Wraps a forensics-grade DNS toolkit into 19 MCP tools for SOC workflows. You get DNSSEC chain validation with full cryptographic verification from root anchors, SPF/DKIM/DMARC/DANE email security checks, RDAP registration lookups, RBL/DBL reputation queries, and fast-flux detection. The server runs as a containerized HTTP endpoint with OAuth via Pocket ID rather than stdio, so you can host it once and connect from any MCP client. Ships with four analyst prompt templates including phishing triage and NIST 800-81r3 compliance audits. Built by a practitioner who wanted the same queries available at the command line accessible through Claude without tab-switching between dig, drill, and WHOIS.
claude mcp add --transport stdio mclose-dns-mcp uvx dns-mcp