Bulk DNS Lookup (DNS-over-HTTPS) avatar

Bulk DNS Lookup (DNS-over-HTTPS)

Pricing

$0.05 / 1,000 resolved domain or ips

Try for free
Go to Apify Store
Bulk DNS Lookup (DNS-over-HTTPS)

Bulk DNS Lookup (DNS-over-HTTPS)

Try for free

Resolves A, AAAA, MX, NS, TXT, CNAME, and SOA records for many domains at once over DNS-over-HTTPS (Cloudflare, with Google fallback), and parses SPF, DMARC, and optional DKIM. Deterministic and fast. Billed only per domain that returns DNS data.

Pricing

$0.05 / 1,000 resolved domain or ips

Rating

0.0

(0)

Developer

Pono Data

Pono Data

Maintained by Community

Actor stats

0

Bookmarked

2

Total users

0

Monthly active users

2 hours ago

Last modified

Categories

Developer tools

Share

Resolve DNS for a list of domains or IPs in one run, with a source URL on every row you can open and check. Public DNS-over-HTTPS resolvers (Cloudflare by default, Google as automatic fallback). One clean row per input.

What you get for each domain

  • Records: A, AAAA, MX, NS, TXT, CNAME, SOA, and CAA.
  • Email authentication: SPF, DMARC with its policy, and DKIM for any selectors you supply.
  • TXT verification tokens pulled out on their own (Google, Microsoft, Facebook, Stripe, DocuSign, and more), so domain-ownership signals are easy to read.
  • An email-sending posture (strong, partial, mail-no-auth, or no-mail) read from the records found, including the RFC 7505 null-MX "this domain sends no mail" case.

Give it an IP address instead of a domain and it returns the reverse (PTR) hostname.

Why this one

  • Every value carries a sourceUrl: the exact DoH query that returned it. Open it and check. Nothing is guessed; records that are absent come back null, not invented.
  • You pay only for an input that actually returns data. Non-existent or empty domains go to a free rejected dataset at no charge.
  • No subscription. Run one domain or a hundred thousand; the price is per resolved domain either way.
  • CAA records, the verification tokens, and the email posture are included, not a separate paid check.

Input

  • Domains: one per line. A full URL is reduced to its host. A bare IPv4 or IPv6 address runs a reverse (PTR) lookup.
  • Record types: any of A, AAAA, MX, NS, TXT, CNAME, SOA, CAA.
  • Primary resolver: Cloudflare or Google; the other is the automatic fallback.
  • Parse SPF and DMARC: extract the email-auth records.
  • DKIM selectors: optional; DKIM needs a selector to be discoverable.
  • Max delivered domains: cap on billed rows (0 means no cap).

Output

One row per input: queryType (forward or reverse), the record fields, CAA, txtVerifications, spf, dmarc, dmarcPolicy, dkim, emailPosture with its hasMX / hasSPF / spfHardFail / hasDMARC / dmarcEnforced booleans, PTR for IP inputs, resolver, dnsStatus, and provenance (sourceUrl, retrievedAt, confidence, dataSource).

How it works

DNS-over-HTTPS is a public, standard protocol (RFC 8484). The actor reads only what the resolver returns; absent records are null. A domain that returns no records for any requested type (for example NXDOMAIN) is written to the free rejected dataset and is not billed. Inputs are resolved concurrently, so a batch of thousands stays fast.

Billing

Pay per domain or IP that returns data. Empty, non-existent, and sanctioned inputs cost nothing.

Coverage

Global. Targets in any country are processed. The one exclusion is jurisdictions under US sanctions (Cuba, Iran, North Korea, Syria, Russia, Belarus, Venezuela, Myanmar, matched by country-code TLD), which are written to the free rejected dataset and never billed.

Opt out

A domain owner can ask us to skip their domain at https://ponodata.com/opt-out . Suppressed domains are returned by nothing and never billed.

Sample output

A real run resolving common domains (one row per domain, records abbreviated):

domainAMX (top)SPFEmail posture
cloudflare.com104.16.133.2295 mxa-canary.global.inbou…v=spf1 ip4:199.15.212.0/22 ip4:17…strong
google.com142.251.167.13910 smtp.google.com.v=spf1 include:_spf.google.com ~a…strong
github.com140.82.113.40 github-com.mail.protect…v=spf1 ip4:192.30.252.0/22 includ…strong
stripe.com198.202.176.4110 aspmx.l.google.com.v=spf1 ip4:198.2.180.60/32 ip4:13…strong

Every row carries a sourceUrl you can open to verify, for example https://cloudflare-dns.com/dns-query?name=cloudflare.com&type=A.

