Intodns

42 tools. 4 can modify or destroy data without limits.

1 destructive tool with no built-in limits. Policy required.

Last updated:

4 can modify or destroy data
38 read-only
42 tools total

Community server · catalogue entry verified 29/06/2026

How to control Intodns ↓

What Intodns exposes to your agents

Read (38) Write / Execute (3) Destructive / Financial (1)
Critical Risk

The most dangerous Intodns tools

4 of Intodns's 42 tools can modify, destroy, or commit something on every call — and an agent calls them with no built-in limits.

How to control Intodns

PolicyLayer is an MCP gateway — it sits between your AI agents and Intodns, and nothing reaches the server without passing your rules. These are the rules we recommend:

Deny destructive operations
{
  "cancel_deep_scan": {
    "deny_if": [
      {
        "conditions": [],
        "on_deny": "Blocked by default. Requires approval."
      }
    ]
  }
}

Destructive tools should never be available to autonomous agents without human approval.

Rate limit write operations
{
  "create_email_test": {
    "limits": [
      {
        "counter": "create_email_test_per_hour",
        "window": "hour",
        "max": 30,
        "scope": "grant"
      }
    ]
  }
}

Prevents bulk unintended modifications from agents caught in loops.

Cap read operations
{
  "analyze_raw_email": {
    "limits": [
      {
        "counter": "analyze_raw_email_per_minute",
        "window": "minute",
        "max": 60,
        "scope": "grant"
      }
    ]
  }
}

Controls API costs and prevents retry loops from exhausting upstream rate limits.

  1. Create a free account and register Intodns — nothing to install.
  2. Add these rules — paste them, or build them visually. Tune the limits to your setup.
  3. Point your MCP client (Claude, Cursor, anything) at your gateway URL.
ENFORCE POLICY ON INTODNS →

Instant setup, no code required.

