eBook Now Available: Using Farsight Passive DNS for Incident Response - Download now!

DNSDB Query Modes

Left-to-Right Query Modes

  • Input: Fully-Qualified Domain Name (FQDN)
    • Example: www.mydomain.com
    • Response: DNS configuration and content data for that domain in time series form
    • Use Cases:
      • Review current and historical DNS configuration for a single domain, understanding the evolution of the infrastructure supporting that domain since 2010
      • 3rd party audit of organizational DNS records providing process control for change management
  • Input: Wildcard expression of a domain name space
    • Example: *.mydomain.com
    • Response: DNS configuration and content information for every subdomain in that name space
    • Use Case:
      • Discovery of all subdomains within an opponent's control
  • Input: Wildcard expression of a domain name across Top Level Domains (TLDs)
    • Example: www.mydomain.*
    • Response: List of Fully Qualified Domain Names matching that pattern across the full range of TLDs
    • Use Cases:
      • Discovery of possible brand abuse in obscure TLDs
      • Assessment of the breadth of an opponent's use of a given domain name substring

Right-to-Left Query Modes

  • Input: IPv4 or IPv6 host address
    • Example: 204.152.187.5 or 2001:500:2f::f
    • Response: DNS configuration and content data for every domain ever configured on that IP address in time series form
    • Use Case:
      • Discovery of an opponent's historical domain names operated on a single IP host
  • Input: IPv4 or IPv6 network address
    • Example: 204.152.187.0/28 or 2001:4f8:3:200::/64
    • Response: DNS configuration and content data for every domain ever configured on any IP host within that network, all in time series form
    • Use Case:
      • Assess the possible association of domains to a single Internet counterparty across a range of IP addresses, presumably coexisting on common physical infrastructure

Common DNS Resource Query Modes

  • Input: Mail exchange (MX) identifier
    • Example: mx.mydomain.com
    • Response: Unabridged list of Fully Qualified Domain Names (FQDNs) that share that mail exchange in their configuration
    • Use Cases:
      • Assess the scope of deployment of disparate domain names that share common email infrastructure
      • Amplification of a spam threat feed
  • Input: Authoritative name server identifier
    • Example: ns.mydomain.com
    • Response: Unabridged list of Fully Qualified Domain Names (FQDNs) that are delegated to that name server in the global DNS
    • Use Case:
      • Discover the inventory of domains names operated by opponents assuming they are operating they own authoritative name server

Want to learn more?

Protect against cybercriminal activity in real-time.

Request a free demo