driftnet

Driftnet API

A comprehensive RESTful JSON API.

Getting StartedInternet ScansScan ContentOpen PortsDomain ScansForward DNSDNS MX & TXTReverse DNSIP RegistrationsDomain RegistrationsCertificate TransparencyJARM FingerprintsFavicon Fingerprints
Getting StartedInternet ScansScan ContentOpen PortsDomain ScansForward DNSDNS MX & TXTReverse DNSIP RegistrationsDomain RegistrationsCertificate TransparencyJARM FingerprintsFavicon Fingerprints

Reverse DNS

Overview

Reverse DNS lookups are lookups for DNS PTR (IP → host) records.

Driftnet collects forward-DNS lookups across the entire IPv4 space.

Forward Searching

For reverse-DNS data, a forward search goes from IP to hostname. Here are the PTR records for 8.8.8.8:

curl -s -H 'Authorization: Bearer <your-api-token>' \
     'https://api.driftnet.io/v1/domain/rdns?ip=8.8.8.8' \
  | jq . \
  | less -S
{
  "page": 0,
  "pages": 1,
  "result_count": 3,
  "results": [
    {
      "date": "2019-05-13",
      "id": "lFDEKgEJSjCwMN5mDRVc0A",
      "items": [
        {
          "context": "",
          "is_metadata": true,
          "type": "ip",
          "value": "8.8.8.8"
        },
        {
          "context": "dns-ns",
          "is_metadata": false,
          "type": "host",
          "value": "ns4.google.com"
        },
        {
          "context": "dns-ptr",
          "is_metadata": false,
          "type": "host",
          "value": "dns.google"
        }
      ]
    },
    ...

Other Searches

Reverse-searches of reverse-DNS data can be perfomed using the host= and nameserver= parameters. These work as described in the Forward DNS section. Summarization is also available, and works as described there.

To see only the most recent DNS lookup results, set the most_recent=true parameter.