DNSDB Transforms Technical Reference
Introduction
DNSDB is a Passive DNS (pDNS) historical database that provides a unique, fact-based, multifaceted view of the configuration of the global Internet infrastructure. DNSDB leverages the richness of Farsight’s Security Information Exchange (SIE) data-sharing platform and is engineered and operated by leading DNS experts.
Farsight (Now a part of DomainTools) collects Passive DNS data from its global sensor array. It then filters and verifies the DNS transactions before inserting them into the DNSDB, along with ICANN-sponsored zone file access download data. The end result is the highest-quality and most comprehensive Passive DNS data service of its kind - with more than 100 billion DNS records since 2010.
Farsight’s DNSDB transforms threat data into actionable, relevant threat intelligence in real time. DNSDB's high-performance, indexed, time-series DNS intelligence data service increases the value of an organization’s existing threat intelligence and improves visibility for an organization’s security program and protect its infrastructure from current and future threats.
DNSDB makes it easy to find related domain names and IP addresses, assuming you have an initial domain name or IP address as a starting point. DNSDB can answer questions, such as:
- Where did this domain name point to in the past?
- What domain names are hosted on a given IP address?
- What domain names use a given name server?
- What fully qualified domain names exist below a delegation point?
Farsight Security has created a package of transforms that allows Maltego to access the DNSDB to retrieve related information for domains, hostnames, network addresses and ranges, and e-mail addresses. DNSDB transforms expand the power of Maltego by enabling correlation and contextualization with near realtime and historical DNS intelligence.
Using the DNSDB transforms users can expose entire networks, gain an outside-in view of their infrastructure and pivot across DNS record types including domains, IPs, NS, MX, AAAA, SOA and many more. Wildcard searches are also available to expose hostnames or Fully Qualified Domain Names (FQDNs) in the left side wildcard, associated domains in the right side wildcard, and further pivoting across IPs to expose all associated domains, FQDNs, IPs, MX, NS, and other record types.
The DNSDB Transforms for Maltego can be used in any Maltego investigation to:
- Find hostnames related to network addresses
- Illuminate the DNS (and other service) hosting infrastructure of an interesting domain, and find other domains of interest
- Find historical locations of a service identified by a hostname or domain
Farsight's DNSDB transform set allows Maltego to access the DNSDB to retrieve related information for domains, hostnames, network addresses and ranges, and e-mail addresses. DNSDB transforms expand the power of Maltego by enabling correlation and contextualization with near realtime and historical DNS intelligence, allowing Maltego to retrieve related information for domains, hostnames, network addresses and ranges, and e-mail addresses. These transforms use DNSDB to find values that were observed by one of Farsight's DNS sensors for these entities, as well as domains resolving to these entities.
The Farsight Security DNSDB transforms expand the power of Maltego by enabling correlation and contextualization with near realtime and historical DNS intelligence; also known as passive DNS data. Using the DNSDB transforms users can expose entire networks, gain an outside-in view of their infrastructure and pivot across DNS record types including domains, IPs, NS, MX, AAAA, SOA and many more. Wildcard searches are also available to expose hostnames or Fully Qualified Domain Names (FQDNs) in the left side wildcard, associated domains in the right side wildcard, and further pivoting across IPs to expose all associated domains, FQDNs, IPs, MX, NS, and other record types.
With Maltego Transforms for Farsight, investigators can correlate and contextualize with real-time and historical DNS intelligence; also known as passive DNS data.
Using these Transforms, users can expose entire networks, gain an outside-in view of their infrastructure and pivot across DNS record types. With Wildcard searches, expose hostnames/FQDNs, associated domains and further pivoting across IPs to expose all associated domains, FQDNs, IPs, MX, NX, and other record types.
