--- title: "DNS data analysis" slug: "dns-data-analysis" updated: 2026-01-06T21:25:38Z published: 2026-01-06T21:25:38Z --- > ## Documentation Index > Fetch the complete documentation index at: https://help.silentpush.com/llms.txt > Use this file to discover all available pages before exploring further. # DNS data analysis ## Uncover threats through DNS Records Xperimental Queries provides a powerful set of tools for analyzing Domain Name System (DNS) data to identify malicious activity, prevent subdomain takeovers, and track threat infrastructure. These tools utilize Passive DNS (PADNS) data to provide insights into current DNS records, name server resolution patterns, Dangling DNS entries, and historical resolution timelines. By combining these capabilities, security teams can proactively mitigate risks and disrupt malicious networks. ## Get a list of up-to-date DNS Records This tool retrieves current PADNS records for a specified domain, providing a real-time snapshot of DNS configurations. It’s ideal for monitoring active domain resolutions and detecting anomalies that may indicate threats, **such as** unauthorized redirects or malicious infrastructure. 1. From the left navigation menu, select **Advanced Query Builder > Xperimental Queries > PADNS Domain Snapsho**t. 2. Specify a domain. - (Optional) Enable **counts_only** to return only the number of records. - (Optional) Use the **window** field to filter records by their **last_seen** timestamp. 3. Set limits for the number of results returned or skipped. 4. Click **Search**. ## View recent Nameserver resolution attempts Analyzing the frequency of nameserver resolutions for a domain can reveal patterns suggestive of malicious activity, such as a nameserver hosting multiple malicious domains or distributing malware. This tool helps identify coordinated threat infrastructure by examining resolution behavior. 1. From the left navigation menu, select **Advanced Query Builder > Xperimental Queries > PADNS Probestatus**. 2. Specify a domain. - (Optional) Select a **results_format** to return aggregated or individual records. 3. Click **Search**. ## Scan for Dangling DNS Records Dangling DNS records, such as CNAME, MX, or NS entries pointing to deprovisioned resources, create vulnerabilities for subdomain takeovers, allowing threat actors to redirect traffic to malicious sites. Silent Push aggregates global DNS data weekly, flagging dangling records to help organizations secure their domain infrastructure. 1. From the left navigation menu, select**Advanced Query Builder > Experimental Queries > PADNS Report On Dangling Records**. 2. Specify a domain. - (Optional) Select a DNS record type (CNAME, MX, NS, ALL). - (Optional) Enable **counts_only** to return only record counts or changes_only to show changed records. 3. Click **Search**. ## Establish when a DNS Record was resolvable Determining the timeline of when a DNS record was active helps security teams track the progression of potential threats and identify coordinated activity across domains or IP addresses. This tool provides a chronological context for investigating malicious infrastructure. 1. From the left navigation menu, select **Advanced Query Builder > Xperimental Queries > PADNS Resolve Dates**. 2. Specify a DNS record type (**A**, **AAAA**, **CNAME**, **MX**, **NS**, **SOA**, **TXT**). 3. Specify a domain. 4. Click **Search**. ## Save Query 1. Specify query parameters. 2. Click **Save Query**. 3. Provide a **Name** and **Description** for context. 4. Click **Save**. The query appears in [**Private Queries**](https://help.silentpush.com/docs/private-queries). A protocol that translates human-readable domain names (e.g., example.com) into IP addresses, enabling devices to locate and communicate with online resources, critical for network security monitoring. A dataset of historical DNS query and response records used to map domain-to-IP relationships, track infrastructure changes, and identify malicious activity. Unresolved or misconfigured DNS records that can be exploited by attackers to redirect traffic or host malicious content.