// SCAN REPORT

Technitium MCP Secure

39 tools. 21 can modify or destroy data without limits.

7 destructive tools with no built-in limits. Policy required.

Last updated:

21 can modify or destroy data
18 read-only
39 tools total

Community server · catalogue entry verified 12/06/2026

How to control Technitium MCP Secure ↓

TOOL MAP

What Technitium MCP Secure exposes to your agents

Read (18) Write / Execute (14) Destructive / Financial (7)

Running more than one server? Check your whole stack →

MOST DANGEROUS TOOLS
Critical Risk

The most dangerous Technitium MCP Secure tools

Destructive · Medium dns_delete_cached The tool permanently removes a DNS cache entry for a specified domain. Destructive · High dns_delete_record This tool irreversibly removes DNS records, which cannot be undone without recreation. Destructive · Critical dns_delete_zone This tool permanently and irreversibly removes a DNS zone and all associated records. Destructive · Medium dns_remove_allowed Removing a domain from the allow list is an irreversible configuration change that causes the domain to be blocked again.

21 of Technitium MCP Secure's 39 tools can modify, destroy, or commit something on every call — and an agent calls them with no built-in limits.

POLICY

How to control Technitium MCP Secure

PolicyLayer is an MCP gateway — it sits between your AI agents and Technitium MCP Secure, and nothing reaches the server without passing your rules. These are the rules we recommend:

Deny destructive operations
{
  "dns_delete_cached": {
    "deny_if": [
      {
        "conditions": [],
        "on_deny": "Blocked by default. Requires approval."
      }
    ]
  }
}

Destructive tools should never be available to autonomous agents without human approval.

Rate limit write operations
{
  "dns_remove_blocked": {
    "limits": [
      {
        "counter": "dns_remove_blocked_per_hour",
        "window": "hour",
        "max": 30,
        "scope": "grant"
      }
    ]
  }
}

Prevents bulk unintended modifications from agents caught in loops.

Cap read operations
{
  "dns_check_update": {
    "limits": [
      {
        "counter": "dns_check_update_per_minute",
        "window": "minute",
        "max": 60,
        "scope": "grant"
      }
    ]
  }
}

Controls API costs and prevents retry loops from exhausting upstream rate limits.

  1. Create a free account and register Technitium MCP Secure — nothing to install.
  2. Add these rules — paste them, or build them visually. Tune the limits to your setup.
  3. Point your MCP client (Claude, Cursor, anything) at your gateway URL.
ENFORCE POLICY ON TECHNITIUM MCP SECURE →

Free to start. No card required.

