EN English ES Español DE Deutsch FR Français PT Português JP 日本語 CN 中文 IT Italiano KR 한국어 NL Nederlands
开发者参考

DNS 安全分析 API 文档

DNS 安全分析 API 文档: 全面的电子邮件和 DNS 安全分析,包括 SPF、DKIM、DMARC、DNSSEC 和 CAA 记录。此端点对所有电子邮件身份验证机制进行深度分析,并提供带有可操作建议的安全评分。

DNS 安全分析

全面的电子邮件和 DNS 安全分析,包括 SPF、DKIM、DMARC、DNSSEC 和 CAA 记录。此端点对所有电子邮件身份验证机制进行深度分析,并提供带有可操作建议的安全评分。

GET /v1/dns/security

查询参数

参数 类型 必需
domain string 必需

响应字段

字段 类型
domain string
security_score integer
security_grade string
spf object
spf.exists boolean
spf.record string
spf.valid boolean
spf.policy string
spf.includes[] string[]
spf.dns_lookup_count integer
spf.dns_lookup_limit_exceeded boolean
spf.include_tree[] object[]
spf.include_tree[] object
spf.include_tree[].domain string
spf.include_tree[].lookups integer
spf.lookup_walk_count integer
spf.macros_present boolean
spf.macro_references[] string[]
spf.walk[] object[]
spf.walk[] object
spf.walk[].domain string
spf.walk[].depth integer
spf.walk[].record string
spf.walk[].mechanisms[] string[]
spf.walk[].includes[] string[]
spf.walk[].redirect string | null
spf.walk[].direct_lookup_count integer
spf.walk[].total_lookup_count integer
spf.walk[].macros_present boolean
spf.walk[].macro_references[] string[]
spf.walk[].multiple_records integer
spf.walk_errors[] string[]
spf.issues[] string[]
dkim object
dkim.exists boolean
dkim.selectors_checked[] string[]
dkim.selectors_found[] string[]
dkim.valid boolean
dmarc object
dmarc.exists boolean
dmarc.record string
dmarc.valid boolean
dmarc.policy string
dmarc.subdomain_policy string
dmarc.percentage integer
dmarc.rua[] string[]
dmarc.ruf[] string[]
dmarc.issues[] string[]
bimi object
bimi.exists boolean
bimi.record string
bimi.logo_url string
bimi.authority_url string
bimi.valid boolean
bimi.logo_fetch_ok boolean | null
bimi.logo_http_status integer | null
bimi.logo_content_type string | null
bimi.logo_bytes integer | null
bimi.logo_svg_detected boolean | null
bimi.vmc_present boolean
bimi.vmc_fetched boolean | null
bimi.vmc_http_status integer | null
bimi.vmc_content_type string | null
bimi.vmc_certificate_valid boolean | null
bimi.vmc_subject string | null
bimi.vmc_issuer string | null
bimi.vmc_not_before string | null
bimi.vmc_not_after string | null
bimi.vmc_days_to_expiry integer | null
bimi.vmc_fingerprint_sha256 string | null
bimi.vmc_san_domains[] string[]
bimi.errors[] string[]
dnssec object
dnssec.enabled boolean
dnssec.valid boolean
dnssec.algorithm string
dnssec.key_tag integer
dnssec.validation_status string
dnssec.validated_by_proxy boolean
dnssec.validation_reason string
dnssec.ds_records[] string[]
dnssec.dnskey_records[] string[]
dnssec.rrsig_present boolean
dnssec.resolver string
caa object
caa.exists boolean
caa.records[] object[]
caa.records[] object
caa.records[].flags integer
caa.records[].tag string
caa.records[].value string
caa.issuers[] string[]
caa.issue_wild[] string[]
caa.iodef string
issuance_readiness object
issuance_readiness.caa object
issuance_readiness.caa.exists boolean
issuance_readiness.caa.records[] object[]
issuance_readiness.caa.records[] object
issuance_readiness.caa.records[].flags integer
issuance_readiness.caa.records[].tag string
issuance_readiness.caa.records[].value string
issuance_readiness.caa.issue_issuers[] string[]
issuance_readiness.caa.issuewild_issuers[] string[]
issuance_readiness.caa.iodef string | null
issuance_readiness.caa.letsencrypt_allowed boolean
issuance_readiness.caa.google_trust_services_allowed boolean
issuance_readiness.http01 object
issuance_readiness.http01.challenge_path string
issuance_readiness.http01.reachable boolean
issuance_readiness.http01.ready boolean
issuance_readiness.http01.status_code integer | null
issuance_readiness.http01.final_url string | null
issuance_readiness.http01.redirects integer | null
issuance_readiness.http01.error string | null
issuance_readiness.checked_at string
authoritative_consistency object
authoritative_consistency.record_type string
authoritative_consistency.all_authoritative boolean
authoritative_consistency.answer_sets_match boolean
authoritative_consistency.inconsistent_nameservers[] string[]
authoritative_consistency.consistent_serial boolean
