Passive DNS
Passive DNS records historical resolutions between domain names and IP addresses collected from recursive resolvers and sensors. Analysts use passive DNS to pivot from a malicious IP to related domains, identify fast-flux patterns, and timeline infrastructure changes.
Frequently Asked Questions
What is Passive DNS?
Passive DNS records historical resolutions between domain names and IP addresses collected from recursive resolvers and sensors. Analysts use passive DNS to pivot from a malicious IP to related domains, identify fast-flux patterns, and timeline infrastructure changes.
How is Passive DNS related to DNS History?
Passive DNS and DNS History are both key concepts in threat intelligence. DNS history is a record of historical DNS resolution data for a domain — including all IP addresses it has ever resolved to, when changes occurred, and what nameservers have been used. It is used in threat investigations to trace infrastructure reuse and identify related malicious domains.