DNS Toolkit¶
The DNS Toolkit covers DNS lookups, domain intelligence, email-security posture, certificate inspection, and web infrastructure analysis in one API.
These pages are workflow guides. For the exact live request and response contract, use the API reference at https://dns.toolkitapi.io/documentation and the OpenAPI spec at https://dns.toolkitapi.io/openapi.json.
Base URL¶
https://dns.toolkitapi.io/v1/
Browse by topic¶
To make the DNS toolkit easier to explore, the docs include focused subpages:
- DNS Record Lookups
- Domain Intelligence
- Email and Deliverability
- Security and Certificates
- Network and Infrastructure
Core endpoint groups¶
DNS Lookups¶
| Endpoint | Description |
|---|---|
GET /v1/lookup |
Look up a specific DNS record type |
GET /v1/lookup/all |
Retrieve common record families in one call |
POST /v1/lookup/bulk |
Resolve many domains concurrently |
GET /v1/propagation |
Check propagation across public resolvers |
GET /v1/compare-resolvers |
Compare resolver answers and latency |
GET /v1/doh-test |
Benchmark DoH and DoT providers |
GET /v1/idn |
Convert Unicode domains and punycode |
Example — A record lookup:
curl -X GET "https://dns.toolkitapi.io/v1/lookup?domain=toolkitapi.io&type=A" \
-H "X-API-Key: YOUR_KEY"
Domain Intelligence¶
| Endpoint | Description |
|---|---|
GET /v1/whois |
WHOIS / RDAP registration details |
POST /v1/whois/bulk |
Bulk WHOIS lookups |
GET /v1/domain-age |
Registration age and new-domain detection |
GET /v1/available |
Single domain availability |
POST /v1/available/bulk |
Bulk domain availability |
GET /v1/tld-search |
Search a keyword across many TLDs |
GET /v1/subdomains |
Subdomain discovery |
GET /v1/associated |
Related infrastructure and providers |
GET /v1/company-profile |
Company profile and web signals |
Email & Deliverability¶
| Endpoint | Description |
|---|---|
GET /v1/email-validate |
Validate email format, domain, and MX |
GET /v1/email-security |
Audit SPF, DMARC, DKIM, BIMI, TLS-RPT, and MTA-STS |
POST /v1/email-auth |
Validate raw email headers for SPF, DKIM, and DMARC |
GET /v1/disposable |
Detect temporary email providers |
GET /v1/generate |
Generate SPF, DMARC, BIMI, and related records |
Security & Certificates¶
| Endpoint | Description |
|---|---|
GET /v1/certificate |
Inspect issuer, expiry, SANs, and TLS details |
GET /v1/dnssec |
Validate DNSSEC and chain of trust |
GET /v1/security-headers |
Grade HTTP security headers |
GET /v1/zone-transfer |
Test for AXFR exposure |
GET /v1/typosquat |
Check resolving typo variants |
GET /v1/caa |
Review CA authorization policy |
GET /v1/tlsa |
Inspect DANE / TLSA records |
GET /v1/health |
DNS health score and findings |
Network & Infrastructure¶
| Endpoint | Description |
|---|---|
GET /v1/reverse |
PTR lookup with IP intelligence |
GET /v1/asn |
ASN, ISP, and geolocation lookup |
GET /v1/blacklist |
DNSBL reputation checks |
GET /v1/tech-stack |
Server and technology detection |
GET /v1/ports |
Scan common TCP ports |
GET /v1/redirects |
Trace the redirect chain for a URL |
Common patterns¶
Most endpoints follow one of two patterns:
- single lookups use GET with query parameters such as
domain,ip,host, orurl - bulk or complex input flows use POST with a JSON body
Successful responses usually include a top-level identifier such as domain, ip, or url, plus a query_time_ms field.
Common errors¶
| Scenario | Status | Detail |
|---|---|---|
| Missing or invalid API key | 401 | Unauthorized |
| Invalid or missing parameter | 422 | Validation Error |
| Query ran but nothing matched | 200 | Empty results or a negative status field |
Keeping this section in sync¶
- the live OpenAPI spec is the source of truth for paths, methods, and schemas
- the detailed docs explain workflows and use cases rather than duplicating every field
- if you notice a mismatch, trust the API reference first and update this page second