# DNS, SSL, Redirect & URL

> Query DNS records, analyze SSL certificates, trace redirect chains, parse URLs, and build slugs and SPF records — five network tools in one.

Source: https://www.jpkc.com/db/en/tools/dns-ssl-redirect-url/

## Five network tools in one toolbox

[DNS, SSL, Redirect & URL](https://www.jpkc.com/tools/dns-ssl-redirect-url/) bundles the everyday diagnostic tasks around domains, certificates, and addresses into a single interface. Instead of hunting down a separate online tool for each step, you switch between five tabs: **DNS** (query DNS records), **SSL / Security** (inspect a certificate and its security headers), **Redirect** (trace redirect chains), **URL** (parse addresses and generate slugs), and **SPF** (build an SPF TXT record).

It is built for everyone who works with websites and mail servers: **developers** who quickly need to see where a domain points or whether a certificate is about to expire; **admins** checking redirects and DNS entries after a migration; and **SEO and email folks** who need clean redirects, valid SPF records, and correct security headers. No account, no install — everything runs right in the browser.

## What the five tabs check

- **DNS** — queries a single record type for a domain (A, AAAA, MX, NS, TXT, CNAME, SOA, SRV, CAA, PTR, NAPTR, ANY), or runs **Check All** for the most important types at once plus extra checks (www, DMARC, DKIM, wildcard). Enter an IP address and the tool automatically switches to a reverse lookup (PTR). Output as JSON or as a BIND-style zone file.
- **SSL / Security** — fetches an `https://` address and breaks down the certificate: common name, issuer, validity with days remaining, signature and key algorithm, the Subject Alternative Names (SANs), and the full certificate chain. It also checks nine security headers and rates their values.
- **Redirect** — follows a URL hop by hop (up to 10 hops), showing the status code, IP, HTTP/HTTPS flag, server, timing, and raw headers for each stop. Loops are detected.
- **URL** — parses an address client-side into its components (protocol, host, port, path, query parameters, hash …) and includes a **URL slug generator** that turns text into clean, URL-safe slugs live (including German umlaut handling).
- **SPF** — interactively builds a valid `v=spf1` TXT record: all-policy, your own mail servers, 16 preconfigured providers, custom `include:` and IP entries. Live counters for DNS lookups and record length warn you before you hit the SPF limits.

## Architecture: server-side fetch, client-side analysis

Three of the tools need data from the network that a browser cannot fetch itself (CORS, foreign TLS connections). That is why **DNS**, **SSL**, and **Redirect** work through the **JPKCom servers**:

- The **DNS tab** sends its query to a server-side PHP endpoint that resolves the records with native PHP (`dns_get_record`).
- **SSL** and **Redirect** run through a server-side cURL **proxy** that fetches the target and returns the raw data (headers, certificate, hop chain) as JSON; the formatting and display then happen **in your browser**.

These server endpoints (`p.php` for the fetch proxy, `p-api.php` for token issuance, plus the DNS endpoint) are **not a public API** you can call yourself: they are protected by a daily-rotating token, a time-window check, and a referer check, and are used exclusively by the tool's JavaScript. What matters in practice:

- **Privacy:** the checked domain sees a request from the JPKCom server, not your IP address.
- **SSRF protection:** private, local, reserved, and CGNAT addresses are blocked — for DNS reverse lookups, for the SSL/redirect fetch, and for redirects on every single hop. Only `http`/`https` are allowed.
- **Limits:** at most **10 redirect hops**, a **15 s** timeout per fetch, and a client-side throttle of about **1 request per second**.

The **URL parser**, **slug generator**, and **SPF generator** need no server at all — they compute entirely in your browser.

## Try it now

**[→ Open DNS, SSL, Redirect & URL](https://www.jpkc.com/tools/dns-ssl-redirect-url/)** — pick a tab, enter a domain or URL, read the result. No account, free, right in the browser. Each tab keeps its own history (stored locally in your browser), so you can repeat earlier queries with a click.

## Related JPKCom tools

- **[SEO & GEO Analyzer](https://www.jpkc.com/db/en/tools/seo/)** — checks a whole page, including HTTPS, redirects, security headers, and performance; ideal when, after the technical check, you want the big picture.
- **[PKI tools](https://www.jpkc.com/db/en/tools/pki/)** — create and inspect certificates and keys when the SSL tab reveals a problem.
- **[IP tools](https://www.jpkc.com/db/en/tools/ip/)** — analyze IP addresses and subnets to match the DNS and redirect IPs.
- **[Mail header analyzer](https://www.jpkc.com/db/en/tools/mail-header/)** — read email headers when you verify the record built in the SPF tab in real-world mail.

---

The subpages go deeper: the **[Manual](https://www.jpkc.com/db/en/tools/dns-ssl-redirect-url/manual/)** with every tab and all operating limits, real-world **[Examples](https://www.jpkc.com/db/en/tools/dns-ssl-redirect-url/examples/)**, and collected **[Tips & Tricks](https://www.jpkc.com/db/en/tools/dns-ssl-redirect-url/tips/)**.