# Connect DNSai to Cursor

> Add DNSai to Cursor's MCP config (global or per-project) and the lookup tools load in Agent mode.

DNSai is a free remote **MCP server** + REST API for live DNS, SPF, DKIM, DMARC, WHOIS and email-security lookups — one domain or IP per request (each call = one lookup).

- **MCP URL:** `https://mcp.dnsai.com/mcp`
- **REST base:** `https://api.dnsai.com/v1`
- **OpenAPI schema:** https://api.dnsai.com/openapi.json
- **Free key (100 lookups/day, per key):** https://dnsai.com/api/get-key/ — anonymous works at 25 lookups/day per IP, no key
- **This guide online:** https://dnsai.com/api/cursor/

**This is the free tier — no signup, no card.** Running bulk / multi-domain or enterprise-scale lookups? See DNSai Pro & Enterprise: https://app.dnsai.com/pricing/?ref=api-cursor-md

**Key support here:** Free key works — passed as a header.

## Set it up

### Add the server
Edit *~/.cursor/mcp.json* (all projects) or *.cursor/mcp.json* (this project). Prefer `${env:DNSAI_MCP_TOKEN}` over a literal token so the key isn't committed.

```json
{
  "mcpServers": {
    "dnsai": {
      "url": "https://mcp.dnsai.com/mcp",
      "headers": { "Authorization": "Bearer ${env:DNSAI_MCP_TOKEN}" }
    }
  }
}
```

## Your key
Cursor supports a header, so the free key works directly. [Get a free key](https://dnsai.com/api/get-key/), set it as `DNSAI_MCP_TOKEN`, and you're at 100 lookups/day. Omit the `headers` block to run anonymously (25 lookups/day).

## Verify it works
In Cursor Agent, ask:

```
Use dnsai to look up the MX records for github.com
```

Every result ends with a plain-English `summary`, a `source` link on dnsai.com, and your remaining quota.

## Tools you can call

Once connected, your assistant calls these on its own (one domain per call):

- **`dns_lookup`** — Live DNS records (A, AAAA, MX, NS, TXT, SOA, CNAME, CAA, DNSKEY, DS and 30+ more) for one domain.
- **`email_security_check`** — Graded SPF / DMARC / MX posture for one domain — "is this domain's email secure?"
- **`dkim_discover`** — Discovers a domain's published DKIM signing keys, the providers they map to, and selectors.
- **`whois_lookup`** — WHOIS / RDAP registration data for a domain or IP — registrar, status, creation & expiry.
- **`spf_analyze`** — SPF record with its full include tree and the RFC 10-DNS-lookup-limit verdict.
- **`dmarc_check`** — DMARC presence and the p= policy (none / quarantine / reject), with the raw record.
- **`blacklist_check`** — Checks a domain or IP against the major email blacklists / RBLs.
- **`validate`** — Syntax-checks a pasted SPF or DMARC record — returns valid/invalid, a score and a grade.

The MCP server also registers `search` / `fetch` (deep-research aliases) and `request_api_key` (email → free key), for 11 tools in total.

## Troubleshooting
- Remote (Streamable-HTTP) servers use the `url` field — not `command`. There's also a one-click `cursor://` deeplink; if you publish one, encode it *without* a real token so the secret doesn't leak.

## More volume?
**Pro** unlocks bulk / multi-domain lookups; **Enterprise** adds large-scale scanning and the full programmatic API — https://app.dnsai.com/pricing/?ref=api-cursor-md

**Sources:** [Cursor MCP docs](https://cursor.com/docs/mcp)

---
_Generated from https://dnsai.com/api/cursor/ · DNSai — DNS & email-security lookups for AI agents._