/rrsets
This endpoint is extremely effective in investigating malicious infrastructure and unmasking hidden relationships between domains.
Examples
;; Fri, Jun 2, 2023 1:00 PM (UTC)
dsp2-secure.fr. A 159.100.30.41
;; Fri, Jun 2, 2023 1:00 PM (UTC)
dsp2-secure.fr. NS ns-cloud-a3.googledomains.com.
dsp2-secure.fr. NS ns-cloud-a2.googledomains.com.
dsp2-secure.fr. NS ns-cloud-a1.googledomains.com.
dsp2-secure.fr. NS ns-cloud-a4.googledomains.com.
...
;; Wed, Jun 7, 2023 3:46 PM (UTC)
securisation-dsp2.fr. A 159.100.30.41
;; Fri, Jun 2, 2023 1:00 PM (UTC)
dsp2-secure.fr. A 159.100.30.41
;; Fri, Jun 2, 2023 11:49 AM (UTC)
securisation-axa.fr. A 159.100.30.41
;; Tue, May 30, 2023 5:15 AM ... Sat, May 27, 2023 5:31 AM (UTC) (3 days)
secure-axa.fr. A 159.100.30.41
;; Thu, May 25, 2023 4:47 PM (UTC)
secure-fortuneo.fr. A 159.100.30.41
...
Base URL
https://api.dns0.eu/rrsets
Parameters
Find records by matching the name component (left-hand side).
Accepted values:
domain.com
returns records fordomain.com
.domain.com
returns records fordomain.com
and all its subdomains
Find records by matching the data component (right-hand side).
Accepted values:
159.100.30.41
returns records that point to this IP address159.100.30.0/24
returns records that point to any IP addresses from this CIDRdomain.com
returns records that point todomain.com
.domain.com
returns records that point todomain.com
or any of its subdomains~spf=
returns TXT records that containsspf=
hostmaster@example.com
returns SOA records with this email address for RNAME*@example.com
returns SOA records with any email address on theexample.com
domain for RNAME
Limit results to certain record types (e.g. type=NS,A,AAAA
). Accepts a
comma-separated list of DNS record types, either in textual or numeric form.
Limit results to records seen after this date (e.g. from=2022-01-01
). Also
accepts UNIX timestamp and relative times (e.g. from=-1M
for a month ago).
Limit results to records seen before this date (e.g. to=2023-03-13
). Also
accepts UNIX timestamp and relative times (e.g. to=-1M
for a month ago).
Limit results to records not seen before this date (e.g.
not_before=2023-07-01
). Also accepts UNIX timestamp and relative times (e.g.
not_before=-1M
for a month ago).
Available sorts are first_seen
(the default) or last_seen
. Both are
descending sorts (most recent first).
Available formats are json
, cof
(see Common Output
Format)
or dig
. Default format is based on the Accept
HTTP header.
Limit the number of results (e.g. limit=10000
). Defaults to 100
, and up to
50000
.
Used for pagination. Defaults to 0
.