Cache misses can be maliciously caused by DDoS traffic and cache poisoning, causing internet users to experience delays in reaching websites.
Security researchers are able to use cache misses to retrace recursive queries, map connections and identify new bad domains. This passive DNS replication reconstructs a partial view of DNS queries and resolution and can be used to reveal the internet pathways between cybercriminals and DNS servers, without capturing IP addresses of client devices, or compromising the privacy of internet users.
Spamhaus operates its own passive DNS sensor network, gathering this anonymized DNS query data from thousands of recursive DNS servers around the world.
Created through links with service providers and a community of security researchers who are dedicated to combatting DNS abuse, Spamhaus Technology’s passive DNS datasets compile domains that are, or have been directly associated with cybercrime.
Studying passive DNS data allows researchers to track which domain names are hosted by particular name servers and which domain names point to which IP networks. They can also see where domain names used to point to and which subdomains exist below a certain domain name.
By uncovering the links between name servers and domains, Passive DNS helps to identify new bad domains as soon as they are live. Our Passive DNS datafeed can be used as a real-time threat intelligence tool: helping you to proactively protect your users’ devices from connecting to bad domains.
Spamhaus Technology Passive DNS is available as a raw dataset:
Through our web portal - designed for information security professionals and cyber incident response analysts who want to carry out digital forensics, and security researchers who want to investigate what sort of activity is associated with particular IP ranges, or analyse the relationships between DNS queries and responses.
Through an API – for security vendors and expert users who wish to integrate our raw datasets with their own software and security platforms.
On the wire – for security researchers and law enforcement agencies who wish to continuously monitor live recursive DNS traffic to aid the identification of new malicious domains, emerging threats or cybercriminal trends.
Please click for further information on our Passive DNS service.