DNSlurp API

Query DNS records across multiple servers with DNSSEC checking

Endpoints

9 endpoints

GET /api/lookup

Lookup DNS records. Returns fresh results - perfect for shareable links.

Query Parameters

Parameter	Type	Description
`domains` required	string	Comma-separated list of domains to query
`type`	string	Record type (see supported types below). Default: A
`servers`	string	Comma-separated DNS server IPs or DoH hostnames. Default: 8.8.8.8, 1.1.1.1

Try it

Example

# Single domain
curl "/api/lookup?domains=google.com&type=A&servers=8.8.8.8"

# Multiple domains
curl "/api/lookup?domains=google.com,cloudflare.com&type=MX"

# DNSSEC records
curl "/api/lookup?domains=cloudflare.com&type=DS"

# Shareable link (opens in browser)
https://your-domain.com/?d=example.com&t=A&s=8.8.8.8,1.1.1.1

POST /api/lookup

Lookup DNS records with full server configuration.

Request Body

Field	Type	Description
`domain` required	string	Domain name to query
`type`	string	Record type. Default: A
`servers`	array	Array of server objects: `{address, name, protocol}`

Try it

Example

curl -X POST /api/lookup \
  -H "Content-Type: application/json" \
  -d '{
    "domain": "google.com",
    "type": "A",
    "servers": [
      {"address": "8.8.8.8", "name": "Google", "protocol": "UDP"},
      {"address": "dns.google", "name": "Google DoH", "protocol": "DoH"}
    ]
  }'

GET /api/authoritative

Query authoritative nameservers directly. Finds the NS records for the domain and queries those servers, bypassing recursive resolvers and caches.

Query Parameters

Parameter	Type	Description
`domain` required	string	Domain name to query
`type`	string	Record type. Default: A

Try it

Response includes delegation chain

{
  "domain": "cloudflare.com",
  "type": "A",
  "authoritative": true,
  "chain": {
    "zone": "cloudflare.com",
    "nameservers": ["ns1.cloudflare.com", "ns2.cloudflare.com"],
    "nsIPs": {
      "ns1.cloudflare.com": ["173.245.59.31"]
    }
  },
  "results": [...]
}

POST /api/authoritative

Query authoritative nameservers directly (POST version).

Request Body

Field	Type	Description
`domain` required	string	Domain name to query
`type`	string	Record type. Default: A

GET /api/config

Get available DNS record types and default servers.

GET /health

Health check endpoint.

{"status": "ok", "timestamp": "2026-01-17T08:00:00.000Z"}

GET /api/license/purchase

Purchase an enterprise license via x402. Returns 402 with USDC payment requirements. After payment, returns a signed license file and binary download links.

Query Parameters

Parameter	Type	Description
`wallet`	string	Wallet address. If provided and has an active license, returns download links without payment.

Example

# Get payment requirements
curl "https://dnslurp.esoup.net/api/license/purchase"
# Returns 402 with x402 payment instructions ($50 USDC)

# Re-download with existing license
curl "https://dnslurp.esoup.net/api/license/purchase?wallet=0xYOUR_WALLET"
# Returns license + download links if active

GET /api/license/download/:platform

Download a platform binary. Requires the bearer token (accessToken) returned by the license purchase endpoint.

URL Parameters

Parameter	Type	Description
`platform` required	string	One of: `darwin-arm64`, `darwin-x64`, `linux-x64`, `linux-arm64`, `windows-x64`

Authentication

Include the accessToken from your license purchase as a Bearer token.

Example

curl -H "Authorization: Bearer YOUR_ACCESS_TOKEN" \
  "https://dnslurp.esoup.net/api/license/download/darwin-arm64" -o dnslurp
chmod +x dnslurp

GET /api/license/status

Returns license information for the running instance. Works on both public and enterprise instances.

