Riferimento per sviluppatori
Analisi Sicurezza DNS Documentazione API
Analisi Sicurezza DNS Documentazione API: Analisi completa di sicurezza email e DNS inclusi SPF, DKIM, DMARC, DNSSEC e record CAA. Questo endpoint esegue un'analisi profonda di tutti i meccanismi di autenticazione email e fornisce un punteggio di sicurezza con raccomandazioni praticabili.
Analisi Sicurezza DNS
Analisi completa di sicurezza email e DNS inclusi SPF, DKIM, DMARC, DNSSEC e record CAA. Questo endpoint esegue un'analisi profonda di tutti i meccanismi di autenticazione email e fornisce un punteggio di sicurezza con raccomandazioni praticabili.
GET
/v1/dns/security
Parametri di query
| Parametro | Tipo | obbligatorio |
|---|---|---|
| domain | string | obbligatorio |
Campi di risposta
| Campo | Tipo |
|---|---|
domain |
string |
security_score |
integer |
security_grade |
string |
spf |
object |
spf.exists |
boolean |
spf.record |
string |
spf.valid |
boolean |
spf.policy |
string |
spf.includes[] |
string[] |
spf.dns_lookup_count |
integer |
spf.dns_lookup_limit_exceeded |
boolean |
spf.include_tree[] |
object[] |
spf.include_tree[] |
object |
spf.include_tree[].domain |
string |
spf.include_tree[].lookups |
integer |
spf.lookup_walk_count |
integer |
spf.macros_present |
boolean |
spf.macro_references[] |
string[] |
spf.walk[] |
object[] |
spf.walk[] |
object |
spf.walk[].domain |
string |
spf.walk[].depth |
integer |
spf.walk[].record |
string |
spf.walk[].mechanisms[] |
string[] |
spf.walk[].includes[] |
string[] |
spf.walk[].redirect |
string | null |
spf.walk[].direct_lookup_count |
integer |
spf.walk[].total_lookup_count |
integer |
spf.walk[].macros_present |
boolean |
spf.walk[].macro_references[] |
string[] |
spf.walk[].multiple_records |
integer |
spf.walk_errors[] |
string[] |
spf.issues[] |
string[] |
dkim |
object |
dkim.exists |
boolean |
dkim.selectors_checked[] |
string[] |
dkim.selectors_found[] |
string[] |
dkim.valid |
boolean |
dmarc |
object |
dmarc.exists |
boolean |
dmarc.record |
string |
dmarc.valid |
boolean |
dmarc.policy |
string |
dmarc.subdomain_policy |
string |
dmarc.percentage |
integer |
dmarc.rua[] |
string[] |
dmarc.ruf[] |
string[] |
dmarc.issues[] |
string[] |
bimi |
object |
bimi.exists |
boolean |
bimi.record |
string |
bimi.logo_url |
string |
bimi.authority_url |
string |
bimi.valid |
boolean |
bimi.logo_fetch_ok |
boolean | null |
bimi.logo_http_status |
integer | null |
bimi.logo_content_type |
string | null |
bimi.logo_bytes |
integer | null |
bimi.logo_svg_detected |
boolean | null |
bimi.vmc_present |
boolean |
bimi.vmc_fetched |
boolean | null |
bimi.vmc_http_status |
integer | null |
bimi.vmc_content_type |
string | null |
bimi.vmc_certificate_valid |
boolean | null |
bimi.vmc_subject |
string | null |
bimi.vmc_issuer |
string | null |
bimi.vmc_not_before |
string | null |
bimi.vmc_not_after |
string | null |
bimi.vmc_days_to_expiry |
integer | null |
bimi.vmc_fingerprint_sha256 |
string | null |
bimi.vmc_san_domains[] |
string[] |
bimi.errors[] |
string[] |
dnssec |
object |
dnssec.enabled |
boolean |
dnssec.valid |
boolean |
dnssec.algorithm |
string |
dnssec.key_tag |
integer |
dnssec.validation_status |
string |
dnssec.validated_by_proxy |
boolean |
dnssec.validation_reason |
string |
dnssec.ds_records[] |
string[] |
dnssec.dnskey_records[] |
string[] |
dnssec.rrsig_present |
boolean |
dnssec.resolver |
string |
caa |
object |
caa.exists |
boolean |
caa.records[] |
object[] |
caa.records[] |
object |
caa.records[].flags |
integer |
caa.records[].tag |
string |
caa.records[].value |
string |
caa.issuers[] |
string[] |
caa.issue_wild[] |
string[] |
caa.iodef |
string |
issuance_readiness |
object |
issuance_readiness.caa |
object |
issuance_readiness.caa.exists |
boolean |
issuance_readiness.caa.records[] |
object[] |
issuance_readiness.caa.records[] |
object |
issuance_readiness.caa.records[].flags |
integer |
issuance_readiness.caa.records[].tag |
string |
