Project documentation

What DNSsecured offers

• Scanner APIs for DNS and mail-security posture
• Authoritative DNS hardening validation
• DNSSEC rollover planning support
• Traffic-steering decisioning for resilient endpoint routing

CLI commands

dnssecured run --config ./DNSsecuredfile
dnssecured validate --config ./DNSsecuredfile
dnssecured list-checks
dnssecured version

DNSsecuredfile quick start

listen :8080
cors true
default_tenant public
timeout 10s
max_concurrency 4
checks ns_redundancy dnssec_validation dane_tlsa tls_certificate spf dkim_selector_health dmarc mta_sts tls_rpt bimi
resolver_mode dot
dot_upstreams 1.1.1.1 1.0.0.1
tls_server_name cloudflare-dns.com

Available APIs

• POST /v1/analyze - core DNS security scan
• POST /v1/authoritative/validate - authoritative hardening report
• POST /v1/dnssec/plan - DNSSEC rollover planning
• POST /v1/steering/decision - endpoint steering decision

Static site hosting with Caddy

dnssecured.example.com {
  root * /var/www/dnssecured/site
  file_server
  encode zstd gzip
  header {
    Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
    X-Content-Type-Options "nosniff"
    Referrer-Policy "strict-origin-when-cross-origin"
  }
}