Raw

GET /pdns/raw

Get passive DNS and Umbrella categorization data for TXT records.

curl -H "Authorization: Bearer %Token%" "https://investigate.api.umbrella.com/pdns/raw/\"{text}\""

Note: %Token% must be replaced with your own Investigate API token. See About the API and Authentication for instructions on creating an Investigate API token.

Parameters

Mandatory Path Parameters

You must provide a query for the /pdns/raw/ endpoint.

Parameter
Type
Description

text

string

The value of a TXT record, such as "@".

Optional Query String Parameters

Append a question mark to your request followed by any optional parameters. Join multiple optional parameters together with an ampersand. For example, /pdns/raw/{text}?sortorder=asc&sortby=firstSeen.

Parameter
Type
Description

limit

integer

The maximum number of records to return. By default, the limit is null (no limit).

offset

integer

The amount by which to offset the records. It is zero-based. By default, the offset is 0 (the first record).

sortorder

string

Sort records by ascending (asc) or descending (desc) order. By default, the records are returned in descending order.

sortby

string

Sort records by one of the following fields: minTtl, maxTtl, firstSeen, or lastSeen.

recordType

string

The record types to return.
For example: A, CNAME, NS, MX, and so on. Use commas to separate multiple record types.

You can combine limit and offset to return a subset of records. The offset is zero-based. For example, requesting /pdns/raw/{text}?offset=85&limit=2 will return records 86 and 87.

If you know the record types you want to see, use the optional recordType parameter to only return records of these types. For example, requesting /pdns/raw/{text}?recordType=MX will only return MX records.

Responses

The records returned are for the queried text record.

Field Definitions

Name
Value Type
Description

contentCategories

array of strings

The Umbrella content categories, if any, that match the domain.

firstSeen

integer

The first time a query was seen by Umbrella for the domain, in epoch time.

firstSeenISO

string

The first time a query was seen by Umbrella for the domain, in ISO date and time format.

lastSeen

integer

The last time a query was seen by Umbrella for the domain, in epoch time.

lastSeenISO

string

The last time a query was seen by Umbrella for the domain, in ISO date and time format.

maxTtl

integer

The maximum TTL for the record in seconds.

minTtl

integer

The minimum TTL for the record in seconds.

name

string

The query.

rr

string

The DNS resource record (RR).

securityCategories

array of strings

The Umbrella security categories, if any, that match the domain.

type

string

The DNS record type.

For example: A, CNAME, NS, MX, and so on.

Example Request

curl -H "Authorization: Bearer %Token%" "https://investigate.api.umbrella.com/pdns/raw/\"{text}\""

Example Response

{
  "records": [
    {
      "minTtl": 3600,
      "maxTtl": 3600,
      "firstSeen": 1544386020,
      "lastSeen": 1555327199,
      "name": "\"926723159-3188410\"",
      "type": "TXT",
      "rr": "cisco.com.",
      "securityCategories": [],
      "contentCategories": [
        "Software/Technology",
        "Business Services"
      ],
      "firstSeenISO": "2018-12-09T20:07Z",
      "lastSeenISO": "2019-04-15T11:19Z"
    }
  ],
  "pageInfo": {
    "hasMoreRecords": false,
    "offset": 0,
    "limit": null,
    "totalNumRecords": 1
  },
  "recordInfo": {
    "minTtl": 3600,
    "maxTtl": 3600
  }
}

Raw


Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.