DNS Robot — DNS & Network Tools

DNS Robot provides 53 free online DNS, domain, email security, and network tools. This skill gives you access to 19 API endpoints — no API key, no rate limits, no signup.

Base URL: https://dnsrobot.net

All endpoints accept and return JSON. Domains are auto-cleaned (strips http://, https://, www., trailing paths).

---

DNS Tools

dns_lookup

Look up DNS records for any domain using a specific DNS server.

Param	Type	Required	Description
domain	string	yes	Domain name (e.g. example.com)
recordType	string	yes	A, AAAA, CNAME, MX, NS, TXT, SOA, PTR, SRV, CAA, DNSKEY, or DS
dnsServer	string	yes	DNS server IPv4 (e.g. 8.8.8.8)
timeout	number	no	Timeout in ms (1000–10000, default 5000)

curl -s -X POST https://dnsrobot.net/api/dns-query \
  -H "Content-Type: application/json" \
  -d '{"domain":"example.com","recordType":"A","dnsServer":"8.8.8.8"}'

Response:

{
  "status": "success",
  "domain": "example.com",
  "recordType": "A",
  "dnsServer": "8.8.8.8",
  "responseTime": 42,
  "resolvedIPs": ["93.184.216.34"]
}

When to use: Check how a domain resolves from a specific DNS server. Useful for DNS propagation debugging, verifying records, or comparing responses across providers.

---

ns_lookup

Find all authoritative nameservers for a domain, including their IPs and providers.

Param	Type	Required	Description
domain	string	yes	Domain name
dnsServer	string	no	DNS server ID

curl -s -X POST https://dnsrobot.net/api/ns-lookup \
  -H "Content-Type: application/json" \
  -d '{"domain":"github.com"}'

Response:

{
  "success": true,
  "domain": "github.com",
  "summary": {
    "totalNameservers": 8,
    "primaryProvider": "DNS Made Easy",
    "allProviders": ["DNS Made Easy"],
    "averageResponseTime": 15
  },
  "nameservers": [
    {
      "nameserver": "dns1.p08.nsone.net",
      "ipAddresses": ["198.51.44.8"],
      "responseTime": 12,
      "provider": "DNS Made Easy"
    }
  ]
}

When to use: Identify who hosts a domain's DNS, check nameserver redundancy, or debug delegation issues.

---

mx_lookup

Find mail exchange (MX) records and identify the email provider.

Param	Type	Required	Description
domain	string	yes	Domain name
dnsServer	string	no	DNS server ID

curl -s -X POST https://dnsrobot.net/api/mx-lookup \
  -H "Content-Type: application/json" \
  -d '{"domain":"google.com"}'

Response:

{
  "success": true,
  "domain": "google.com",
  "summary": {
    "totalRecords": 5,
    "primaryProvider": "Gmail",
    "allProviders": ["Gmail"],
    "lowestPriority": 10
  },
  "mxRecords": [
    {
      "exchange": "smtp.google.com",
      "priority": 10,
      "ipAddresses": ["142.250.152.26"],
      "provider": "Gmail"
    }
  ]
}

When to use: Find which email provider a domain uses, verify MX record configuration, or troubleshoot email delivery.

---

cname_lookup

Trace the full CNAME chain for a domain, detecting circular references.

Param	Type	Required	Description
domain	string	yes	Domain name
dnsServer	string	no	DNS server ID

curl -s -X POST https://dnsrobot.net/api/cname-lookup \
  -H "Content-Type: application/json" \
  -d '{"domain":"www.github.com"}'

Response:

{
  "success": true,
  "domain": "www.github.com",
  "hasCNAME": true,
  "summary": {
    "chainLength": 1,
    "hasCircularReference": false,
    "finalHostname": "github.github.io",
    "message": "CNAME chain resolved successfully"
  },
  "chain": [
    { "hostname": "www.github.com", "target": "github.github.io", "isCircular": false, "depth": 1 }
  ],
  "finalDestination": {
    "hostname": "github.github.io",
    "ipv4": ["185.199.108.153"],
    "ipv6": []
  }
}

When to use: Debug CDN or load balancer configurations, find the actual server behind a CNAME, or detect circular references.

---

reverse_dns

Perform a reverse DNS (PTR) lookup on an IP address.

