#dns

Jede Top-Level-Domain in der IANA-Root-Zone als API – die autoritative Liste, die ein Registrar, Domain-Validator oder Analysetool benötigt. Für jede TLD: ob es sich um eine länderspezifische TLD (ccTLD), eine generische TLD (gTLD) oder eine internationalisierte Domain (IDN) handelt, ihren A-Label, ihre Unicode-Form (z. B. xn--p1ai wird zu .рф aufgelöst) und bei ccTLDs das zugehörige Land. Validieren Sie eine TLD oder eine gesamte Domain, finden Sie die ccTLD eines Landes, filtern Sie nach Typ, suchen Sie oder listen Sie die gesamte Root-Zone auf. Bezogen aus IANAs offizieller tlds-alpha-by-domain.txt und aus dem Speicher bereitgestellt – immer schnell.

api.oanor.com/tld-api

Convert internationalized domain names (IDNs) between their human-readable Unicode form and the ASCII Punycode form (xn--…) that DNS actually uses. Encode a Unicode domain like münchen.de or 例え.jp (or even an emoji label like ☕.example) to ASCII, decode an xn-- domain back to Unicode, and convert a whole URL's host in either direction. Handles accents, non-Latin scripts and emoji. Useful for IDN domain handling, email and URL validation, DNS tooling, and spotting homograph / look-alike domains. Pure local IDNA conversion — no key, no third-party service, instant. Live. 4 endpoints. Distinct from Public-Suffix-List domain parsing and from generic text encoders.

api.oanor.com/punycode-api

检查域的SMTP传输安全状态 — 邮件服务器是否需要通过经过身份验证的TLS传递入站邮件，以防止降级和中间人攻击。传入一个域，服务将从mta-sts.<domain>/.well-known/mta-sts.txt获取MTA-STS策略文件（其版本、模式、允许的MX主机和max_age）、_mta-sts DNS TXT记录（其策略ID）以及_smtp._tls TLS-RPT记录（rua报告地址），然后报告MTA-STS是否实际执行以及问题的优先级列表 — 无策略文件、无DNS记录、仅“测试”模式或缺少TLS-RPT记录。第二个端点仅返回解析后的策略文件。请求在服务器端进行，私有/内部目标被拒绝（SSRF防护）。专为电子邮件可送达性和防降级攻击审计、供应商和第三方评估以及合规性而构建。MTA-STS / TLS-RPT检查器 — SMTP传输安全对应电子邮件身份验证分析器（emailsec，涵盖SPF、DKIM和DMARC），与原始DNS查找（dns）不同。无上游密钥，无缓存。

api.oanor.com/mtasts-api

Check DNS propagation by querying a record across several major public resolvers at once — Google (8.8.8.8), Cloudflare (1.1.1.1), AdGuard and dns.sb — and seeing whether they all return the same answer. Pass a domain and a record type and the service queries every resolver in parallel and reports each resolver's answers, whether they are consistent (the change has fully propagated) or still differ (mid-propagation, stale caching or split-horizon DNS), the number of distinct answer sets and the union of all answers. Supported record types: A, AAAA, CNAME, MX, TXT, NS, SOA, SRV, CAA and PTR. A single-resolver endpoint queries one named resolver on its own, and a failing resolver is reported per-resolver without failing the whole call. Live DoH (DNS-over-HTTPS) JSON queries, always current. Built for verifying DNS changes after a migration or launch, debugging split-horizon or stale-cache issues, and uptime/propagation monitoring. A DNS propagation checker — distinct from single-resolver record lookup (dns), the email-authentication analyzer (emailsec) and WHOIS (whois). No upstream key, no cache.

api.oanor.com/dnspropagation-api

Inspect any domain's email-authentication posture — its protection against spoofing and phishing — via live DNS. Pass a domain and the service looks up and validates SPF (the v=spf1 record, its all-qualifier and the 10-lookup limit), DMARC (the _dmarc policy p=none/quarantine/reject, plus sp, pct and rua/ruf reporting addresses), DKIM (probing the common selectors at selector._domainkey, or pass your own), BIMI and the MX servers — then returns an A+-to-F grade with a prioritised list of issues and concrete advice. A second endpoint parses the DMARC record tag by tag with a plain-English interpretation of the policy. Built for email-deliverability and anti-spoofing audits, vendor and third-party risk assessment, security onboarding and continuous monitoring. An email-authentication analyzer — distinct from mailbox/address validation (email), raw DNS record lookup (dns) and the HTTP security-header grader (secheaders). Pure live DNS, no upstream key, no cache.

api.oanor.com/emailsec-api

Parse any hostname or URL with the Public Suffix List. Split a domain into its subdomain, registrable domain (eTLD+1) and public suffix (eTLD), or fetch just the suffix or just the registrable domain. Handles full URLs, internationalized (punycode) domains, IP addresses, multi-level suffixes like co.uk and com.au, and — when you ask for it — private suffixes such as github.io and s3 buckets. Built on an always-current Public Suffix List and served entirely in-memory, so responses are instant and the service is always available. Ideal for cookie and domain scoping, analytics attribution, email and link validation, security and anti-abuse, and devops tooling.

api.oanor.com/domain-api

Resolve DNS records — A, AAAA, MX, NS, TXT, CNAME, SOA, SRV, CAA, PTR — for any domain, fetch all common records in a single call, or run a reverse PTR lookup for an IPv4 address. Backed by Google DNS-over-HTTPS. Ideal for devops tooling, uptime and email-deliverability checks (SPF/DKIM/DMARC), security research and domain monitoring.

api.oanor.com/dns-api

Domain and IP registration lookups via RDAP — the modern, structured successor to WHOIS. Get the registrar, registration / update / expiry dates, status codes, nameservers, DNSSEC state, and IP network ownership (CIDR, organization, country).

api.oanor.com/whois-api