Is your domain properly secured?
Enter any domain name to instantly verify its DNSSEC chain of trust, mail security configuration, and TLS certificate health — all from a single place, with no account required.
Check a domain →DNSSEC Validation
Validates the full chain of trust from the DNS root all the way
down to your domain, using live authoritative name servers.
Detects broken signatures, missing DS records, and expiring RRSIGs.
DNSKEY
DS
RRSIG
Chain depth
Mail Security
Checks every layer of email authentication and delivery security,
so you know whether your domain is protected against spoofing
and phishing.
MX
SPF
DKIM
DMARC
DANE
MTA-STS
BIMI
TLS Certificate
Inspects the live TLS certificate and the full certificate chain,
negotiated protocol version, cipher suite, HSTS header, CAA DNS
records, and verifies that the
_443._tcp DANE TLSA
record matches the certificate actually served.
Leaf cert
Chain
TLS version
CAA
HSTS
DANE (HTTPS)
How it works
1
Enter a domain
Type any domain name — e.g.
example.com
2
Run the checks
All three checks run in parallel against live DNS and TLS endpoints
3
Read the results
Each finding is colour-coded — green is good, yellow needs attention, red requires action
🛡️ All checks run directly from this server against authoritative DNS and live TLS endpoints.
No external services, no API keys, and no data is stored or logged beyond the current request.