To read more click here: https://www.maltego.com/transform-hub/farsight-dnsdb/
To DNS Name (Reverse) [DNSDB]
| Display Name |
Setting Type |
Default Value |
Optional |
Popup |
Authentication |
| API Key |
string |
API Key Here |
False |
True |
False |
| Information |
Value |
| Display Name |
To DNS Name (Reverse) [DNSDB] |
| Owner |
Farsight Support |
| Author |
support@farsightsecurity.com |
| Data Source |
DNSDB |
| Output Entities |
Phrase |
Variants
| Transform Name |
Input Entities |
Short Description |
| dnsdbrdataCIDR |
maltego.CIDR |
This transform finds DNS Names linked to this Netblock by an A record |
| dnsdbrdataDNSName |
maltego.DNSName |
This transform finds records where this DNS Name is in the answer |
| dnsdbrdataDomain |
maltego.Domain |
This transform finds DNS Names where the answer is this entity's name |
| dnsdbrdataIPv4Address |
maltego.IPv4Address |
This transform finds DNS Names linked to this IP by an A record |
| dnsdbrdataIPv6Address1 |
maltego.IPv6Address |
This transform finds DNS Names linked to this IP by an AAAA record |
| dnsdbrdataNetblock |
maltego.Netblock |
This transform finds DNS Names linked to this Netblock by an A record |
To DNS Names [DNSDB]
| Display Name |
Setting Type |
Default Value |
Optional |
Popup |
Authentication |
| API Key |
string |
API KEY HERE |
False |
True |
False |
| Information |
Value |
| Display Name |
To DNS Names [DNSDB] |
| Owner |
Farsight Support |
| Author |
support@farsightsecurity.com |
| Data Source |
DNSDB |
| Output Entities |
Phrase |
Variants
| Transform Name |
Input Entities |
Short Description |
| dnsdbrdataIPv6Address |
maltego.Phrase |
This transform finds records matching this owner name |
| dnsdbrrsetDomain |
maltego.Domain |
This transform finds records matching this owner name |
| dnsdbrrsetEmail |
maltego.EmailAddress |
This transform finds records matching the domain of this email |
| dnsdbrrsetURL |
maltego.URL |
This transform finds records matching this hostname of this URL |
To Domains (Reverse, MX) [DNSDB]
Description
This transform finds NS records where this entity's name is the answer
| Display Name |
Setting Type |
Default Value |
Optional |
Popup |
Authentication |
| API Key |
string |
API KEY HERE |
False |
True |
False |
| Information |
Value |
| Display Name |
To Domains (Reverse, NS) [DNSDB] |
| Owner |
Farsight Support |
| Author |
support@farsightsecurity.com |
| Data Source |
DNSDB |
| Transform Name |
dnsdbrdataMXType |
| Input Entities |
maltego.DNSName |
| Output Entities |
Phrase |
| Short Description |
This transform finds NS records where this entity's name is the answer |
To DNS Records [DNSDB]
Description
This transform finds records matching this owner name
| Display Name |
Setting Type |
Default Value |
Optional |
Popup |
Authentication |
| API Key |
string |
API KEY HERE |
False |
True |
False |
|
| Information |
Value |
| Display Name |
To DNS records [DNSDB] |
| Owner |
Farsight Support |
| Author |
support@farsightsecurity.com |
| Data Source |
DNSDB |
| Transform Name |
dnsdbrrsetDNSName |
| Input Entities |
maltego.DNSName |
| Output Entities |
Phrase |
| Short Description |
This transform finds records matching this owner name |
To IPv6 Address [DNSDB]
Description
This transform finds AAAA records where this DNS Name matches the owner name
| Display Name |
Setting Type |
Default Value |
Optional |
Popup |
Authentication |
| API Key |
string |
API KEY HERE |
False |
True |
False |
| Information |
Value |
| Display Name |
To IPv6 Address [DNSDB] |