issuance_readiness.caa.records[].value |
string |
issuance_readiness.caa.issue_issuers[] |
string[] |
issuance_readiness.caa.issuewild_issuers[] |
string[] |
issuance_readiness.caa.iodef |
string | null |
issuance_readiness.caa.letsencrypt_allowed |
boolean |
issuance_readiness.caa.google_trust_services_allowed |
boolean |
issuance_readiness.http01 |
object |
issuance_readiness.http01.challenge_path |
string |
issuance_readiness.http01.reachable |
boolean |
issuance_readiness.http01.ready |
boolean |
issuance_readiness.http01.status_code |
integer | null |
issuance_readiness.http01.final_url |
string | null |
issuance_readiness.http01.redirects |
integer | null |
issuance_readiness.http01.error |
string | null |
issuance_readiness.checked_at |
string |
authoritative_consistency |
object |
authoritative_consistency.record_type |
string |
authoritative_consistency.all_authoritative |
boolean |
authoritative_consistency.answer_sets_match |
boolean |
authoritative_consistency.inconsistent_nameservers[] |
string[] |
authoritative_consistency.consistent_serial |
boolean |
authoritative_consistency.serials[] |
object[] |
authoritative_consistency.serials[] |
object |
authoritative_consistency.serials[].host |
string |
authoritative_consistency.serials[].udp_soa_serial |
string | null |
authoritative_consistency.serials[].tcp_soa_serial |
string | null |
authoritative_consistency.reference_answers[] |
string[] |
delegation_health |
object |
delegation_health.nameservers[] |
object[] |
delegation_health.nameservers[] |
object |
delegation_health.nameservers[].host |
string |
delegation_health.nameservers[].addresses[] |
string[] |
delegation_health.nameservers[].in_bailiwick |
boolean |
delegation_health.nameservers[].glue_required |
boolean |
delegation_health.nameservers[].udp |
object |
delegation_health.nameservers[].udp.authoritative |
boolean |
delegation_health.nameservers[].udp.status |
string |
delegation_health.nameservers[].udp.query_ms |
integer | null |
delegation_health.nameservers[].udp.answer_count |
integer |
delegation_health.nameservers[].udp.answers[] |
string[] |
delegation_health.nameservers[].udp.soa_serial |
string | null |
delegation_health.nameservers[].udp.truncated |
boolean |
delegation_health.nameservers[].udp.error |
string | null |
delegation_health.nameservers[].tcp |
object |
delegation_health.nameservers[].tcp.authoritative |
boolean |
delegation_health.nameservers[].tcp.status |
string |
delegation_health.nameservers[].tcp.query_ms |
integer | null |
delegation_health.nameservers[].tcp.answer_count |
integer |
delegation_health.nameservers[].tcp.answers[] |
string[] |
delegation_health.nameservers[].tcp.soa_serial |
string | null |
delegation_health.nameservers[].tcp.truncated |
boolean |
delegation_health.nameservers[].tcp.error |
string | null |
delegation_health.nameservers[].lame |
boolean |
delegation_health.nameservers[].issues[] |
string[] |
delegation_health.in_bailiwick_nameservers[] |
string[] |
delegation_health.glue_required_count |
integer |
delegation_health.all_in_bailiwick_resolve |
boolean |
delegation_health.missing_addresses[] |
string[] |
delegation_health.lame_nameservers[] |
string[] |
dns_transport |
object |
dns_transport.udp_working |
boolean |
dns_transport.tcp_working |
boolean |
dns_transport.tcp_supported_nameservers[] |
string[] |
dns_transport.tcp_failed_nameservers[] |
string[] |
dns_transport.truncation_tested |
boolean |
dns_transport.truncation_nameserver |
string |
dns_transport.truncation_record_type |
string |
dns_transport.truncation_observed |
boolean | null |
dns_transport.tcp_fallback_ready |
boolean | null |
mta_sts |
object |
mta_sts.exists |
boolean |
mta_sts.record |
string |
mta_sts.valid |
boolean |
mta_sts.policy_id |
string |
mta_sts.policy_fetch_ok |
boolean |
mta_sts.policy_http_status |
integer | null |
mta_sts.mode |
string |
mta_sts.max_age |
integer |
mta_sts.mx_hosts[] |
string[] |
mta_sts.mx_records[] |
string[] |
mta_sts.policy_matches_mx |
boolean | null |
mta_sts.uncovered_mx[] |
string[] |
mta_sts.errors[] |
string[] |
tls_rpt |
object |
tls_rpt.exists |
boolean |
tls_rpt.record |
string |
tls_rpt.valid |
boolean |
tls_rpt.rua[] |
string[] |
tls_rpt.errors[] |
string[] |
resolver_latency |
object |
resolver_latency.record_type |
string |
resolver_latency.resolvers[] |
object[] |
resolver_latency.resolvers[] |
object |
resolver_latency.resolvers[].resolver |
string |
resolver_latency.resolvers[].label |
string |
resolver_latency.resolvers[].query_ms |
integer | null |
resolver_latency.resolvers[].status |
string |
resolver_latency.resolvers[].answer_count |
integer |
resolver_latency.resolvers[].answers[] |
string[] |
resolver_latency.resolvers[].server |
string | null |
resolver_latency.resolvers[].error |
string | null |
resolver_latency.min_ms |
integer | null |
resolver_latency.max_ms |
integer | null |
resolver_latency.avg_ms |
number | null |
zone_transfer |
object |
zone_transfer.exposed |
boolean |
zone_transfer.nameservers[] |
object[] |
zone_transfer.nameservers[] |
object |
zone_transfer.nameservers[].host |
string |
zone_transfer.nameservers[].exposed |
boolean |
zone_transfer.nameservers[].query_ms |
integer |
zone_transfer.nameservers[].records_returned |
integer |
zone_transfer.nameservers[].soa_seen |
boolean |
zone_transfer.nameservers[].reason |
string | null |
zone_transfer.nameservers[].sample_records[] |
string[] |
blacklist |
object |
blacklist.domain |
string |
blacklist.listed |
boolean |
blacklist.threat_level |
string |
blacklist.check_type |
string |
blacklist.checked_at |
string |
recommendations[] |
string[] |
checked_at |
string |
check_duration_ms |
integer |
Richiesta di esempio
curl -H "X-API-Key: $DOMSCAN_API_KEY" "https://domscan.net/v1/dns/security?domain=example.com"Risposta di esempio
{
"domain": "google.com",
"security_score": 97,
"security_grade": "A+",
"spf": {
"exists": true,
"record": "v=spf1 include:_spf.google.com ~all",
"valid": true,
"policy": "softfail",
"includes": [
"_spf.google.com"
],
"dns_lookup_count": 1,
"dns_lookup_limit_exceeded": false,
"include_tree": [
{
"domain": "_spf.google.com",
"lookups": 1
}
],
"lookup_walk_count": 1,
"macros_present": false,
"macro_references": [],
"walk": [
{
"domain": "google.com",
"depth": 0,
"record": "v=spf1 include:_spf.google.com ~all",
"mechanisms": [
"include:_spf.google.com",
"~all"
],
"includes": [
"_spf.google.com"
],
"redirect": null,
"direct_lookup_count": 1,
"total_lookup_count": 1,
"macros_present": false,
"macro_references": [],
"multiple_records": 1
}
],
"walk_errors": [],
"issues": []
},
"dkim": {
"exists": true,
"selectors_checked": [
"google",
"selector1",
"selector2"
],
"selectors_found": [
"google"
],
"valid": true
},
"dmarc": {
"exists": true,
"record": "v=DMARC1; p=reject; rua=mailto:mailauth-reports@google.com",
"valid": true,
"policy": "reject",
"subdomain_policy": "reject",
"percentage": 100,
"rua": [
"mailto:mailauth-reports@google.com"
],
"ruf": [],
"issues": []
},
"bimi": {
"exists": true,
"record": "v=BIMI1; l=https://example.com/logo.svg; a=https://example.com/vmc.pem",
"logo_url": "https://example.com/logo.svg",
"authority_url": "https://example.com/vmc.pem",
"valid": true,
"logo_fetch_ok": true,
"logo_http_status": 200,
"logo_content_type": "image/svg+xml",
"logo_bytes": 2048,
"logo_svg_detected": true,
"vmc_present": true,
"vmc_fetched": true,
"vmc_http_status": 200,
"vmc_content_type": "application/x-pem-file",
"vmc_certificate_valid": true,
"vmc_subject": "/CN=Example Inc VMC",
"vmc_issuer": "/CN=Example Issuer",
"vmc_not_before": "2026-01-01T00:00:00Z",
"vmc_not_after": "2027-01-01T00:00:00Z",
"vmc_days_to_expiry": 258,
"vmc_fingerprint_sha256": "AA:BB:CC:DD",
"vmc_san_domains": [
"google.com"
],
"errors": []
},
"dnssec": {
"enabled": true,
"valid": true,
"algorithm": "ECDSAP256SHA256",
"key_tag": 12345,
"validation_status": "secure",
"validated_by_proxy": true,
"validation_reason": "chain validated via delv",
