Without the , it would be a challenge for most people to recall IP addresses instead of their more memorable semantic-based counterparts. Imagine if you had to type in “172[.]217[.]5[.]78” instead of “google[.]com” every time you wanted to access the search engine, and then do the same for every website you wish to visit. If this were the case, only a fraction of users would be able to take advantage of the Web. Domain Name System (DNS) But while the DNS is often considered a backbone of the Internet because of the above-cited and other reasons, it suffered a significant limitation in that it only contains the most recent information about IP addresses and DNS records. And so it was easy for cybercriminals to abuse the system and commit cybercrime with a given set of IP addresses and records, and later update these details to hide their tracks. That was before the introduction of the passive DNS (pDNS), which made it possible to access historical IP/DNS records. Today, several products and tools rely on pDNS, notably to study phishing events, malware infiltrations, and other types of cyberattacks that made use of “old” IP addresses and DNS records. Now, how would you go about accessing such pDNS intelligence? This is where sources like can help. Let’s take a closer at what it is and how it can be used for cybersecurity. DNS Database Download What Is DNS Database Download? DNS Database Download is a massive repository of historical DNS records with billions of DNS records. This extensive DNS intelligence is the result of more than 12 years of Web crawling and is updated regularly to ensure the relevance of the information it contains. Source: https://reverse-ip.whoisxmlapi.com/database What data points can you expect from the resource? When you download the database in MySQL or , you will see that the file has three columns: comma-separated values (CSV) format Domain name Timestamp of the last update IP addresses that the domain resolved to in the past These three data points are crucial in several cybersecurity-related activities that we will discuss in the next section. 3 Use Cases of DNS Database Download 1. Malware Detection and Containment As mentioned, was initially created as a way to fight off malware attacks. Since malware usually contain hard-coded domains that could help identify command-and-control (C&C) hosts, it is crucial to identify these domain names and report them to the DNS administrator for removal. pDNS As such, the intelligence contained in DNS Database Download is a potent cybersecurity asset since it can inform of relevant connections to malicious hosts at different points in time. Preventing malware means avoiding several possible threats, such as ransomware attacks, data breaches, and corporate espionage attempts. 2. Brand Protection Another reason for developing pDNS is to help reduce the number of abuses and infringement cases that may affect a brand’s reputation. If, for instance, the IP addresses associated with a domain name do not fall within the IP range usually used by the trademark owner or legitimate organization, that could be a signal of abuse at some point in the past or even currently. With the help of supplementary , trademark owners can also trace the owners of offending domain names and deal with them accordingly. WHOIS lookup tools 3. Cybersecurity Product Development For cybersecurity product developers, DNS Database Download can prove to be a rich source of cyber intelligence. They can use it to feed domain and IP reputation scoring applications, threat intelligence platforms, and security information and event management (SIEM) systems. Domain and IP associations gleaned from historical DNS records can support organizations in many ways. DNS Database Download provides valuable insights when conducting cybercrime investigations, helps companies protect their brands and trademarks from infringers, and acts as a useful source of intelligence for commercial security products.