Neat! How is this different than domaintools/farsight [1]?
Passive DNS [2] has been in my toolbox for 15+ years, and is invaluable for security research / threat intelligence. Knowing historical resolutions to something are so helpful in investigations.
For anyone interested, they should check out the talk by one of the DomainTools people [3] on how it can be utilized for investigation.
Are you passively collecting this data, or actively querying for these records?
Neat! How is this different than domaintools/farsight [1]?
Passive DNS [2] has been in my toolbox for 15+ years, and is invaluable for security research / threat intelligence. Knowing historical resolutions to something are so helpful in investigations.
For anyone interested, they should check out the talk by one of the DomainTools people [3] on how it can be utilized for investigation.
Are you passively collecting this data, or actively querying for these records?
[1] - https://www.domaintools.com/products/threat-intelligence-fee...
[2] - https://www.circl.lu/services/passive-dns/
[3] - https://www.youtube.com/watch?v=oXmapqLkZd0
From what I understand [1] is just tlds, not subdomains?
That would be incorrect, they get subdomains for passive dns feeds.
How often is it updated?
Does it include expired domains?