driftnet

Driftnet API

A comprehensive RESTful JSON API.

Getting StartedInternet ScansScan ContentOpen PortsDomain ScansForward DNSReverse DNSIP RegistrationsDomain RegistrationsCertificate TransparencyJARM FingerprintsFavicon Fingerprints
Getting StartedInternet ScansScan ContentOpen PortsDomain ScansForward DNSReverse DNSIP RegistrationsDomain RegistrationsCertificate TransparencyJARM FingerprintsFavicon Fingerprints

Reverse DNS

Overview

Reverse DNS lookups are lookups for DNS PTR (IP → host) records.

Driftnet collects forward-DNS lookups across the entire IPv4 space.

Forward Searching

For reverse-DNS data, a forward search goes from IP to hostname. Here are the PTR records for 8.8.8.8:

curl -s -H 'Authorization: Bearer <your-api-token>' \
     'https://api.driftnet.io/v1/domain/rdns?ip=8.8.8.8' \
  | jq . \
  | less -S
{
  "page": 0,
  "pages": 1,
  "result_count": 3,
  "results": [
    {
      "date": "2019-05-13",
      "id": "lFDEKgEJSjCwMN5mDRVc0A",
      "items": [
        {
          "context": "",
          "is_metadata": true,
          "type": "ip",
          "value": "8.8.8.8"
        },
        {
          "context": "dns-ns",
          "is_metadata": false,
          "type": "host",
          "value": "ns4.google.com"
        },
        {
          "context": "dns-ptr",
          "is_metadata": false,
          "type": "host",
          "value": "dns.google"
        }
      ]
    },
    ...

Other Searches

Reverse-searches of reverse-DNS data can be perfomed using the host= and nameserver= parameters. These work as described in the Forward DNS section. Summarization is also available, and works as described there.

To see only the most recent DNS lookup results, set the most_recent=true parameter.