Home / Industry

WhoisXML API Expands DNS Database Coverage and Adds New Record Type

AAAA and PTR records were added to WhoisXML API’s DNS Database Download‘s existing pool of six DNS record types (i.e., A, MX, NS, TXT, CNAME, and SOA records). All these records are now updated daily, making the database more up-to-date and relevant in supporting security processes.

More comprehensive and timely DNS data enables security teams to efficiently track down malicious cyber properties, obtain up-to-date threat information, and effectively discover suspicious associations and connections.

About Our DNS Database Download Service

DNS Database Download is a repository of historical DNS records gleaned from more than a decade of detecting and storing DNS lookup information. This type of intelligence enables users to determine the connections between specific cyber resources.

For instance, DNS Database can tell you the IP address, nameserver, mail server, CNAME, and other details of a domain name. You may learn more about DNS intelligence from our DNS Primer.

Our DNS database can be downloaded in CSV format via Hypertext Transfer Protocol Secure (HTTPS) or File Transfer Protocol (FTP).

How Can Each Record Type Help?

Our database includes eight types of DNS records, critical to threat hunting and defense, cybercrime investigation, security solution enhancement, and other security processes. We talk briefly about each record type below.

A Record – A records map domain names to their respective IPv4 resolutions. Companies must ensure their domains resolve to the correct IP addresses. Otherwise, their domains may be compromised, and website visitors may be redirected to malicious sites.

A records can help uncover malicious networks. For instance, the record may point to the IP address of a malware’s command-and-control (C&C) server, enabling security teams to learn about the malware network’s location, Internet service provider (ISP), Autonomous System (AS) details, and other information.

AAAA Record – Our DNS AAAA files contain the IPv6 resolutions of domain names. They serve the same purpose as the DNS A files, but specifically for domains that already use IPv6 instead of IPv4 addresses.

MX Record – This record type specifies the mail server that should receive emails for a domain name, along with priority numbers. MX files can be used to verify if a domain has a mail server, possibly aiding in email risk assessment and scoring among other applications.

NS Record – Nameserver (NS) records point to the DNS servers that are authoritative for given domain names. These NSs play a critical role in DNS lookups. Threat actors taking control of these servers may lead to serious security implications, as they would also be able to command DNS resolutions.

TXT Record – Since TXT records are widely used for domain ownership verification and spam prevention, it’s important for businesses to verify if their domains have the correct TXT records. It can also help trace DNS tunneling, where threat actors exfiltrate data using TXT records.

CNAME Record – Since multiple domains or subdomains can point to the same web page or application by specifying CNAME records, keeping track of this record type is essential. CNAME files can help verify if the correct CNAMEs are used, preventing CNAME cloaking and anonymity, which can lead to phishing and subdomain takeovers.

SOA Record – SOA records contain administrative details about the domain and its zone, including the administrator’s email address and time to live (TTL) or the time it takes for the server to refresh the cache. Our DNS files can help verify that the correct SOA details are stored and that they follow industry standards.

PTR Record – PTR records do the opposite of A and AAAA records and allow users to map IP addresses to domain names. Thanks to PTR records administrators can log domain names instead of machine-readable IP addresses. These records are also used for anti-spam and mail server verification to check if an IP address corresponds to legitimate servers.


We continue to make improvements to our DNS Database Download service as part of our commitment to Internet safety and transparency.

Are you interested in learning more about our DNS Database Download service? Feel free to talk to our team about how our DNS databases can empower your security processes.

NORDVPN DISCOUNT - CircleID x NordVPN
Get NordVPN  [74% +3 extra months, from $2.99/month]
By WhoisXML API, A Domain Research, Whois, DNS, and Threat Intelligence API and Data Provider

Whois API, Inc. (WhoisXML API) is a big data and API company that provides domain research & monitoring, Whois, DNS, IP, and threat intelligence API, data and tools to a variety of industries.

Visit Page

Filed Under

Comments

Commenting is not available in this channel entry.
CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

Related

Topics

Cybersecurity

Sponsored byVerisign

Domain Names

Sponsored byVerisign

DNS

Sponsored byDNIB.com

IPv4 Markets

Sponsored byIPv4.Global

Threat Intelligence

Sponsored byWhoisXML API

New TLDs

Sponsored byRadix

Brand Protection

Sponsored byCSC