Passive DNS replication is a technology which constructs zone replicas without cooperation from zone administrators, based on captured name server responses.
The following resource record types are supported:
Unless otherwise noted, the record types are defined in RFC 1035.
Passive DNS replication and the
dnslogger software were presented at FIRST 2005:
For technical reasons, the print version of the slides differs from the version which was actually used in the presentation.
A C implementation of the sensor is now available. (The second link leads to the public GIT repository containing the source code.)
The following organizations run a passive DNS replication database with a public query front end.
This document lists some alternatives to passive DNS replication (and the existing sensor network) which are feasible for some applications.
Passive DNS replication data can be obtain from a special WHOIS server.
2004-08-19: Technical report slightly updated.
2004-09-20: Source code will be available at some point in the future.
2004-10-17: Published source code of
2004-10-20: WHOIS document, resource record types.
dnslogger-forward 0.1.1 released.
2005-03-25: AAAA records are now supported.
2005-04-15: Support for DNAME, TXT and RP records has been added.
2005-08-01: The slides from FIRST 2005 have been published.
dnslogger-forward 0.1.10 has been released, which supports binding to a specific source address and a TCP-based forwarding mode.