Access Spamhaus' Passive DNS database via real-time feed and get immediate visibility into DNS activity worldwide. Gain a continuous stream of actionable DNS infrastructure insight, including CNAMEs, Nameservers, TXT, and MX records.
Trace malicious domains, monitor infrastructure changes, and investigate emerging threats by understanding how DNS records have changed over time — delivered directly to your systems.
Continuous feed of recursive DNS data, providing immediate awareness of DNS changes and detection of potential threats.
A wealth of data from our extensive DNS sensor network provides comprehensive visibility of changes as they happen.
Seamless integration into your existing data pipelines, with technical assistance to help get you started.
Uncover a rich source of real-time data focussed on DNS infrastructure — the same trusted data used by Spamhaus researchers to support their investigations on a daily basis.
Integrate the live feed directly into your systems to continuously monitor recursive DNS traffic in real time, enhance threat detection, and gain immediate context on domains, IPs and hostnames to enrich ongoing investigations.
Why are there two different names for the data?
Our datasets have been supporting users for a very long time. With new users requesting our support, the dataset names are being updated for clearer understanding. We’re documenting two names, for now, to best support all users.
Deliver reliable, real-time Passive DNS (pDNS) data directly into security platforms and enrichment workflows.
Built for security vendors, large enterprises, and law enforcement, the pDNS Real-Time Feed provides continuous visibility into live recursive DNS traffic. By ingesting a firehose of DNS resolution data in near real time, organizations gain constant comprehensive coverage.
This always-on data stream is essential for fueling proactive threat intelligence products, enabling automated detections, and tracking emerging malicious domains and cybercriminal infrastructure as they unfold.
Maintain visibility across global DNS activity to spot threats as they emerge.
Detect new malicious domains and infrastructure early, accelerating response to evolving campaigns.
Continuous stream of rich IP and domain context - removing the need for time-consuming manual lookups.
Simply complete the form and submit. No credit card or payment details are required for the free trial.
What happens next?
Once you’ve completed the form to trial the Passive DNS Real Time Feed, one of our team will be in touch to get you set up with access.
Need help?
If you have any questions, please add them to the comments box below. Once you gain access to the data, support is available should you require any.
Trial duration
A free trial lasts for 30 days. You’ll receive an email notification before the trial expires. To continue accessing the services, simply log in to the Customer Portal, and click “request quote” to upgrade to a paid subscription.
Get a free 30-day trial of the Passive DNS via Real Time Feed. No credit card details required.
It is a log of DNS queries and answers over time, recording the mappings between domain names and IP addresses. The data consists of anonymized DNS queries, collected from recursive DNS servers worldwide. It includes a number of different internet records including: IPs, domains, hosts, name servers, and canonical names. Using the Passive DNS Real Time Feed, you can uncover the connections between these records.
You can learn more about where passive DNS data comes from in "What is Passive DNS? A beginner’s guide".
Data Access
Real-time stream of enriched indicators to enhance threat detection, triage, hunting, and enrichment workflows. Gain immediate access to fresh IOCs and dataset changes to proactively identify threats before they cause damage.
Data Access
Integrate context-rich metadata relating to IP and domain reputation to enhance existing data feeds, or consume as an independent data source. Gain additional intelligence to monitor, assess and remediate as required.
Data Access
A simple API supporting a variety of query types to discover historical, and up-to-the-moment, DNS infrastructure connections from Spamhaus’ Passive DNS database with up to one year of historical data.