{
  "licensed": true,
  "licensee": "Acme Corp",
  "product": "dnslurp",
  "features": ["config", "branding", "unlimited"],
  "expires": "2027-02-26"
}

Supported Record Types

24 types incl. DNSSEC

Common

A AAAA CNAME MX NS TXT SOA PTR SRV

DNSSEC

DS DNSKEY RRSIG NSEC NSEC3 NSEC3PARAM

Security

CAA TLSA SSHFP

Modern

HTTPS SVCB

Other

NAPTR HINFO LOC RP

Response Format

JSON with DNSSEC flags

{
  "domain": "example.com",
  "type": "A",
  "timestamp": "2026-01-17T08:00:00.000Z",
  "results": [
    {
      "server": "8.8.8.8",
      "serverName": "Google",
      "protocol": "UDP",
      "queryTime": 12,
      "authoritative": false,    // AA flag - server is authoritative
      "authenticated": true,     // AD flag - DNSSEC validated
      "truncated": false,        // TC flag - response was truncated
      "rcode": "NOERROR",         // Response code
      "records": [
        {
          "type": "A",
          "value": "93.184.216.34",
          "ttl": 300
        },
        {
          "type": "RRSIG",
          "value": "A 8 2 300 ...",
          "ttl": 300,
          "algorithm": 8,
          "keyTag": 12345
        }
      ]
    }
  ]
}

DNS Flags

Flag	Field	Description
AA	`authoritative`	Authoritative Answer - server is the authority for this zone
AD	`authenticated`	Authenticated Data - DNSSEC signatures verified
TC	`truncated`	Truncated - response was too large for UDP
-	`rcode`	Response code: NOERROR, NXDOMAIN, SERVFAIL, REFUSED, etc.

Protocols

UDP, DoH

Protocol	Example Server	Description
`UDP`	`8.8.8.8`	Standard DNS over UDP port 53
`DoH`	`dns.google`	DNS over HTTPS (JSON API)

DoH servers: dns.google, cloudflare-dns.com, dns.quad9.net

Rate Limits

30/min lookup, 15/min authoritative

Endpoint	Limit	Window
`/api/lookup`	30 requests	1 minute
`/api/authoritative`	15 requests	1 minute

Response Headers

Header	Description
`X-RateLimit-Limit`	Maximum requests allowed per window
`X-RateLimit-Remaining`	Requests remaining in current window
`X-RateLimit-Reset`	Seconds until window resets

When rate limited, the API returns 402 with a payment offer (see Pay-Through Access below). The response includes the same rate limit headers as a standard 429, plus x402 payment instructions. Clients that don't support payments can treat it like a 429 — wait for retryAfter and retry.

Handling Rate Limits in Code

When rate limited, you have two options: wait for the free tier to reset, or pay for unlimited access.

// Option 1: Wait (free path — treat 402 like a 429)
const res = await fetch('/api/lookup?domains=google.com&type=A');

if (res.status === 402 || res.status === 429) {
  const data = await res.json();
  const waitSeconds = data.retryAfter || 60;
  console.log(`Rate limited. Retrying in ${waitSeconds}s`);
  await new Promise(r => setTimeout(r, waitSeconds * 1000));
  // retry...
}

// Option 2: Pay (see Pay-Through Access section below)

Pay-Through Access

x402 · $0.01 USDC · 1-hour token

DNSlurp uses the x402 protocol to offer paid access when you hit the rate limit. No signup, no API key dashboard — pay $0.01 USDC on Base and get 1 hour of unlimited access, settled in seconds.

How It Works

The free tier gives you 30 requests/minute with no authentication. When you exceed the limit, the API returns 402 instead of 429. The response carries the same rate limit headers (so existing retry logic works) plus a machine-readable payment offer.

Step 1: Hit the Rate Limit

On your 31st request in a minute, you receive:

HTTP/1.1 402 Payment Required
X-RateLimit-Limit: 30
X-RateLimit-Remaining: 0
X-RateLimit-Reset: 45
Retry-After: 45
Payment-Required: eyJ4NDAy...

