no credentials, and no stored results.
How to read the scan results
Enter a bare domain such as example.com and select Scan; the tool strips any protocol or path prefix automatically. The DNS Records and Nameservers sections show where the domain is hosted and who runs its authoritative DNS, which is useful for fingerprinting hosting providers and CDNs. The Mail Servers section reveals the email infrastructure, while the TXT Records section exposes SPF, DMARC, and DKIM configuration. In the Security Assessment, a missing SPF or DMARC record signals that the domain is more vulnerable to email spoofing, and the absence of IPv6 or DNSSEC points to weaker DNS hygiene. In OSINT methodology, this passive domain reconnaissance is a foundational step: it establishes infrastructure relationships before an analyst pivots to WHOIS history, certificate transparency logs, or related domains.
Domain Intelligence Scanner FAQ
Is scanning a domain with this tool intrusive or detectable?
No. The scanner only performs standard public DNS lookups through open resolvers — the same queries any browser or mail server makes. It does not port-scan, probe services, or send traffic to the target host, so it is passive reconnaissance.
What do SPF, DMARC, and DKIM tell me?
These TXT-record policies control email authentication. SPF lists who may send mail for the domain, DKIM signs messages cryptographically, and DMARC tells receivers how to handle failures. Missing or weak records mean the domain is easier to spoof in phishing campaigns.
Why are some records empty?
An empty section usually means the domain simply does not publish that record type — for example, a parked domain with no mail will have no MX records. It can also reflect resolver caching or a domain that has not configured that feature.
How deep does this Domain Intelligence Scanner go?
This is a surface-level, public-DNS scan. A full investigation extends to WHOIS and historical records, subdomain enumeration, certificate transparency, leaked credentials, and infrastructure vulnerabilities — analyst-led work beyond an instant lookup.
To carry a domain investigation further, pair this scanner with the WHOIS and RDAP registration lookup for ownership and registration dates, the SSL certificate and subdomain search to enumerate related hostnames, and the IP address geolocation lookup to profile the hosting infrastructure. When findings need analyst depth, our OSINT investigation services for Russia and the CIS build on exactly this reconnaissance.