DNSDB is a Passive DNS (pDNS) historical database that provides a unique, fact-based, multifaceted view of the configuration of the global Internet infrastructure. DNSDB leverages the richness of Farsight’s Security Information Exchange (SIE) data-sharing platform and is engineered and operated by leading DNS experts.

Farsight collects Passive DNS data from its global sensor array. It then filters and verifies the DNS transactions before inserting them into the DNSDB, along with ICANN-sponsored zone file access download data. The end result is the highest-quality and most comprehensive Passive DNS data service of its kind - with more than 100 billion DNS records since 2010.

Farsight’s DNSDB transforms threat data into actionable, relevant threat intelligence in real time. DNSDB’s high-performance, indexed, time-series DNS intelligence data service increases the value of an organization’s existing threat intelligence and improves visibility for an organization’s security program and protect its infrastructure from current and future threats.

DNSDB makes it easy to find related domain names and IP addresses, assuming you have an initial domain name or IP address as a starting point. DNSDB can answer questions, such as:

Farsight Security have created a package of transforms allowing Maltego to retrieve related information for domains, hostnames, network addresses and ranges, and e-mail addresses. These transforms use DNSDB to find values that were observed by one of Farsight’s DNS sensors for these entities, as well as domains resolving to these entities.

The Farsight Security DNSDB transforms expand the power of Maltego by enabling correlation and contextualization with near realtime and historical DNS intelligence; also known as passive DNS data. Using the DNSDB transforms, users can expose entire networks, gain an outside-in view of their infrastructure and pivot across DNS record types including domains, IPs, NS, MX, AAAA, SOA and many more. Wildcard searches are also available to expose hostnames or Fully Qualified Domain Names (FQDNs) in the left side wildcard, associated domains in the right side wildcard, and further pivoting across IPs to expose all associated domains, FQDNs, IPs, MX, NS, and other record types.

The DNSDB Transforms for Maltego can be used in any Maltego investigation to:

Maltego and Farsight’s DNSDB Transform Set

Farsight’s DNSDB transform set allows Maltego to access the DNSDB to retrieve related information for domains, hostnames, network addresses and ranges, and e-mail addresses. DNSDB transforms expand the power of Maltego by enabling correlation and contextualization with near realtime and historical DNS intelligence.

Using the DNSDB transforms users can expose entire networks, gain an outside-in view of their infrastructure and pivot across DNS record types including domains, IPs, NS, MX, AAAA, SOA and many more. Wildcard searches are also available to expose hostnames or Fully Qualified Domain Names (FQDNs) in the left side wildcard, associated domains in the right side wildcard, and further pivoting across IPs to expose all associated domains, FQDNs, IPs, MX, NS, and other record types.

Uses

The DNSDB Transforms for Maltego can be used in any Maltego investigation to:

Available Transforms

Transforms on domains include:

Transforms on hostnames include:

Additional transforms include:

See the document Maltego Technical Reference or the online documentation within the Maltego system for the details on all of the available transforms.

Requirements

These transforms are available to users of Maltego CE (Free community edition), Maltego Classic (User/professional edition) and Maltego XL (Enterprise edition).

Maltego users can do a limited number of transforms with restricted returned data (12-50 records) without an API key. They can also request a 30 day trial key for evaluation that offers a higher quote and relaxed results restrictions.

Maltego Client vs API Key Limit CE (Free) Classic (User) XL (Enterprise)
Free - No API Key Queries 12 per hour 12 per hour 12 per hour
Free - No API Key Max results 12 50 50
FSI Subscription Key Queries FSI Quota FSI Quota FSI Quota
FSI Subscription Key Max Results 12 10K 65K

Full access to Farsight DNSDB data requires a subscription and valid API key. To request a trial or learn more about the Farsight subscription services please contact Farsight Security.

Additional Information

About Farsight Security

Farsight Security, Inc. is the world’s largest provider of historical and real-time DNS intelligence solutions. We enable security teams to qualify, enrich and correlate all sources of threat data and ultimately save time when it is most critical - during an attack or investigation. Our solutions provide enterprise, government and security industry personnel and platforms with unmatched global visibility, context and response. Farsight Security is headquartered in San Mateo, California, USA. Learn more about how we can empower your threat platform and security team with Farsight Security passive DNS solutions at www.farsightsecurity.com or follow us on Twitter: @FarsightSecInc.