Skip to content
Log in

Passive DNS

Definition

A historical database of DNS resolutions collected by sensors at recursive resolvers or network taps. Passive DNS shows which IP addresses a domain resolved to in the past and when, enabling investigators to reconstruct attacker infrastructure after it has changed.

Related terms

A record
A DNS resource record that maps a domain name to an IPv4 address. The primary attribution record in most investigations. An AAAA...
DNS tunnelling
Encoding data inside DNS queries and responses to exfiltrate information or carry command-and-control traffic through a network that permits DNS but blocks...
Domain generation algorithm (DGA)
Code embedded in malware that produces a large set of pseudo-random domain names on a scheduled basis. The malware tries each until...
Fast-flux
An evasion technique in which a domain's A records cycle through a large pool of IP addresses with very short TTL values....
WHOIS
A query protocol that returns registration data for a domain, including registrant name, organisation, email, nameservers, and registration and expiry dates. Since...

Explained in

  • DNS and Domain InvestigationA historical database of DNS resolutions collected by sensors at recursive resolvers or network taps. Passive DNS shows which IP addresses a domain resolved to...

Your journey to becoming a forensic professional starts here.

Practice with mock tests, learn from structured notes, and get your questions answered by a global forensic community, all in one place.

Continue learningCreate Your Account