This endpoint is extremely effective in investigating malicious infrastructure and unmasking hidden relationships between domains.

Examples

https://api.dns0.eu/rrsets?name=.dsp2-secure.fr
;; Fri, Jun 2, 2023 1:00 PM (UTC)
dsp2-secure.fr.	A	159.100.30.41

;; Fri, Jun 2, 2023 1:00 PM (UTC)
dsp2-secure.fr.	NS	ns-cloud-a3.googledomains.com.
dsp2-secure.fr.	NS	ns-cloud-a2.googledomains.com.
dsp2-secure.fr.	NS	ns-cloud-a1.googledomains.com.
dsp2-secure.fr.	NS	ns-cloud-a4.googledomains.com.

...
https://api.dns0.eu/rrsets?data=159.100.30.41
;; Wed, Jun 7, 2023 3:46 PM (UTC)
securisation-dsp2.fr.	A	159.100.30.41

;; Fri, Jun 2, 2023 1:00 PM (UTC)
dsp2-secure.fr.	A	159.100.30.41

;; Fri, Jun 2, 2023 11:49 AM (UTC)
securisation-axa.fr.	A	159.100.30.41

;; Tue, May 30, 2023 5:15 AM ... Sat, May 27, 2023 5:31 AM (UTC) (3 days)
secure-axa.fr.	A	159.100.30.41

;; Thu, May 25, 2023 4:47 PM (UTC)
secure-fortuneo.fr.	A	159.100.30.41

...

Base URL

https://api.dns0.eu/rrsets

Parameters

name
string

Find records by matching the name component (left-hand side).

Accepted values:

  • domain.com returns records for domain.com
  • .domain.com returns records for domain.com and all its subdomains
data
string

Find records by matching the data component (right-hand side).

Accepted values:

  • 159.100.30.41 returns records that point to this IP address
  • 159.100.30.0/24 returns records that point to any IP addresses from this CIDR
  • domain.com returns records that point to domain.com
  • .domain.com returns records that point to domain.com or any of its subdomains
  • ~spf= returns TXT records that contains spf=
  • hostmaster@example.comreturns SOA records with this email address for RNAME
  • *@example.comreturns SOA records with any email address on the example.com domain for RNAME
type
[]string | []number

Limit results to certain record types (e.g. type=NS,A,AAAA). Accepts a comma-separated list of DNS record types, either in textual or numeric form.

from
datetime

Limit results to records seen after this date (e.g. from=2022-01-01). Also accepts UNIX timestamp and relative times (e.g. from=-1M for a month ago).

to
datetime

Limit results to records seen before this date (e.g. to=2023-03-13). Also accepts UNIX timestamp and relative times (e.g. to=-1M for a month ago).

not_before
datetime

Limit results to records not seen before this date (e.g. not_before=2023-07-01). Also accepts UNIX timestamp and relative times (e.g. not_before=-1M for a month ago).

sort
string

Available sorts are first_seen (the default) or last_seen. Both are descending sorts (most recent first).

format
string

Available formats are json, cof (see Common Output Format) or dig. Default format is based on the Accept HTTP header.

limit
number

Limit the number of results (e.g. limit=10000). Defaults to 100, and up to 50000.

offset
number

Used for pagination. Defaults to 0.