ShadowDNS

See what your DNS logs already know.

Get a structured visibility report from DNS logs you already collect.

Results in minutes. No agents. No deployment.

Run a free report See a sample report
Raw DNS exports processed locally in your browserNo agents to installFirst report in under 5 minutes

Before you upload

  • Raw DNS exports are processed locally in your browser
  • Application traffic uses HTTPS/TLS
  • Reports protected by unique access links
  • No software installation required
  • No account required
  • DNS data is not used to train AI models
  • Built by a DNS support engineer

What you get

Three answers hidden in your DNS logs.

ShadowDNS turns existing DNS traffic into a structured visibility report you can review, share, and act on.

AI tools observed in DNS traffic

AI services resolving on your network, broken down by tool and device. Detections come from a published, human-reviewable signature list.

ChatGPT · Claude · Gemini · Cursor · Windsurf · Perplexity · DeepSeek · Copilot

Shadow IT worth reviewing

File-sharing, remote-access, and messaging apps observed in DNS traffic. Categorized and risk-flagged for triage.

Dropbox · WeTransfer · Notion · Discord · TeamViewer · AnyDesk

Suspicious DNS activity

Early signals worth investigating: NRDs, IOC matches, resolver bypass, and NXDOMAIN outliers. No additional infrastructure required.

Newly registered domains · Known-bad indicators · DoH bypass · NXDOMAIN spikes

Why it matters

DNS already sees it. Most teams don't.

Shadow IT

Employees adopt SaaS tools faster than IT can review them.

AI adoption

AI-related services continue to appear across enterprise networks.

DNS visibility

DNS logs often contain the evidence teams need, but not the context.

The report

A structured visibility report built from your DNS data.

Not a dashboard. A focused report: what was detected, why it matters, and what you might do next.

2,418,332

Total DNS queries

9

AI tools detected

14

Shadow IT findings

3

DNS security findings

View full sample report Upload a log

How it works

From DNS log to visibility report in minutes.

No agents. No deployment. No procurement process.

01

Export DNS logs

Windows DNS, Pi-hole, or generic CSV.

02

Upload the CSV

Drag and drop at /scan. 50 MB cap on free.

03

ShadowDNS analyzes

Parses, categorizes, and flags findings.

04

Visibility report

Structured report, ready in minutes.

No agentsNo deploymentNo procurementResults in minutes

Why ShadowDNS exists

DNS logs already contain many of the answers security and IT teams need.

The challenge is turning raw DNS activity into something that can be reviewed, shared, and acted on quickly.

ShadowDNS was built to make DNS visibility easier to understand through structured reports instead of raw log files.

Read more about the project →

Trust & privacy

Built with the boring fundamentals.

Raw DNS exports are processed locally in your browser and are not stored server-side
No agents required
DNS data is not used for AI training
HTTPS/TLS protected
Trust Center

Run your first report in 5 minutes.

Upload a DNS log. Review the findings. Share the report with your team.

Upload a DNS log View example report