authoritative_consistency.serials[] object[]
authoritative_consistency.serials[] object
authoritative_consistency.serials[].host string
authoritative_consistency.serials[].udp_soa_serial string | null
authoritative_consistency.serials[].tcp_soa_serial string | null
authoritative_consistency.reference_answers[] string[]
delegation_health object
delegation_health.nameservers[] object[]
delegation_health.nameservers[] object
delegation_health.nameservers[].host string
delegation_health.nameservers[].addresses[] string[]
delegation_health.nameservers[].in_bailiwick boolean
delegation_health.nameservers[].glue_required boolean
delegation_health.nameservers[].udp object
delegation_health.nameservers[].udp.authoritative boolean
delegation_health.nameservers[].udp.status string
delegation_health.nameservers[].udp.query_ms integer | null
delegation_health.nameservers[].udp.answer_count integer
delegation_health.nameservers[].udp.answers[] string[]
delegation_health.nameservers[].udp.soa_serial string | null
delegation_health.nameservers[].udp.truncated boolean
delegation_health.nameservers[].udp.error string | null
delegation_health.nameservers[].tcp object
delegation_health.nameservers[].tcp.authoritative boolean
delegation_health.nameservers[].tcp.status string
delegation_health.nameservers[].tcp.query_ms integer | null
delegation_health.nameservers[].tcp.answer_count integer
delegation_health.nameservers[].tcp.answers[] string[]
delegation_health.nameservers[].tcp.soa_serial string | null
delegation_health.nameservers[].tcp.truncated boolean
delegation_health.nameservers[].tcp.error string | null
delegation_health.nameservers[].lame boolean
delegation_health.nameservers[].issues[] string[]
delegation_health.in_bailiwick_nameservers[] string[]
delegation_health.glue_required_count integer
delegation_health.all_in_bailiwick_resolve boolean
delegation_health.missing_addresses[] string[]
delegation_health.lame_nameservers[] string[]
dns_transport object
dns_transport.udp_working boolean
dns_transport.tcp_working boolean
dns_transport.tcp_supported_nameservers[] string[]
dns_transport.tcp_failed_nameservers[] string[]
dns_transport.truncation_tested boolean
dns_transport.truncation_nameserver string
dns_transport.truncation_record_type string
dns_transport.truncation_observed boolean | null
dns_transport.tcp_fallback_ready boolean | null
mta_sts object
mta_sts.exists boolean
mta_sts.record string
mta_sts.valid boolean
mta_sts.policy_id string
mta_sts.policy_fetch_ok boolean
mta_sts.policy_http_status integer | null
mta_sts.mode string
mta_sts.max_age integer
mta_sts.mx_hosts[] string[]
mta_sts.mx_records[] string[]
mta_sts.policy_matches_mx boolean | null
mta_sts.uncovered_mx[] string[]
mta_sts.errors[] string[]
tls_rpt object
tls_rpt.exists boolean
tls_rpt.record string
tls_rpt.valid boolean
tls_rpt.rua[] string[]
tls_rpt.errors[] string[]
resolver_latency object
resolver_latency.record_type string
resolver_latency.resolvers[] object[]
resolver_latency.resolvers[] object
resolver_latency.resolvers[].resolver string
resolver_latency.resolvers[].label string
resolver_latency.resolvers[].query_ms integer | null
resolver_latency.resolvers[].status string
resolver_latency.resolvers[].answer_count integer
resolver_latency.resolvers[].answers[] string[]
resolver_latency.resolvers[].server string | null
resolver_latency.resolvers[].error string | null
resolver_latency.min_ms integer | null
resolver_latency.max_ms integer | null
resolver_latency.avg_ms number | null
zone_transfer object
zone_transfer.exposed boolean
zone_transfer.nameservers[] object[]
zone_transfer.nameservers[] object
zone_transfer.nameservers[].host string
zone_transfer.nameservers[].exposed boolean
zone_transfer.nameservers[].query_ms integer
zone_transfer.nameservers[].records_returned integer
zone_transfer.nameservers[].soa_seen boolean
zone_transfer.nameservers[].reason string | null
zone_transfer.nameservers[].sample_records[] string[]
blacklist object
blacklist.domain string
blacklist.listed boolean
blacklist.threat_level string
blacklist.check_type string
blacklist.checked_at string
recommendations[] string[]
checked_at string
check_duration_ms integer