| Owner |
Farsight Support |
| Author |
support@farsightsecurity.com |
| Data Source |
DNSDB |
| Transform Name |
dnsdbrrsetDNSNameToAAAA |
| Input Entities |
maltego.DNSName |
| Output Entities |
Phrase |
| Short Description |
This transform finds AAAA records where this DNS Name matches the owner name |
To IP Address [DNSDB]
Description
This transform finds A records where this DNS Name matches the owner name
| Display Name |
Setting Type |
Default Value |
Optional |
Popup |
Authentication |
| API Key |
string |
API KEY HERE |
False |
True |
False |
| Information |
Value |
| Display Name |
To IP Address [DNSDB] |
| Owner |
Farsight Support |
| Author |
support@farsightsecurity.com |
| Data Source |
DNSDB |
| Transform Name |
dnsdbrrsetDNSNameToA |
| Input Entities |
maltego.DNSName |
| Output Entities |
Phrase |
| Short Description |
This transform finds A records where this DNS Name matches the owner name |
To MX Record [DNSDB]
| Display Name |
Setting Type |
Default Value |
Optional |
Popup |
Authentication |
| API Key |
string |
API KEY HERE |
False |
True |
False |
| Information |
Value |
| Display Name |
To MX Record [DNSDB] |
| Owner |
Farsight Support |
| Author |
support@farsightsecurity.com |
| Data Source |
DNSDB |
| Output Entities |
Phrase |
Variants
| Transform Name |
Input Entities |
Short Description |
| dnsdbrrsetDNSNameToMX |
maltego.DNSName |
This transform finds MX records for this DNS Name |
| dnsdbrrsetDomainMX |
maltego.Domain |
This transform finds MX records for this Domain |
| dnsdbrrsetEmailMX |
maltego.EmailAddress |
This transform finds MX records for the Domain referenced in this e-mail address |
To NS Record [DNSDB]
| Display Name |
Setting Type |
Default Value |
Optional |
Popup |
Authentication |
| API Key |
string |
API KEY HERE |
False |
True |
False |
| Information |
Value |
| Display Name |
To NS Record [DNSDB] |
| Owner |
Farsight Support |
| Author |
support@farsightsecurity.com |
| Data Source |
DNSDB |
| Output Entities |
Phrase |
Variants
| Transform Name |
Input Entities |
Short Description |
| dnsdbrrsetDNSNameToNS |
maltego.DNSName |
This transform finds NS records for this DNS Name |
| dnsdbrrsetDomainNS |
maltego.Domain |
This transform finds NS records for this Domain |
To SOA Record [DNSDB]
Description
This transform finds SOA records where this DNS Name matches the owner name
| Display Name |
Setting Type |
Default Value |
Optional |
Popup |
Authentication |
| API Key |
string |
API KEY HERE |
False |
True |
False |
| Information |
Value |
| Display Name |
To SOA Record [DNSDB] |
| Owner |
Farsight Support |
| Author |
support@farsightsecurity.com |
| Data Source |
DNSDB |
| Transform Name |
dnsdbrrsetDNSNameToSOA |
| Input Entities |
maltego.DNSName |
| Output Entities |
Phrase |
| Short Description |
This transform finds SOA records where this DNS Name matches the owner name |
To SRV Record [DNSDB]
| Display Name |
Setting Type |
Default Value |
Optional |
Popup |
Authentication |
| API Key |
string |
API KEY HERE |
False |
True |
False |
| Information |
Value |
| Display Name |
To SRV Record [DNSDB] |
| Owner |
Farsight Support |
| Author |
support@farsightsecurity.com |
| Data Source |
DNSDB |
| Transform Name |
dnsdbrrsetDNSNameToSRV |
| Input Entities |
maltego.DNSName |
| Output Entities |
Phrase |
| Short Description |
This transform finds SRV records where this DNS Name matches the owner name |
To TXT Record [DNSDB]
Description
This transform finds TXT records where this DNS Name matches the owner name