Param	Type	Required	Description
ip	string	yes	IPv4 or IPv6 address
dnsServer	string	no	DNS server ID

curl -s -X POST https://dnsrobot.net/api/reverse-dns \
  -H "Content-Type: application/json" \
  -d '{"ip":"8.8.8.8"}'

Response:

{
  "success": true,
  "ip": "8.8.8.8",
  "ipVersion": "IPv4",
  "hostnames": ["dns.google"],
  "ptrRecord": "dns.google",
  "responseTime": 28,
  "hostnameCount": 1
}

When to use: Identify the hostname associated with an IP, verify PTR records for email deliverability, or investigate unknown IPs.

---

domain_to_ip

Resolve a domain to all its IP addresses with CDN detection and geolocation.

Param	Type	Required	Description
domain	string	yes	Domain name
dnsServer	string	no	DNS server ID

curl -s -X POST https://dnsrobot.net/api/domain-ip \
  -H "Content-Type: application/json" \
  -d '{"domain":"cloudflare.com"}'

Response:

{
  "success": true,
  "domain": "cloudflare.com",
  "summary": {
    "totalIPs": 4,
    "ipv4Count": 2,
    "ipv6Count": 2,
    "hasCDN": true,
    "cdnProviders": ["Cloudflare"],
    "hasIPv6": true
  },
  "ipAddresses": [
    {
      "ip": "104.16.132.229",
      "cdnProvider": "Cloudflare",
      "country": "US",
      "asn": "AS13335"
    }
  ]
}

When to use: Find all IPs behind a domain, check CDN usage, verify IPv6 support, or identify hosting provider.

---

Domain Tools

whois_lookup

Get WHOIS/RDAP registration data for a domain — registrar, dates, contacts, nameservers.

Param	Type	Required	Description
domain	string	yes	Domain name

curl -s -X POST https://dnsrobot.net/api/whois \
  -H "Content-Type: application/json" \
  -d '{"domain":"github.com"}'

Response:

{
  "success": true,
  "domain": "github.com",
  "registeredOn": "2007-10-09T18:20:50Z",
  "expiresOn": "2026-10-09T18:20:50Z",
  "registrar": {
    "name": "MarkMonitor Inc.",
    "url": "http://www.markmonitor.com"
  },
  "nameServers": ["dns1.p08.nsone.net", "dns2.p08.nsone.net"],
  "status": ["clientDeleteProhibited", "clientTransferProhibited"],
  "age": "18 years",
  "source": "RDAP"
}

When to use: Check domain ownership, expiration dates, registrar info, or investigate a domain's history.

---

domain_health

Run a comprehensive health check on a domain — DNS, SSL, email security, HTTP, and performance.

Param	Type	Required	Description
domain	string	yes	Domain name

curl -s -X POST https://dnsrobot.net/api/domain-health \
  -H "Content-Type: application/json" \
  -d '{"domain":"example.com"}'

Response:

{
  "success": true,
  "domain": "example.com",
  "overallScore": 78,
  "checks": [
    {
      "name": "SSL Certificate",
      "category": "Security",
      "status": "pass",
      "score": 15,
      "maxScore": 15,
      "details": "Valid SSL certificate, expires in 245 days"
    }
  ],
  "categoryScores": [
    { "category": "DNS", "score": 20, "maxScore": 20, "percentage": 100, "grade": "A" },
    { "category": "Security", "score": 25, "maxScore": 30, "percentage": 83, "grade": "B" }
  ]
}

When to use: Get a quick overall assessment of a domain's configuration, security posture, and email authentication setup. This is the best starting point for a full domain audit.

---

subdomain_finder

Discover subdomains using Certificate Transparency logs. Returns results as an NDJSON stream.

Param	Type	Required	Description
domain	string	yes	Domain name

curl -s -X POST https://dnsrobot.net/api/subdomain-finder \
  -H "Content-Type: application/json" \
  -d '{"domain":"example.com"}'

Response (NDJSON — one JSON object per line):

{"type":"subdomains","names":["www.example.com","mail.example.com"]}
{"type":"dns","results":[{"subdomain":"www.example.com","ip":"93.184.216.34","isActive":true}]}
{"type":"enrichment","data":{"93.184.216.34":{"provider":"Edgecast","country":"US"}}}
{"type":"complete","domain":"example.com","total":15,"activeCount":12,"inactiveCount":3}

When to use: Discover all known subdomains for security audits, attack surface mapping, or infrastructure analysis.

