API Documentation

Reverse DNS lookups are lookups for DNS PTR records. These are records which map from IP addresses (both v4 & v6) to hostnames. Driftnet collects forward-DNS lookups across the entire IPv4 space.

Forward and reverse DNS records are deployed independently by sysadmins, and there is no technical requirement which forces them to match. For example, at the time of writing, there are tens of thousands of different hostnames which all point at 1.1.1.1 in forward DNS. Meanwile, the reverse DNS record for that IP is one.one.one.one.

For reverse-DNS data, a forward search goes from IP to hostname. Here are the PTR records for 8.8.8.8:

curl -s -H 'Authorization: Bearer <your-api-token>' \
     'https://api.driftnet.io/v1/domain/rdns?ip=8.8.8.8' \
  | jq . \
  | less -S

{
  "page": 0,
  "pages": 1,
  "result_count": 3,
  "results": [
    {
      "date": "2019-05-13",
      "id": "lFDEKgEJSjCwMN5mDRVc0A",
      "items": [
        {
          "context": "",
          "is_metadata": true,
          "type": "ip",
          "value": "8.8.8.8"
        },
        {
          "context": "dns-ns",
          "is_metadata": false,
          "type": "host",
          "value": "ns4.google.com"
        },
        {
          "context": "dns-ptr",
          "is_metadata": false,
          "type": "host",
          "value": "dns.google"
        }
      ]
    },
    ...

Reverse-searches of reverse-DNS data can be perfomed using the host= and nameserver= parameters. These work as described in the Forward DNS section. Summarization is also available, and works as described there.

To see only the most recent DNS lookup results, set the most_recent=true parameter.