~/domain-dossier
> domain dossier
domain health checker
run ten independent checks on any domain — dns, email authentication, tls, redirects, headers, cors, and public-web surface — in one page.
what it checks
dns
a, aaaa, ns, soa, caa, and txt records — everything a resolver asks the authoritative nameserver for.
mx
the mail exchangers the domain advertises, sorted by priority. shows you which provider runs the inbox.
spf
the sender policy framework txt record that tells recipient mail servers which ips may send mail for this domain.
dmarc
the policy published at _dmarc.<domain> — p=none/quarantine/reject, alignment, and reporting addresses.
dkim
probes the most common dkim selectors (default, google, k1, selector1/2, mxvault) to find the public key.
tls
subject, issuer, sans, fingerprint, and expiry for the certificate served over :443.
redirects
traces the http(s) redirect chain from https://<domain>/ up to ten hops.
headers
hsts, csp, x-frame-options, x-content-type-options, referrer-policy, permissions-policy — every header on /.
cors
runs a preflight options request and surfaces the access-control-* response headers.
web surface
fetches robots.txt, sitemap.xml, and the home page <head> to summarise the domain's public web surface.
who uses it
- devops preparing a domain transfer or dns migration
- email deliverability engineers auditing spf/dkim/dmarc alignment
- security teams reviewing http headers and tls configuration
- anyone pointing a new domain at production for the first time