| Display Name |
Setting Type |
Default Value |
Optional |
Popup |
Authentication |
| API Key |
string |
API KEY HERE |
False |
True |
False |
| Information |
Value |
| Display Name |
To TXT Record [DNSDB] |
| Owner |
Farsight Support |
| Author |
support@farsightsecurity.com |
| Data Source |
DNSDB |
| Transform Name |
dnsdbrrsetDNSNameToTXT |
| Input Entities |
maltego.DNSName |
| Output Entities |
Phrase |
| Short Description |
This transform finds TXT records where this DNS Name matches the owner name |
Search child DNS Names (*., AAAA) [DNSDB]
| Display Name |
Setting Type |
Default Value |
Optional |
Popup |
Authentication |
| API Key |
string |
API KEY HERE |
False |
True |
False |
| Information |
Value |
| Display Name |
Search child DNS Names (*., AAAA) [DNSDB] |
| Owner |
Farsight Support |
| Author |
support@farsightsecurity.com |
| Data Source |
DNSDB |
| Output Entities |
Phrase |
Variants
| Transform Name |
Input Entities |
Short Description |
| dnsdbrrsetwclDNSNameAAAA |
maltego.DNSName |
This transform searches for AAAA records below the owner name in this DNS Name |
| dnsdbrrsetwclDomainAAAA |
maltego.Domain |
This transform searches for AAAA records below the owner name in this Domain |
Search child DNS Names (*., CNAME) [DNSDB]
| Display Name |
Setting Type |
Default Value |
Optional |
Popup |
Authentication |
| API Key |
string |
API KEY HERE |
False |
True |
False |
| Information |
Value |
| Display Name |
Search child DNS Names (*., CNAME) [DNSDB] |
| Owner |
Farsight Support |
| Author |
support@farsightsecurity.com |
| Data Source |
DNSDB |
| Output Entities |
Phrase |
Search child DNS Names (*.) [DNSDB]
| Display Name |
Setting Type |
Default Value |
Optional |
Popup |
Authentication |
| API Key |
string |
API KEY HERE |
False |
True |
False |
| Information |
Value |
| Display Name |
Search child DNS Names (*.) [DNSDB] |
| Owner |
Farsight Support |
| Author |
support@farsightsecurity.com |
| Data Source |
DNSDB |
| Output Entities |
Phrase |
Variants
| Transform Name |
Input Entities |
Short Description |
| dnsdbrrsetwclDNSName |
maltego.DNSName |
This transform searches for hostnames below the owner name in this DNS Name |
| dnsdbrrsetwclDomain |
maltego.Domain |
This transform searches for hostnames below the owner name in this Domain |
| dnsdbrrsetwclPhrase |
maltego.Phrase |
This transform searches for hostnames below the owner name in this Phrase |
Search DNS Names (.*, AAAA) [DNSDB]
| Display Name |
Setting Type |
Default Value |
Optional |
Popup |
Authentication |
| API Key |
string |
API KEY HERE |
False |
True |
False |
| Information |
Value |
| Display Name |
Search DNS Names (.*, AAAA) [DNSDB] |
| Owner |
Farsight Support |
| Author |
support@farsightsecurity.com |
| Data Source |
DNSDB |
| Output Entities |
Phrase |
Variants
| Transform Name |
Input Entities |
Short Description |
| dnsdbrrsetwcrDNSNameAAAA |
maltego.DNSName |
This transform searches AAAA records under a new base domains that contain this DNS Name |
| dnsdbrrsetwcrDomainAAAA |
maltego.Domain |
This transform searches AAAA records under a new base domains that contain this Domain |
Search child DNS Names (*., A) [DNSDB]
| Display Name |
Setting Type |
Default Value |
Optional |
Popup |
Authentication |
| API Key |
string |
API KEY HERE |
False |
True |
False |
| Information |
Value |
| Display Name |
Search child DNS Names (*., A) [DNSDB] |
| Owner |
Farsight Support |
| Author |
support@farsightsecurity.com |
| Data Source |
DNSDB |
