DNSDB Scout is a Graphical User Interface (GUI) for the DNSDB API that runs in a web browser. DNSDB Scout implements all of the features exposed by the DNSDB API and provides a dashboard-like experience that will be recognizable to most users. DNSDB Scout Export is a version of Scout intended for installation and use locally by DNSDB Export customers.

This installation guide is a supplement to the README file provided with a DNSDB Scout Export tarball (“package”). It will help you configure a DNSDB Scout deployment for use with an existing DNSDB Export instance; it will help you make requests to your private DNSDB API. It will provide step-by-step instructions for configuring a customized installation and webserver to make the tool accessible to a network on an Ubuntu 20 LTS (Focal Fossa) system.

DNSDB Scout Export is implemented as a self-hosted website served by an NGINX webserver. The package contains the necessary HTML, minified Javascript and CSS files, and a shell script that can customize Export-specific variables in the Javascript. A deployed DNSDB Scout will issue DNSDB API queries to the DNSDB API server you will configure below in the “Customizations” section.


This document is intended for system administrators responsible for the administration of a DNSDB Scout installation for use with a DNSDB Export instance. Unless otherwise specified, all commands are run as root. Please contact if you have any issues installing and configuring DNSDB Scout.

Preparation for installing DNSDB Scout

You will need to aquire the DNSDB Scout Export package provided directly by Farsight. DNSDB Scout Export is not publicly published, and is proprietary software. Use of DNSDB Scout is governed by the License Agreement between you, your organization, and Farsight.

Server configuration and setup

These instructions have been written for use on Ubuntu 20 LTS (Focal Fossa). The specific installation package used for our testing was: ubuntu-20.04.2-live-server-amd64.iso. The file name includes the version number of the release, which is 20.04.2. Please make sure you’re using this major version release for this installation.

These instructions assume your server has access to a Debian package repository and has the ability to download and access packages via apt-get, dpkg, or aptitude to load necessary software and updates.

Server accounts

These instructions assume the ownership of web content under the default NGINX user; www-data is normally the default and is usually available on Ubuntu and other Debian-based systems. If your server and NGINX configuration is different then supplement www-data for your preferred user and group.

Server Security

Farsight requires that you not make your system widely available on the Internet. Please consult with Farsight’s sales and support teams on how to properly configure your access and firewall systems for this server. DNSDB systems are often online but with limited access to their ports (for instance: ssh or https) to localhost or their organization’s networks only, or placed behind firewalls.

A Note About Shells

The bash shell is the default shell and the installation scripts assume its use. If you are using an alternative shell, such as csh or sh, some of the commands might fail, so we recommend installing (if needed) and using bash for the installation.

This installation is written assuming the commands are run as the root user (via su root or logging in as root) as designated by the # prompt.

Choose a hostname

Please carefully consider what hostname you would like to use for accessing your DNSDB Scout deployment. As an example, Farsight has

It is strongly recommended that you generate an SSL certificate for your host.

You may need to configure DNS or /etc/hosts on your client systems to point them at your server depending on whether or not you selectively publish access to this server outside your network.

Further instructions will use the $HOSTNAME environment variable as part of their configuration.

# export

Installing NGINX

We’ll use apt-get to download and install NGINX and its components.

# apt-get install nginx

Configuring NGINX

The NGINX server configuration is stored in /etc/nginx and starts with nginx.conf. There are subdirectories called sites-available and sites-enabled in which server configurations can be added and loaded. We’ll create a new NGINX configuration for a DNSDB Scout deployment in /etc/nginx/sites-available/dnsdb_scout.conf.

# rm /etc/nginx/sites-enabled/default
# cat >/etc/nginx/sites-available/dnsdb_scout.conf << EOF
server {
    listen 80;
    listen [::]:80;
    server_name _;
    return 301 https://$HOSTNAME\$request_uri;
server {
    listen 443 ssl;
    listen [::]:443 ssl;
    server_name $HOSTNAME;

    #NGINX logs use /var/log/nginx by default; can be changed.
    access_log /var/log/nginx/access.scout.log;
    error_log /var/log/nginx/error.scout.log;

    #This can be changed; be sure it reflects later steps.
    root /var/www/dnsdb_scout;

    index dashboard.html; #The top level page of DNSDB Scout, "Dashboard".

    try_files \$uri/index.html \$uri.html \$uri/ \$uri =404;

    location ~* \.(html|jpg|jpeg|png|gif|ico|css|js)\$ {
      expires 1d;

    location / {
      if (\$request_method = 'OPTIONS') {
        add_header Content-Length 0;
        add_header Content-Type text/plain;
        return 200;

    #Very simple SSL configuration. More modern features
    #can be enabled/changed depending on your NGINX version.
    ssl_certificate /etc/ssl/certs/nginx-cert.crt;
    ssl_certificate_key /etc/ssl/private/nginx-key.key;
    ssl_session_cache shared:SSL:1m;
    ssl_session_timeout 10m;
    ssl_ciphers HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers on;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
# ln -s /etc/nginx/sites-available/dnsdb_scout.conf /etc/nginx/sites-enabled/dnsdb_scout

Note: If you create the above file without using the cat command, the file on disk must not contain the backslashes near the $’s. The backslashes are to keep your shell from substituting $VARIABLE during the cat.

