New: Watch DNS in real-time — DNSsecured simulates resolver trust, DNSSEC, DANE, and traffic steering in one flow.

See how it works
DNSsecured

Open source infrastructure

Security-first DNS tech stack for modern operations

DNSsecured helps teams ship safer DNS infrastructure with hardened resolver trust, DNS posture checks, DNSSEC and DANE validation, and decision engines for resilient traffic steering.

Watch DNSsecured process a live query path with policy checks in under a minute.

Read docs View source ★ -- stars

Watch DNS in real-time

Pipeline cycle: < 60s

Terminal-style simulation inspired by Caddy demos. It runs DNSsecured commands and shows live security posture events.

Authoritative hardening

Validate hidden-primary posture, TSIG, XFR ACLs, DNS Cookies, response-rate limiting, and minimal-response controls.

Resolver trust

Use system DNS, custom UDP/TCP upstreams, DNS-over-TLS, or DNS-over-HTTPS with optional TLS pinning controls.

State-of-the-art checks

Run SPF, DKIM, DMARC, MTA-STS, TLS-RPT, BIMI, DNSSEC component validation, and DANE/TLSA verification.

Automation engines

Generate DNSSEC rollover plans and evaluate health/latency-aware steering decisions for reliable multi-endpoint traffic.

Tech stack

Runtime

  • Go HTTP service and embeddable packages
  • Caddy-friendly deployment model

Core packages

  • pkg/dnssecured - scanner and checks
  • pkg/authoritative - hardening posture
  • pkg/dnssec - rollover planning
  • pkg/steering - decision engine

Security posture

  • Encrypted resolver modes (DoT/DoH)
  • Optional TLS certificate pinning
  • DNSSEC and DANE-focused validation paths