Skip to content

Rdata Lookups

Rdata lookups query DNSDB's Rdata index, which supports "inverse" lookups based on Rdata record values. In contrast to rrset lookups, rdata lookups return only individual resource records (not full resource record sets) and lack bailiwick metadata.

Tip

An rrset lookup on the owner name reported via an rdata lookup must be performed to retrieve the full RRset and bailiwick.

URL Path Scheme

/dnsdb/v2/lookup/rdata/TYPE/VALUE/RRTYPE

Both TYPE and VALUE are required. The RRTYPE parameter is optional.

Type Parameter

The TYPE parameter specifies how VALUE is interpreted:

Type Description
name The VALUE is a DNS domain name in presentation format, or a left-hand (".example.com") or right-hand ("www.example.") wildcard domain name. Note that left-hand wildcard queries are somewhat more expensive than right-hand wildcard queries.
ip The VALUE is one of an IPv4 or IPv6 single address, with a prefix length, or with an address range. If a prefix is provided, the delimiter between the network address and prefix length is a single comma (",") character rather than the usual slash ("/") character to avoid clashing with the HTTP URI path name separator.
raw The VALUE is an even number of hexadecimal digits specifying a raw octet string.

RRtype Parameter

If RRTYPE is not specified, the query functions as if "ANY" was specified.

  • For name and raw rdata lookups, RRTYPE optionally filters the results by RRtype in the same manner as rrset lookups
  • For ip rdata lookups, the supported RRTYPE values are A, AAAA, and ANY, which can be used interchangeably: you can send an IPv4 or IPv6 address to either value and the data returned will be based on the IP address sent, not on the RRTYPE value
  • Any other RRTYPE value for ip lookups will return an "HTTP 400 Bad Request" response

IP Address Examples

Some examples of "ip" rdata URLs (noting that colon needs to be expressed as %3A):

https://api.dnsdb.info/dnsdb/v2/lookup/rdata/ip/10.0.0.1/ANY
https://api.dnsdb.info/dnsdb/v2/lookup/rdata/ip/10.0.0.1-10.1.255.255
https://api.dnsdb.info/dnsdb/v2/lookup/rdata/ip/10.0.0.1,24/ANY
https://api.dnsdb.info/dnsdb/v2/lookup/rdata/ip/2620%3A11c%3Af008%3A%3A,126
https://api.dnsdb.info/dnsdb/v2/lookup/rdata/ip/2620%3A11c%3Af008%3A%3A1-2620%3A11c%3Af008%3A%3Aff

Result Format

Results are returned in JSON Lines format with the following keys:

Key Description
rrname The owner name of the resource record in DNS presentation format.
rrtype The resource record type of the resource record, either using the standard DNS type mnemonic, or an RFC 3597 generic type, i.e. the string TYPE immediately followed by the decimal RRtype number.
rdata The record data value. The Rdata value is converted to the standard presentation format based on the rrtype value. If the encoder lacks a type-specific presentation format for the resource record's type, then the RFC 3597 generic Rdata encoding will be used.
count The number of times the resource record was observed via passive DNS replication.
time_first, time_last UNIX epoch timestamps with second granularity indicating the first and last times the resource record was observed via passive DNS replication.
zone_time_first, zone_time_last UNIX epoch timestamps with second granularity indicating the first and last times the resource record was observed via zone file import.

Examples

Example 1: Lookup records with IPv4 address 104.244.13.104

curl -H "Accept: application/x-ndjson" -H "X-API-Key: $DNSDB_API_KEY" \
  "https://api.dnsdb.info/dnsdb/v2/lookup/rdata/ip/104.244.13.104"

Response:

{"cond": "begin"}
{"obj":{"count":24,"time_first":1433550785,"time_last":1468312116,
    "rrname":"www.farsighsecurity.com.","rrtype":"A","rdata":"104.244.13.104"}}
{"obj":{"count":9429,"time_first":1427897872,"time_last":1468333042,
    "rrname":"farsightsecurity.com.","rrtype":"A","rdata":"104.244.13.104"}}
{"cond": "succeeded"}

Example 2: Lookup records in 104.244.13.104/29 network

curl -H "Accept: application/x-ndjson" -H "X-API-Key: $DNSDB_API_KEY" \
  "https://api.dnsdb.info/dnsdb/v2/lookup/rdata/ip/104.244.13.104,29"

Response (with keep-alive messages):

