Skip to content

DNSDB Scout glossary

General

  • DNSDB: Farsight DNSDB is the Domain Name System Database that stores and indexes passive DNS data. The data in DNSDB comes from Farsight Security's Security Information Exchange, ICANN's CZDS and ZFA programs, and active enrichment efforts.
  • GUI: Graphical User Interface or "Point and Click" interface. A set of visual elements (buttons, etc) you can interact with beyond text.
  • API: Application Programming Interface; a set of established rules and parameters that a client program can use to communicate with a host program.
  • Pivot: A sequential step between two sets of data, linked by some common factor or shared data element. Exploring DNSDB usually takes the form of following pivots.

Files

  • CSV: Comma Separated Values is a file format making use of commas as a delimiter between data fields. Typically used in spreadsheet tools.
  • JSON: Javascript Object Notation is a file format used to contain human readable text in key-value pairs and array formats. Commonly used in web browsers and smaller scale databases. Originally created for Javascript, but it is now used in a wide range of tools.
  • JSONL: Similar to JSON (above) but each Object is separate from the rest and uses its own line.

Networking

  • CIDR: Classless Inter-Domain Routing. A succinct way of expressing the size or range of a block of network addresses.
  • E.g. 1.2.3.0/30 represents 1.2.3.0 thru 1.2.3.3 (four IP addresses)
  • E.g. 1.2.3.0/25 represents 1.2.3.0 thru 1.2.3.127 (128 IP addresses)
  • E.g. 1.2.3.0/24 represents 1.2.3.0 thru 1.2.3.255 (256 IP addresses)

DNS

  • FQDN: Fully Qualified Domain Name; a domain name that has all of elements required to make it unambiguous when parsing. At minimum, from right to left, one is comprised of a period, top level domain, a period separator, and a name. E.g. example.com.
  • RRSET: A set of DNS resource records containing or aligned by the same name, class, type, or bailiwick.
  • Count: The number of times a unique RRSet was observed.
  • Time Last Seen: The most recent time that an RRSet was observed.
  • Time First Seen: The first time that an RRSet was observed.
  • RRName: The queried left hand side of a DNS resource record.
  • RData: The resulting right hand side of a DNS resource record.
  • Bailiwick: An enclosing zone for a name server that serves the RRset or the name of the zone containing the RRset. Oversimplified, it's usually the suffix, TLD, or authoritative resource for a record when observed.
  • TLD: Top Level Domain, the right-most significant part of a FQDN. There are over 1,500 TLDs to date, and more are being added. E.g. .com, .uk, .dev and .在线 are all valid TLDs.
  • Wildcard: A value that acts as a placeholder for all possible values, represented by a * (star). In DNS, a wildcard can be interpreted as "everything in" something else. E.g. *.example.com represents all of the subdomains in example.com. For the purposes of DNSDB Queries wildcards are more similar to the Kleene Star in mathematics and regular expressions. E.g. www.example.* represents all occurrences of www.example across all TLDs and suffixes.

DNS record types

  • A Record: An IPv4 resource record type used to map a domain name to an IPv4 address.
  • AAAA Record: An IPv6 resource record type used to map a domain name to an IPv6 address. Commonly pronounced quad-ei.
  • NS Record: A resource record type used to indicate which DNS server is authoritative for a given domain, a name server. These are often redundantly used to indicate secondary and fallback servers.
  • MX Record: A resource record type used to direct mail traffic for a domain, for mail exchangers. These often have priorities assigned to them for mail delivery redundantly.
  • CNAME Record: A resource record type used to alias or canonically relabel a domain or subdomain to another domain. E.g. www.bbc.com is a CNAME that resolves to the same IP address as www-bbc-com.bbc.net.uk.
  • TXT Record: A resource record type used to hold additional notes for a domain. Commonly used for email authentication.
  • PTR Record: A record type used to map an IPv4 address to a FQDN, in the opposite fashion of an A Record. Used for reverse DNS lookups.

Special characters

  • IDN: Internationalized Domain Name; a domain name that contains language-specific script or alphabet elements such as Arabic, Chinese, Cyrillic, Hebrew, etc. E.g. bbc.在线
  • Punycode: The ASCII representation of an IDN, used as a conversion layer for domain names that contain language-specific scripts or alphabet elements. E.g. bbc.xn--3ds443g
  • Homoglyphs: A text character that looks similar to another. In DNS, it's typically seen as part of an IDN. E.g. a (Latin) looks like the completely different characters а (Cyrillic) and α (Greek).