Passive DNS Replication
Passive DNS replication is a technology which constructs zone replicas without cooperation from zone administrators, based on captured name server responses.
Supported resource record types
The following resource record types are supported:
Unless otherwise noted, the record types are defined in RFC 1035
.
Presentation at FIRST 2005
Passive DNS replication and the dnslogger software were presented at FIRST 2005:
For technical reasons, the print version of the slides differs from the version which was actually used in the presentation.
Source code
A C implementation of the sensor is now available. (The second link leads to the public GIT repository containing the source code.)
- https://static.enyo.de/fw/releases/dnslogger-forward/dnslogger-forward-0.1.10.tar.gz (OpenPGP signature)
- https://git.enyo.de/fw/dnslogger-forward.git/
Sites running passive DNS replication
The following organizations run a passive DNS replication database with a public query front end.
Further Resources
Alternatives to Passive DNS Replication
This document lists some alternatives to passive DNS replication (and the existing sensor network) which are feasible for some applications.
Passive DNS Replication WHOIS Server
Passive DNS replication data can be obtain from a special WHOIS server.
Revisions
2004-07-30: published
2004-08-19: Technical report slightly updated.
2004-09-20: Source code will be available at some point in the future.
2004-10-17: Published source code of
dnslogger-forwardanddnslogger.2004-10-20: WHOIS document, resource record types.
2005-01-02:
dnslogger-forward0.1.1 released.2005-03-25: AAAA records are now supported.
2005-04-15: Support for DNAME, TXT and RP records has been added.
2005-08-01: The slides from FIRST 2005 have been published.
2007-10-11:
dnslogger-forward0.1.10 has been released, which supports binding to a specific source address and a TCP-based forwarding mode.