请求示例

curl -H "X-API-Key: $DOMSCAN_API_KEY" "https://domscan.net/v1/dns/security?domain=example.com"

响应示例

{
  "domain": "google.com",
  "security_score": 97,
  "security_grade": "A+",
  "spf": {
    "exists": true,
    "record": "v=spf1 include:_spf.google.com ~all",
    "valid": true,
    "policy": "softfail",
    "includes": [
      "_spf.google.com"
    ],
    "dns_lookup_count": 1,
    "dns_lookup_limit_exceeded": false,
    "include_tree": [
      {
        "domain": "_spf.google.com",
        "lookups": 1
      }
    ],
    "lookup_walk_count": 1,
    "macros_present": false,
    "macro_references": [],
    "walk": [
      {
        "domain": "google.com",
        "depth": 0,
        "record": "v=spf1 include:_spf.google.com ~all",
        "mechanisms": [
          "include:_spf.google.com",
          "~all"
        ],
        "includes": [
          "_spf.google.com"
        ],
        "redirect": null,
        "direct_lookup_count": 1,
        "total_lookup_count": 1,
        "macros_present": false,
        "macro_references": [],
        "multiple_records": 1
      }
    ],
    "walk_errors": [],
    "issues": []
  },
  "dkim": {
    "exists": true,
    "selectors_checked": [
      "google",
      "selector1",
      "selector2"
    ],
    "selectors_found": [
      "google"
    ],
    "valid": true
  },
  "dmarc": {
    "exists": true,
    "record": "v=DMARC1; p=reject; rua=mailto:mailauth-reports@google.com",
    "valid": true,
    "policy": "reject",
    "subdomain_policy": "reject",
    "percentage": 100,
    "rua": [
      "mailto:mailauth-reports@google.com"
    ],
    "ruf": [],
    "issues": []
  },
  "bimi": {
    "exists": true,
    "record": "v=BIMI1; l=https://example.com/logo.svg; a=https://example.com/vmc.pem",
    "logo_url": "https://example.com/logo.svg",
    "authority_url": "https://example.com/vmc.pem",
    "valid": true,
    "logo_fetch_ok": true,
    "logo_http_status": 200,
    "logo_content_type": "image/svg+xml",
    "logo_bytes": 2048,
    "logo_svg_detected": true,
    "vmc_present": true,
    "vmc_fetched": true,
    "vmc_http_status": 200,
    "vmc_content_type": "application/x-pem-file",
    "vmc_certificate_valid": true,
    "vmc_subject": "/CN=Example Inc VMC",
    "vmc_issuer": "/CN=Example Issuer",
    "vmc_not_before": "2026-01-01T00:00:00Z",
    "vmc_not_after": "2027-01-01T00:00:00Z",
    "vmc_days_to_expiry": 258,
    "vmc_fingerprint_sha256": "AA:BB:CC:DD",
    "vmc_san_domains": [
      "google.com"
    ],
    "errors": []
  },
  "dnssec": {
    "enabled": true,
    "valid": true,
    "algorithm": "ECDSAP256SHA256",
    "key_tag": 12345,
    "validation_status": "secure",
    "validated_by_proxy": true,
    "validation_reason": "chain validated via delv",
    "ds_records": [
      "12345 13 2 1a2b3c4d5e6f"
    ],
    "dnskey_records": [
      "256 3 13 AbCdEfGhIjKlMnOp"
    ],
    "rrsig_present": true,
    "resolver": "127.0.0.1"
  },
  "caa": {
    "exists": true,
    "records": [
      {
        "flags": 0,
        "tag": "issue",
        "value": "pki.goog"
      }
    ],
    "issuers": [
      "pki.goog"
    ],
    "issue_wild": [],
    "iodef": "mailto:security@google.com"
  },
  "issuance_readiness": {
    "caa": {
      "exists": true,
      "records": [
        {
          "flags": 0,
          "tag": "issue",
          "value": "pki.goog"
        },
        {
          "flags": 0,
          "tag": "iodef",
          "value": "mailto:security@google.com"
        }
      ],
      "issue_issuers": [
        "pki.goog"
      ],
      "issuewild_issuers": [],
      "iodef": "mailto:security@google.com",
      "letsencrypt_allowed": false,
      "google_trust_services_allowed": true
    },
    "http01": {
      "challenge_path": "/.well-known/acme-challenge/domscan-probe-1713474000",
      "reachable": true,
      "ready": true,
      "status_code": 404,
      "final_url": "http://google.com/.well-known/acme-challenge/domscan-probe-1713474000",
      "redirects": 0,
      "error": null
    },
