Everything buyers ask in the first call.

You upload a DNS log. ShadowDNS reads every query, groups them by registrable domain, and matches them against curated lists of AI tools, shadow-IT apps, newly registered domains, and known-bad indicators. You get back a one-page executive summary plus the underlying tables.

At launch: Windows DNS debug log CSV, Pi-hole query log CSV, and generic CSV (timestamp, client_ip, query, qtype, response). Infoblox and BIND adapters are next.

No. There are no agents, no kernel modules, and no firewall changes. ShadowDNS reads the logs your DNS server already produces.

Uploads are processed in-region, never shared with third parties, and auto-deleted after 7 days. You can delete a report on demand. We never use your data to train models.

Detections are based on DNS queries matching a curated signature library of known AI and SaaS service domains. Every signature is published and human-reviewable — we prefer transparent rules over ML black boxes so you can validate and contest any finding.

Scheduled re-runs are planned for Pro and not yet shipped. Today every report is run manually by uploading a log.

Not yet. White-label and a multi-tenant MSP console are on the roadmap once we validate Pro usage.

DNS sees everything — every browser, every CLI, every script, every device. You already have the logs. You don't need a new agent rollout to get visibility.