eBook Now Available: Using Farsight Passive DNS for Incident Response - Download now!
Farsight Security Passive DNS project introduction
"Passive DNS" or "passive DNS replication" is a technique invented by Florian Weimer in 2004 to opportunistically reconstruct a partial view of the data available in the global Domain Name System into a central database where it can be indexed and queried.
Passive DNS databases are extremely useful for a variety of purposes. Malware and e-crime rely heavily on the DNS, and so-called "fast flux botnets" abuse the DNS with frequent updates and low TTLs. Passive DNS databases can answer questions that are difficult or impossible to answer with the standard DNS protocol, such as:
Where did this domain name point to in the past?
What domain names are hosted by a given nameserver?
What domain names point into a given IP network?
What subdomains exist below a certain domain name?