# Connect DNSai to Grok > Add DNSai as a custom connector in the Grok app (paid plans), or wire it programmatically via the Grok API where the Bearer key is fully supported. DNSai is a free remote **MCP server** + REST API for live DNS, SPF, DKIM, DMARC, WHOIS and email-security lookups — one domain or IP per request (each call = one lookup). - **MCP URL:** `https://mcp.dnsai.com/mcp` - **REST base:** `https://api.dnsai.com/v1` - **OpenAPI schema:** https://api.dnsai.com/openapi.json - **Free key (100 lookups/day, per key):** https://dnsai.com/api/get-key/ — anonymous works at 25 lookups/day per IP, no key - **This guide online:** https://dnsai.com/api/grok/ **This is the free tier — no signup, no card.** Running bulk / multi-domain or enterprise-scale lookups? See DNSai Pro & Enterprise: https://app.dnsai.com/pricing/?ref=api-grok-md **Key support here:** Connector UI (paid plan) · key reliable via the Grok API. ## Set it up ### Grok app (web / iOS / Android) Go to *grok.com/connectors → New Connector → Custom*, paste the URL and complete the auth step. Streamable HTTP and SSE are both supported. Custom connectors require a paid plan. ``` https://mcp.dnsai.com/mcp ``` ### Grok API — key works here When wiring Grok programmatically, pass your key in the request's `authorization` field — Grok sends `Authorization: Bearer …` to DNSai. Use `extra_headers` for anything else. ``` authorization: "Bearer dk_free_xxxxxxxx" ``` ## Your key Anonymous works in the Grok app (25 lookups/day). A static Bearer in the chat connector UI isn't clearly documented yet — for a reliable keyed 100 lookups/day use the **Grok API** `authorization` field. [Get a free key](https://dnsai.com/api/get-key/). ## Verify it works In Grok, ask: ``` Use the dnsai connector to check email security for paypal.com ``` Every result ends with a plain-English `summary`, a `source` link on dnsai.com, and your remaining quota. ## Tools you can call Once connected, your assistant calls these on its own (one domain per call): - **`dns_lookup`** — Live DNS records (A, AAAA, MX, NS, TXT, SOA, CNAME, CAA, DNSKEY, DS and 30+ more) for one domain. - **`email_security_check`** — Graded SPF / DMARC / MX posture for one domain — "is this domain's email secure?" - **`dkim_discover`** — Discovers a domain's published DKIM signing keys, the providers they map to, and selectors. - **`whois_lookup`** — WHOIS / RDAP registration data for a domain or IP — registrar, status, creation & expiry. - **`spf_analyze`** — SPF record with its full include tree and the RFC 10-DNS-lookup-limit verdict. - **`dmarc_check`** — DMARC presence and the p= policy (none / quarantine / reject), with the raw record. - **`blacklist_check`** — Checks a domain or IP against the major email blacklists / RBLs. - **`validate`** — Syntax-checks a pasted SPF or DMARC record — returns valid/invalid, a score and a grade. The MCP server also registers `search` / `fetch` (deep-research aliases) and `request_api_key` (email → free key), for 11 tools in total. ## Troubleshooting - No connectors menu? Custom connectors need a paid Grok plan; the free tier hides them. On Business/Enterprise an admin provisions the connector first. ## More volume? **Pro** unlocks bulk / multi-domain lookups; **Enterprise** adds large-scale scanning and the full programmatic API — https://app.dnsai.com/pricing/?ref=api-grok-md **Sources:** [Grok connectors](https://docs.x.ai/grok/connectors) · [Grok remote MCP (API)](https://docs.x.ai/developers/tools/remote-mcp) --- _Generated from https://dnsai.com/api/grok/ · DNSai — DNS & email-security lookups for AI agents._