Skip to main content
DNS Checker(beta)

DNS Security Dashboard

Security analysis of 269,692,527+ domains derived from zone file data across hundreds of gTLDs. DNS Checker identifies misconfigurations, delegation failures, and infrastructure vulnerabilities that put domains at risk of hijacking, downtime, or DNS-based attacks.

This dashboard monitors five categories of DNS security findings across every gTLD in the dataset — from typosquatted nameservers that could enable phishing to DNSSEC gaps that leave domains vulnerable to cache poisoning (RFC 5452). Each finding includes severity ratings, affected domain counts, and actionable remediation guidance.

Analysis by Ishan Karunaratne · Data from 2026-05-25

Domains Analyzed

269,692,527

Finding Categories

5

High Severity Findings

3

Snapshot Date

2026-05-25

Key Findings Summary

As of 2026-05-25, automated analysis of 269,692,527 domains across hundreds of gTLDs reveals five categories of DNS security vulnerabilities. Lame delegations affect 12,113,737 domains where NS records point to non-functional nameservers — leaving them unreachable and vulnerable to nameserver takeover (RFC 1912). Typosquatted nameservers affect 231,914 domains with misspelled provider hostnames that attackers could register to hijack DNS resolution. DNSSEC adoption stands at just 5.3% despite its critical role in preventing cache poisoning attacks (RFC 4033–4035, RFC 5452). Provider concentration analysis shows 38 TLDs with over 90% of domains relying on a single DNS provider — a systemic risk demonstrated by the 2016 Dyn DDoS attack.

FindingSeverityDomains / TLDs Affected
Lame Delegationshigh12,113,737 domains
Ns On Risky Tldshigh347,085 domains
Typosquatted Nameserverslow231,914 domains
Provider Concentrationlow38 TLDs
Dnssec Gapshigh5.3% adoption

What This Dashboard Tracks

The DNS (Domain Name System) is the foundation of the internet — it translates domain names to IP addresses. When DNS is misconfigured or compromised, websites become unreachable, email stops working, and users can be silently redirected to malicious servers.

This dashboard analyzes zone files from hundreds of gTLDs we have access to, detecting five categories of DNS security issues:

  • Lame delegations — domains pointing to non-functional nameservers
  • Typosquatted nameservers — NS records with misspelled provider domains
  • DNSSEC adoption gaps — domains lacking cryptographic DNS validation
  • Provider concentration — TLDs over-reliant on a single DNS provider
  • Risky TLD nameservers — NS domains hosted on high-abuse extensions

Security Findings Overview

Lame Delegations

high

12,113,737 domains pointing to non-functional nameservers

12,113,737

domains affected

Impact

Domains with lame delegations have no functioning DNS — they are unreachable and vulnerable to nameserver takeover if the expired NS domain becomes available for registration.

Mitigation

Check that all NS records point to active, responsive nameservers. Remove or update stale delegation records.

View detailed lame delegations report

Ns On Risky Tlds

high

347,085 domains using nameservers on high-abuse TLDs

347,085

domains affected

Typosquatted Nameservers

low

1 unique typosquatted nameserver variants detected

231,914

domains affected

Impact

An attacker who registers the misspelled nameserver domain gains full control over DNS resolution for every domain pointing to it — enabling phishing, traffic interception, and email hijacking.

Mitigation

Audit your NS records for typos. Use DNS monitoring to detect unauthorized nameserver changes.

View detailed typosquatted nameservers report

Provider Concentration

low

7 TLDs have >90% single-provider dependency

38

TLDs affected

Impact

When the majority of a TLD's domains depend on a single DNS provider, an outage or compromise at that provider could render most domains under that TLD unreachable — a systemic risk to the namespace.

Mitigation

Registry operators should encourage provider diversity. Domain owners should consider secondary DNS with a different provider.

View detailed provider concentration report

Dnssec Gaps

high

Only 5.3% of domains have DNSSEC enabled

5.3%

adoption rate

Impact

Without DNSSEC, DNS responses can be forged through cache poisoning attacks (Kaminsky attack, RFC 5452). Attackers can redirect users to malicious servers without any visible indication.

Mitigation

Enable DNSSEC signing at your DNS provider. Most major providers (Cloudflare, AWS Route 53, Google Cloud DNS) support one-click DNSSEC activation.

View detailed dnssec gaps report

Detailed Security Reports

Each report includes full data tables, per-TLD breakdowns, and analysis methodology. Click through to explore the raw findings.

