Pricing

Pay per event

DNS, WHOIS, SPF/DMARC, SSL Domain Audit

Bulk domain audit covering DNS records, WHOIS registration, SPF/DMARC/DKIM email auth, SSL certificate, and reverse DNS. No browser, no proxy -- pure Node, sub-second per domain.

Pricing

Pay per event

Rating

0.0

(0)

Developer

BowTiedRaccoon

Actor stats

Bookmarked

Total users

Monthly active users

a day ago

Last modified

DNS Domain Audit Features

Resolves A, AAAA, MX, TXT, NS, SOA, CNAME, CAA, and SRV records in parallel.
Pulls WHOIS / RDAP metadata: registrar, created, expires, updated, status, and nameservers.
Probes the TLS certificate on port 443 — issuer, expiry, daysToExpiry, SANs, sigAlg, serial.
Validates SPF, DMARC, and DKIM records via mailauth and a 10-selector default sweep.
Computes a deliverability score (mxScore 0-100) plus an A / B / C / D / F audit grade with an issue list.
Optional reverse DNS resolves A / AAAA addresses back to PTR records.
Pure Node — no browser, no proxy, no captcha bills. 10,000 domains costs about $50.

Who Uses Domain Audit Data?

Sales-ops teams — qualify inbound domains by registration age, registrar, and email-auth posture.
DevOps and SRE — monitor SSL expiry windows across portfolios that long since outgrew a spreadsheet.
Security analysts — flag missing DMARC, weak SPF, dangling CNAMEs, and CAs without a CAA record.
Email deliverability auditors — score SPF / DMARC / DKIM alignment before a campaign launches, not after.
M&A due diligence — inventory the domain hygiene of an acquisition target without filing a ticket with IT.

How DNS Domain Audit Works

Paste in a list of domains or URLs. URLs have their host extracted automatically and duplicates are removed.
For each domain the actor runs DNS, WHOIS, TLS, and email-auth probes in parallel with per-check timeouts.
Optional reverse DNS resolves the A / AAAA addresses back to PTRs.
Each row gets a grade (A through D, F when checks fail) and an issues[] list with level, code, and message.

Input

{
  "domains": ["example.com", "github.com", "cloudflare.com"],
  "maxItems": 5,
  "recordTypes": ["A", "AAAA", "MX", "TXT", "NS", "SOA", "CAA"],
  "checkSpfDmarcDkim": true,
  "checkWhois": true,
  "checkSsl": true,
  "reverseDns": false,
  "concurrency": 25
}

Field	Type	Default	Description
`domains`	array	required	Domains or URLs to audit. URLs have host extracted automatically.
`maxItems`	integer	5	Cap on audited domains after dedup. Range 1-10000.
`recordTypes`	array	A, AAAA, MX, TXT, NS, SOA, CNAME, CAA	Which DNS record types to query. SRV is also supported.
`checkSpfDmarcDkim`	boolean	true	Validate email auth records via mailauth.
`checkWhois`	boolean	true	Look up WHOIS / RDAP registration metadata.
`checkSsl`	boolean	true	Probe the TLS certificate on port 443.
`dkimSelectors`	array	—	Extra DKIM selectors on top of the default 10.
`reverseDns`	boolean	false	Resolve A / AAAA addresses back to PTR records.
`concurrency`	integer	25	Parallel domain audits. Hard cap at 50 to avoid resolver throttling.

DNS Domain Audit Output Fields

{
  "domain": "cloudflare.com",
  "dns": {
    "A": ["104.16.132.229", "104.16.133.229"],
    "MX": ["10 mailstream-east.mxrecord.io"],
    "TXT": ["v=spf1 ip4:199.15.212.0/22 include:_spf.google.com ~all"],
    "NS": ["ns3.cloudflare.com", "ns4.cloudflare.com"],
    "CAA": ["issue: digicert.com"]
  },
  "whois": {
    "domain": "cloudflare.com",
    "created": "2009-02-17T22:07:54Z",
    "expires": "2033-02-17T22:07:54Z",
    "registrar": "CloudFlare, Inc.",
    "nameservers": ["ns3.cloudflare.com", "ns4.cloudflare.com"]
  },
  "email": {
    "spfRecord": "v=spf1 ip4:199.15.212.0/22 include:_spf.google.com ~all",
    "spfValid": true,
    "dmarcRecord": "v=DMARC1; p=reject; rua=mailto:dmarc@cloudflare.com",
    "dmarcPolicy": "reject",
    "dkimResults": { "google": { "found": true, "record": "v=DKIM1; k=rsa; p=..." } },
    "mxScore": 100
  },
  "ssl": {
    "issuer": "Google Trust Services / WE1",
    "validFrom": "2026-03-12T20:59:51.000Z",
    "validTo": "2026-06-10T21:59:46.000Z",
    "daysToExpiry": 41,
    "sans": ["cloudflare.com", "*.cloudflare.com"],
    "sigAlg": "prime256v1"
  },
  "reverseDns": { "ips": [], "ptrs": [] },
  "audit_summary": {
    "grade": "A",
    "issues": [{ "level": "info", "code": "no-caa", "message": "..." }]
  },
  "audited_at": "2026-04-30T12:00:00Z",
  "errors": []
}

Field	Type	Description
`domain`	string	Audited domain (host extracted if a URL was provided).
`dns`	object	Records keyed by type (A, AAAA, MX, TXT, NS, SOA, CNAME, CAA, SRV).
`whois`	object	created, expires, updated, registrar, status, nameservers.
`email`	object	spfRecord, spfValid, dmarcRecord, dmarcPolicy, dkimResults, mxScore (0-100).
`ssl`	object	issuer, subject, validFrom, validTo, daysToExpiry, sans, sigAlg, serialNumber.
`reverseDns`	object	`ips` and resolved `ptrs` (empty unless `reverseDns=true`).
`audit_summary`	object	`grade` (A/B/C/D/F) plus `issues[]` with level, code, message.
`audited_at`	string	ISO timestamp the audit completed.
`errors`	array	Labels for any check that failed (e.g. `whois`, `ssl`, `dkim`).