{"cond": "begin"}
{}
{"obj":{"count":24,"time_first":1433550785,"time_last":1468312116,
    "rrname":"www.farsighsecurity.com.","rrtype":"A","rdata":"104.244.13.104"}}
{"obj":{"count":9429,"time_first":1427897872,"time_last":1468333042,
    "rrname":"farsightsecurity.com.","rrtype":"A","rdata":"104.244.13.104"}}
{}
{"cond": "succeeded"}

Example 3: Lookup records with IPv6 address

curl -H "Accept: application/x-ndjson" -H "X-API-Key: $DNSDB_API_KEY" \
  "https://api.dnsdb.info/dnsdb/v2/lookup/rdata/ip/2620:11c:f004::104"

Response:

{"cond": "begin"}
{"obj":{"count":14,"time_first":1433845806,"time_last":1467828872,
    "rrname":"www.farsighsecurity.com.","rrtype":"AAAA","rdata":"2620:11c:f004::104"}}
{"obj":{"count":5307,"time_first":1427897876,"time_last":1468333042,
    "rrname":"farsightsecurity.com.","rrtype":"AAAA","rdata":"2620:11c:f004::104"}}
{"cond": "succeeded"}

Example 4: Lookup records in IPv6 network prefix

curl -H "Accept: application/x-ndjson" -H "X-API-Key: $DNSDB_API_KEY" \
  "https://api.dnsdb.info/dnsdb/v2/lookup/rdata/ip/2620:11c:f000::,126"

Response:

{"cond": "begin"}
{"obj":{"count":2,"time_first":1574082633,"time_last":1574082633,
    "rrname":"gw.fmt1.fsi.io.","rrtype":"AAAA","rdata":["2620:11c:f000::1"]}}
{"obj":{"count":261,"time_first":1573589461,"time_last":1576188661,
    "rrname":"r1.fmt1.fsi.io.","rrtype":"AAAA","rdata":["2620:11c:f000::2"]}}
{"obj":{"count":241,"time_first":1573611061,"time_last":1576188661,
    "rrname":"r2.fmt1.fsi.io.","rrtype":"AAAA","rdata":["2620:11c:f000::3"]}}
{"cond": "succeeded"}

Example 5: Lookup domains delegated to nameserver

curl -H "Accept: application/x-ndjson" -H "X-API-Key: $DNSDB_API_KEY" \
  "https://api.dnsdb.info/dnsdb/v2/lookup/rdata/name/ns5.dnsmadeeasy.com"

Response:

{"cond": "begin"}
{"obj":{"count":1078,"zone_time_first":1374250920,"zone_time_last":1468253883,
    "rrname":"farsightsecurity.com.","rrtype":"NS","rdata":"ns5.dnsmadeeasy.com."}}
{"obj":{"count":706617,"time_first":1374096380,"time_last":1468334926,
    "rrname":"farsightsecurity.com.","rrtype":"NS","rdata":"ns5.dnsmadeeasy.com."}}
{"cond": "succeeded"}

Example 6: Lookup domains with mail exchanger

curl -H "Accept: application/x-ndjson" -H "X-API-Key: $DNSDB_API_KEY" \
  "https://api.dnsdb.info/dnsdb/v2/lookup/rdata/name/hq.fsi.io"

Response:

{"cond": "begin"}
{"obj":{"count":45644,"time_first":1372706073,"time_last":1468330740,
    "rrname":"fsi.io.","rrtype":"MX","rdata":"10 hq.fsi.io."}}
{"obj":{"count":19304,"time_first":1374098929,"time_last":1468333042,
    "rrname":"farsightsecurity.com.","rrtype":"MX","rdata":"10 hq.fsi.io."}}
{"cond": "succeeded"}

Example 7: Raw query for records

curl -H "Accept: application/x-ndjson" -H "X-API-Key: $DNSDB_API_KEY" \
  "https://api.dnsdb.info/dnsdb/v2/lookup/rdata/raw/0366736902696f00?limit=2"

Response:

```json {"cond": "begin"} {"obj":{"count":6,"time_first":1413228451,"time_last":1413228451, "rrname":"local-data.fsi.io.","rrtype":"SOA", "rdata":"fsi.io. hostmaster.fsi.io. 2014050101 7200 3600 604800 3600"}} {"obj":{"count":25,"time_first":1412912798,"time_last":1412942807,"rrname":"dnstap.info.", "rrtype":"SOA","rdata":"fsi.io. hostmaster.fsi.io. 2014052824 7200 3600 25920000 3600"}}