A "DNS database" is a database that stores DNS records, notably A-records, which IP a domains is hosted at.
For currently live domains, domain to IP can of course be easily determined on the fly by just resolving the domain like the browser does, e.g.
cirosantilli.comWhat is hard however is:
- the other way around is harder however: given an IP, list all domains that it hosts. This is known as "reverse IP" searching.
- historic data, i.e. what was the IP for a given domain at a given date and vice versa
As of 2023, working with DNS data is just going through a mish-mash of closed datasets/expensive APIs.
We really need some open data in that area.
- opendata.stackexchange.com/questions/1951/dataset-of-domain-names
- opendata.stackexchange.com/questions/2110/domain-name-system-record-a-database
- webmasters.stackexchange.com/questions/33395/find-the-ip-address-of-expired-domains/142751#142751
- superuser.com/questions/686195/how-to-find-the-last-ip-used-for-an-expired-domain-name/1793224#1793224
Some links of interest:
- bushart.org/topic/ip
- archive.org/details/internet-mapping
- stackoverflow.com/questions/307553/possible-to-download-entire-whois-database-list-of-registered-domains (deleted question, see archives)
- www.reversedns.ch/en/ has some OK reverse IPs, but you have to do them one by one with CAPTCHA, and we were already past that point when that source was found, so nothing new was found on it yet
- iphistory.net/ announced at www.reddit.com/r/OSINT/comments/1bip8j7/iphistorynet_find_historic_ip_addresses_from/
Bibliography:
8 www.reddit.com/r/OSINT/comments/1j8uasm/does_domaintools_offer_historical_reverse_ip_ie/ by Ciro Santilli
8 www.reddit.com/r/OSINT/comments/1j8uasm/does_domaintools_offer_historical_reverse_ip_ie/ by Ciro Santilli
TODO is their database amazing?
TODO do they offer historical reverse IP?
Some interesting analysis by Parth Shukla twitter.com/pparth | www.linkedin.com/in/parth-shukla-59583b20/:
Apparently most of the routers were Chinese. No surprise there.
This is the most accessible DNS database online, as it does not require login or payment.
They have reasonable data. It's not fully complete as Ciro Santilli saw on CIA 2010 covert communication websites, but it is very valuable.
Tested as of 2025, they seem to have removed the pre-IP checks on web interface, and just instead use Cloudfare to check that you are human from time to time, which allows for a lot manual searching to be done! Awesome!
Previously, tou could only get about 250 queries on the web interface, then 250 queries per free account via API. They check your IP when you signup, and you can't sign in twice from the same IP. They also state that Tor addresses are blacklisted. They also normalize dots in gmail addresses, so you need more diverse email accounts. But they haven't covered the
.gmail vs .googlemail trick.Their data is also quite disjoint from the data of the 2013 DNS Census. There is some overlap, but clearly their methodology is very different. Some times they slot into one another almost perfectly.
Very curiously, their reverse IP search appears to be somewhat broken, or not to be historic, e.g.We've contacted viewdns.info support and they replied:This is likely not accurate, more precisely it likely only works if it was the last IP address, not necessarily a current one.
- viewdns.info/iphistory/?domain=vuvuzelanews.com hits 74.116.72.246 in 2011, later moved to others
- viewdns.info/reverseip/?host=74.116.72.246&t=1 however does not contain
vuvuzelanews.com
The reverse IP tool will only show a domain if that is it's current IP address.
Data format overview: opendata.stackexchange.com/questions/1951/dataset-of-domain-names/21077#21077
TODO was this data also obtained illegally like the Carna botnet
Articles by others on the same topic
There are currently no matching articles.