Passive DNS has been an industry standard tool for more than a decade, but given the conversations we are having with various customers, IT teams & security teams, it’s apparent that there is some uncertainty as to what Passive DNS is, and also how it can help businesses protect both their networks and brand.

What is Passive DNS?

Until the introduction of Passive DNS there was no way to retrieve the content of any DNS zone owned by other people as system administrators were not keen to share them. Also, once a change was made to a DNS record the previous details were gone forever as the new version immediately propagated across the internet…. Not very helpful if you need to research all the domain names a suspect IP address has resolved to historically, and vice versa.

Where does Passive DNS data come from?

Diagram illustrating how Passive DNS data is collected via probes on a specially enabled DNS recursive server.When a client queries a local DNS resolver and the answer is not included in the server’s cache, then the DNS resolver will query an external root server, followed by the top-level domain (TLD) server and the authoritative name server itself to get access to the requested information (see diagram ).

With special probes activated on the DNS resolver, it is possible to record the packets containing the answers to the client, along with the time & date stamp of when the query was made.

Passive DNS does not store which client (or person) made a query, just the fact that at some point in time, a domain has been associated with a specific DNS record . This ensures that privacy is maintained throughout the system.

Passive DNS data from Spamhaus is collected across the internet globally, from trusted third parties including hosting companies, enterprises, business & ISPs.

With the constant increase in the number of TLDs, there are currently more than 1,000, there is a huge amount of data to record. Spamhaus’ Passive DNS cluster handles more than 200 million DNS records per hour and stores hundreds of billions of record per month, allowing you to search this vast database easily.

How can this help your IT security?

Passive DNS data provides a wealth of information for IT security teams, research teams and brand protection specialists. Research analysts gain insight as to how a particular domain name changes over time and how it is related to other domains and/or IP addresses. This data enables you to build a picture of potential threats across global networks that simply cannot be identified from monitoring your own network.

Brand protection specialists can identify spoofed domains/websites, noting when they have been active and how they are associated with other domains.

Discover the value this tool can bring to multiple roles:

Passive DNS is an extremely clever and simple to use tool that’s a great addition to your security arsenal.

Join us on October 22nd for a deep dive webinar on Passive DNS, delving into brand protection and phishing investigation, with a live Q&A – register here. Or sign up for a FREE Passive DNS account here.

Related Products

Passive DNS

Our Passive DNS allows you to quickly and easily navigate through billions of DNS records to shine a spotlight on potentially malicious internet resources associated with your network or domain.

  • Reduce investigation times
  • Protect your online brand
  • Protect customers and end-users

Resources

WEBINAR | Rapid investigation into potential threats with Passive DNS

29 September 2020

Video

Analyzing your network, and beyond, for potential cyber threats is hugely time-consuming. However, utilizing Passive DNS data can quickly highlight possible issues. Spamhaus' Head of Data, Carel Bitter and Industry Liaison, Matthew Stith walk you through real-life scenarios to demonstrate how Passive DNS can help you.

Protecting your online brand with Passive DNS

23 September 2020

Blog

Discover how Passive DNS data can help brand specialists and marketing teams quickly identify potentially harmful domains.

Passive DNS – Spamhaus’ newest release

27 May 2019

Blog

This is a simple to use, effective and fast investigation tool. With all the expected features of Passive DNS, and some unique features including ‘Fuzzy’ search to make investigating easier. Want to find out more?…