Note: This is a streaming endpoint. Each line is a separate JSON object. Parse line by line.

---

Email Security Tools

spf_check

Validate SPF (Sender Policy Framework) records with full include tree resolution.

Param	Type	Required	Description
domain	string	yes	Domain name

curl -s -X POST https://dnsrobot.net/api/spf-checker \
  -H "Content-Type: application/json" \
  -d '{"domain":"google.com"}'

Response:

{
  "success": true,
  "domain": "google.com",
  "found": true,
  "rawRecord": "v=spf1 include:_spf.google.com ~all",
  "mechanisms": [
    { "type": "include", "qualifier": "pass", "value": "_spf.google.com", "description": "Include SPF record from _spf.google.com" }
  ],
  "lookupCount": 4,
  "score": 85,
  "grade": "B+",
  "isValid": true,
  "warnings": ["Using ~all (softfail) instead of -all (hardfail)"]
}

When to use: Validate SPF configuration, check DNS lookup count (max 10 per RFC 7208), or debug email authentication failures.

---

dkim_check

Validate DKIM (DomainKeys Identified Mail) records. Auto-detects the selector if not provided.

Param	Type	Required	Description
domain	string	yes	Domain name
selector	string	no	DKIM selector (auto-tries 65+ common selectors if omitted)

curl -s -X POST https://dnsrobot.net/api/dkim-checker \
  -H "Content-Type: application/json" \
  -d '{"domain":"google.com"}'

Response:

{
  "success": true,
  "domain": "google.com",
  "selector": "20230601",
  "found": true,
  "rawRecord": "v=DKIM1; k=rsa; p=MIIBIjAN...",
  "tags": [
    { "tag": "v", "value": "DKIM1", "description": "DKIM version" },
    { "tag": "k", "value": "rsa", "description": "Key type" }
  ],
  "score": 90,
  "grade": "A",
  "keyType": "rsa",
  "keySize": 2048,
  "isValid": true
}

When to use: Verify DKIM is configured, check key size and type, or find the active DKIM selector for a domain.

---

dmarc_check

Validate DMARC (Domain-based Message Authentication) records and policy strength.

Param	Type	Required	Description
domain	string	yes	Domain name

curl -s -X POST https://dnsrobot.net/api/dmarc-checker \
  -H "Content-Type: application/json" \
  -d '{"domain":"google.com"}'

Response:

{
  "success": true,
  "domain": "google.com",
  "found": true,
  "rawRecord": "v=DMARC1; p=reject; rua=mailto:mailauth-reports@google.com",
  "policy": "reject",
  "subdomainPolicy": "reject",
  "tags": [
    { "tag": "p", "value": "reject", "description": "Policy for domain" }
  ],
  "score": 95,
  "grade": "A",
  "isValid": true
}

When to use: Check if a domain has DMARC protection, verify policy strength (none/quarantine/reject), or find reporting addresses.

---

bimi_check

Check BIMI (Brand Indicators for Message Identification) records for logo display in email.

Param	Type	Required	Description
domain	string	yes	Domain name

curl -s -X POST https://dnsrobot.net/api/bimi-checker \
  -H "Content-Type: application/json" \
  -d '{"domain":"cnn.com"}'

Response:

{
  "success": true,
  "domain": "cnn.com",
  "found": true,
  "rawRecord": "v=BIMI1; l=https://amplify.valimail.com/bimi/...; a=https://amplify.valimail.com/bimi/.../a.pem",
  "logoUrl": "https://amplify.valimail.com/bimi/.../logo.svg",
  "authorityUrl": "https://amplify.valimail.com/bimi/.../a.pem",
  "isValid": true
}

When to use: Check if a domain has BIMI configured for brand logo display in email clients like Gmail.

---

smtp_test

Test SMTP connectivity, STARTTLS support, and server capabilities.