Common issue codes: no-spf, weak-spf, no-dmarc, dmarc-none, no-dkim, ssl-expired, ssl-expiring, ssl-expiring-soon, whois-expired, whois-expiring, no-caa.

Pricing

Single DATA_RECORD event — every audited domain bills at the same flat rate. Five DNS lookups, a WHOIS lookup, a TLS handshake, and a mailauth pass cost $0.005.

Event	Price
Actor start	$0.10
Per audited domain	$0.005

Volume	Cost
100 domains	$0.60
1,000 domains	$5.10
10,000 domains	$50.10

Limits

maxItems caps at 10,000 per run; the resolver is the bottleneck, not the actor.
The Apify console tester has a 5-minute timeout — keep maxItems low (default 5) when testing in-browser.
concurrency caps at 50 to avoid public DNS resolver rate limits. Self-hosted resolvers can go higher with care.
WHOIS data quality varies by TLD. Some registries return sparse fields; the actor surfaces what the registry actually serves.
Reverse DNS is opt-in because most A records have no PTR set.
DKIM probes a 10-selector default list. If you use a non-standard selector, add it via dkimSelectors.

SSL & Security Headers Checker — pairs with this actor for full TLS-and-headers grading per URL.
Sitemap Walker Pro — discover URLs for a domain that you then audit here.
Structured Data Validator Pro — same primitive shape for SEO-side audits.

Need More Features?

Need extra DKIM selectors, custom record types, or a private resolver endpoint? File an issue or get in touch.

Why Use DNS Domain Audit?

Cheap — $0.005 per domain. 10,000 domains costs about a fast-food lunch.
Complete — DNS, WHOIS, SSL, and email auth in a single row, with a sortable grade. Most tools make you stitch three APIs together to get the same picture.
No proxies, captchas, or browsers — pure Node lookups. Nothing to break, nothing to debug at 3am.

Built by OrbTop.

DNS Lookup | Scrape Domain Records & Security Intelligence

datascoutapi/dns-lookup

DNS lookup scrapes 22 data points including 10 DNS records (A, AAAA, MX, TXT, NS, CNAME, SOA, SRV, PTR, CAA) + email security analysis ( SPF/DKIM/DMARC), SSL certificate checker, domain monitoring. Processes 100 domains per batch with security scoring.

halam

Domain Intelligence Lookup

obicodes/domain-intel

Full domain intelligence in one call. Get WHOIS registration data, DNS records, SSL certificate status, IP geolocation, ASN, mail provider detection, and an actionable email security score (SPF, DMARC, MX). Built for developers, security teams, agencies, and growth teams.

Obicodes

SSL Certificate Inspector - TLS Audit & Expiry Monitor

santamaria-automations/ssl-certificate-inspector

Inspect SSL/TLS certificates for any domain: chain validation, expiry dates, cipher suites, TLS versions, subject alt names, issuer details, and security scoring. Export data, run via API, schedule and monitor runs, or integrate with other tools.

Alessandro Santamaria

Domain WHOIS & DNS Lookup â€” Registration, DNS Records & Tech

sovereigntaylor/domain-whois-scraper

Look up WHOIS data, DNS records, SSL certificates, and tech stack for any domain. Bulk domain research for lead generation, SEO audits, domain investing, and competitive intelligence. Uses RDAP, DNS-over-HTTPS, Certificate Transparency, and web WHOIS providers.

Ricardo Akiyoshi

Supernet Domain Health - Email Reputation Audit

superlativetech/supernet-domain-health

Email authentication and deliverability audit for any domain. Checks SPF, DKIM, DMARC, MX, blacklists, SSL, WHOIS, BIMI, MTA-STS — returns a 0-100 health score with actionable fixes. Sending or receiving mode. Batch thousands or query one via instant API.

Superlative

Supernet WHOIS Lookup

superlativetech/supernet-whois-lookup

WHOIS domain registration data for any domain. Registrar, expiry dates, domain age, registrant, nameservers, DNSSEC. Domain ownership enrichment for lead scoring, expiry monitoring, fraud detection, and due diligence. Batch thousands or query one instantly via Standby API.

Superlative

Email Domain Intelligence

dash_authority/email-domain-intelligence

Gather email infrastructure intelligence for domains. Extract MX records, SPF, DMARC policies, and SSL certificate info. Perfect for sales lead qualification, security research, and compliance teams. Zero dedicated actors on Apify.

Dash Authority

Supernet DNS Lookup

superlativetech/dns-lookup

Bulk DNS records lookup. Query MX, SPF, DMARC, DKIM, TXT, CNAME, A, AAAA, NS, SOA and reverse DNS for any domain or IP. Batch thousands or query one instantly using the Standby API. For email reputation scoring, see Supernet Domain Health. For whois, see Supernet Whois.

Superlative

107

WebSight API — AI-Native Web Intelligence

george.the.developer/websight-api

One API call for 7 types of web intelligence from any URL: clean markdown, tech stack, SEO audit, contacts, structured data, AI score, domain intel. Token-optimized for AI agents. Cached.