| Output Entities |
Phrase |
Variants
| Transform Name |
Input Entities |
Short Description |
| dnsdbrrsetwclDNSNameA |
maltego.DNSName |
This transform searches for A records below the owner name in this DNS Name |
| dnsdbrrsetwclDomainA |
maltego.Domain |
This transform searches for A records below the owner name in this Domain |
Search DNS Names (.*, AAAA) [DNSDB]
| Display Name |
Setting Type |
Default Value |
Optional |
Popup |
Authentication |
| API Key |
string |
API KEY HERE |
False |
True |
False |
| Information |
Value |
| Display Name |
Search DNS Names (.*, AAAA) [DNSDB] |
| Owner |
Farsight Support |
| Author |
support@farsightsecurity.com |
| Data Source |
DNSDB |
| Output Entities |
Phrase |
Variants
| Transform Name |
Input Entities |
Short Description |
| dnsdbrrsetwcrDNSNameAAAA |
maltego.DNSName |
This transform searches AAAA records under a new base domains that contain this DNS Name |
| dnsdbrrsetwcrDomainAAAA |
maltego.Domain |
This transform searches AAAA records under a new base domains that contain this Domain |
Search DNS Names (.*, A) [DNSDB]
Description
This transform searches A records under a new base domains that contain this DNS Name
| Display Name |
Setting Type |
Default Value |
Optional |
Popup |
Authentication |
| API Key |
string |
API KEY HERE |
False |
True |
False |
| Information |
Value |
| Display Name |
Search DNS Names (.*, A) [DNSDB] |
| Owner |
Farsight Support |
| Author |
support@farsightsecurity.com |
| Data Source |
DNSDB |
| Output Entities |
Phrase |
| Short Description |
This transform searches A records under a new base domains that contain this DNS Name |
Variants
| Transform Name |
Input Entities |
| dnsdbrrsetwcrDNSNameA |
maltego.DNSName |
| dnsdbrrsetwcrDomainA |
maltego.Domain |
Search DNS Names (.*, CNAME) [DNSDB]
| Display Name |
Setting Type |
Default Value |
Optional |
Popup |
Authentication |
| API Key |
string |
API KEY HERE |
False |
True |
False |
| Information |
Value |
| Display Name |
Search DNS Names (.*, CNAME) [DNSDB] |
| Owner |
Farsight Support |
| Author |
support@farsightsecurity.com |
| Data Source |
DNSDB |
| Output Entities |
Phrase |
Variants
| Transform Name |
Input Entities |
Short Description |
| dnsdbrrsetwcrDNSNameCNAME |
maltego.DNSName |
This transform searches CNAME records under a new base domains that contain this DNS Name |
| dnsdbrrsetwcrDomainCNAME |
maltego.Domain |
This transform searches CNAME records under a new base domains that contain this Domain |
Search DNS Names (.*) [DNSDB]
| Display Name |
Setting Type |
Default Value |
Optional |
Popup |
Authentication |
| API Key |
string |
API KEY HERE |
False |
True |
False |
| Information |
Value |
| Display Name |
Search DNS Names (.*) [DNSDB] |
| Owner |
Farsight Support |
| Author |
support@farsightsecurity.com |
| Data Source |
DNSDB |
| Output Entities |
Phrase |
Variants
| Transform Name |
Input Entities |
Short Description |
| dnsdbrrsetwcrDNSName |
maltego.DNSName |
This transform searches for new base domains that contain this DNS Name |
| dnsdbrrsetwcrDomain |
maltego.Domain |
This transform searches for new base domains that contain this Domain |
| dnsdbrrsetwcrPhrase |
maltego.Phrase |
This transform searches for new base domains that contain this Phrase |
Search DNS Names (Reverse, File Glob) [DNSDB]
Description
This transform uses Flexible search to find rdata matching this file glob pattern
| Display Name |
Setting Type |
Default Value |
Optional |
Popup |
Authentication |
| API Key |
string |
API KEY HERE |