Typosquatted Nameservers

1 unique typosquatted nameserver variants affecting 231,914 domains

Updated 2026-05-25

Lame Delegations

12,113,737 domains with lame delegations (4.49% of dataset)

Updated 2026-05-25

DNS Provider Concentration

7 TLDs with >90% single-provider dependency

Updated 2026-05-25

DNSSEC Gaps

Global DNSSEC adoption at 5.3%

Updated 2026-05-25

Nameservers on Risky TLDs

347,085 domains using nameservers on high-abuse TLDs

Updated 2026-05-25

How DNS Security Analysis Works

DNS security findings are derived from automated analysis of gTLD zone files — the authoritative records that map domain names to their nameservers. The analysis pipeline processes zone data from hundreds of gTLDs we have access to, covering 269,692,527 domains as of the latest snapshot.

Analysis Methodology

  1. Zone file ingestion — Raw zone files are downloaded and parsed daily, extracting NS, A, AAAA, and DS (DNSSEC) records for domains across hundreds of gTLDs.
  2. Nameserver validation — Each nameserver hostname is checked against known provider databases, typo detection algorithms, and TLD risk classifications.
  3. Delegation health — NS records are cross-referenced with known expired, deleted, suspended, and lame nameserver indicators (e.g., "dns-expired.com", parking pages).
  4. DNSSEC coverage — DS record presence in zone files indicates DNSSEC signing. Adoption rates are computed per-TLD and globally.
  5. Provider concentration — Herfindahl-Hirschman Index (HHI) and single-provider market share are computed per-TLD to identify systemic concentration risk.

Understanding DNS Security Threats

What is a lame delegation?

A lame delegation occurs when a domain's NS records point to nameservers that don't actually serve DNS for that domain. This can happen when a domain expires, the hosting account is deleted, or nameserver records become stale. Lame delegations are defined in RFC 1912 Section 2.8 and represent one of the most common DNS misconfigurations.

What is nameserver typosquatting?

Nameserver typosquatting occurs when a domain's NS records contain misspelled versions of legitimate DNS provider hostnames — for example, "cloudflare.comm" instead of "cloudflare.com". If the typo domain is unregistered, an attacker can register it and gain full control over DNS resolution for every domain pointing to it, enabling phishing, email interception, and traffic hijacking.

Why does DNSSEC adoption matter?

DNSSEC (DNS Security Extensions, RFC 4033–4035) adds cryptographic signatures to DNS responses, allowing resolvers to verify that the response hasn't been tampered with. Without DNSSEC, domains are vulnerable to cache poisoning attacks where an attacker injects forged DNS responses to redirect users to malicious servers — all without any visible warning to the user.

What is DNS provider concentration risk?

When a large percentage of domains under a single TLD rely on one DNS provider, an outage or compromise at that provider becomes a single point of failure for the entire TLD. The 2016 Dyn DDoS attack demonstrated this risk — taking down major sites including Twitter, GitHub, and Netflix due to DNS provider concentration.

Check Your Domain's DNS Security

Use these free tools to audit your own domain's DNS configuration and identify potential vulnerabilities.

DNS Record Lookup

Query any DNS record type (A, AAAA, MX, NS, TXT, SOA, CNAME) for your domain.

DNS Propagation Checker

Verify DNS changes have propagated globally across 50+ resolvers worldwide.

Blacklist Checker

Check if your domain or IP is listed on DNSBL/RBL blacklists.

Website Reputation Checker

Check your domain reputation across 17 threat intelligence sources for malware and phishing.

SPF Record Checker

Validate your SPF record syntax and check for common misconfigurations.

DMARC Checker

Verify your DMARC policy to protect against email spoofing and phishing.

DKIM Record Checker

Verify DKIM signing configuration and public key DNS records.

Port Scanner

Scan for exposed ports and services on any host.

HTTP Security Headers

Audit HTTP security headers like CSP, HSTS, and X-Frame-Options.

WHOIS Lookup

Look up domain registration details, registrar, and expiry dates.

Data updated daily — last snapshot: May 25, 2026

Data scope: Security findings are derived from analysis of gTLD zone files we have access to. This covers hundreds of generic top-level domains including .com, .net, .org, .xyz, .io, and many more — but excludes country-code TLDs (ccTLDs) like .uk, .de, .jp and infrastructure TLDs like .arpa.

Methodology: Findings are informational and based on automated analysis of nameserver records, delegation chains, and DNSSEC configurations. Not all findings represent active threats — some may reflect domains in transition, pending deletion, or intentional parking configurations.

References: RFC 1912 (DNS Operational Guidelines) · RFC 40334035 (DNSSEC) · RFC 5452 (DNS Resilience) · RFC 8914 (Extended DNS Errors)