The server
| Endpoint | https://mcp.deteqtive.com/pdns/ |
| Transport | Streamable HTTP |
| Authentication | OAuth — Spamhaus single sign-on |
Authentication — Spamhaus SSO
Authentication is OAuth, against the same single sign-on you use for the Spamhaus portal. There's no API key to paste: the first time a client connects it opens your browser, you sign in to Spamhaus SSO and approve access, and the client receives a short-lived token that it refreshes automatically. The server validates that token on every request and uses it to authorise your queries.
What your agent can do
The server exposes three tools — the same capabilities behind the UI and the REST API:
| Tool | What it does |
|---|---|
dns_rrset | Forward lookup — the IPs and values a domain resolves to (every host in a zone) |
dns_rdata | Reverse lookup — the domains that point to an IP, CIDR, or hostname |
dns_status | Account status — your rate limits and credit usage |
dns_rrset supports several search modes, so an agent can ask questions like:
- Enumerate a footprint (right match) — "What hosts exist under
example.com?" - Brand protection (word match) — "Find domains containing
paypalthat aren't ours." - Lookalikes & typo-squats (fuzzy match) — "Surface homoglyph and typo variants of
acme.com." - Pivot in reverse — "What other domains resolve to
198.51.100.20, or to this CIDR?"
Each answer is a starting point for the next pivot — see Pivoting through DNS for how this plays out in a real investigation.
Set it up
You'll connect a client once; after the browser sign-in it stays authenticated.
Claude Code (CLI)
Add the server with the http transport:
claude mcp add --transport http deteqtive-pdns https://mcp.deteqtive.com/pdns/
This registers the server for the current project directory only. The name (deteqtive-pdns above) is yours to choose.
Then run /mcp inside Claude Code to authenticate — a browser opens to Spamhaus SSO; sign in and approve. Check the connection any time with claude mcp list.
Claude Desktop
Add it as a custom connector:
- Settings → Connectors → Add custom connector.
- Name it
Deteqtive Passive DNSand set the URL tohttps://mcp.deteqtive.com/pdns/. - Save, then click Connect. Your browser opens to Spamhaus SSO — sign in and authorise.
The dns_rrset, dns_rdata and dns_status tools then appear in your chats.
Other MCP clients
Any client that supports remote (Streamable HTTP) MCP servers with OAuth can connect. Most use a JSON config like:
{
"mcpServers": {
"deteqtive-pdns": {
"type": "http",
"url": "https://mcp.deteqtive.com/pdns/"
}
}
}
The client runs the Spamhaus SSO sign-in on first use.
Clients that only support local (stdio) servers can bridge to the hosted endpoint with mcp-remote, which handles the browser OAuth and proxies the HTTP server over stdio:
{
"mcpServers": {
"deteqtive-pdns": {
"command": "npx",
"args": ["-y", "mcp-remote", "https://mcp.deteqtive.com/pdns/"]
}
}
}
Troubleshooting
If queries start failing, have your agent call dns_status — it returns your current rate limits and credit usage, which usually explains it (you've hit the plan's quota, or you need to re-authenticate).