Introduction

Since 2017, DomainTools users have been able to leverage the power of Farsight Security® Inc.’s DNSDB Passive DNS service within DomainTools’s Iris Investigative Platform. DomainTools supports two DNSDB integration models:

Once passive DNS has been activated in your Iris account an additional “pDNS” tab will appear in the bottom right hand corner of the window:

image

Click on it to see the interface shown. You’re then ready to make DNSDB passive DNS queries from that interface.

Example Queries and Associated Output

Example 1: Find all IP addresses used by the fully qualified domain name www.hmc.edu.

image

Example 2: Find All the Domain Names Using the Nameserver ns.claremont.edu.

image

Example 3. Some of the Diverse Record Types Seen for **.ietf.org- over a two day period.

image

Differences Between The DomainTools Integration And Typical DNSDB API Reference Client Implementations

Users who are already familiar with DNSDB will find accessing passive DNS from within Iris to be straight forward for the most part, but there are a few idiosyncrasies you’ll nonetheless want to note.

Data Sources

The Iris passive DNS integration was built with the ability to use passive DNS from more than one passive DNS provider. Users who are purchasing service through DomainTools can choose “all” sources by default, or you can select just a single specific source (such as Farsight’s DNSDB, which will always be Source “D” in the interface).

Search Interface

image

To choose between searching RRnames (“left-hand side” of DNS resource records) vs Rdata (“right-hand side” of DNS resource records), toggle the “Search By” arrow in the upper right area of the window:

Results

Pricing

For Pricing and more information about the DomainTools Iris Integration with Farsight’s DNSDB please contact:

DomainTools
2101 4th Ave, Suite 1150
Seattle, WA 98121
+1-206-838-9020
sales@domaintools.com
https://www.domaintools.com/

About DomainTools

DomainTools helps security analysts turn threat data into threat intelligence, taking indicators from your network, including domains and IPs, and connecting them with nearly every active domain on the Internet. Those connections inform risk assessments, help profile attackers, guide online fraud investigations, and map cyber activity to attacker infrastructure. Fortune 1000 companies, global government agencies, and leading security solution vendors use the DomainTools platform as a critical ingredient in their threat investigation and mitigation work. Learn more about how to connect the dots on malicious activity at https://www.domaintools.com.

About Farsight Security

Farsight Security, Inc. is the world’s largest provider of historical and real-time DNS intelligence solutions. We enable security teams to qualify, enrich and correlate all sources of threat data and ultimately save time when it is most critical - during an attack or investigation. Our solutions provide enterprise, government and security industry personnel and platforms with unmatched global visibility, context and response. Farsight Security is headquartered in San Mateo, California, USA. Learn more about how we can empower your threat platform and security team with Farsight Security passive DNS solutions at www.farsightsecurity.com or follow us on Twitter: @FarsightSecInc.