CLI tool for DNS and email security scanning powered by IntoDNS.ai.
Checks DNS configuration, DNSSEC, SPF, DKIM, DMARC, MTA-STS, BIMI, blacklists, and more — right from your terminal or CI pipeline. No signup required.
npm install -g intodnsOr run directly with npx:
npx intodns example.com# Scan a single domain
intodns example.com
# Scan multiple domains at once
intodns site1.com site2.com site3.com
# Get raw JSON output
intodns example.com --json
# Save results to a file
intodns example.com --output report.json
# Fail if score is below a threshold (CI/CD)
intodns example.com --fail-below 80
# Filter to a specific category
intodns example.com --category email
# Disable colored output
intodns example.com --no-colorIntoDNS.ai Scan Report
──────────────────────────────────────────────────
Domain: example.com
Grade: A
Score: ████████████████████████████░░ 93/100
Categories
──────────────────────────────────────────────────
DNS ████████████████████░ 100/100
Email Security ███████████████░░░░░░ 75/100
DNSSEC ████████████████████░ 100/100
Issues (1)
──────────────────────────────────────────────────
▲ [MEDIUM] DMARC policy is not set to reject
Full report: https://intodns.ai/scan/example.com
Track DNS configuration changes over time by saving a baseline and comparing later scans.
# Save current scan as baseline
intodns example.com --save-baseline baseline.json
# (Later) Compare against the baseline
intodns example.com --baseline baseline.jsonThe comparison report highlights new issues and resolved issues since the baseline was saved.
Continuously re-scan a domain to monitor for changes in real time.
# Re-scan every 5 minutes (default)
intodns example.com --watch
# Re-scan every 60 seconds
intodns example.com --watch 60Press Ctrl+C to stop.
name: DNS Security Check
on:
schedule:
- cron: '0 8 * * 1' # Weekly on Monday
workflow_dispatch:
jobs:
dns-check:
runs-on: ubuntu-latest
steps:
- name: Check DNS configuration
run: npx intodns mysite.com --fail-below 70dns-security:
image: node:20-alpine
script:
- npx intodns mysite.com --fail-below 70
only:
- schedules| Code | Meaning |
|---|---|
| 0 | Grade A or B (or score above --fail-below threshold) |
| 1 | Grade C, D, or F (or score below --fail-below threshold) |
| 2 | Error (invalid domain, network error, etc.) |
| Flag | Description |
|---|---|
--json |
Output raw JSON from the API |
--output <file> |
Save results to a JSON file |
--fail-below N |
Exit with code 1 if score is below N (0-100) |
--category <name> |
Filter to a specific category (dns, email, dnssec) |
--save-baseline <file> |
Save current scan results as a baseline file |
--baseline <file> |
Compare results against a saved baseline |
--watch [seconds] |
Re-scan periodically (default: 300s) |
--timeout <ms> |
API request timeout in milliseconds (default: 30000) |
--no-color |
Disable colored output |
--help |
Show help |
--version |
Show version |
- Node.js 18 or higher (uses native
fetch)
IntoDNS.ai also offers a free REST API with no authentication required:
# Quick scan via API
curl "https://intodns.ai/api/scan/quick?domain=example.com"
# Email security check
curl "https://intodns.ai/api/email/check?domain=example.com"
# DNS lookup
curl "https://intodns.ai/api/dns/lookup?domain=example.com"See the full API documentation for all endpoints.
- IntoDNS.ai — Full web-based DNS & email security scanner
- API Documentation — Free REST API reference
- Developers — Integration guides
- npm — Package on npm
- GitHub — Source code
- Cobytes — Security solutions by Cobytes B.V.
MIT — Cobytes B.V.