False |
True |
False |
| Information |
Value |
| Display Name |
Search DNS Names (Reverse, File Glob) [DNSDB] |
| Owner |
Farsight Support |
| Author |
support@farsightsecurity.com |
| Transform Name |
flexGlobRdata |
| Data Source |
DNSDB |
| Input Entities |
maltego.Phrase |
| Output Entities |
Phrase |
| Short Description |
This transform uses Flexible search to find rdata matching this file glob pattern |
Search DNS Names (Glob) [DNSDB]
| Display Name |
Setting Type |
Default Value |
Optional |
Popup |
Authentication |
| API Key |
string |
API KEY HERE |
False |
True |
False |
| Information |
Value |
| Display Name |
Search DNS Names (Glob) [DNSDB] |
| Owner |
Farsight Support |
| Author |
support@farsightsecurity.com |
| Data Source |
DNSDB |
| Transform Name |
flexGlob |
| Input Entities |
maltego.Phrase |
| Output Entities |
Phrase |
| Short Description |
Search DNS Names (Glob) [DNSDB] |
Search DNS Names (Reverse, Keyword) [DNSDB]
Description
This transform uses Flexible search to find rdata matching this keyword
| Display Name |
Setting Type |
Default Value |
Optional |
Popup |
Authentication |
| API Key |
string |
API KEY HERE |
False |
True |
False |
| Information |
Value |
| Display Name |
Search DNS Names (Reverse, Keyword) [DNSDB] |
| Owner |
Farsight Support |
| Author |
support@farsightsecurity.com |
| Data Source |
DNSDB |
| Transform Name |
flexKeywordRdata |
| Input Entities |
maltego.Phrase |
| Output Entities |
Phrase |
| Short Description |
This transform uses Flexible search to find rdata matching this keyword |
Search DNS Names (Keyword) [DNSDB]
Description
This transform uses Flexible search to find hostnames matching this keyword
| Display Name |
Setting Type |
Default Value |
Optional |
Popup |
Authentication |
| API Key |
string |
API KEY HERE |
False |
True |
False |
| Information |
Value |
| Display Name |
Search DNS Names (Keyword) [DNSDB] |
| Owner |
Farsight Support |
| Author |
support@farsightsecurity.com |
| Data Source |
DNSDB |
| Transform Name |
flexKeyword |
| Input Entities |
maltego.Phrase |
| Output Entities |
Phrase |
| Short Description |
This transform uses Flexible search to find hostnames matching this keyword |
Search DNS Names (Reverse, Regex) [DNSDB]
Description
This transform uses Flexible search to find rdata matching this regular expression
| Display Name |
Setting Type |
Default Value |
Optional |
Popup |
Authentication |
| API Key |
string |
API KEY HERE |
False |
True |
False |
| Information |
Value |
| Display Name |
Search DNS Names (Reverse, Regex) [DNSDB] |
| Owner |
Farsight Support |
| Author |
support@farsightsecurity.com |
| Data Source |
DNSDB |
| Transform Name |
flexRegexRdata |
| Input Entities |
maltego.Phrase |
| Output Entities |
Phrase |
| Short Description |
This transform uses Flexible search to find rdata matching this regular expression |
Search DNS Names (Regex) [DNSDB]
Description
This transform uses Flexible search to find hostnames matching this regular expression
| Display Name |
Setting Type |
Default Value |
Optional |
Popup |
Authentication |
| API Key |
string |
API KEY HERE |
False |
True |
False |
| Information |
Value |
| Display Name |
Search DNS Names (Regex) [DNSDB] |
| Owner |
Farsight Support |
| Author |
support@farsightsecurity.com |
| Data Source |
DNSDB |
| Transform Name |
flexRegex |
| Input Entities |
maltego.Phrase |
| Output Entities |
Phrase |
| Short Description |
This transform uses Flexible search to find hostnames matching this regular expression |