$ dig @auth-ns hashed-password.andy.tel naptr
NXDOMAIN on failure, NAPTR record (or a set of records) on success.
Your comment about DNS being an API is right on.