Passive DNS

Passive DNS derives from collecting DNS query information in a database via network sniffing. While traditional DNS records are transient, passive DNS stores a collection and archive of historical DNS records. This contains a wealth of information about DNS queries on the Internet. Analysis of passive DNS data is used for insights into old DNS records, new values, and differences; it can also find possible attack vectors.

An attacker or defender with this information can see where, how, and when your organization’s domain names and IP addresses have changed over time and who is changing them.