Domain Detective is a C# library, Tool and PowerShell module in one project. It is designed to help you find interesting information about a domain name. While there are plenty of tools on the internet that can do this, most of them are web based and require you to enter the domain name into a web form. This is not ideal if you want to automate the process or if you are working with sensitive information.
Current capabilities include:
- Verify SPF
- Verify DMARC
- Verify DKIM
- Verify CAA
- Verify NS Records
- Verify SOA Records
- Verify MX Records
- Verify DNSSEC
- Verify DANE/TLSA
- Verify STARTTLS
- Verify MTA-STS
- Verify SMTP TLS
- Verify TLS-RPT
- Verify BIMI
- Verify Website Connectivity
- Verify HTTP/2
- Verify HTTP/3
- Verify Certificate
- Verify Response Time
- Verify Headers
- Verify HSTS
- Verify HPKP
- Verify SecurityTXT
- Verify Open Relay (SMTP)
- Verify Blacklist (DNSBL)
- Check propagation of DNS records across the world/country/company
- Verify WHOIS
- Other things that I haven't thought of yet
DNSBL lists used for blacklist checks can be customized. DNSBLAnalysis comes with a built-in list, but you can modify it at runtime. Each list entry exposes Domain, Enabled, and Comment fields. Use the following methods on DNSBLAnalysis to manage the list:
AddDNSBL/AddDNSBL(IEnumerable<string>)RemoveDNSBLClearDNSBLLoadDNSBL
You can load a custom list from a file using LoadDNSBL. Additionally, JSON files describing DNSBL providers can be imported with ImportDnsblConfig.
Example usage in C#:
var analysis = new DNSBLAnalysis();
// add a provider
analysis.AddDNSBL("dnsbl.example.com", comment: "custom");
// remove a provider
analysis.RemoveDNSBL("dnsbl.example.com");
// clear all configured providers
analysis.ClearDNSBL();
// load providers from JSON configuration
analysis.LoadDnsblConfig("DnsblProviders.json", overwriteExisting: true);Same actions are available from PowerShell using dedicated cmdlets:
Add-DnsblProvider -Domain 'dnsbl.example.com' -Comment 'custom'
Remove-DnsblProvider -Domain 'dnsbl.example.com'
Clear-DnsblProvider
Import-DnsblConfig -Path './DnsblProviders.json' -OverwriteExistingVerifyWebsiteCertificate can be called with or without a URL scheme. When the scheme is omitted, https:// is used automatically before checking the certificate.
Use the .NET SDK to restore dependencies, build the solution and execute tests:
dotnet restore
dotnet build DomainDetective.sln
dotnet test DomainDetective.Tests/DomainDetective.Tests.csprojPowerShell specific tests can be run with:
pwsh ./Module/DomainDetective.Tests.ps1Run the DomainDetective.Example project to check a domain. Use --json to output
all analysis details in JSON format:
dotnet run --project DomainDetective.Example example.com --jsonImport the module and call any of the testing cmdlets:
Import-Module ./Module/DomainDetective.psd1 -Force
Test-SpfRecord -DomainName "example.com"If you don't need to automate the process, or if you just want to quickly query for your domain name, you can use the following web based tools:
This project uses GitHub Actions to run .NET and PowerShell tests on Windows, Linux and macOS. Code coverage results are published to Codecov.
Each analysis type returns an object exposing properties that map to fields described in the relevant RFCs. For example, SPF checks follow RFC 7208 and DMARC analysis references RFC 7489. DKIM validations follow RFC 6376 and DANE TLSA lookups follow RFC 6698.
Boolean fields indicate whether a particular requirement was met. You can inspect the object returned from DomainHealthCheck or the PowerShell cmdlets to review these properties and make decisions in automation.
SpfAnalysis exposes additional collections capturing every token discovered through nested include and redirect records. These Resolved* lists mirror the top-level properties but aggregate results from the entire chain (for example ResolvedARecords, ResolvedMxRecords, ResolvedIpv4Records and ResolvedIpv6Records).
DNS lookup counting adheres to RFC 7208 Section 4.6.4. Queries caused by the include, a, mx, ptr, and exists mechanisms as well as the redirect modifier are tallied, and exceeding ten during evaluation sets ExceedsDnsLookups.