Contents x
      Search through passive DNS data (reverse lookup)
      • 16 May 2023
      • 1 Minute to read
      • Print
      • Dark
        Light
      Contents

      Search through passive DNS data (reverse lookup)

      • Updated on 16 May 2023
      • 1 Minute to read
      • Print
      • Dark
        Light
      Article Summary

      Scanning through Silent Push's store of passive DNS data collected from trusted third parties allows security teams to establish links between disparate records and global attacker infrastructure, and obtain information based on numerous granular DNS/IP parameters.

      Our reverse lookups allow you to search passive DNS data using the following record types:

      • A
      • AAAA
      • CNAME
      • MX
      • NS
      • PTR4
      • PTR6
      • ANY (IPv4 & IPv6)
      • SOA
      • TXT
      • MXHASH
      • NSHASH
      • SOAHASH
      • TXTHASH

      Note: Only the qtype and qname fields are mandatory. All other parameters are optional.

      1. Select a record type to lookup in qytype

      2. Specify a record name in qname

      3. (PTR4 or PTR6 qytpes) Specify a netmask

      4. (A or AAAA qytpes) Tick the box to include or exclude subdomains

      5. Choose to include or exclude metadata in the results

      6. Specify a regular expression (re2) match for domain/host. This overrides the qname parameter

      7. Specify a timestamp in first_seen_before (yyyy-mm-dd)

      8. Specify a timestamp in first_seen_after (yyyy-mm-dd)

      9. Specify a timestamp in last_seen_before (yyyy-mm-dd)

      10. Specify a timestamp in last_seen_after (yyyy-mm-dd)

      11. Use as_of to only return records where the the as_of timestamp is between the first_seen and the last_seen timestamp

      12. Use sort to order results in a specific order (column/order). This feature may be repeated with different column names to produce a nested sorting effect (separate multiple values with semi-colon):

        1. Columns: last_seen, first_seen, query, answer
        2. Order: asc, desc

      13. Limit the number of results to return

      14. Specify a number of results to skip

      15. Click Search

      Saving queries

      Organizational users are able to save individual queries ran from Advanced Query Builder, and store them in the Private Queries menu for future analysis, or to share with their organization.

      1. Specify the query parameters

      2. Click Save Query

      3. Give your query a Name

      4. Specify a Description to add more context

      5. Click Save

      Was this article helpful?
      What's Next