Passive DNS
CIRCL Passive DNS is a database storing historical DNS records from various resources including malware analysis or partners. The DNS historical data is indexed, which makes it searchable for incident handlers, security analysts or researchers.
How to use the service?
CIRCL Passive DNS is accessible via a REST API and the output format is in JSON following Passive DNS - Common Output Format.
The REST API is accessible via the following URL
https://www.circl.lu/pdns/query/<queryvalue>
Query values can be any records like IP addresses, hostnames or domain names (please note that CIDR block queries are not supported):
https://www.circl.lu/pdns/query/www.circl.lu
and a sample JSON output:
1{"count": 20426, "time_first": 1298398417, "rrtype": "A", "rrname": "www.circl.lu", "rdata": "194.154.205.24", "time_last": 1299264077} {"count": 202990, "time_first": 1298398002, "rrtype": "CNAME", "rrname": "www.circl.lu", "rdata": "cpa.circl.lu", "time_last": 1408612615}
Access to CIRCL Passive DNS
Access to CIRCL Passive DNS is only allowed to trusted partners in Luxembourg and abroad. Contact us if you would like access. Include your affiliation and the foreseen use of the Passive DNS data.
Python Library to access the CIRCL Passive DNS API
We developed a Python library called PyPDNS to query any Passive DNS implementation following the Passive DNS - Common Output Format.
Ruby Library to access the CIRCL Passive DNS API
PassiveDNS::Client is a rubygem developed by Chris Lee who includes access to different passive DNS services including CIRCL.
Scala library to access the CIRCL Passive DNS API
Scala library is a Scala implementation developed by Jason Jones.