DNS Database Download Is Now Reinforced with Wildcard and Active Fields | WhoisXML API

DNS & DNS History Blog

DNS Database Download Is Now Reinforced with Wildcard and Active Fields

We are excited to announce that the Standard and Premium DNS Database files from DNS Database Download are now enriched with two new columns, namely, wildcard and active. These additions allow you to determine if a DNS record is part of a wildcard entry and check if a domain name or subdomain is active based on its most recent resolution status.

With this new wildcard field, WhoisXML API users can now:

  • Better filter out DNS data noise: A wildcard subdomain, or catch-all subdomain, can generate DNS entries for many non-existent subdomains. As such, the new wildcard field enables you to focus only on subdomains created by DNS record administrators. This feature leads to a cleaner and better-quality dataset that requires lower storage and processing requirements.
  • Expand attack surface discovery: Wildcard subdomains can pose security risks, especially if unknown to security teams, and can be abused by attackers. Therefore, identifying them through DNS intelligence can help reduce your attack surface by avoiding their use or, if strictly necessary, limiting and closely monitoring them.

Meanwhile, the new active field enables users to:

  • Enhance cyber investigations: Analyzing the timestamps of a malicious domain’s recent or historical resolutions, along with whether these resolutions were successful or failed, can help investigators reconstruct a timeline of events relevant to a cyber incident. The data can further be used as forensic evidence.
  • Identify botnets and DGA-created domains: Various DNS requests that do not lead to resolutions may indicate that DGA-based botnet activity is ongoing. Therefore, monitoring the number of failed DNS resolutions can help with endpoint protection.
  • Detect malware distribution: Malicious domains often have fluctuating resolution statuses as they are rapidly weaponized and frequently taken down soon after. Tracking these changes can help identify an attacker’s tactics, techniques, and procedures (TTPs).

In summary, both wildcard and active data points can empower you to refine your DNS data analyses, identify potential security risks, and enhance your overall security posture. These new fields are also available as optional output parameters for several of our APIs such as Reverse IP API, Reverse DNS API, Reverse MX API, and Reverse NS API.

Download a sample of our Premium DNS Database files or contact us for a better overview of the new “wildcard” and “active” fields.

Try our WhoisXML API for free
Get started