Threat Intelligence Partners
Feeds
Threat Intelligence Partners
Feeds
As a threat intelligence partner, you will be providing a list of malicious domains to block
Formats
We support any of the following formats:
- newline-delimited list
- CSV
- JSON
For CSV and JSON, we support custom schemas.
Delivery methods
Pull
We support pulling your feed(s) over HTTP.
We fetch feeds from a static IP address (if IP-based access restrictions are in place).
We send conditional requests when supported to avoid unnecessary traffic.
Push
You can push your feed(s) directly to us using the following command:
curl https://api.dns0.eu/feeds/{id} \
-H "Authorization: Bearer 7a8c94bb5c6c22f24861abfaf3b42a59" \
-T /local/path/to/feed.txt
We also support standard HTTP PUT requests with the content of the file as
body.
Additional notes
- We handle feeds in a stateless fashion — the domains listed in the latest pulled or pushed version of your feed(s) are the ones we block, everything before that is discarded.
- Our infrastructure can very rapidly enact changes to feeds on dns0.eu. We can check and apply changes as often as every minute when pulling, and instantly when pushing.
- Feeds are fetched and processed securely and only deployed to our DNS nodes in the form of hashes. They are never to be used for anything else.
- We do not alter feeds — all domains included in the latest version of your feed(s) are blocked.
- We prefer using the format and delivery method that you use most often with your customers or partners, as it is usually the one best monitored and less prone to failures.