Passive DNS

Overview

Passive DNS or DNS records History allows to view old records or the history of changes of a particular domain name might be useful when investigating. No official database containing all of the records of changes exist. There’s however many different website that offer you to search on their own database of domains that they saved the information for.

Tools

Website offering historical DNS data

Here is a list of the most popular website offering.

Website Description
ptrarchive Over 166 billion reverse DNS entries from 2008 to the present
whoisrequest Tracks nameserver changes since 2002 for all COM, NET, ORG, INFO, BIZ and US domains
completedns Keeps track of domain drops and nameserver changes for more than 14 years.
dnstrails DNS archive with over 3.4 trillion historical dns records at your fingertips
dns history DNS records since 2009, the database currently contains over 500 million domains and over 2 billion DNS records
domaintools History covers domains in the TLDs com, net, org, biz, us, and info only
passivetotal RiskIQ Community brings petabytes of internet intelligence. RiskIQ collects 1,000 gigabytes of passive DNS data daily

Real case abuse

Research

Mitigation

References

How to View Your DNS History for Free