Every day, hundreds of billions of Domain Name System (DNS) queries are made as Internet users visit websites. While most queries are successful and return the requested answer, sometimes the DNS request results in a “non-zero” error code, signaling that the specific domain name cannot be resolved successfully.
Suspicious activity is often a factor for these errors, and may indicate brand infringement, misuse of domains to enable malware campaigns or botnet activity. Security teams need fast access to accurate data about DNS errors so they can understand and investigate the reasons for domain names not resolving successfully.
“Farsight’s error channels enable valuable dumpster-diving for intelligence on my domains.”
An easy way to monitor domain names for unexpected errors - including those due to authoritative name server problems.
Brand infringement campaigns often begin with DNS reconnaissance with malicious actors probing for unregistered domain names similar to those of targeted brands. Watching NXDOMAIN traffic is a simple way to detect the emergence of these campaigns.
Botmasters have avoided takedowns by coding and deploying DGAs. Through this approach, botnet‑infected systems will attempt and fail to resolve a large number of random-appearing domain names. The DNS Errors and NXDOMAINS channels give threat analysts and security researchers visibility into DGA‑related DNS traffic.
Security-conscious organizations often register commonly misspelled variations of their domain names to prevent cybercriminals from registering those domains and employing them in malware campaigns. The NXDOMAINS channel delivers a real-time view of misspelled variations of domain names so organizations can move quickly to register them before malicious actors do.