Man monitoring servers

Spamhaus Technology Passive DNS service

The internet works through a system of domain name servers (DNS) resolving queries from client machines. If a DNS resolver is unable to return a domain name from its cache, it sends a recursive request to other name servers: a situation known as a cache miss.

Cache misses can be maliciously caused by DDoS traffic and cache poisoning, causing internet users to experience delays in reaching websites.

Security researchers are able to use cache misses to retrace recursive queries, map connections and identify new bad domains. This passive DNS replication reconstructs a partial view of DNS queries and resolution and can be used to reveal the internet pathways between cybercriminals and DNS servers, without capturing IP addresses of client devices, or compromising the privacy of internet users.

Spamhaus operates its own passive DNS sensor network, gathering this anonymized DNS query data from thousands of recursive DNS servers around the world.

Created through links with service providers and a community of security researchers who are dedicated to combatting DNS abuse, Spamhaus Technology’s passive DNS datasets compile domains that are, or have been directly associated with cybercrime.

Studying passive DNS data allows researchers to track which domain names are hosted by particular name servers and which domain names point to which IP networks. They can also see where domain names used to point to and which subdomains exist below a certain domain name.

By uncovering the links between name servers and domains, Passive DNS helps to identify new bad domains as soon as they are live. Our Passive DNS datafeed can be used as a real-time threat intelligence tool: helping you to proactively protect your users’ devices from connecting to bad domains.

Spamhaus Technology Passive DNS is available as a raw dataset:

Through our web portal - designed for information security professionals and cyber incident response analysts who want to carry out digital forensics, and security researchers who want to investigate what sort of activity is associated with particular IP ranges, or analyse the relationships between DNS queries and responses.

Through an API – for security vendors and expert users who wish to integrate our raw datasets with their own software and security platforms.

On the wire – for security researchers and law enforcement agencies who wish to continuously monitor live recursive DNS traffic to aid the identification of new malicious domains, emerging threats or cybercriminal trends.

Please click for further information on our Passive DNS service.

Discover why we’re the most trusted Mailfilter and Security solution with a 30 day free trial

Our customers

Many of the world’s largest internet service providers rely on Spamhaus threat intelligence to block harmful email traffic and protect their customers.

AOL Logo
Microsoft Logo
AT&T Logo
Comcast Logo
COX Logo
1∧1 Logo
Century Link Logo
 Mail RU Logo
Time Warner Cable Logo
Sonic Net Logo

With over 12 years experience, we are trusted experts

Get in touch

Latest News

Virus Bulletin reviews the latest Spamhaus Botnet Threat Report

Independent researchers review the latest annual Spamhaus Botnet Threat Report.

Read more

Join us at SANS, Las Vegas

Spamhaus Technology and vendor SecurityZones will be showing how to beat botnets at SANS, Las Vegas Sept 12/13th.

Read more

Connect with Spamhaus Technology

Keep up to date with the latest news at Spamhaus Technology.