Advanced Threat Feeds | Passive DNS

Spamhaus Advanced Threat Datafeeds:
Passive DNS

Passive DNS is a technique where inter-server DNS messages are captured by sensors and forwarded to a collection point for analysis.  After being processed, individual DNS records are stored in a database where they can be indexed and queried 

Spamhaus Passive DNS collects tremendous volumes of dns query information – to deliver insight on dns traffic.  Note that Spamhaus dns traffic tends to provide excellent visibility into badness… as many of the dns queries indicate undesired actvitity.

Spamhaus Passive DNS 

  • very robust, over 2B records/day, excellent visibility into ‘Badness’ on the net
  • Includes Host IP, NS domain, CName, MXrecord (plus much more…)

Questions that can be answered using a Passive DNS Database 

  • Where did this domain name point to in the past? 
  • What domain names are hosted by a given nameserver? 
  • What domain names point into a given IP network? 
  • What subdomains exist below a certain domain name? 

Passive DNS – Tool to Find the Badness. For more information, read Spamteq's Passive DNS Factsheet


Sign Up For a Free Trial!