DNS Data Analysis

New
  • Published on Aug 15, 2025
  • 1 minute(s) read
Prev Next

Uncover Threats Through DNS Records

Xperimental Queries provides a powerful set of tools for analyzing Domain Name System (DNS) data to identify malicious activity, prevent subdomain takeovers, and track threat infrastructure. These tools leverage Passive DNS (PADNS) data to offer insights into current DNS records, nameserver resolution patterns, dangling DNS entries, and historical resolution timelines. By combining these capabilities, security teams can proactively mitigate risks and disrupt malicious networks.

Get a List of Up-to-Date DNS Records

This tool retrieves current PADNS records for a specified domain, providing a real-time snapshot of DNS configurations. It’s ideal for monitoring active domain resolutions and detecting anomalies that may indicate threats like unauthorized redirects or malicious infrastructure.

  1. Navigate to Advanced Query Builder > Xperimental Queries > PADNS Domain Snapshot.

  2. Specify a domain.

  3. (Optional) Enable counts_only to return only the number of records.

  4. (Optional) Use the window field to filter records by their last_seen timestamp.

  5. Set limits for the number of results returned or skipped.

  6. Click Search.

View Recent Nameserver Resolution Attempts

Analyzing the frequency of nameserver resolutions for a domain can reveal patterns suggestive of malicious activity, such as a nameserver hosting multiple malicious domains or distributing malware. This tool helps identify coordinated threat infrastructure by examining resolution behavior.

  1. Navigate to Advanced Query Builder > Xperimental Queries > PADNS Probestatus.

  2. Specify a domain.

  3. (Optional) Select a results_format to return aggregated or individual records.

  4. Click Search.

Scan for Dangling DNS Records

Dangling DNS records, such as CNAME, MX, or NS entries pointing to deprovisioned resources, create vulnerabilities for subdomain takeovers, allowing threat actors to redirect traffic to malicious sites. Silent Push aggregates global DNS data weekly, flagging dangling records to help organizations secure their domain infrastructure.

  1. Navigate to Advanced Query Builder > Xperimental Queries > PADNS Report On Dangling Records.

  2. Specify a domain.

  3. (Optional) Select a DNS record type (CNAME, MX, NS, ALL).

  4. (Optional) Enable counts_only to return only record counts or changes_only to show changed records.

  5. Click Search.

Establish When a DNS Record Was Resolvable

Determining the timeline of when a DNS record was active helps security teams track the progression of potential threats and identify coordinated activity across domains or IP addresses. This tool provides a chronological context for investigating malicious infrastructure.

  1. Navigate to Advanced Query Builder > Xperimental Queries > PADNS Resolve Dates.

  2. Specify a DNS record type (A, AAAA, CNAME, MX, NS, SOA, TXT).

  3. Specify a domain.

  4. Click Search.

Save Queries

Organizational users can save queries for future use or sharing.

  1. Specify query parameters.

  2. Click Save Query.

  3. Provide a Name and Description for context.

  4. Click Save. The query appears in Private Queries.