The DNS Database (DNSDB) is a searchable history of DNS records that stores and indexes both the Passive DNS data, available via ISC’s Security Information Exchange, as well as the authoritative DNS data that various zone operators make available. DNSDB makes it easy to search for individual DNS records as seen as different levels of the DNS tree hierarchy along with timestamps for when they were first or last seen. More importantly, DNSDB provides the ability to perform inverse look-ups based on the answers of DNS queries.

This database is frequently used as a resource for finding sources used for malicious activities.  Some of its many uses include:

• Finding new domains related to existing spam or botnet campaigns.
• Enumerating IP addresses that are being used for fastflux botnets.
• Finding other DNS information utilized by known IP addresses.

Sharing DNS information broadens results from other data analysis, maps out related criminal activity, and identifies the DNS names or addresses used by cyber criminals. Access to DNSDB is only allowed for authorized and approved users.

For more information, visit https://dnsdb.isc.org/