Our historical DNS record database is one of the largest of its kind, with billions of recorded events, allowing you to dive deep into web properties’ DNS history and connections.
Our DNS Database Download is available via CSV files. Our DNS Chronicle API is also designed for easy integration and supports popular programming languages and platforms.
Choose the best consumption model for you—lookup, API, or database download—to fit your unique requirements.
Keep asset inventory current by uncovering connected or hidden domains and subdomains used for specific web applications and services.
Identify unusual DNS resolution patterns that may indicate botnet activity or compromised infrastructures used to host or distribute malware.
Stay alerted to DNS resolutions associated with known threat actors, and uncover patterns or anomalies that could indicate malicious activity.
Monitor DNS record changes to detect domain hijacking attempts and assess how associated domains could affect brand reputation.
Use DNS data to trace domain configuration changes, identify connected infrastructure, and detect suspicious activities linked to vendors and other third parties.
Spot fraudulent behaviors by analyzing DNS patterns, domain ownership changes, and previous associations with malicious servers.
“WhoisXML API’s passive DNS database, even the lite version for academic purposes, has much better subdomain data coverage compared with other commercial and free databases.”
“WhoisXML was the game changer for us. It has revolutionized our ability to disrupt cybercrime in process and at scale by quickly identifying all of the vendors providing material support for scammers using sophisticated website templates that look legitimate. By quickly identifying the vendors unknowingly supporting the criminals, we can provide them with public interest justification to burn down the criminal infrastructure.”
“After thorough testing, we were thrilled to find that Premium DNS 365 consistently identified 10 times more 'active' subdomains compared to other options in the market.”
A DNS record is a data record stored in the Domain Name System (DNS) that maps domain names to specific resources, such as IP addresses, mail servers, or other services. A DNS server resolves those records to direct internet traffic and manage domain-related services. Common DNS record types include:
To get information about a domain’s current DNS records, you can use our DNS lookup tool or DNS lookup API.
The DNS history of a domain name is a list of past DNS configurations, including changes to IP addresses, name servers, mail servers, and other DNS records over time. It provides insight into how a domain's infrastructure has evolved and can reveal ownership changes, migrations, or potential misuse.
Unlike a sizable portion of WHOIS data, DNS data is not redacted for privacy, so historical DNS records can be quite useful for cybersecurity purposes.
The Domain Name System was not engineered to keep track of historical records, but with them holding a lot of value, it’s natural that independent vendors have begun creating and maintaining DNS history databases.
Domain’s DNS history typically includes details such as:
This information provides a detailed timeline of a domain's DNS activity and helps uncover patterns, infrastructure changes, potential links to malicious actors, and more.
Here’s an example of using our historical DNS lookup tool for example.com that pulls historical IP to domain or domain to IP information:
Historical DNS data has a wide range of practical applications across cybersecurity, threat intelligence, and asset management. You can use it to:
These capabilities make historical DNS data a very useful resource for improving security posture and gaining deeper insights into domain activity and associated risks.
To check DNS history:
Alternatively, you can refer to the WhoisXMLAPI's DNS Database Download service or use the DNS Chronicle API. These data delivery models provide detailed, time-stamped DNS records and could come in handy when you need to automate requests for historical DNS records.
DNS history can help identify suspicious activity or patterns, such as:
By analyzing DNS history, security teams can detect and respond to potential threats proactively.
DNS history can reveal connections between domains and threat actors by:
This helps cybersecurity providers keep tabs on threat actors' evolving tactics and infrastructure.
DNS history aids fraud detection by uncovering:
These insights help investigators trace and mitigate fraudulent schemes.
DNS history provides a comprehensive view of domain activity, which can:
By leveraging DNS history, organizations can improve visibility and security of their digital assets.
DNS history supports brand protection by allowing you to detect:
We recommend using DNS history together with predictive threat intelligence feeds for better results and correlation when it comes to brand protection efforts. Read our blog post to learn more about using DNS history for brand attack prevention.