See also

More clean, pay-only-for-results data tools from Pono Data:

Full catalog: https://apify.com/thoob

You might also like

Bulk DNS Records Lookup - A, MX, TXT, NS, CNAME avatar

Bulk DNS Records Lookup - A, MX, TXT, NS, CNAME

logiover/bulk-dns-records-lookup

Look up DNS records for thousands of domains at once — A, AAAA, MX, NS, TXT, CNAME, SOA and CAA — via DNS-over-HTTPS. Ideal for email deliverability (SPF/DMARC), security audits and migrations. No API key, export to CSV or JSON.

User avatar

Logiover

2

Domain Security & Email Deliverability — DNS, SPF, DMARC, DKIM avatar

Domain Security & Email Deliverability — DNS, SPF, DMARC, DKIM

ryanclinton/dns-record-lookup

Audit a domain portfolio for email spoofing, broken SPF, DMARC enforcement, DNSSEC and shadow-SaaS senders. Returns a posture score, what to fix first, vendor dependencies and drift alerts — not just records. Bulk DNS / SPF / DMARC / DKIM lookup, no API keys.

User avatar

Ryan Clinton

22

DI

🌐 Domain Intel MCP — AI WHOIS & DNS Analysis

nexgendata/domain-intelligence-mcp-server

🔍 Domains, WHOIS, DNS lookup, domain intelligence MCP server for AI agents (Claude Desktop, Cursor, OpenAI Agents SDK, Vercel AI SDK). WHOIS + DNS records + subdomain discovery + SSL + tech stack detection via MCP — for OSINT and SEO AI workflows. Free tier available.

User avatar

NexGenData

3

Subdomain Finder - Discover Subdomains via CT Logs avatar

Subdomain Finder - Discover Subdomains via CT Logs

logiover/subdomain-finder

Discover every subdomain of any domain using Certificate Transparency logs (crt.sh). Fast bulk subdomain enumeration for security recon, attack-surface mapping, asset discovery and SEO. No API key — export to CSV or JSON.

User avatar

Logiover

2

DS

Domain Security Posture Checker — DNS, SPF, DMARC, TLS

nexgendata/domain-security-posture-checker

One-call security report card per domain — WHOIS, DNS, SPF/DMARC email auth, SSL/TLS expiry, with a posture score and grade. No login.

User avatar

NexGenData

2

DNS, WHOIS, SPF/DMARC, SSL Domain Audit avatar

DNS, WHOIS, SPF/DMARC, SSL Domain Audit

jungle_synthesizer/dns-domain-audit

Bulk domain audit covering DNS records, WHOIS registration, SPF/DMARC/DKIM email auth, SSL certificate, and reverse DNS. No browser, no proxy -- pure Node, sub-second per domain.

User avatar

BowTiedRaccoon

2

Domain Intelligence Scraper | $10/1K | WHOIS+DNS+SSL avatar

Domain Intelligence Scraper | $10/1K | WHOIS+DNS+SSL

apivault_labs/domain-intelligence-scraper

WHOIS + DNS + SSL + subdomain lookup for any domain. Perfect for OSINT, security audits, SEO research, lead generation.

User avatar

Apivault Labs

4

DI

Domain Intelligence — DNS, WHOIS & SSL Bulk Lookup

weiseer/domain-intel-scraper

Bulk-enrich a list of domains with live DNS records, WHOIS registration, and SSL certificate details. One clean JSON row per domain.

User avatar

wei seer

2

DP

🌐 DNS Propagation Checker — Global Resolver Bulk Tool

nexgendata/dns-propagation-checker

Check DNS propagation across 15 global resolvers (Google, Cloudflare, Quad9, OpenDNS, Verisign, Yandex). Detects inconsistency, reports by-region variance, returns TTL and full record data.

User avatar

NexGenData

3

WHOIS Domain Lookup: Operational Domain Intelligence avatar

WHOIS Domain Lookup: Operational Domain Intelligence

ryanclinton/whois-domain-lookup

Look up WHOIS and RDAP registration data for any domain in bulk. Get registrar details, creation and expiry dates, nameservers, domain age, registrant info, DNSSEC status, and EPP status codes -- all without needing any API key.

User avatar

Ryan Clinton

24