DNSDB is a database that stores and indexes the passive DNS data available via Farsight Security’s Security Information Exchange (SIE). It also contains the authoritative DNS data from top-level-domain registries provided through ICANN’s Zone File access (ZFA) program.

DNSDB contains historical data accumulated since July, 2010.

DNSDB access is available via a RESTful API that receives queries and returns results as a JSON-formatted data via a Web service. Customers are issued an API key that is used to validate their access to the service.

DNSDB makes it easy to search for individual DNS RRsets. It also provides additional metadata for search results, including the timestamps for when it was first and last first seen. It also returns the bailiwick associated with an RRset. DNSDB also allows you to perform inverse Rdata searches.

DNSDB data is organized as Resource Records (RR) and contains the contents of a DNS response. RRset is a set of 0 or more RR records. Rdata is a field within the RR that describes the resource returned in the RR. Bailiwick is a data item that describes the DNS server which can help determine if the response is from a server that is authoritative for the domain. See What is a Bailiwick in the Additional Information section below for details on the bailiwick.

DNSDB Delivery options

DNSDB can be delivered in two ways:

System requirements vary by the access type. Farsight’s sales representative can help you understand the requirements for the option that best fits your needs.

Suggested Applications

Query Attributes

Response Attributes

TIME_FIRST Time of first sighting.
TIME_LAST Time of last sighting.
ZONE_TIME_FIRST Time of first sighting if the record was received via a zone file import.
ZONE_TIME_LAST Time of last sighting if the record was received via a zone file import.
COUNT Number of times this result was seen in [TIME_FIRST .. TIME_LAST].
RRTYPE Resource record set type.
RRname Owner of resource record set.
Rdata Array of resource data records.
BAILIWICK Apex of zone where found.

DNSDB Capabilities and limits

Access to DNSDB can be licensed in a number of ways and access can be granted via a number of interfaces and tools. These licenses and tools have different capabilities and limits that a user needs to be aware of.

This table summarizes these capabilities and limits summary:

Trial Products

Product Quota Maximum Results Duration Data Available Rate Limit Query Privacy
Maltego Free Queries 12 per hour 12 N/A 2010 to now 12 per hour No

To inquire about a demonstration of DNSDB and an opportunity for a trial API key, please request a demonstration with Farsight’s sales team:

Subscription Products

Product Quota Maximum Results Duration Data Available Rate Limit Query Privacy
Queries per Day (QPD) 1K - Unlimited 10K - 1M 1 Year 2010 to now None Yes

Additional Information

About Farsight Security

Farsight Security, Inc. is the world’s largest provider of historical and real-time DNS intelligence solutions. We enable security teams to qualify, enrich and correlate all sources of threat data and ultimately save time when it is most critical - during an attack or investigation. Our solutions provide enterprise, government and security industry personnel and platforms with unmatched global visibility, context and response. Farsight Security is headquartered in San Mateo, California, USA. Learn more about how we can empower your threat platform and security team with Farsight Security passive DNS solutions at www.farsightsecurity.com or follow us on Twitter: @FarsightSecInc.