Important: This NGINX configuration uses TLS, you must install a valid TLS certificate or create a self-signed TLS certificate for NGINX to start properly. If you need a self-signed cert, use openssl.

Considering that you are about to start the web server, now is an excellent time to consider how to modify the system firewall to allow access to your server. A reminder that Farsight requires that you not make your system widely available on the Internet. At least disallow public access and allow access from your own network only. Look at packages like ferm or iptables-persistent for long-term management of firewall rules. For testing, you’ll be using your localhost access which permits everything. If you have a client on a nearby network (for example, that you want to test with, you’ll need to add a temporary firewall rule.

# iptables -A INPUT -s -p tcp --dport 80 -j ACCEPT
# iptables -A INPUT -s -p tcp --dport 443 -j ACCEPT

Starting NGINX

Start the nginx server and see if it works:

# systemctl daemon-reload
# systemctl start nginx
# systemctl status nginx

If nginx was already started then you should reload the current configuration:

# systemctl reload nginx

If the status of nginx appears ok then enable it to start upon boot:

# systemctl enable nginx

Installing DNSDB Scout

Typically, the installation of NGINX creates /var/www, which is a convenient location for web assets. We will be using it, as noted by the “root” directory in the NGINX configuration, above.

Extract the contents of the DNSDB Scout package acquired from Farsight.

# tar -xzf dnsdb_scout_export_v2.1.4.tar.gz

At this point you may customize your DNSDB Scout Deployment. Refer to the “Customizing a DNSDB Scout Deployment” section, below, for details.

Copy the extracted (or customized) dnsdb_scout directory to /var/www. This directory should correspond with the NGINX server “root” directory.

# cp -r dnsdb_scout_export_v2.1.4/dnsdb_scout/ /var/www/

Finally, change the user/group of the dnsdb_scout directory to the one used by NGINX. By default, this is www-data.

# chown -R www-data:www-data /var/www/dnsdb_scout

Customizing a DNSDB Scout Deployment

Within the DNSDB Scout package provided by Farsight is a customization script. Run the script to add the following customizations to your DNSDB Scout deployment and to overwrite an existing customization file.

# cd dnsdb_scout_export_v2.1.4
# chmod +x
# ./

Upon running the script you will be prompted for the following customizations, all of which are optional and are visible to anyone with access to the DNSDB Scout deployment:

<div class='ui header'>Welcome to DNSDB Export and DNSDB Scout!</div>
<p>It looks like this is your first time using DNSDB Scout and you don't have
an API Key set yet.</p><p>You'll want to set an API Key on the
<a href='options.html'>Settings</a> page before making DNSDB Queries.</p>
<p>This instance of DNSDB Scout may be pre-configured with settings to use a
specific DNSDB Export server - please consult the operator for details.</p>

Default MOTD

Running the customization script from an extracted DNSDB Scout Export tarball directory will save changes to ./dnsdb_scout/export_customizations.json. You can use your text editor of choice to modify the customizations file, however, running the customization script again will overwrite the file entirely. Please ensure futher modifications to the export_customizations.json file follow standard JSON formatting and syntax otherwise the customizations will be ignored.

Testing NGINX and DNSDB Scout

You will need to use the SSL server name you used in the /etc/nginx/sites-available/dnsdb_scout.conf file. If you don’t have a public address for it yet, consider adding your HOSTNAME to the /etc/hosts file:

# echo $HOSTNAME >>/etc/hosts

You’ll see an NGINX process listening to port 80 and 443 and can access it from the server itself. Tools like telnet may be useful for debugging.

# ps awwx | grep nginx
# ss -antp | grep nginx

Let’s try accessing the server via HTTPS using its server name:

# curl -sk https://$HOSTNAME/ | head -7

If successful you should see the top of the DNSDB Scout Dashboard HTML page, like so:

<!DOCTYPE html>
	Description: Farsight DNSDB Scout® Dashboard
	Author: Farsight Security, Inc.
	Copyright: 2021 Farsight Security. All Rights Reserved.
	License: Unlicensed, Proprietary

If not, check systemctl status nginx and see if there were any typos or other configuration issues.

If everything to this point is working correctly, you should now be able to open DNSDB Scout in a web browser from a computer with access to this host and perform DNSDB queries against your DNSDB API installation.

About Farsight Security

Farsight Security, Inc. is the world’s largest provider of historical and real-time DNS intelligence solutions. We enable security teams to qualify, enrich and correlate all sources of threat data and ultimately save time when it is most critical - during an attack or investigation. Our solutions provide enterprise, government and security industry personnel and platforms with unmatched global visibility, context and response. Farsight Security is headquartered in San Mateo, California, USA. Learn more about how we can empower your threat platform and security team with Farsight Security passive DNS solutions at or follow us on Twitter: @FarsightSecInc.