chkdomain checks if a domain can be resolved by no-filter DNS, or has been blocked by secure/protective DNS, and advertisement/tracker-blocking DNS services. It sends queries to well-known DNS servers and checks the resolution success as a basis for determining if the domain is blocked. The tool also provides links to OSINT, domain threat intelligence, and security services for the domain in question.
The DNS services currently used for sending queries are listed below:
| No-filter DNS | Secure DNS | Ad/Tracker-blocking DNS |
|---|---|---|
AdGuard (94.140.14.140) |
CleanBrowsing (185.228.168.9) |
AdGuard (94.140.14.14) |
Cloudflare (1.1.1.1) |
Cloudflare (1.1.1.2) |
AhaDNS (5.2.75.75) |
dns0.eu (193.110.81.254) |
Comodo (8.26.56.26) |
CONTROL D (76.76.2.2) |
Freenom World (80.80.81.81) |
CONTROL D (76.76.2.1) |
dnsforge.de (176.9.93.198) |
Gcore (95.85.95.85) |
dns0.eu (193.110.81.0) |
OVPN (192.165.9.157) |
Google (8.8.8.8) |
UltraDNS (156.154.70.2) |
Tiarap (188.166.206.224) |
Hinet (168.95.1.1) |
OpenDNS (208.67.222.222) |
|
UltraDNS (64.6.64.6) |
Quad101 (101.101.101.101) |
|
OpenDNS (208.67.222.2) |
Quad9 (9.9.9.9) |
|
Quad9 (9.9.9.10) |
SafeDNS (195.46.39.39) |
|
Yandex (77.88.8.1) |
Yandex (77.88.8.2) |
After checking the domain, chkdomain provides direct links to the following intelligence services for more information:
- AlienVault Open Threat Exchange
- Bitdefender TrafficLight
- Google Safe Browsing
- Kaspersky Threat Intelligence Portal
- McAfee SiteAdvisor
- Norton Safe Web
- OpenDNS
- URLVoid
- urlscan.io
- VirusTotal
- Whois.com
- Yandex Site safety report
If you'd like to build up your own secure DNS, check out the threat-hostlist repository. It contains many different threat-blocking blocklists to help you create a secure DNS service for your home, office, or elsewhere.
Download the chkdm script and make it executable:
$ wget https://github.com/PeterDaveHello/chkdomain/raw/master/chkdm
$ chmod +x chkdmCheck domain by running chkdm:
$ ./chkdm <domain name>Additionally, you can put the script in your $PATH, such as /usr/local/bin, to make it executable from anywhere.
For custom DNS checks, create CustomDNS.txt in the script's directory, listing your DNS server IPs. Use # for comments:
127.0.0.1
192.168.1.1 # Local DNS
168.95.192.1 # Hinet DNSIf you wish to use a custom file location, you can specify a custom file using CustomDNSFile variable before executing:
CustomDNSFile="/path/to/your/dnsfile.txt" ./chkdm ipinfo.twThe script will then include these servers in its checks and provide results.
Only a few command-line tools are needed:
- awk
- bash
- dig
- dirname
- head
- nslookup
- readlink
- sed
- sort
Most of the commands (awk, bash, dirname, head, readlink, sed, and sort) come pre-installed on common Linux distributions. To install dig and nslookup, use your package manager (e.g., apt, yum, pacman) to install the dnsutils (Debian/Ubuntu) or bind-utils (RHEL/CentOS, Arch/Manjaro) package.
Please be aware that domain names with records such as 0.0.0.0 or 127.0.0.1 (e.g., 0.ipinfo.tw or 1.ipinfo.tw) may yield incorrect results when checked with secure DNS and ad-blocking DNS services. The current detection method for blocked domains is relatively simple. We plan to improve this feature in future updates.
There are also some malicious domains blocking services that don't directly provide DNS services and can't be queried via the HTTP GET method. As a result, we are unable to integrate them or list their corresponding query URLs in the check results. However, since they are provided by leading security companies and offer a web interface that allows you to manually submit a domain to retrieve the related intelligence, they are worth mentioning. The services are listed below:
- FortiGuard Web Filter Lookup
- Trend Micro Site Safety Center
- Palo Alto Networks URL filtering
GPL-3.0 (GNU GENERAL PUBLIC LICENSE Version 3)