Param	Type	Required	Description
hostname	string	yes	Mail server hostname or IP
port	number	no	SMTP port (default 25; use 465 for implicit TLS, 587 for submission)

curl -s -X POST https://dnsrobot.net/api/smtp-test \
  -H "Content-Type: application/json" \
  -d '{"hostname":"smtp.google.com","port":587}'

Response:

{
  "hostname": "smtp.google.com",
  "port": 587,
  "connected": true,
  "banner": "220 smtp.google.com ESMTP",
  "bannerCode": 220,
  "ehloCapabilities": {
    "starttls": true,
    "authMechanisms": ["LOGIN", "PLAIN", "XOAUTH2"],
    "sizeLimit": 35882577,
    "pipelining": true,
    "eightBitMime": true
  },
  "starttlsSupported": true,
  "tlsConnected": true,
  "tlsProtocol": "TLSv1.3",
  "responseTime": 234
}

When to use: Test if a mail server is reachable, check TLS support, or verify SMTP capabilities before configuring email sending.

---

Network & Security Tools

ssl_check

Inspect SSL/TLS certificates, cipher suites, and trust chain for any domain.

Param	Type	Required	Description
domain	string	yes	Domain name

curl -s -X POST https://dnsrobot.net/api/ssl-certificate \
  -H "Content-Type: application/json" \
  -d '{"domain":"github.com"}'

Response:

{
  "success": true,
  "domain": "github.com",
  "resolvedIP": "140.82.121.3",
  "serverType": "GitHub.com",
  "tlsInfo": {
    "protocol": "TLSv1.3",
    "cipherName": "TLS_AES_128_GCM_SHA256"
  },
  "leafCertificate": {
    "issuer": "Sectigo ECC Domain Validation Secure Server CA",
    "notBefore": "2024-03-07",
    "notAfter": "2025-03-07",
    "daysToExpire": 120,
    "isValid": true,
    "keySize": 256,
    "alternativeNames": ["github.com", "www.github.com"]
  },
  "certificateChain": [
    { "commonName": "github.com", "daysToExpire": 120 },
    { "commonName": "Sectigo ECC Domain Validation Secure Server CA" }
  ],
  "trustStatus": {
    "isTrusted": true,
    "hasValidChain": true,
    "browserCompatible": true
  }
}

When to use: Check certificate expiration, verify TLS version and cipher strength, inspect the certificate chain, or debug SSL errors.

---

ip_lookup

Get geolocation, ISP, and ASN information for an IP address.

Param	Type	Required	Description
ip	string	yes	IPv4 or IPv6 address

curl -s -X POST https://dnsrobot.net/api/ip-info \
  -H "Content-Type: application/json" \
  -d '{"ip":"1.1.1.1"}'

Response:

{
  "query": "1.1.1.1",
  "hostname": "one.one.one.one",
  "city": "Los Angeles",
  "region": "California",
  "country": "US",
  "timezone": "America/Los_Angeles",
  "isp": "Cloudflare, Inc.",
  "org": "APNIC and Cloudflare DNS Resolver project",
  "as": "AS13335 Cloudflare, Inc.",
  "lat": 34.0522,
  "lon": -118.2437,
  "anycast": true
}

When to use: Geolocate an IP address, identify the hosting provider or ISP, or look up ASN information.

---

http_headers

Fetch HTTP response headers and analyze security header configuration.

Param	Type	Required	Description
url	string	yes	Full URL including protocol (e.g. https://example.com)

curl -s -X POST https://dnsrobot.net/api/http-headers \
  -H "Content-Type: application/json" \
  -d '{"url":"https://github.com"}'

Response:

{
  "success": true,
  "url": "https://github.com",
  "statusCode": 200,
  "statusText": "OK",
  "responseTime": 185,
  "headers": {
    "content-type": "text/html; charset=utf-8",
    "strict-transport-security": "max-age=31536000",
    "x-frame-options": "deny",
    "content-security-policy": "default-src 'none'; ..."
  },
  "headerCount": 24,
  "security": {
    "grade": "A",
    "score": 90,
    "checks": [
      { "name": "HSTS", "present": true, "value": "max-age=31536000", "severity": "high" }
    ]
  }
}

When to use: Audit security headers, check HSTS/CSP/X-Frame-Options configuration, or debug HTTP response issues.

Important: The url parameter must include the protocol (https:// or http://).

---

port_check

Check if a TCP port is open on a host. Single port uses GET, multiple ports use POST (NDJSON stream).

