compare_baseline
ActiveTool of com.blackveilsecurity/dns
Compare a domain's current security configuration against a fixed policy baseline to determine compliance. Use to check whether a domain meets a policy requirement — not for tracking improvement/regression over time (use analyze_drift) and not for comparing multiple domains (use compare_domains).
Parameters schema
{
"type": "object",
"required": [
"domain",
"baseline"
],
"properties": {
"domain": {
"type": "string",
"maxLength": 253,
"minLength": 1,
"description": "Domain to scan and compare."
},
"format": {
"enum": [
"full",
"compact"
],
"type": "string",
"description": "Output verbosity. Auto-detected if omitted."
},
"baseline": {
"type": "object",
"properties": {
"grade": {
"enum": [
"A+",
"A",
"B+",
"B",
"C+",
"C",
"D+",
"D",
"F"
],
"type": "string",
"description": "Min grade (e.g., \"B+\")."
},
"score": {
"type": "number",
"maximum": 100,
"minimum": 0,
"description": "Min score (0-100)."
},
"require_caa": {
"type": "boolean",
"description": "Require CAA."
},
"require_spf": {
"type": "boolean",
"description": "Require SPF."
},
"require_dkim": {
"type": "boolean",
"description": "Require DKIM."
},
"require_dnssec": {
"type": "boolean",
"description": "Require DNSSEC."
},
"require_mta_sts": {
"type": "boolean",
"description": "Require MTA-STS."
},
"max_high_findings": {
"type": "integer",
"maximum": 9007199254740991,
"minimum": 0,
"description": "Max high findings allowed."
},
"max_critical_findings": {
"type": "integer",
"maximum": 9007199254740991,
"minimum": 0,
"description": "Max critical findings (default 0)."
},
"require_dmarc_enforce": {
"type": "boolean",
"description": "Require DMARC enforce."
}
},
"description": "Policy/requirements baseline OBJECT for compliance enforcement — \"does this domain meet these required controls?\" (grade/score floors, require_* flags, max_*_findings). NOT a prior scan. For drift-over-time vs a previous ScanScore (or the literal \"cached\"), use analyze_drift instead.",
"additionalProperties": {}
},
"force_refresh": {
"type": "boolean",
"description": "Bypass cache and run a fresh check. Useful after DNS changes."
}
}
}No endpoints wrapped at confidence ≥ 0.70.
Parent server
com.blackveilsecurity/dns
https://github.com/MadaBurns/bv-mcp
2/7 registries