Threat Intelligence

04:14 PM
Dark Reading
Dark Reading
Products and Releases

Farsight Securitys Flagship DNSDB Grows to 100B Records, Arming Threat Intelligence Teams with Unprecedented Historical and Real-time Intel to Fight Cybercrime

SAN MATEO, Calif., Oct. 04, 2017 -- Farsight Security, Inc. today announced that Farsight’s flagship product, DNSDB, has grown from 35 billion in 2014 to over 100 billion records, each representing a unique observation of global DNS resolutions. DNSDB is a real-time snapshot of the changing Internet dating back to 2010, and contains the Domain Name System (DNS), the Internet’s “phone book,” in a single, easy-to-use indexed database so security analysts can gain critical information about past and current use of digital artifacts such as IP addresses and domain names used by cybercriminals.

“As the Internet has grown, criminal activity has risen as well. We built DNSDB to scale so it can easily keep up and so organizations have access to a wealth of data to reduce their security risk,” said Dr. Paul Vixie, cofounder and CEO of Farsight Security, Inc.  “Every cybercriminal leaves a digital footprint in the DNS.  By discerning and following those footprints using DNSDB, our clients can associate a suspicious domain name to its IP address and complete history since 2010, enabling them to get a full view of their attacker’s infrastructure as well as new intelligence about malicious activity against their organization,” he added.

“In confronting advanced attacks, Fidelis can’t rely on static indicators alone. Fidelis automates detection and response and to do that, we need to be able to find what other infrastructure is related to those attacks. That’s where Farsight’s DNSDB service shines. Whether it’s enumerating organized cybercrime group’s infrastructure in order to perform a targeted takedown with law enforcement or tracking threat actors who are involved in trying to influence elections, the size and breadth of DNSDB data make it a key asset,” said John Bambenek, Manager, Threat Systems, Fidelis Cybersecurity.

“Leveraging the wealth of data in Farsight's DNSDB allows ThreatConnect users the capability to quickly and effectively investigate an adversary's intentions, and the potential risks that their organization may be exposed to during an attack," said Jody Caldwell, Director of Customer Success, ThreatConnect, Inc.

“Farsight's DNSDB provides rich historical and real-time insight that is critical to our threat intelligence team's effort to identify and annotate malicious cyber campaigns. DNSDB is a valuable resource, for both type and size of data that we use to proactively hunt adversary tactics, techniques, and procedures and research recent security events," said Levi Gundert, VP of Threat Intelligence and Strategy, Recorded Future.

DNS Records: Rich In Intelligence for Threat Hunting

Farsight DNSDB offers every type of DNS record including A (Address), AAAA (IPv6 Address), CNAME (Canonical Name), MX (Mail Exchanger), NS (Name Server), SOA (Start of Authority) and TXT (Text) records. Since DNS is at the center of every cybercriminal activity, investigators need access to every record type to increase the speed and accuracy of detecting and responding to cyberattacks.  Each DNS record type can provide useful information for an investigation. For example.

A Records map a Fully-Qualified Domain Name (FQDN) to an IPv4 address AAAA Records map FQDN to IPv6 address NS Records show name servers are configured – bad guys will often move a domain to multiple name servers to avoid detection MX Records direct email to the proper mail servers for the domain SPF, TXT describe spam policy of a domain

The Growth of Farsight DNSDB

Farsight has architected DNSDB to keep pace with the increasing use of the Internet represented by billions of DNS look-ups originating from both users and devices across the globe. While DNSDB is designed to scale efficiently, it is also designed to maintain our commitment to user privacy – i.e., no Personal Identifiable Information is collected.

Some of the reasons for DNSDB’s growth include:

The growth of Farsight’s global sensor array The increased frequency that the Domain Name System (DNS) is updated or changed The significant increase in machine-driven use of Internet identifiers as infrastructure migrates from static “servers” into “the cloud”

The rise in domain name registrations

Pricing & Availability

Farsight DNSDB is available as an on-premise solution (Farsight DNSDB Export) or RESTful API. To learn more about services, pricing and other information, please contact Farsight Security at [email protected] or call +1-650-489-7919.


About Farsight Security, Inc.


Farsight Security is the world's largest provider of historic and real-time passive DNS data. We enable security teams to qualify, enrich and correlate all sources of threat data and ultimately save time when it is most critical - during an attack or investigation. Our solutions provide enterprise, government and security industry personnel and platforms with unmatched global visibility, context and response.

Farsight Security is headquartered in San Mateo, California, USA. Learn more about how we can empower your threat platform and security team with Farsight Security passive DNS solutions at or follow us on Twitter: @FarsightSecInc.


Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
WebAuthn, FIDO2 Infuse Browsers, Platforms with Strong Authentication
John Fontana, Standards & Identity Analyst, Yubico,  9/19/2018
Turn the NIST Cybersecurity Framework into Reality: 5 Steps
Mukul Kumar & Anupam Sahai, CISO & VP of Cyber Practice and VP Product Management, Cavirin Systems,  9/20/2018
NSS Labs Files Antitrust Suit Against Symantec, CrowdStrike, ESET, AMTSO
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/19/2018
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: White Privelege Day
Current Issue
Flash Poll
The Risk Management Struggle
The Risk Management Struggle
The majority of organizations are struggling to implement a risk-based approach to security even though risk reduction has become the primary metric for measuring the effectiveness of enterprise security strategies. Read the report and get more details today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2018-09-20
An issue was discovered in Exiv2 v0.26. The function Exiv2::DataValue::copy in value.cpp has a NULL pointer dereference.
PUBLISHED: 2018-09-20
The CWJoomla CW Article Attachments PRO extension before 2.0.7 and CW Article Attachments FREE extension before 1.0.6 for Joomla! allow SQL Injection within download.php.
PUBLISHED: 2018-09-20
upc.exe in Ubisoft Uplay Desktop Client versions 63.0.5699.0 allows remote attackers to execute arbitrary code. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of URI ha...
PUBLISHED: 2018-09-20
A command injection vulnerability in the web server functionality of Moxa EDR-810 V4.2 build 18041013 allows remote attackers to execute arbitrary OS commands with root privilege via the caname parameter to the /xml/net_WebCADELETEGetValue URI.
PUBLISHED: 2018-09-20
LINK-NET LW-N605R devices with firmware allow Remote Code Execution via shell metacharacters in the HOST field of the ping feature at adm/systools.asp. Authentication is needed but the default password of admin for the admin account may be used in some cases.