    "checked_at": "2026-04-18T21:00:00Z"
  },
  "authoritative_consistency": {
    "record_type": "SOA",
    "all_authoritative": true,
    "answer_sets_match": true,
    "inconsistent_nameservers": [],
    "consistent_serial": true,
    "serials": [
      {
        "host": "ns1.google.com",
        "udp_soa_serial": "2026041801",
        "tcp_soa_serial": "2026041801"
      }
    ],
    "reference_answers": [
      "google.com. 60 IN SOA ns1.google.com. dns-admin.google.com. 2026041801 900 900 1800 60"
    ]
  },
  "delegation_health": {
    "nameservers": [
      {
        "host": "ns1.google.com",
        "addresses": [
          "216.239.32.10"
        ],
        "in_bailiwick": false,
        "glue_required": false,
        "udp": {
          "authoritative": true,
          "status": "NOERROR",
          "query_ms": 14,
          "answer_count": 1,
          "answers": [
            "google.com. 60 IN SOA ns1.google.com. dns-admin.google.com. 2026041801 900 900 1800 60"
          ],
          "soa_serial": "2026041801",
          "truncated": false,
          "error": null
        },
        "tcp": {
          "authoritative": true,
          "status": "NOERROR",
          "query_ms": 18,
          "answer_count": 1,
          "answers": [
            "google.com. 60 IN SOA ns1.google.com. dns-admin.google.com. 2026041801 900 900 1800 60"
          ],
          "soa_serial": "2026041801",
          "truncated": false,
          "error": null
        },
        "lame": false,
        "issues": []
      }
    ],
    "in_bailiwick_nameservers": [],
    "glue_required_count": 0,
    "all_in_bailiwick_resolve": true,
    "missing_addresses": [],
    "lame_nameservers": []
  },
  "dns_transport": {
    "udp_working": true,
    "tcp_working": true,
    "tcp_supported_nameservers": [
      "ns1.google.com"
    ],
    "tcp_failed_nameservers": [],
    "truncation_tested": true,
    "truncation_nameserver": "ns1.google.com",
    "truncation_record_type": "DNSKEY",
    "truncation_observed": false,
    "tcp_fallback_ready": null
  },
  "mta_sts": {
    "exists": true,
    "record": "v=STSv1; id=2024010101Z",
    "valid": true,
    "policy_id": "2024010101Z",
    "policy_fetch_ok": true,
    "policy_http_status": 200,
    "mode": "enforce",
    "max_age": 86400,
    "mx_hosts": [
      "*.google.com"
    ],
    "mx_records": [
      "aspmx.l.google.com",
      "alt1.aspmx.l.google.com"
    ],
    "policy_matches_mx": true,
    "uncovered_mx": [],
    "errors": []
  },
  "tls_rpt": {
    "exists": true,
    "record": "v=TLSRPTv1; rua=mailto:sts-reports@google.com",
    "valid": true,
    "rua": [
      "mailto:sts-reports@google.com"
    ],
    "errors": []
  },
  "resolver_latency": {
    "record_type": "MX",
    "resolvers": [
      {
        "resolver": "1.1.1.1",
        "label": "Cloudflare",
        "query_ms": 22,
        "status": "NOERROR",
        "answer_count": 5,
        "answers": [
          "aspmx.l.google.com"
        ],
        "server": "1.1.1.1#53",
        "error": null
      },
      {
        "resolver": "8.8.8.8",
        "label": "Google Public DNS",
        "query_ms": 3,
        "status": "NOERROR",
        "answer_count": 5,
        "answers": [
          "aspmx.l.google.com"
        ],
        "server": "8.8.8.8#53",
        "error": null
      }
    ],
    "min_ms": 3,
    "max_ms": 22,
    "avg_ms": 12.5
  },
  "zone_transfer": {
    "exposed": false,
    "nameservers": [
      {
        "host": "ns1.google.com",
        "exposed": false,
        "query_ms": 18,
        "records_returned": 0,
        "soa_seen": false,
        "reason": "transfer failed",
        "sample_records": []
      }
    ]
  },
  "blacklist": {
    "domain": "google.com",
    "listed": false,
    "threat_level": "none",
    "check_type": "domain",
    "checked_at": "2026-04-18T21:00:00Z"
  },
  "recommendations": [],
  "checked_at": "2026-04-18T21:00:00Z",
  "check_duration_ms": 312
}

被出色公司的人们使用

VercelLLM PulseOLXCasa ModernaPipeCal.comBeehiivSnykTogglRemoteSprigDeel