什么是 net.softricks/idig-dns?
专业级 DNS 诊断套件,含 14 个工具,可检测 DNS、DNSSEC、邮件安全、SSL 与传播状态。
README
iDig DNS MCP Server
A remote MCP server exposing 19 professional DNS diagnostic tools from the iDig API — built by Kedar Bhave ( Softricks ).
Connect any MCP-compatible AI client (Claude Desktop, Cursor, Windsurf, and more) to real DNS infrastructure. Diagnose outages, audit email security, validate DNSSEC, check SSL certificates, trace propagation across 16 global resolvers, and more — all in plain English.
Live endpoint: https://mcp.softricks.net/sse
Quickstart
Claude Desktop
Edit ~/Library/Application Support/Claude/claude_desktop_config.json:
{
"mcpServers": {
"idig-dns": {
"command": "npx",
"args": [
"mcp-remote",
"https://mcp.softricks.net/sse"
]
}
}
}
Restart Claude Desktop. You'll see idig-dns appear under Connectors.
Cursor / Windsurf
Add to your MCP settings:
{
"mcpServers": {
"idig-dns": {
"command": "npx",
"args": [
"mcp-remote",
"https://mcp.softricks.net/sse"
]
}
}
}
Authentication
All tools require a token parameter. Get your token at api.softricks.net/idig/docs.
Tools
| Tool | Description |
|---|---|
dns_lookup | Look up any DNS record type: A, AAAA, MX, NS, TXT, SOA, CAA, SRV, CNAME, DS, TLSA, HTTPS, SVCB |
resolve_check | Resolution diagnostics — returns ok / nxdomain / servfail / timeout / degraded |
diagnose | Full diagnosis combining resolution + DNSSEC — start here when something is broken |
email_security_audit | SPF, DKIM, DMARC, and BIMI audit with A–F grade and prioritized fix recommendations |
mx_check | MX health + provider detection (Google Workspace, M365, Proofpoint, 35+ providers) |
dnssec_validate | DNSSEC chain of trust — returns secure / insecure / bogus / indeterminate |
dnssec_health | Key inventory, signature expiry, algorithm assessment, rollover readiness |
propagation_check | Check propagation across 16 global resolvers: Google, Cloudflare, Quad9, China, Korea, Russia |
ssl_check | Certificate validity, expiry countdown, domain match, issuer, chain completeness |
ttl_check | TTL advisory with step-by-step migration lowering plan |
zone_consistency | Compare all authoritative nameservers — catches lame delegation and SOA mismatches |
subdomain_discover | Probe 75 common subdomains + crt.sh Certificate Transparency logs — surfaces exposed dev/staging environments |
geo_lookup | Geolocation, ISP, ASN, CDN detection, hosting flag |
domain_status | EPP registrar lock status — transfer-ready, delete lock, serverHold, pendingDelete |
blacklist_check | IP blacklist / DNSBL check — Spamhaus, Barracuda, SpamCop, SORBS, and more |
whois_lookup | Parsed WHOIS data — registrar, expiry, domain age, nameservers, EPP status |
http_check | HTTP/HTTPS reachability — status codes, redirect chain, HSTS, HTTP→HTTPS redirect |
zone_axfr | AXFR zone transfer vulnerability check — tests if any NS allows public zone transfers |
dane_validate | DANE/TLSA validation — cross-validates TLSA records against live TLS certificate |
Example prompts
My emails are going to spam for example.com — token is YOUR_TOKEN
Did my DNS changes propagate yet for example.com? token: YOUR_TOKEN
Run a full security audit on example.com, token YOUR_TOKEN
Is the SSL cert for example.com about to expire? token YOUR_TOKEN
We're migrating example.com to a new host next week — are the TTLs safe? token YOUR_TOKEN
What subdomains does example.com have exposed? token YOUR_TOKEN
Are any of example.com's IPs on a blacklist? token YOUR_TOKEN
Get WHOIS info for example.com — token YOUR_TOKEN
Is example.com reachable over HTTPS? token YOUR_TOKEN
Check if example.com is vulnerable to zone transfers — token YOUR_TOKEN
Validate DANE/TLSA records for example.com — token YOUR_TOKEN
Architecture
Claude Desktop / Cursor / Windsurf
│
│ MCP over SSE
▼
mcp.softricks.net ← Railway (always-on Python/FastMCP server)
│
│ HTTPS
▼
api.softricks.net/idig ← AWS Lambda (iDig REST API)
│
│ DNS queries
▼
Live DNS infrastructure
Self-hosting
Clone this repo and deploy your own instance:
git clone https://github.com/kbhave/MCP-Service-iDig
cd MCP-Service-iDig
pip install -r requirements.txt
python mcp_server.py
Or deploy to Railway in one click — connect your GitHub repo and Railway handles the rest.
Requirements:
- Python 3.11+
mcp==1.26.0httpx
Related
- iDig REST API docs: https://api.softricks.net/idig/docs
- DNS Doctor AI Agent: https://agent.softricks.net
- iOS App: https://apps.apple.com/us/app/softricks-idig/id522550738
License
MIT
常见问题
net.softricks/idig-dns 是什么?
专业级 DNS 诊断套件,含 14 个工具,可检测 DNS、DNSSEC、邮件安全、SSL 与传播状态。
相关 Skills
安全专家
by alirezarezvani
覆盖威胁建模、漏洞评估、安全架构设计、代码审计与渗透测试,内置 STRIDE、OWASP、加密模式和安全扫描流程,适合系统设计评审与上线前安全排查。
✎ 安全专家把威胁建模、漏洞分析到渗透测试串成一套流程,内置 STRIDE 与 OWASP 指南,做安全设计和排查更省心。
安全运营
by alirezarezvani
覆盖应用安全、漏洞管理与合规审计,支持代码/依赖扫描、CVE 评估、Secrets 检测和安全自动化,适合做安全基线落地、漏洞响应、审计检查与安全开发治理。
✎ 应用安全、漏洞管理和合规检查一套打通,还能自动化扫描与响应,帮团队更早发现并收敛风险。
安全审计
by alirezarezvani
安装前审计 Claude Code Skill 的代码执行、Prompt 注入和依赖供应链风险,支持本地目录或 Git 仓库扫描,输出 PASS/WARN/FAIL 结论及修复建议
✎ 把代码审查、漏洞扫描和合规检查串成一条线,帮团队更早发现风险,做安全治理更省心。
相关 MCP Server
by Sentry
搜索和分析 Sentry 错误报告,辅助调试。
✎ 把零散的 Sentry 错误报告变成可检索线索,帮你在海量报错里更快定位线上故障,排障调试明显省时。
by sinewaveai
为 AI agents 提供安全层:拦截 prompt injection、识别伪造 packages,并扫描漏洞风险。
✎ 给 AI Agent 补上关键安全层,能拦截 prompt 注入、识别伪造包并扫描漏洞风险,把防护前置更省心。
by pantheon-security
强化安全性的 NotebookLM MCP,集成 post-quantum encryption,提升数据防护能力。