How to Run a DNS Audit That Finds Real Issues

A good DNS audit is more than a quick record lookup. It should tell you whether the domain is correctly delegated, whether the important record types are present and coherent, and whether email security controls and stale entries create risk.

The goal is not to collect every possible DNS fact. The goal is to find the misconfigurations, drift, and blind spots that affect availability, email delivery, or security.

• A, AAAA, CNAME, MX, TXT, NS, and SOA records
• Parent and child delegation consistency
• Reverse DNS where email infrastructure depends on it
• SPF, DKIM, DMARC, MTA-STS, TLS-RPT, and BIMI where relevant
• DNSSEC, CAA, and stale or takeover-prone aliases

• Do the published records match the services the domain actually uses
• Are there old providers, aliases, or nameservers still present
• Is email authentication aligned and enforceable
• Are resolver results consistent with the authoritative source
• Does anything in the DNS suggest avoidable operational or security risk

Start with a summary of the major record types, then validate nameserver delegation and email-security records. After that, look for anomalies such as unexpected providers, stale CNAMEs, missing PTR coverage, weak mail policy, or records that no longer match the environment.

The most effective audits compare several signals at once. A suspicious MX provider, an unexpected hosted-service fingerprint, and a stale TXT record together often tell a clearer story than any one lookup alone.

For that reason, it helps to audit with a clear scope in mind: availability, email deliverability, or exposure management. The same DNS data can support all three, but the findings should still be prioritised according to business impact.

• Old nameservers or providers still referenced after migration
• SPF records that are too complex or incomplete
• DMARC monitoring policies that were never advanced to enforcement
• Dangling CNAMEs or retired verification records
• Missing glue, inconsistent delegation, or stale SOA serials

The value of an audit usually comes from connecting those findings to ownership and remediation. A perfect inventory is less useful than a clear list of concrete issues, affected services, and the team responsible for fixing them.

• DNS Audit
• Domain DNS Summary
• Email Security Check