FULL CATALOGUE

All 39 Technitium MCP Secure tools

DESTRUCTIVE 7 tools
Destructive dns_delete_cached Delete a specific domain from the DNS cache. Unlike flush, this only removes the specified domain. Destructive dns_delete_record Delete a specific DNS record from a zone. Requires confirm=true to execute. Destructive dns_delete_zone Delete a DNS zone and all its records. Requires confirm=true to execute. Destructive dns_remove_allowed Remove a domain from the allow list. The domain will no longer bypass block lists. Destructive dns_uninstall_app Uninstall a DNS app from the server. Requires confirm=true to execute. Destructive dns_flush_allowed Flush the entire allow list. All allowed domains will be removed. Requires confirm=true to execute. Destructive dns_flush_blocked Flush the entire custom block list. All manually blocked domains will be removed. Requires confirm=true to exe
EXECUTE 3 tools
Execute dns_flush_cache Flush the entire DNS cache. Forces all subsequent queries to be resolved fresh from upstream. Requires confirm Execute dns_install_app Download and install a DNS app from the Technitium app store. Use dns_list_app_store to see available apps. Execute dns_update_blocklists Force an immediate update of all configured block lists. Normally block lists update every 24 hours.
WRITE 11 tools
Write dns_remove_blocked Remove a domain from the block list. The domain will no longer be denied. Write dns_allow_domain Allow a domain name, bypassing any block lists. Useful for whitelisting false positives. Write dns_block_domain Block a domain name. Queries to this domain will be denied by the DNS server. Write dns_add_record Add a DNS record to a zone. Creates the zone automatically if it doesn Write dns_create_zone Create a new DNS zone. Use Write dns_disable_zone Disable a DNS zone. The zone will stop responding to queries but its records are preserved. Write dns_enable_zone Enable a disabled DNS zone. Write dns_set_settings Update DNS server settings. Pass key/value pairs for any settings to change (e.g. forwarders, blocking, recurs Write dns_set_zone_options Set configuration options for a zone. Pass the zone name plus any option key/value pairs to update (e.g. notif Write dns_temp_disable_blocking Temporarily disable domain blocking for a specified number of minutes. Blocking re-enables automatically after Write dns_update_record Update an existing DNS record.
READ 18 tools
Read dns_check_update Check if a newer version of Technitium DNS Server is available. Read dns_dnssec_info Get DNSSEC properties for a zone including signing status, key details, and algorithm info. Read dns_get_app_config Get the configuration for an installed DNS app. Read dns_get_ds Get the DS (Delegation Signer) records for a DNSSEC-signed zone. These are needed by the parent zone registrar Read dns_get_settings Get the current DNS server settings including forwarders, blocking configuration, protocols, logging, cache se Read dns_get_stats Get DNS query statistics for a time period. Returns total queries, cached, blocked, failure counts, plus top c Read dns_health_check Quick health check of the DNS server. Returns version, uptime, forwarder config, blocking status, and last hou Read dns_list_allowed List allowed DNS zones (domains that bypass block lists). Returns a hierarchical tree — call with no domain to Read dns_list_app_store List all available apps from the Technitium DNS app store with versions and descriptions. Read dns_list_apps List installed DNS apps on the server and their current status. Read dns_list_blocked List blocked DNS zones (domains that are denied). Returns a hierarchical tree — call with no domain to see top Read dns_list_cache List zones in the DNS cache. Returns a hierarchical tree — call with no domain to see top-level zones, then pa Read dns_list_records List DNS records in a zone. Optionally filter by a specific domain name within the zone. Read dns_list_zones List all DNS zones configured on the server. Returns zone name, type (Primary/Secondary/Stub/Forwarder), statu Read dns_query_logs Query DNS server logs with optional filters. Returns recent DNS queries and their responses. Requires the Quer Read dns_zone_options Get the configuration options for a specific zone including DNSSEC, transfer, and notify settings. Read dns_export_zone Export a DNS zone file in standard BIND format. Returns the zone file as text. Read dns_resolve Test DNS resolution for a domain name. Resolves using the Technitium server itself or a specified external ser
EXPLORE

Related servers

Other MCP servers with similar tools — same risk classification, starter policies for each.

Sperax Ecosystem Crypto & DeFI MCP Server 1318 tools
adminautomation
Mcp Afip 1300 tools
adminautomation
Mcp Ap2 1300 tools
adminautomation
BNB Chain MCP 1240 tools
adminautomation
Nodebench 824 tools
adminautomation
Amazon Bedrock Knowledge Base Retrieval MCP Server 805 tools
adminautomation
Amazon Data Processing MCP Server 805 tools
adminautomation
Amazon ECS MCP Server 805 tools
adminautomation
FAQ

Questions about Technitium MCP Secure

Can an AI agent delete data through the Technitium MCP Secure MCP server? +

Yes. The Technitium MCP Secure server exposes 7 destructive tools including dns_delete_cached, dns_delete_record, dns_delete_zone. These permanently remove resources with no undo. PolicyLayer blocks destructive tools by default so they never reach the upstream server.

How do I prevent bulk modifications through Technitium MCP Secure? +

The Technitium MCP Secure server has 11 write tools including dns_remove_blocked, dns_allow_domain, dns_block_domain. Set a rate limit in your policy -- for example, 10 calls per hour prevents an agent from making more than 10 modifications per hour. PolicyLayer enforces this at the gateway, before calls reach Technitium MCP Secure.

How many tools does the Technitium MCP Secure MCP server expose? +

39 tools across 4 categories: Destructive, Execute, Read, Write. 18 are read-only. 21 can modify, create, or delete data.

How do I enforce a policy on Technitium MCP Secure? +

Register the Technitium MCP Secure MCP server in PolicyLayer, apply the suggested rules above (adjust the limits to your use case), and point your AI client at the PolicyLayer proxy URL instead of the server directly. Your agents keep the same tools; PolicyLayer evaluates every call against policy before it executes. Nothing to install, live in minutes.

Enforce policy on every Technitium MCP Secure tool call.

Deterministic rules across all 39 Technitium MCP Secure tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.

ENFORCE POLICY ON TECHNITIUM MCP SECURE →

Free to start. No card required.

39 Technitium MCP Secure tools catalogued and risk-classified — across an index of 43,000+ MCP servers.

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.