Passive DNS Pivots
ZETAlytics Global pDNS with 800 Billion records. Unearth nefarious domains within minutes of creation.
- Name For Model
- passiveDNS
- Website
- daisy.zetalytics.com
- Try on ChatGPT
- Open ChatGPT and Search the plugin name
- Update Date
- 6 months ago
- Contact
- [email protected]
- Description For Model
- Global passive DNS search of 800 Billion records. Search by IP, CIDR, domain name, strings. Unearth nefarious host naming patterns in recent passive DNS. Poly-dimensional search terms are supported for richer insights.
Plugin Functions/Features (Plugin API Document)
| Operation Id | HTTP Method | Description | |
|---|---|---|---|
| 1 | getNS4Domain | GET | Accepts a domain name aka FQDN aka hostname. Returns that domains authoritative name servers. Sourced from ZETAlytics historical passive DNS collection. Returns FQDN of NS that serves the domain, first seen, last seen. |
| 2 | getGlueByCIDR | GET | Accepts a CIDR or IP address. Sourced from TLD registry zone file NS glue records and thus is incomplete for ccTLDs. Returns FQDN of known NS found in glue records, first seen, and last seen date fields. |
| 3 | getGlueByBaseDomain | GET | Accepts the base domain underpinning one or more authoritative name servers. Sourced from TLD registry zone file NS glue records and thus is incomplete for ccTLDs. Returns FQDN of known NS and their associated IP addresses found in glue records, first seen, and last seen date fields. |
| 4 | getQnames | GET | Processes strings to match against hostnames in subset of passive DNS collection. Default to past five days unless date is specified. Results from qname field in DNS observations aka hostname, domain name, FQDN. Can't provide complete subdomain list nor first seen date due to limited scope. |
| 5 | getDomainStats | GET | Takes a domain name and returns a count of DNS records from ZETAlytics complete historical collection as well as first seen and last seen. |
| 6 | getDomainIPs | GET | Takes a domain aka qname aka FQDN aka hostname as input. Sourced from ZETAlytics complete historical collection of passive DNS observations. Returns all subdomains, all associated IP addresses, first seen and last seen dates. |
| 7 | getDomainsForIP | GET | For a given CIDR or IP address, fetch hostnames seen resolving there, along with their first and last seen dates in the complete collection of ZETAlytics passive DNS. |
| 8 | getDomainsForNS | GET | For a given NS aka authoritative name server, return domains served, along with their first and last seen dates observed from TLD registry zone files or the complete collection of ZETAlytics passive DNS. |