We keep track of the DNS requests our resolvers process and our Umbrella categorization changes by using our own passive DNS database. Our passive DNS data enhances Investigate by providing up to four years of history for you to work with.
Passive DNS is a way of storing DNS resolution data, so that you can reference past DNS record values to uncover potential security incidents or discover malicious infrastructures.
For example, when a DNS record changes, the previous value is gone. Without passive DNS, it can be difficult to find out what a malicious site's DNS records were in the past.
Passive DNS helps you find patterns and use predictive analysis to uncover attacks. At a glance, you can discover useful information about a domain. For example, you can see the date that a domain's A record changed: what it was before, and what it is now. Unlike querying live records, you avoid alerting bad actors to your investigation.
As we operate our own resolvers, we have a unique perspective of the internet. On average, we process over 150 billion DNS requests every day. See our System Status page to view our total activity graph. Our large repository of passive DNS history enriches our service.
We store the usual passive DNS data, such as DNS records and domain changes. We also store our security assessments and DNS query volumes so that you can see how security risks for domains change over time.