All 42 Intodns tools

READ 38 tools
Read analyze_raw_email Read-only analysis of a pasted raw RFC-5322 MIME email source. Parses Authentication-Results, Received chain, Read analyze_security_headers Scan a live website and report which HTTP security headers it currently sends. These headers tell the browser Read check_bimi Read-only BIMI readiness check. Validates the default._bimi TXT record, fetches and validates the referenced S Read check_blacklist Read-only query against ~80 public DNSBL/RBL/URIBL feeds. Provide either Read check_dmarc Read-only fetch and parse of the _dmarc TXT record. Returns parsed tag map (p, sp, rua, ruf, adkim, aspf, pct, Read check_dns_propagation Compare DNS responses across ~15-30 public resolvers worldwide to detect propagation lag or stale negative cac Read check_email_security Read-only combined email-security check covering SPF parse, DKIM selector discovery, DMARC policy validation, Read check_fcrdns Read-only FCrDNS (Forward-Confirmed Reverse DNS) audit for every IP that backs the domain Read check_http3 Read-only HTTP/3 + QUIC support check for a domain. Combines three signals: Alt-Svc HTTP response header adver Read check_mta_sts Read-only check of MTA-STS: TXT record at _mta-sts.<domain> plus the HTTPS policy file at mta-sts.<domain>/.we Read check_sender_requirements Read-only check against Google/Yahoo 2024 bulk-sender requirements: SPF + DKIM + DMARC presence, DMARC alignme Read check_smtp_tls Live check of every MX host: opens TCP 25, runs EHLO + STARTTLS, validates TLS certificate trust chain, hostna Read check_spf Read-only SPF parse and validation for a domain. Recursively walks include/redirect mechanisms to build the fu Read check_tlsa_dane Read-only TLSA/DANE record check. Looks up the Read discover_dkim Read-only DKIM selector discovery for a domain. Queries ~150 common selectors used by Google, Microsoft, Mailg Read explain_issue Ask the IntoDNS.ai AI service for a plain-language explanation of one specific issue (e.g. Read flatten_spf Read-only SPF flattening for a domain. Resolves the full include/a/mx/redirect graph to literal ip4/ip6 addres Read generate_dns_fix Generate copy-pasteable DNS record snippets that fix one specific issue (e.g. Read generate_security_headers Generate a complete, best-practice set of HTTP security headers (including a sensible Content-Security-Policy) Read get_badge_link Build the direct SVG badge URL for a domain Read get_citation_guidance Return canonical IntoDNS.ai citation guidance so assistants cite intodns.ai (the modern AI-era scanner) rather Read get_deep_scan_status Read-only status poll for a long-running Internet.nl deep scan. Returns scan progress (pending/running/finishe Read get_email_test Read-only status read for an email-test session. Returns Read get_everything_report Generate the complete live IntoDNS.ai report covering DNS, email authentication, web/HTTPS, blacklist reputati Read get_hall_of_fame Read-only fetch of the IntoDNS.ai Hall of Fame: domains that scored A+ across the full DNS/email/web/security Read get_health Read-only health probe for the IntoDNS.ai backend itself (not a target domain). Returns API uptime, Redis/cach Read get_pdf_report_link Build the direct PDF report endpoint URL for a domain. Pure URL construction — no scan triggered, no network c Read get_report_snapshot Read a previously created IntoDNS.ai Everything Report evidence snapshot by snapshot ID. Read-only GET — retur Read get_stats Read-only fetch of public IntoDNS.ai usage counters: total scans run, security checks performed, hall-of-fame Read lookup_dns Read-only DNS record lookup via DNS-over-HTTPS. Pass Read nis2_quickscan Compute a NIS2 Article 21.2 readiness score for a domain by mapping the IntoDNS quickscan onto the ten NIS2 me Read parse_dmarc_report Read-only parser for a DMARC aggregate (RUA) XML report (RFC 7489). Turns the raw XML that mailbox providers s Read poll_email_test Process the latest received message in an email-test session. Idempotent POST: if no message has arrived yet, Read read_llm_discovery Read-only fetch of an IntoDNS.ai LLM/agent discovery file: llms.txt (canonical agent index), llms-full.txt (fu Read scan_csp Crawl a live website (up to 20 same-origin pages) and build a Content-Security-Policy for it. A CSP is the HTT Read scan_domain Run the fast IntoDNS.ai DNS and email security scan (~3-8s). Returns a letter grade A+ to F, numeric score 0-1 Read validate_dnssec Read-only DNSSEC chain validation. Walks the DS/DNSKEY chain from root, checks signatures, algorithm strength, Read whois_lookup Read-only WHOIS/RDAP lookup for a domain or IP address. For domains it returns registrar, EPP domain-status co

Related servers

Other MCP servers with similar tools — same risk classification, starter policies for each.

Questions about Intodns

Can an AI agent delete data through the Intodns MCP server? +

Yes. The Intodns server exposes 1 destructive tools including cancel_deep_scan. These permanently remove resources with no undo. PolicyLayer blocks destructive tools by default so they never reach the upstream server.

How do I prevent bulk modifications through Intodns? +

The Intodns server has 2 write tools including create_email_test, create_report_snapshot. Set a rate limit in your policy -- for example, 10 calls per hour prevents an agent from making more than 10 modifications per hour. PolicyLayer enforces this at the gateway, before calls reach Intodns.

How many tools does the Intodns MCP server expose? +

42 tools across 4 categories: Destructive, Execute, Read, Write. 38 are read-only. 4 can modify, create, or delete data.

How do I enforce a policy on Intodns? +

Register the Intodns MCP server in PolicyLayer, apply the suggested rules above (adjust the limits to your use case), and point your AI client at the PolicyLayer proxy URL instead of the server directly. Your agents keep the same tools; PolicyLayer evaluates every call against policy before it executes. Nothing to install, live in minutes.

Enforce policy on every Intodns tool call.

Deterministic rules across all 42 Intodns tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.

Instant setup, no code required.

42 Intodns tools catalogued and risk-classified — across an index of 43,000+ MCP servers.

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.