Before you go, check out these stories!

Hackernoon logoIntroducting All Registered Domains Database by@jonathan.zhang

Introducting All Registered Domains Database

Author profile picture

@jonathan.zhangWhoisXML API

Top Whois, DNS, IP and threat intelligence data provider. We provide APIs, databases, and tools.

There are close to 400 million active domain names in the Domain Name System (DNS) to date. This number is not static, however. Tens of thousands of domain names appear and disappear from the DNS every day as domain owners start or stop using them. How would you be able to track these changes as they happen? This is where a list of all registered domain names, often in the form or a database, comes in.

Besides just listing domain names, a registered domains database contains information about each domain’s DNS zone. This DNS information includes the domains' nameservers (NS) and time to live (TTL)—indicating how long a DNS resolver is supposed to cache DNS details before requesting updated details.

Access to a list of all registered domains can serve several purposes. For one, it can help marketing teams and domain investors study domain registration trends and identify emerging market opportunities. What’s more, a registered domains database can give cybersecurity specialists a better understanding of the essential changes in their DNS infrastructure or someone else’s.

In this post, we take a close look at two main options in the market to acquire lists of all registered domains. We also briefly demonstrate how domain registration and DNS information can benefit stakeholders in brand protection, cybercrime investigation, and cybersecurity product development.

1. All Registered Domains Database by WhoisXML API

Let us start with All Registered Domains, a database that contains DNS information on virtually all registered domains worldwide. It supports a total of 1,250 generic top-level domains (gTLDs), including all major (e.g., [.]com, [.]org, etc.) and new ones (e.g., [.]top, [.]club, etc.). Additionally, country code top-level domains (ccTLD) are also supported upon request.

The list is updated daily, and you can download all registered domains and the corresponding zone files in comma-separated values (CSV) format. If you prefer, you can also download only the registered domains for the current day or include older ones.

2. Domains Index

Domains Index offers various country-level and regional datasets that contain lists of all registered domains under a country code top-level domain (ccTLD) or groups of them. It also has a generic dataset, which lists all registered domain names under different gTLDs.

What Are the Uses of an All Registered Domains Database?

As previously mentioned, professionals in different realms can work with a list of all registered domains. A registered domains database can help augment marketing initiatives or detect potentially malicious domains entering an organization’s networks. We explore a few more use cases in this section.

Brand Protection

Keeping an eye on all registered domains can support brand protection efforts, notably allowing users to find possible typosquatting domains. For example, a hypothetical e-commerce website branded GXK with domain name gxk[.]store could find the following names suspicious and maybe even infringing on its registered trademark:

  • 012gxk[.]store   
  • 013gxk[.]store  
  • 014gxk[.]store   
  • 015gxk[.]store   
  • 016gxk[.]store

Cybercrime Investigation

Aside from letting companies identify possible typosquatting domain names, an all registered domains database can also provide a starting point to cybercrime investigations. If one of the GXK domains listed above figures in nefarious activities, investigators can use the data in the database to run DNS lookup queries.

For example, they can use a nameserver as input on Reverse NS to see domain associations. In this case, the tool revealed that the nameserver expirens3[.]hichina[.]com is a shared one with some associated domain names seemingly related to China.

Cybersecurity Product Development

Security teams can feed lists of registered domain names to their threat intelligence platform (TIP), security information and event management (SIEM), and other cybersecurity products. With well-parsed and consistent files in CSV format, domain and DNS zone data can be easily correlated with other sources of intelligence already contained in existing cybersecurity applications and processes.

These are only some of the use cases of a list of registered domains. Check our product page for more information on the practical usage of DNS zone files and general domain intelligence.


Join Hacker Noon

Create your free account to unlock your custom reading experience.