# Connect DNSai to curl / REST > No MCP client? Call the REST API directly. Plain HTTPS GET returns JSON with a plain-English summary; the OpenAPI 3.1 schema drives codegen. DNSai is a free remote **MCP server** + REST API for live DNS, SPF, DKIM, DMARC, WHOIS and email-security lookups — one domain or IP per request (each call = one lookup). - **MCP URL:** `https://mcp.dnsai.com/mcp` - **REST base:** `https://api.dnsai.com/v1` - **OpenAPI schema:** https://api.dnsai.com/openapi.json - **Free key (100 lookups/day, per key):** https://dnsai.com/api/get-key/ — anonymous works at 25 lookups/day per IP, no key - **This guide online:** https://dnsai.com/api/rest/ **This is the free tier — no signup, no card.** Running bulk / multi-domain or enterprise-scale lookups? See DNSai Pro & Enterprise: https://app.dnsai.com/pricing/?ref=api-rest-md **Key support here:** Free key works — Bearer header. ## Set it up ### curl Anonymous (25 lookups/day) needs nothing. Add the Bearer header for 100 lookups/day. ```bash # anonymous — 25 lookups/day curl https://api.dnsai.com/v1/email-security/acme.com # with a free key — 100 lookups/day curl -H "Authorization: Bearer dk_free_xxxxxxxx" \ https://api.dnsai.com/v1/dns/acme.com ``` ### OpenAPI 3.1 Import the schema into any OpenAPI client or codegen tool. ``` https://api.dnsai.com/openapi.json ``` ## Your key Pass the key as a bearer token on each request. [Get a free key](https://dnsai.com/api/get-key/) for 100 lookups/day. This is the universal fallback for any client without a native MCP path. ## Verify it works Run: ```bash curl https://api.dnsai.com/v1/dns/example.com ``` Every result ends with a plain-English `summary`, a `source` link on dnsai.com, and your remaining quota. ## Tools you can call Once connected, your assistant calls these on its own (one domain per call): - **`dns_lookup`** — Live DNS records (A, AAAA, MX, NS, TXT, SOA, CNAME, CAA, DNSKEY, DS and 30+ more) for one domain. - **`email_security_check`** — Graded SPF / DMARC / MX posture for one domain — "is this domain's email secure?" - **`dkim_discover`** — Discovers a domain's published DKIM signing keys, the providers they map to, and selectors. - **`whois_lookup`** — WHOIS / RDAP registration data for a domain or IP — registrar, status, creation & expiry. - **`spf_analyze`** — SPF record with its full include tree and the RFC 10-DNS-lookup-limit verdict. - **`dmarc_check`** — DMARC presence and the p= policy (none / quarantine / reject), with the raw record. - **`blacklist_check`** — Checks a domain or IP against the major email blacklists / RBLs. - **`validate`** — Syntax-checks a pasted SPF or DMARC record — returns valid/invalid, a score and a grade. The MCP server also registers `search` / `fetch` (deep-research aliases) and `request_api_key` (email → free key), for 11 tools in total. ## More volume? **Pro** unlocks bulk / multi-domain lookups; **Enterprise** adds large-scale scanning and the full programmatic API — https://app.dnsai.com/pricing/?ref=api-rest-md **Sources:** [OpenAPI schema](https://api.dnsai.com/openapi.json) --- _Generated from https://dnsai.com/api/rest/ · DNSai — DNS & email-security lookups for AI agents._