"ds_records": [
"12345 13 2 1a2b3c4d5e6f"
],
"dnskey_records": [
"256 3 13 AbCdEfGhIjKlMnOp"
],
"rrsig_present": true,
"resolver": "127.0.0.1"
},
"caa": {
"exists": true,
"records": [
{
"flags": 0,
"tag": "issue",
"value": "pki.goog"
}
],
"issuers": [
"pki.goog"
],
"issue_wild": [],
"iodef": "mailto:security@google.com"
},
"issuance_readiness": {
"caa": {
"exists": true,
"records": [
{
"flags": 0,
"tag": "issue",
"value": "pki.goog"
},
{
"flags": 0,
"tag": "iodef",
"value": "mailto:security@google.com"
}
],
"issue_issuers": [
"pki.goog"
],
"issuewild_issuers": [],
"iodef": "mailto:security@google.com",
"letsencrypt_allowed": false,
"google_trust_services_allowed": true
},
"http01": {
"challenge_path": "/.well-known/acme-challenge/domscan-probe-1713474000",
"reachable": true,
"ready": true,
"status_code": 404,
"final_url": "http://google.com/.well-known/acme-challenge/domscan-probe-1713474000",
"redirects": 0,
"error": null
},
"checked_at": "2026-04-18T21:00:00Z"
},
"authoritative_consistency": {
"record_type": "SOA",
"all_authoritative": true,
"answer_sets_match": true,
"inconsistent_nameservers": [],
"consistent_serial": true,
"serials": [
{
"host": "ns1.google.com",
"udp_soa_serial": "2026041801",
"tcp_soa_serial": "2026041801"
}
],
"reference_answers": [
"google.com. 60 IN SOA ns1.google.com. dns-admin.google.com. 2026041801 900 900 1800 60"
]
},
"delegation_health": {
"nameservers": [
{
"host": "ns1.google.com",
"addresses": [
"216.239.32.10"
],
"in_bailiwick": false,
"glue_required": false,
"udp": {
"authoritative": true,
"status": "NOERROR",
"query_ms": 14,
"answer_count": 1,
"answers": [
"google.com. 60 IN SOA ns1.google.com. dns-admin.google.com. 2026041801 900 900 1800 60"
],
"soa_serial": "2026041801",
"truncated": false,
"error": null
},
"tcp": {
"authoritative": true,
"status": "NOERROR",
"query_ms": 18,
"answer_count": 1,
"answers": [
"google.com. 60 IN SOA ns1.google.com. dns-admin.google.com. 2026041801 900 900 1800 60"
],
"soa_serial": "2026041801",
"truncated": false,
"error": null
},
"lame": false,
"issues": []
}
],
"in_bailiwick_nameservers": [],
"glue_required_count": 0,
"all_in_bailiwick_resolve": true,
"missing_addresses": [],
"lame_nameservers": []
},
"dns_transport": {
"udp_working": true,
"tcp_working": true,
"tcp_supported_nameservers": [
"ns1.google.com"
],
"tcp_failed_nameservers": [],
"truncation_tested": true,
"truncation_nameserver": "ns1.google.com",
"truncation_record_type": "DNSKEY",
"truncation_observed": false,
"tcp_fallback_ready": null
},
"mta_sts": {
"exists": true,
"record": "v=STSv1; id=2024010101Z",
"valid": true,
"policy_id": "2024010101Z",
"policy_fetch_ok": true,
"policy_http_status": 200,
"mode": "enforce",
"max_age": 86400,
"mx_hosts": [
"*.google.com"
],
"mx_records": [
"aspmx.l.google.com",
"alt1.aspmx.l.google.com"
],
"policy_matches_mx": true,
"uncovered_mx": [],
"errors": []
},
"tls_rpt": {
"exists": true,
"record": "v=TLSRPTv1; rua=mailto:sts-reports@google.com",
"valid": true,
"rua": [
"mailto:sts-reports@google.com"
],
"errors": []
},
"resolver_latency": {
"record_type": "MX",
"resolvers": [
{
"resolver": "1.1.1.1",
"label": "Cloudflare",
"query_ms": 22,
"status": "NOERROR",
"answer_count": 5,
"answers": [
"aspmx.l.google.com"
],
"server": "1.1.1.1#53",
"error": null
},
{
"resolver": "8.8.8.8",
"label": "Google Public DNS",
"query_ms": 3,
"status": "NOERROR",
"answer_count": 5,
"answers": [
"aspmx.l.google.com"
],
"server": "8.8.8.8#53",
"error": null
}
],
"min_ms": 3,
"max_ms": 22,
"avg_ms": 12.5
},
"zone_transfer": {
"exposed": false,
"nameservers": [
{
"host": "ns1.google.com",
"exposed": false,
"query_ms": 18,
"records_returned": 0,
"soa_seen": false,
"reason": "transfer failed",
"sample_records": []
}
]
},
"blacklist": {
"domain": "google.com",
"listed": false,
"threat_level": "none",
"check_type": "domain",
"checked_at": "2026-04-18T21:00:00Z"
},
"recommendations": [],
"checked_at": "2026-04-18T21:00:00Z",
"check_duration_ms": 312
}
