dnsight
Audit DNS, email authentication (SPF, DKIM, DMARC), and related security signals.
Run a full audit with the audit command, a single check (e.g. dmarc, spf), or
inspect configuration. Global options below apply before the subcommand.
Use dnsight COMMAND --help for command-specific options (domains, --config, etc.).
Options
| Option |
Type |
Default |
Required |
Description |
--config |
file |
— |
no |
Path to dnsight.yaml (default: discover from CWD). |
--format / -f |
choice |
<OutputFormat.RICH: 'rich'> |
no |
Output format: rich, json, sarif, markdown. |
--output / -o |
file |
— |
no |
Write serialised results to this file instead of stdout. |
--quiet / -q |
bool |
false |
no |
Diagnostics only at ERROR on stderr (suppresses INFO/DEBUG). Audit output is unchanged. Wins over --verbose. |
--verbose / -v |
bool |
false |
no |
DEBUG logging on stderr with source paths and Rich tracebacks. Ignored if --quiet is set. |
--very-verbose / -vv |
bool |
false |
no |
DEBUG logging on stderr with source paths and Rich tracebacks. Ignored if --quiet or --verbose is set. |
--output-detail |
bool |
false |
no |
Rich and markdown: emit full issue descriptions, remediation, and recommendation text (default uses shorter context lines). |
--markdown-data-preview |
bool |
false |
no |
Markdown only: include generic data key/value lines when a check has no typed summary (default omits them). |
--version |
bool |
false |
no |
Show the dnsight version and exit. |
Subcommands
| Command |
Description |
audit |
Run a full audit for domain(s) or all manifest targets from config. |
caa |
CAA inventory and policy check; generate CAA lines. |
config |
Inspect and validate dnsight configuration. |
dkim |
DKIM DNS record check. |
dmarc |
DMARC check (multi-domain or manifest) and TXT generation. |
dnssec |
DNSSEC chain and negative-response validation. |
docs |
Print the documentation site URL (MkDocs / GitHub Pages). |
headers |
HTTP security headers check; generate CSP or HSTS snippets. |
mx |
MX resolution and optional PTR/STARTTLS; generate MX lines. |
spf |
SPF check and suggested TXT generation. |
version |
Show the dnsight version and exit. |
Command index
General
Audit
Checks