|
WhoisXML API’s repository of historical Domain Name System (DNS) lookup records continues to grow in volume and coverage. The DNS database download service has recently been expanded to now include six types of DNS databases:
Each database contains relevant DNS records that enable cybersecurity teams and investigators to conduct extensive threat hunting, cyberforensic analyses, and cybercrime investigations.
The six types of DNS databases we offer provide different types of DNS records, namely, A, mail exchanger (MX), name server (NS), TXT, canonical name (CNAME), and Start of Authority (SOA) records.
Each file type is described in detail in the succeeding sections, and more information can also be found here.
The A records in the DNS provide the IP addresses that domain names point to. WhoisXML API’s DNS A Database lists down the IP resolutions of domain names. If a domain has multiple IP addresses, all of them will be listed in the third column of the database. The date and timestamp of the A record’s last update would also be reflected in the second column.
MX records determine the mail servers that receive emails on behalf of domains. Administrators can set up multiple MX records to facilitate load balancing and backup mechanisms, requiring them to specify priority or preference numbers. The lower the number, the higher the priority of the mail server.
The domain name, mail server, and mail server priority can be found in our DNS MX Database, along with the date and timestamp when the MX record was last updated.
The authoritative DNS server that receives queries for a particular domain name is specified in its NS record. WhoisXML API’s DNS database download service includes the NSs associated with domains, along with the date and timestamp when the NS records were last updated. These records are specifically found in our DNS NS Database.
Our DNS TXT Database contains the relevant text information specified by domain administrators. Whether the TXT space is used for Sender Policy Framework (SPF) record; Domain-Based Message Authentication, Reporting, and Conformance (DMARC) authentication; or other details, our database captures them all.
Our DNS database download service also includes a CNAME database where the aliases of domain names, if any, can be found.
SOA records contain the administrative details about the zones domains belong to, which can help facilitate zone transfers. This data is reflected in our DNS SOA Database, along with the date and timestamp when the SOA record was last updated.
Among the primary use cases of active and passive DNS databases are threat hunting and detection. Below are some of the threats that the six DNS databases described above can help security teams with.
Aside from enhancing security teams’ threat hunting and detection capabilities, the DNS database enrichment can further intensify the capabilities of anti-malware solutions and security information and event management (SIEM); security orchestration, automation, and response (SOAR); and threat intelligence platforms (TIPs).
Are you interested in learning more about our DNS Database Download service? Feel free to contact us here to talk to our team about reinforcing your DNS security capabilities with well-parsed and consistent passive DNS data.
Sponsored byRadix
Sponsored byDNIB.com
Sponsored byVerisign
Sponsored byVerisign
Sponsored byIPv4.Global
Sponsored byWhoisXML API
Sponsored byCSC