Idig Dns

19 tools. 0 can modify or destroy data without limits.

Read-only server. Low risk, but rate limits prevent runaway API costs.

Last updated:

0 can modify or destroy data
19 read-only
19 tools total

Community server · catalogue entry verified 02/07/2026

How to control Idig Dns ↓

What Idig Dns exposes to your agents

Read (19) Write / Execute (0) Destructive / Financial (0)

What can go wrong

Even read-only tools carry cost. An agent in a retry loop can make thousands of API calls per minute, exhausting rate limits and running up bills.

How to control Idig Dns

PolicyLayer is an MCP gateway — it sits between your AI agents and Idig Dns, and nothing reaches the server without passing your rules. These are the rules we recommend:

Cap read operations
{
  "blacklist_check": {
    "limits": [
      {
        "counter": "blacklist_check_per_minute",
        "window": "minute",
        "max": 60,
        "scope": "grant"
      }
    ]
  }
}

Controls API costs and prevents retry loops from exhausting upstream rate limits.

  1. Create a free account and register Idig Dns — nothing to install.
  2. Add these rules — paste them, or build them visually. Tune the limits to your setup.
  3. Point your MCP client (Claude, Cursor, anything) at your gateway URL.
ENFORCE POLICY ON IDIG DNS →

Instant setup, no code required.

All 19 Idig Dns tools

READ 19 tools
Read blacklist_check IP blacklist / DNSBL check. Tests A-record and MX IPs against Spamhaus, Barracuda, SpamCop, SORBS, and more. Read dane_validate DANE/TLSA validation: cross-validates TLSA DNS records against the live TLS certificate. Supports all four TLS Read diagnose Full diagnosis combining resolution + DNSSEC. Use first when something is broken. Read dns_lookup Look up DNS records for a domain. Record types: a, aaaa, ns, mx, txt, soa, caa, srv, cname, ds, tlsa, https, s Read dnssec_health DNSSEC health report: key inventory, signature expiry, algorithm assessment, DS at parent, rollover readiness, Read dnssec_validate Validate DNSSEC chain of trust. Returns: secure / insecure / bogus / indeterminate. Read domain_status Registrar lock and EPP status. Checks transfer lock, delete lock, serverHold, pendingDelete. Read email_security_audit Full SPF, DKIM, DMARC, and BIMI audit with A-F grade and prioritized fix recommendations. Read geo_lookup Geolocation and hosting: country, city, ISP, ASN, CDN detection, is_hosting flag. Read http_check HTTP/HTTPS reachability: status codes, redirect chain, HSTS header, HTTP→HTTPS redirect detection. Read mx_check MX health + provider detection: Google Workspace, M365, Proofpoint, Zoho, 35+ providers. Read propagation_check Check DNS propagation across 16 global resolvers: Google, Cloudflare, Quad9, China, Korea, Russia. Read resolve_check DNS resolution diagnostics. Returns status: ok / nxdomain / nodata / servfail / refused / timeout / degraded. Read ssl_check SSL certificate: validity, expiry countdown, domain match, issuer, chain completeness. Read subdomain_discover Discover subdomains by probing 75 common names plus crt.sh Certificate Transparency logs. Surfaces exposed dev Read ttl_check TTL advisory: flags dangerous TTLs and gives step-by-step migration lowering plan. Read whois_lookup Parsed WHOIS: registrar, creation/expiry dates, domain age, nameservers, EPP status, DNSSEC status. Read zone_axfr AXFR zone transfer vulnerability check. Tests whether any authoritative NS allows public zone transfers (criti Read zone_consistency Check all authoritative nameservers return identical answers. Catches lame delegation and SOA mismatches.

Questions about Idig Dns

Is the Idig Dns MCP server safe to use without restrictions? +

The Idig Dns server is primarily read-only with 19 read tools. While it cannot modify data, an agent in a retry loop can make thousands of API calls per minute, exhausting rate limits and running up costs. Rate limiting is still recommended.

How many tools does the Idig Dns MCP server expose? +

19 tools across 2 categories: Read, Write. 19 are read-only. 0 can modify, create, or delete data.

How do I enforce a policy on Idig Dns? +

Register the Idig Dns MCP server in PolicyLayer, apply the suggested rules above (adjust the limits to your use case), and point your AI client at the PolicyLayer proxy URL instead of the server directly. Your agents keep the same tools; PolicyLayer evaluates every call against policy before it executes. Nothing to install, live in minutes.

Enforce policy on every Idig Dns tool call.

Deterministic rules across all 19 Idig Dns tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.

Instant setup, no code required.

19 Idig Dns tools catalogued and risk-classified — across an index of 43,000+ MCP servers.

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.