New Farsight Security Study Examines DNS Network Traffic Volumes For Over 300 Top Second-Level Domains During Pandemic

Report looked at popular domains in 10+ categories, including government, travel and transportation, retail, videoconferencing, streaming video, social media, higher education, and news.

June 3, 2021

3 Min Read


SAN MATEO, Calif., June 02, 2021 (GLOBE NEWSWIRE) -- In a new report released today, Farsight Security®, Inc., a leading cybersecurity provider of DNS Intelligence, provides DNS cache miss traffic volumes, from April 2020-March 2021, for more than 300 2nd-level domains in 10+ categories, including government, travel and transportation, retail, videoconferencing, streaming video, social media, higher education and news.

A 2nd-level domain, such as "," usually contains an organization’s brand name and is the first point of contact Internet users have with a website. Since the volume of cache miss traffic is largely based on a domain’s popularity, the report provides a raw snapshot of Internet activity for top brands during the pandemic, from the first global lockdowns until the early days of business re-openings, and how individual organizations fared against other companies or institutions in their respective categories.

"The power of observation can only serve the needs of defense and investigation through continuous introspection," said Dr. Paul Vixie, Farsight CEO. "We periodically characterize data norms, so that data anomalies have contrast. In this report, we show that the impact of the Covid-19 pandemic on global DNS traffic was visible even given the continuous growth of the Internet itself. Security researchers can use these findings to upgrade and modernize their models and baselines in order to predict and detect threats in the years to come."

Last year, Farsight Security published a similar report, using just a two-month sample of passive DNS data during the early stages of the Covid-19 lockdown (March 2020-April 2020). The 2020 report revealed volumetric randomized subdomain Denial of Service (DoS) attacks leveraging wildcard domains. In our new study, “DNS Network Traffic Volumes During the Pandemic: April 2020-March 2021,” our research team again saw evidence of these attacks, with some domains showing traffic spikes many times (2-10x) normal levels. Summary graphs for each domain included in the report illustrate this abnormal volatility over the 12-month period.

While worldwide shelter-in-place orders and other activities taken during the pandemic may have played a role in these report results, this report does not try to "attribute" or "apportion" the change in traffic levels.

The full report, including additional findings, can be downloaded here.

About Farsight Security, Inc.
Farsight Security, Inc. is the world’s largest provider of historical and real-time passive DNS data. We enable security teams to qualify, enrich and correlate all sources of threat data and ultimately save time when it is most critical - during an attack or investigation. Our solutions provide enterprise, government and security industry personnel and platforms with unmatched global visibility, context and response. Farsight Security is headquartered in San Mateo, California, USA. Learn more about how we can empower your threat platform and security team with Farsight Security passive DNS solutions at, join Farsight Labs at to access our early stage and community tools, or follow us on Twitter: @FarsightSecInc.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights