check_fast_flux
ActiveTool of com.blackveilsecurity/dns
Detect fast-flux DNS behavior: performs multiple rounds of A/AAAA queries and checks whether IP addresses are rotating rapidly on each DNS query (a sign of botnet or malicious infrastructure). Compares IP answer sets and TTLs across rounds to identify rapidly rotating infrastructure used to hide malicious activity.
Parameters schema
{
"type": "object",
"required": [
"domain"
],
"properties": {
"domain": {
"type": "string",
"maxLength": 253,
"minLength": 1,
"description": "Domain to check (e.g., example.com)"
},
"format": {
"enum": [
"full",
"compact"
],
"type": "string",
"description": "Output verbosity. Auto-detected if omitted."
},
"rounds": {
"type": "integer",
"maximum": 5,
"minimum": 3,
"description": "Number of query rounds (3-5, default 3)."
},
"force_refresh": {
"type": "boolean",
"description": "Bypass cache and run a fresh check. Useful after DNS changes."
}
}
}No endpoints wrapped at confidence ≥ 0.70.
Parent server
com.blackveilsecurity/dns
https://github.com/MadaBurns/bv-mcp
2/7 registries