About Passive DNS

Umbrella Investigate monitors the DNS requests that are processed by the Umbrella DNS resolvers and records the Umbrella categorization changes in a passive DNS database. Umbrella Investigate provides up to four years of DNS resolution history for you to work with.

Passive DNS represents a stored collection of historical DNS resolution data. Umbrella Investigate maintains a large repository of passive DNS history, providing a unique perspective of the internet. With passive DNS data, you can reference past DNS record values to uncover potential security incidents or discover malicious networks. For example, when a DNS record changes, the previous value is not saved. Without passive DNS, it is difficult to identify the prior DNS records for a malicious site.

Passive DNS helps you find patterns and use predictive analysis to uncover attacks. At a glance, you can discover useful information about a domain. For example, you can view the date that a domain's A record changed and uncover the changes to the A record. Unlike querying live records, searching a passive DNS database does not alert bad actors to your investigation.

Umbrella Investigate stores security assessments and DNS query volumes so that you can view how security risks for domains change over time. On average, Umbrella processes over 150 billion DNS requests every day. For more information, see Umbrella Global Network, the world’s largest security network.

Manage the Investigate Only User Role < About Passive DNS > About Investigate View Types