Single port (GET):

Param	Type	Required	Description
host	query string	yes	Hostname or IP
port	query string	yes	Port number (1–65535)

curl -s "https://dnsrobot.net/api/port-check?host=github.com&port=443"

Response:

{
  "host": "github.com",
  "port": 443,
  "status": "open",
  "service": "HTTPS",
  "ms": 42
}

Multiple ports (POST) — NDJSON stream:

Param	Type	Required	Description
host	string	yes	Hostname or IP
ports	number[]	yes	Array of ports (max 30)

curl -s -X POST https://dnsrobot.net/api/port-check \
  -H "Content-Type: application/json" \
  -d '{"host":"github.com","ports":[22,80,443]}'

Response (NDJSON):

{"type":"start","host":"github.com","total":3}
{"type":"port","port":22,"service":"SSH","status":"open","ms":45}
{"type":"port","port":80,"service":"HTTP","status":"open","ms":42}
{"type":"port","port":443,"service":"HTTPS","status":"open","ms":41}
{"type":"done","host":"github.com","total":3,"open":3,"closed":0}

When to use: Check if specific services are reachable, verify firewall rules, or scan common ports on a server.

---

ip_blacklist

Check if an IP is listed on any DNS blacklists (DNSBL). Returns results as an NDJSON stream.

Param	Type	Required	Description
ip	query string	yes	IPv4 address

curl -s "https://dnsrobot.net/api/ip-blacklist?ip=1.2.3.4"

Response (NDJSON — one JSON object per line):

{"type":"init","ip":"1.2.3.4","engines":[{"name":"Spamhaus ZEN","category":"spam"},{"name":"Barracuda","category":"spam"}]}
{"type":"engine","result":{"engine":"Spamhaus ZEN","detected":false,"category":"spam","responseTimeMs":45}}
{"type":"engine","result":{"engine":"Barracuda","detected":false,"category":"spam","responseTimeMs":52}}
{"type":"abuseipdb","data":{"abuse_confidence":0,"total_reports":0,"country":"US","isp":"Example ISP"}}
{"type":"complete","summary":{"detections":0,"engines_count":47,"detection_rate":"0%","reputation_score":100,"risk_level":"low"}}

When to use: Check if an IP is blacklisted for spam or abuse, assess IP reputation before sending email, or investigate suspicious IPs.

Note: This is a streaming endpoint (NDJSON). Parse line by line. Checks ~47 DNSBL engines in parallel.

---

Decision Tree: Which Tool Should I Use?

Use this to pick the right endpoint:

• "Look up DNS records" → dns_lookup (specify record type + DNS server)
• "What are the nameservers?" → ns_lookup
• "What email provider does this domain use?" → mx_lookup
• "Where does this CNAME point?" → cname_lookup
• "What hostname is this IP?" → reverse_dns
• "What IPs does this domain resolve to?" → domain_to_ip
• "Who owns this domain?" → whois_lookup
• "Is this domain configured correctly?" → domain_health (runs 11 checks in one call)
• "Find subdomains" → subdomain_finder (streaming)
• "Check SPF/DKIM/DMARC/BIMI" → use the specific checker
• "Is the mail server working?" → smtp_test
• "Check SSL certificate" → ssl_check
• "Where is this IP located?" → ip_lookup
• "Check security headers" → http_headers (URL must include https://)
• "Is this port open?" → port_check
• "Is this IP blacklisted?" → ip_blacklist (streaming, IPv4 only)
• "Full domain audit" → start with domain_health, then drill into specific tools

Important Notes

1. No API key required. All endpoints are free and public.
2. Streaming endpoints (subdomain_finder, ip_blacklist, port_check POST) return NDJSON — one JSON object per line. Parse line by line, not as a single JSON document.
3. Error format: All endpoints return {"error": "message"} with appropriate HTTP status codes (400 for validation errors, 500 for server errors).
4. Domain auto-cleaning: Endpoints that accept domain automatically strip http://, https://, www., and trailing paths. You can pass https://www.example.com/path and it will query example.com.
5. DNS server for dns_lookup: This parameter is required. Common choices: 8.8.8.8 (Google), 1.1.1.1 (Cloudflare), 9.9.9.9 (Quad9).
6. http_headers URL: Must include the protocol (https://example.com, not just example.com).
7. ip_blacklist: IPv4 only. Does not support IPv6.
8. port_check: Single port = GET with query params. Multiple ports = POST with JSON body (NDJSON stream response, max 30 ports).