dns0.eu

contact@dns0.eu

iCloud Private Relay

Welcome to [dns0.eu](https://dns0.eu) official documentation.

Introduction

We operate a sophisticated domain intelligence infrastructure to **collect**, **process** and **analyze** (very) large amounts of data. We make this data available to our customers and threat intelligence partners in real-time and as daily downloadable feeds.

Most malicious domains are registered from a few days to only a few seconds before becoming active, making those domains a very valuable subset of domains to analyze when looking for future malicious activity.

Newly Registered Domains (NRD)

While NRD focuses on the first appearance of a domain name in a registry (i.e. the domain registration), NOD focuses on the first time a domain name is observed in the DNS. Newly registered domains are sometimes purposely kept unconfigured for a period of time to avoid detection, making this data another valuable subset of domains to analyze when looking for malicious activity.

Newly Observed Domains (NOD)

NOH focuses on the first time a hostname is observed in the DNS and can help uncover malicious activity at the subdomain level.

Newly Observed Hostnames (NOH)

Domains are sometimes warmed up — often showing the appearance of legit activity — to avoid detection before suddenly turning malicious, making this data a very valuable subset of domains to analyze when looking for malicious activity.

Newly Active Domains (NAD)

Newly Active Hostnames (NAH)

Nearly all malicious domains get issued a certificate — either manually or automatically — very early in their lifecycle and before becoming active. Certificates also contain valuable pieces of information and patterns when investigating malicious activity.

Newly Issued Certificates (NIC)

The real-time firehose of passive DNS data from [dns0.eu](https://dns0.eu).

Passive DNS (RRsets)

Help us secure the European Internet by providing us with a list of malicious domains to block

Become a Partner

As a threat intelligence partner, you will be providing a list of malicious domains to block

Feeds

Reports of domains wrongly flagged as malicious from your feed(s).

False Positive Reports

Reports of malicious domains not being blocked.

Malicious Domain Reports

Non-aggregated logs of DNS queries that matched your feed(s).

Anonymized Query Logs

We partner with hosting providers and ISPs across the European Union to host DNS nodes for [dns0.eu](https://dns0.eu)

Programmatically generate Apple configuration profiles with custom network and domain exceptions, or prohibit users from disabling the profile

Documentation

Data Feeds

Threat Intelligence Partners

Infrastructure Partners

Apple Configuration Profile

Translations

Known Issues