Unified & Consistent
Whois API & Whois
DNSDB API is a database that stores and indexes DNS resolution details captured by a global sensor array. The database currently contains DNS resolution information gathered since 2010 and includes all resource records from authoritative DNS resolvers in response to a domain query. The global sensor array continues to deliver over 200,000 DNS observations per second which are filtered, verified and de-duplicated before insertion into the historical DNSDB database.
- Get the most accurate & comprehensive Passive DNS data information from a database with more than 13 billion DNS observations.
- Get high-performance, indexed, time-series DNS intelligence data service.
- Easily search for individual DNS RRsets and also get additional metadata for search results such as first seen and last seen timestamps, MX records, Name Server information as well as the DNS bailiwick associated with an RRset.
Queries can be made for two separate lookup methods:
- The "RRset" lookup queries DNSDB's RRset index, which supports "forward" lookups based on the owner name of an RRset.
- The "Rdata" lookup queries DNSDB's Rdata index, which supports "inverse" lookups based on Rdata record values.
- All the information is well parsed and normalized to a consistent format for easy integration with your business processes.
- Query results are returned in popular JSON format, as well as raw text file.
- DNSDB is used by cyber security researchers and practitioners worldwide in threat attribution, legal investigations, threat intelligence analysis, and other highly sensitive applications.
- Cyber Security professionals can map out related domains, IP addresses, and infrastructure for a thorough investigation.
- Security analysts and incident responders need access to real-time and historical Passive Domain Name System data in order to block their infrastructure from being used by malicious entities.
- A historical view of Passive DNS data enables security teams to detect patterns of malicious activity and identify phishing or other targeted attacks.
- Accelerate incident research and post-breach analysis.
- Discover associations among various malicious entities and track and block their activity.
- Perform fact-based risk assessment of domain names and IP addresses.
- Uncover all domains using the same name server infrastructure used by a “known bad” domain.
- Reveal the IPs an adversary is using to conceal malicious activity and avoid takedowns.
- Conduct third-party audits of DNS configurations.