XowiaScan
Home Tools Pricing API Docs About Sign in Get started
← All tools

DNS Recon Pro

Recon & Discovery

Deep DNS recon — zone-transfer testing, mail-auth scoring, DNSSEC and dangling-CNAME detection.

What is DNS Recon Pro?

DNS Recon Pro goes well beyond a basic lookup. It probes for misconfigurations that turn DNS into an attack surface: open zone transfers, weak or missing mail authentication, absent DNSSEC and dangling records that invite subdomain takeover.

Each check comes with a verdict and context, so you can tell a benign default from a real finding.

What it checks

  • AXFR (zone transfer) — attempts a transfer that would leak the entire zone.
  • SPF / DMARC / DKIM — scores mail-spoofing protection and flags gaps.
  • DNSSEC — whether the zone is signed and validating.
  • Dangling CNAME — records pointing at unclaimed third-party services.
  • Record overview — the core records gathered in one place.

Where it fits in your workflow

  • Find email-spoofing and zone-leak issues for a hardening report.
  • Identify takeover candidates before running the dedicated scanner.
Use DNS Recon Pro

Run it from your dashboard.

Create free account Sign in Use via API

At a glance

CategoryRecon & Discovery
RunsServer-side
Token cost 5 / run (free tier)
AccessFree
Status● Live

Frequently asked questions

What does an open AXFR mean?

It means a name server will hand over the full DNS zone to anyone who asks — a serious information-disclosure issue that maps your entire infrastructure.

Why does DMARC matter?

Without a strong DMARC policy, attackers can spoof email from the domain. The tool tells you whether the policy actually enforces (reject/quarantine) or is only monitoring.

Explore more tools →