The Whois XML API repository of past Domain Name System (DNS) lookup records continues to grow in volume and coverage. The DNS database download service has recently been extended to include 6 different DNS databases.
- DNSA database
- DNSMX database
- DNSNS database
- DNSTXT database
- DNSCNAME database
- DNS SOA database
Each database contains relevant DNS records that enable cybersecurity teams and investigators to perform extensive threat hunting, cyberforensic analysis, and cybercrime investigations.
DNS database available from Whois XML API
The six DNS databases we provide are different types of DNS records: A, Mail Exchanger (MX), Name Server (NS), TXT, Canonical Name (CNAME), and Start of Authority (SOA). Provide a record.
Each file type is described in detail in the following sections. See also here for more information. here..
The DNS A record provides the IP address that your domain name points to. The WhoisXMLAPI DNSA database lists the IP resolutions of domain names. If your domain has multiple IP addresses, they are all listed in the third column of the database. The date and time stamp of the last update of the A record is also reflected in the second column.
MX records determine the mail server that receives email on behalf of the domain. Administrators should configure multiple MX records to facilitate load balancing and backup mechanisms and specify priorities or priority numbers. The lower the number, the higher the priority of the mail server.
The domain name, mail server, and mail server priority are in the DNSMX database, along with the date and time stamp the MX record was last updated.
The DNS server that is authorized to receive queries for a particular domain name is specified in that NS record. The WhoisXML API’s DNS database download service includes the NS associated with the domain and the date and time stamp the NS record was last updated. These records are especially in the DNSNS database.
The DNS TXT database contains relevant textual information specified by the domain administrator. Whether TXT space is used for Sender Policy Framework (SPF) records. Domain-based message authentication, reporting, and conformance (DMARC) authentication. Or other details, our database captures them all.
The DNS database download service also includes a CNAME database where you can find aliases for domain names, if any.
DNS SOA database
The SOA record contains administrative details about the zone to which the domain belongs, facilitating zone transfers. This data is reflected in the DNS SOA database, along with the date and time stamp that the SOA record was last updated.
Threat detection and mitigation
The main use cases for active and passive DNS databases are threat hunting and detection. Below are some of the threats that the above six DNS databases can help your security team.
- Malware: Malware inevitably attempts to connect to a command and control (C & C) server. DNS databases help analysts identify domains that point to known or suspicious C & C servers by IP address.
- DNS hijacking: In DNS hijacking, an attacker uses malicious techniques to modify the DNS settings on the victim’s computer. You can change the authorized name server or IP address to redirect users to websites or applications under your control. Monitoring DNS A and NS databases helps detect or track domains that may have been hijacked by DNS records.
- Spam campaign: DNS TXT records are widely used to prevent spam by making them spaces for SPF and other email authentication standards. Therefore, the DNS TXT database allows organizations to see which domains are prone to spam (that is, domains that do not use TXT records for authentication).
- Phishing campaign: An attacker can legitimate a phishing email by forging the sender’s address. The SPF and other email verification systems specified on the TXT record protect your domain’s email sending capabilities from spoofing and help prevent phishing. By monitoring the DNSTXT database for domains that do not have information related to the email verification system, organizations can look for email originating from connected domains.
Strengthening the DNS database not only enhances the security team’s ability to hunt and detect threats, but also enhances antimalware solutions and security information and event management (SIEM) capabilities. Security Orchestration, Automation, and Response (SOAR); and Threat Intelligence Platform (TIP).
Want to know more about DNS database download services?Please feel free to contact us here Discuss with our team about enhancing DNS security capabilities with well-parsed and consistent passive DNS data.