Free DNS Health Checker
Analyze your domain's DNS configuration, security posture, and email authentication in seconds. No registration required.
What Our DNS Health Checker Analyzes
DNS Records
Checks A, AAAA, MX, NS, TXT, CNAME, SOA, and CAA records. Validates that essential records are present and TTL values are optimal.
DNSSEC Validation
Validates DNSSEC chain of trust by checking DNSKEY records and the Authenticated Data (AD) flag from multiple resolvers.
CAA Records
Checks for Certificate Authority Authorization records that restrict which CAs can issue SSL certificates for your domain.
SPF Validation
Parses and validates your SPF record, checks the enforcement mechanism (-all vs ~all), and identifies potential issues.
DMARC Analysis
Analyzes your DMARC record, policy enforcement level (none/quarantine/reject), and reporting configuration.
Health Score
Calculates a comprehensive 0-100 score across DNS basics (40pts), security (35pts), and email authentication (25pts).
How to Improve Your DNS Health Score
Enable DNSSEC (+15 points)
Contact your DNS provider to enable DNSSEC. This adds cryptographic signatures to your DNS records, preventing spoofing attacks. Most major registrars and DNS providers support DNSSEC.
Add CAA Records (+5-10 points)
Add a CAA record to specify which Certificate Authorities can issue SSL certificates for your domain. This prevents unauthorized certificate issuance. Example: 0 issue "letsencrypt.org"
Configure SPF with Hard Fail (+13 points)
Add or update your SPF TXT record with -all (hard fail) instead of ~all (soft fail). This tells receiving servers to reject emails from unauthorized senders.
Set DMARC Policy to Quarantine or Reject (+10 points)
Update your DMARC record from p=none to p=quarantine or p=reject. Start with quarantine and move to reject once you're confident in your email authentication setup.
Frequently Asked Questions
Is this DNS health checker really free?
Yes, completely free with no registration required. Enter any domain to get an instant health score, security analysis, and DNS record overview.
What does the DNS health check analyze?
The checker analyzes 8 DNS record types (A, AAAA, MX, NS, TXT, CNAME, SOA, CAA), validates DNSSEC, parses SPF and DMARC records, and calculates a health score from 0-100 with an A-F grade.
How is the health score calculated?
The score is based on DNS Basics (40 points), Security features like DNSSEC and CAA (35 points), and Email Security including SPF and DMARC (25 points). Higher scores indicate better configuration.
How can I monitor my domain continuously?
Create a free DNSMonit account to monitor up to 3 domains with daily checks and email alerts. Upgrade to Lifetime ($39 one-time) for unlimited domains and 15-minute checks.
How accurate are the results?
DNSMonit queries multiple authoritative DNS resolvers (Google, Cloudflare, Quad9) with retry logic to ensure accurate and reliable results.
Want Continuous DNS Monitoring?
Get automated daily checks, instant change alerts, and detailed reports for all your domains.