Coronavirus (COVID-19) Information Read here

Cybercriminals Quickly Exploit Internet Infrastructure to Support Their Campaigns and Avoid Detection.

Learn how you can transform threat feeds into actionable, relevant threat intelligence

View video

Plug into the World’s Largest DNS Intelligence Solution: DNSDB®

The internet relies heavily on the DNS, and criminals are not exempt. DNSDB exploits the fact that cyber criminals share and reuse resources.

DNSDB is a Passive DNS (pDNS) historical database that provides a unique, fact-based, multifaceted view of the configuration of the global Internet infrastructure DNSDB leverages the richness of Farsight’s Security Information Exchange (SIE) data-sharing platform and is engineered and operated by leading DNS experts.

DNSDB Details

Farsight collects Passive DNS data from its global sensor array. It then filters and verifies the DNS transactions before inserting them into the DNSDB, along with ICANN-sponsored zone file access download data. The end result is the highest-quality and most comprehensive Passive DNS data service of its kind - with more than 100 billion DNS records since 2010.

Farsight’s DNSDB transforms threat feeds into actionable, relevant threat intelligence in real time to increase the value of an organization’s existing threat intelligence. Its high-performance, indexed, time-series DNS intelligence data service can ultimately improve visibility for an organization’s security program and protect its infrastructure from current and future threats.

Farsight’s DNSDB is built for ease of use. Chain and pivot capabilities allow security teams to easily swing from one query to another. Time fencing, output tailoring and limiting of record types are among the capabilities that enable investigators to access the exact results they need. DNSDB queries can be automated into existing workflows through a RESTful API, web-enabled UI and integration with security incident and event management solutions, security automation solutions and threat intelligence platforms.

Eliminate DNS Blind Spots

Eliminate DNS Blind Spots

View Internet infrastructure see how adversaries have “rolled” through related domains, IP addresses and name servers to conceal their activity.

Pinpoint Adversaries

Pinpoint Adversaries

Detect patterns of malicious activity and identify phishing or other targeted attacks.

Pinpoint Adversaries

Minimize Risk

Access real-time and historical Passive Domain Name System (pDNS) data to block your infrastructure from being used by bad actors.

DNSDB Access Methods


Farsight Security’s API Key portability program lets you unlock the power of DNS intelligence across dozens of SIEM, Orchestration, Automation and Threat Intelligence Platforms that already support Farsight's DNSDB RESTful API

Get started with free trial

Features & Benefits

  • Ability to search RRname, RRdata, and by IPv4 or IPv6 address or address block
  • Support for whole-label left-hand-side or right-hand-side domain name wildcards
  • Support for IP range or CIDR prefix RRdata searches
  • Able to return up to a million results per query

Purchase options

  • Purchase an annual subscription with queries / day limits
  • Queries / day limits from 1,000 queries per day up to Unlimited

DNSDB API - Enterprise Block Query

Delivers DNSDB API with a more flexible block quota and enterprise account management features.
Designed to accommodate intermittent and bursting usage patterns typical for investigations.
Includes Enterprise management such as the ability to assign additional user contacts, each receiving their own API key and allocate a split of the quota to each user and reallocate as necessary

Features & Benefits

  • - All the benefits and functionality of a queries per day DNSDB API subscription
  • - Flexible query usage with no daily query limits
  • - Purchase additional quotas when needed
  • - Rollover unused queries if you renew prior to subscription expiration
  • - Add user contacts with individual API keys
  • - Assign / manage block quota for each user

Purchase options

  • - Purchase a large block of queries that can be utilized anytime within the annual subscription
  • - No daily limits
  • - Use only what your team needs and buy more when necessary
  • - Minimum initial block quota is 100,000 queries
  • - Add-on quota options start at 1,000 queries

DNSDB Export

An on-premises installation of DNSDB in your own environment

Features & Benefits

  • - Total query privacy
  • - Ability to access data in an offline environment
  • - Unlimited query volume
  • - Minimize network latency
  • - Fastest response time

Purchase options

Purchase an annual subscription with database synchronization updates occurring monthly, daily, or every minute

Want to see more?

Free DNSDB® Trial API

Get your free DNSDB API Key and use it in any of your preferred platform(s)


Queries / day

30-days free

DNSDB Scout™

A simple GUI for DNSDB within the Google Chrome Browser.

Available on Google Chrome Store


Queries / day

Free installation

Request a Demo

Request a customized demo to see our data in action and discover how Farsight DNS Intelligence can help your security operations

DNSDB infographic

Accelerate Your Threat Defense Lifecycle

  • Accelerate incident research and post-breach analysis
  • Discover associations among threat actors and track and block their activity
  • Perform fact-based risk assessment of domain names and IP addresses
  • Uncover all domains using the same name server infrastructure used by a “known bad” domain
  • Reveal the IPs an adversary is using to conceal malicious activity and avoid takedowns
  • Conduct third-party audits of DNS configurations

Featured Resources

Grizzly (Steppe) Case Study


Grizzly (Steppe) Case Study

How ThreatConnect® leverages DNSDB to Track Down the Grizzly (Steppe).

Deloitte & Touche LLP case study


Deloitte & Touche LLP Case Study

Cerber Ransomware Investigation using Farsight's DNSDB

ThreatConnect case study


ThreatConnect, Inc. Case Study

ThreatConnect used Farsight Security's DNSDB to investigate Anthem breach-related activity.

Security Teams Can Map Out Related Domains, IP Addresses, and Infrastructure for Thorough Investigation and Protection.

DNSDB for SOC teams scheme