NetTrace

NetTrace was a DNS and email validation toolset developed and operated by Ricardo Neudorfer in 2025. It ran on the domain nettrace.cloud, which is no longer active. NetTrace was the first fully documented software product in the Development Timeline, and marked the transition from early experimentation to shipping a complete SaaS product.

Background

NetTrace emerged from a practical problem: verifying DNS record propagation and email security configurations required using multiple separate tools in sequence — a DNS checker here, an SPF validator there, a DMARC inspector somewhere else. NetTrace consolidated all of these into a single interface with a consistent API.

The product ran from early 2025 until it was retired later that year.

DNS checking

The core feature of NetTrace was the ability to send a DNS lookup to 30+ resolvers across different global regions simultaneously and compare the results side by side.

Why multiple resolvers matter

DNS changes do not propagate instantly. When a record is updated, it can take anywhere from minutes to 48 hours for the change to reach all resolvers worldwide, depending on the TTL (time to live) configured on the record. Checking only one resolver gives an incomplete picture. NetTrace showed the response from each resolver simultaneously, making it immediately clear whether propagation was complete and which regions were still returning old data.

Supported record types

NetTrace supported the following DNS record types:

Record type	Purpose
A	Maps a domain to an IPv4 address
AAAA	Maps a domain to an IPv6 address
MX	Specifies mail servers for the domain
TXT	Stores text data, used for SPF and verification records
CNAME	Alias pointing to another domain
NS	Lists the authoritative name servers
SOA	Start of Authority — administrative information

Email security validation

NetTrace validated the three standard email authentication mechanisms that form the basis of modern email security:

SPF — Sender Policy Framework

SPF records define which mail servers are authorised to send email from a domain. NetTrace parsed SPF records and checked for:

Syntax errors that would cause the record to be ignored
Exceeding the DNS lookup limit of 10 (a common misconfiguration that causes SPF to fail)
Missing mechanisms for expected sending services
Incorrect use of all qualifiers (+all, -all, ~all, ?all)

DKIM — DomainKeys Identified Mail

DKIM allows a receiving mail server to verify that an email was sent by an authorised server and that the message was not altered in transit. NetTrace retrieved DKIM public keys from DNS and checked:

Key format and length (minimum 1024-bit RSA recommended)
Missing or malformed p= values
Incorrect key type declarations
Whether the key had been revoked (empty p= value)

DMARC — Domain-based Message Authentication

DMARC builds on SPF and DKIM to specify what should happen when authentication fails. NetTrace parsed DMARC records and reported:

The enforcement policy (none, quarantine, or reject)
Alignment mode for SPF and DKIM (strict or relaxed)
Reporting addresses configured for aggregate and forensic reports
Subdomain policies

Public API

A RESTful API was available for developers who wanted to integrate DNS and email checking programmatically. All responses were JSON-formatted with consistent structure across all endpoint types. The API was authenticated via API keys issued through the dashboard.

Status

NetTrace is permanently offline. The domain nettrace.cloud is no longer active. No source code, database records, or other data has been preserved beyond this page.