{
  "x402Version": 2,
  "error": "Rate limit exceeded.",
  "accepts": [{
    "scheme": "exact",
    "network": "eip155:8453",
    "amount": "10000",
    "asset": "0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913",
    "description": "DNSlurp: 1-hour elevated rate limits"
  }],
  "message": "Pay $0.01 USDC to get 1 hour of unlimited access.",
  "retryAfter": 45
}

Free path: Wait retryAfter seconds and continue using the API at no cost.
Paid path: Sign an x402 payment and send it on your next request.

Step 2: Sign and Send Payment

Use the @x402/fetch library to handle payment automatically. It wraps fetch, intercepts 402 responses, signs the payment with your wallet, and retries:

// Install: npm install @x402/fetch @x402/evm
import { wrapFetchWithPaymentFromConfig } from '@x402/fetch';
import { ExactEvmScheme } from '@x402/evm';

const payingFetch = wrapFetchWithPaymentFromConfig(fetch, {
  schemes: [{
    network: 'eip155:8453',
    client: new ExactEvmScheme(walletAccount),
  }],
});

// This auto-pays if rate limited
const response = await payingFetch(
  'https://dnslurp.esoup.net/api/lookup?domains=esoup.net&type=A'
);

Or manually: include the signed payment in a Payment-Signature header.

Step 3: Receive Access Token

After successful payment, the server returns:

HTTP/1.1 200 OK
X-Paid-Access: granted

{
  "message": "Payment accepted. Use this API key for 1 hour of elevated access.",
  "accessToken": "eyJhbGciOiJIUzI1...",
  "expiresAt": "2026-02-19T08:00:00.000Z",
  "usage": "Include as Authorization: Bearer <accessToken> in subsequent requests."
}

Step 4: Use the Token

Include the token as a Bearer token in subsequent requests. Rate limits are bypassed for 1 hour:

curl -H "Authorization: Bearer eyJhbGciOiJIUzI1..." \
  "https://dnslurp.esoup.net/api/lookup?domains=esoup.net&type=A"

# Response headers confirm paid status:
# X-Paid-Access: active
# X-Paid-Expires: 2026-02-19T08:00:00.000Z

When the token expires, you drop back to the free tier. No subscription. Pay again when you need to.

Pricing

Tier	Cost	Limits	Auth
Free	$0	30 req/min lookup, 15 req/min authoritative	None required
Paid	$0.01 USDC	Unlimited for 1 hour	`Authorization: Bearer <token>`

Payment Details

Field	Value
Protocol	x402 v2
Network	Base (eip155:8453)
Currency	USDC
Amount	$0.01
Settlement	Coinbase CDP Facilitator
Token Duration	1 hour

Response Headers

Header	When	Description
`Payment-Required`	402	Base64-encoded x402 payment requirements
`Payment-Response`	200	Base64-encoded settlement confirmation (after payment)
`X-Paid-Access`	200	`granted` (on payment) or `active` (using token)
`X-Paid-Expires`	200	ISO 8601 expiry date of the access token

Enterprise License

x402 · $50 USDC · annual

Run your own DNSlurp instance with no rate limits and full configuration control. Purchase a license via x402 and receive platform binaries and a signed license file. See the license page for full details.

Purchase Flow

Step	Request	Response
1. Get pricing	`GET /api/license/purchase`	402 with USDC payment requirements
2. Pay via x402	Include `Payment-Signature` header	200 with signed license + download links
3. Download binary	`GET /api/license/download/:platform` with Bearer token	Platform binary (macOS, Linux, or Windows)
4. Re-download	`GET /api/license/purchase?wallet=0x...`	200 if license still active

Pricing

Plan	Price	Duration
Annual	$50 USDC	365 days

Supported Platforms

darwin-arm64 darwin-x64 linux-x64 linux-arm64 windows-x64