DNS Database Download of 2B+ passive DNS records | WhoisXML API

DNS Database Download: Gain access to the largest repository of active and passive DNS intelligence

DNS Database Download is an extensive resource with 2+ billion, with coverage going going as far back as 2008 and 100+ million weekly record additions. The data feed files—which include A, MX, NS, TXT, CNAME, and SOA records—are downloadable in CSV for easy follow-up analysis with statistical software and integration into other system sources.

Order database
DNS Database Download

Benefits of our reverse DNS database

  • Comprehensive, coherent, and covering more TLDs than any other

    We offer the most recently updated domain database with every domain name linked to its IP address and host. Get downloads for all major gTLDs.

  • Get access to exhaustive and properly parsed data

    Obtain an up-to-date DNS database archive download as Comma Separated Values (.CSV) files to stay on top of the latest changes — suspicious or not — to DNS records.

  • Transform threat intelligence into actionable prevention and mitigation steps

    Manually parsing raw passive DNS data can be a tedious and error-prone job. With DNS Database Download, users can skip the legwork and readily turn feeds into effective defensive measures.

What are the records tracked with our DNS Database Download service?

  • A

    A records help translate human-readable domain names or hostnames into machine-readable IP addresses, and so identify the specified resolutions between those IPs and domains.

  • MX

    MX records specify the mail server(s) that should receive emails for a domain name and the priority with which each server should be used.

  • NS

    NS records identify the DNS servers considered authoritative for their respective domain names and contain the associated DNS records.

  • TXT

    TXT records typically hold a domain’s descriptive text, generally giving human- and/or machine-readable information to help verify domain ownership and prevent spam.

  • CNAME

    CNAME records indicate how web administrators have specified domain name aliases to point to their root or canonical domain names.

  • SOA

    SOA records contain important administrative information about a domain name’s zone and other details such as its administrator’s email address or the length of time for refreshes, retries, when to stop responding to zone queries, etc.

Practical usage

Threat hunting and defense

Threat hunting and defense

  • Track down suspicious cyber resources (hostnames, IP addresses, command-and-control [C&C] servers) and get the latest malware, phishing, or other threat information.
  • Detect patterns of malicious activity and identify phishing or other targeted attacks.
  • Discover associations among threat actors based on domain, IP, and DNS record associations to track and block their activity.
  • Conduct fact-based risk profile audits of domain names, IP addresses, and other digital assets.
  • Reveal all domains using the same host, DNS server, MX server or other infrastructure as an existing known malicious domain/threat actor aided by A, MX, NS, TXT, CNAME, and SOA records.
  • Uncover all IPs a bad actor is using to hide malicious activity and avoid takedowns.
  • Conduct third-party audits of DNS/MX configurations.
  • Research fraudulent anomalous activities and get the intel and context needed to prevent them from reoccurring in the future.

Cybercrime investigation

Cybercriminals may use the same infrastructure resources and leave similar signatures and traces behind. DNS history allows you to follow those leads.

Cyber forensics analysis

Discover DNS record (A, MX, NS, TXT, CNAME, and SOA) changes and see how threat incidents correlate. Accelerate incident response and post-breach analysis with context using current and historic domain and IP information.

Cybersecurity and anti-malware solution enhancement

Identify spam, dangerous websites, intrusions, and other web-related misbehavior.

SIEM and SOAR data enrichment

Obtain DNS intelligence for a variety of security information and event management (SIEM); security orchestration, automation, and response (SOAR); and threat intelligence (TI) platforms. Power next-generation firewalls (NGFWs) with better DNS intelligence data points. Identify and monitor Internet assets that can be traced back to entities operating in regions known for high geopolitical cyber risks.

Brand protection and market intelligence gathering

Brand protection and market intelligence gathering

  • Monitor your brand trademarks or copyrights and be notified of infringement when they are used on fraudulent domains.
  • Identify associations between hostnames and IP addresses, MX records, NS records and more.
  • Gain insights into domains.

Domain and IP reputation scoring system improvement

Establish domain/IP reputation standards based on facts and use them to reveal domains and IP addresses used by malicious actors.

Domain and IP reputation scoring system improvement

Domain Name System Primer

In this white paper, we give an overview of the Domain Name System, or DNS, one of the pillars of the Internet.

Read more

Request access to our passive DNS database

DNS Database Download | WhoisXML API

API integration available

Learn more about API integration
Have questions?

We are here to listen. For a quick response, please select your request type or check our Contact us page for more information. By submitting a request, you agree to our Terms of Service and Privacy Policy.

Or shoot us an email to