Skip to content

DNSDB API User Guide

Introduction

DNSDB is a database that stores and indexes both passive DNS data (from Farsight Security’s Security Information Exchange, SIE) and authoritative DNS data provided by various zone operators. It allows searching for individual DNS RRsets, with additional metadata for search results, such as first seen and last seen timestamps and the DNS bailiwick for each RRset. DNSDB also supports inverse (rdata) searches.

DNSDB Capabilities and Limits

Access to DNSDB is licensed in several ways, with different interfaces and tools providing various capabilities and limits. Understand your license and toolset for quota and feature differences.

Trial Products

Product Quota Maximum Results Duration Data Available Rate Limit Query Privacy
Maltego Free Queries 12/hour 12 N/A 2010 to now 12/hour No

To request a DNSDB demonstration, contact the DomainTools sales team.

Subscription Products

Product Quota Maximum Results Duration Data Available Rate Limit Query Privacy
Queries per Day 1K – Unlimited 10K – 1M 1 Year 2010 to now None Yes

User Guide Notes

  • In Curl examples, $APIKEY is an environment variable. Set it in the current shell with (example only):
APIKEY="QmIodGqF12TKOf8bqBe6S6WxvZ4LTtzP1VlS09g0UApw28gedka545OcumVW4WHkB"

  • API calls below use API Version 2.

  • Curl 7.42.0+ supports the --path-as-is option, preventing curl from merging/squashing /../ or /./ sequences.

Primary Pivots

When investigating historical DNS data, five primary pivots are useful:

  1. Name → Answers (names and IPs)
  2. Wildcard left hand side
  3. Wildcard right hand side
  4. IP → Names
  5. Name → Names

Name → Answers

Specify a name to retrieve historical answers (A, AAAA, NS, MX, SOA, TXT, etc.). If no record type is specified, all are returned.

Hostname Example

  • Hostname: www.fsi.io
curl -s -H 'Accept: application/x-ndjson' -H "X-API-Key: $APIKEY" \
     "https://api.dnsdb.info/dnsdb/v2/lookup/rrset/name/www.fsi.io?limit=10000"

Second Level Domain Example

  • Hostname: fsi.io
curl -s -H 'Accept: application/x-ndjson' -H "X-API-Key: $APIKEY" \
     "https://api.dnsdb.info/dnsdb/v2/lookup/rrset/name/fsi.io?limit=10000"

Wildcard Left Hand Side

Enumerate all subdomains of a second-level domain.

curl -s -H 'Accept: application/x-ndjson' -H "X-API-Key: $APIKEY" \
     "https://api.dnsdb.info/dnsdb/v2/lookup/rrset/name/*.fsi.io?limit=10000"

Wildcard Right Hand Side

Search for a base domain or TLD with a wildcard on the right.

curl -s -H 'Accept: application/x-ndjson' -H "X-API-Key: $APIKEY" \
     "https://api.dnsdb.info/dnsdb/v2/lookup/rrset/name/example.*?limit=10000"

IP → Names

Return any names pointing to a specific IP.

curl -s -H 'Accept: application/x-ndjson' -H "X-API-Key: $APIKEY" \
     "https://api.dnsdb.info/dnsdb/v2/lookup/rdata/ip/104.244.13.0,24?limit=10000"

Name → Names

Return any names pointing to a name (e.g., NS records).

curl -s -H 'Accept: application/x-ndjson' -H "X-API-Key: $APIKEY" \
     "https://api.dnsdb.info/dnsdb/v2/lookup/rdata/name/ns1.infocity.club/NS?limit=10000"

Considerations

  1. If you plan to truncate displayed answers, make a larger query to the API (limit ≥10,000) to get recent results.
  2. API data is not sorted. For investigations, sort by time_last to get the most recent records.
  3. SOA records may contain email addresses—useful for pivoting into other data sources (e.g., historical WHOIS).
  4. In a UI, allow hyperlink pivoting between names and IPs for better UX.
  5. Enable filtering of DNS record types to parse results more easily.