In the digital and intelligent era, the importance of global internet infrastructure data is increasingly prominent, serving as the foundation and support for the development of various application scenarios. Passive DNS data (pDNS), as an important component of global infrastructure data, can be used in scenarios such as network threat intelligence analysis, attack tracing, and malicious domain detection. It helps enterprises and organizations identify potential network attacks and threats, and take corresponding security measures.
Global Layout: Jointly Building an Internet Infrastructure Data Exchange Platform
DomainTools, a leading international provider of WHOIS data and other DNS configuration file data for enriching threat intelligence analysis, offers the Farsight DNSDB® product, which includes the most comprehensive DNS resolution data worldwide. Developed by Paul Vixie the primary designers of the DNS protocol and Chief Scientist of Fuxi Institution, this product serves hundreds of security companies and large corporations worldwide.
DomainTools, with the support of its global partners such as Farsight Security, Anomali, Cisco, has built an internet infrastructure data exchange platform, forming the most comprehensive real-time domain name infrastructure database globally. These data provide an internet view of the existence and changing patterns of the global network for security vendors security monitoring teams, and threat intelligence analysis teams. As the exclusive partner of Farsight Security's full product line (including DNSDB®) in China, Fuxi Institution provides Internet infrastructure data solutions for Chinese enterprises and organizations to protect users from threats.
Real-time and Rapid Sharing: Comprehensive and Objective Records of Global Network Behavior
DomainTools has deployed over 300 data collection nodes with large and medium-sized recursive DNS service operators worldwide. These nodes collect real-time query response packets between recursive DNS servers and authoritative DNS servers. After data processing, the data is aggregated into the passive DNS database. The database records over 100 billion domain resolution records since 2000, with over 200,000 unique DNS resolution records updated per second. It has accumulated the largest real-time and historical pDNS database, DNSDB®. These data not only comprehensively and objectively monitor current global network behavior but also record events and associations that have occurred on the internet over the past decades.
Shared Governance: Safeguarding Global Network Security
pDNS databases are one of the core foundational resources of the Internet and are widely used in various scenarios such as network security, big data analysis, network brand protection, fraud protection, and anti-phishing. They assist in tracing and associating relationship, real-time data monitoring, evaluation analysis, network asset mapping, database construction, and more, contributing to societal and economic development, benefiting various industries.
Firstly, the pDNS database objectively reflects the global internet access situation and, through data sharing, is able to identify, enrich and correlate all threat data sources. After the outbreak of theCOVID-19 pandemic in 2020, the pDNS database and its analytical tools played an important role in identifying network attack activities with the theme of the novel coronavirus. By associating phishing emails with their originators and locating them, the attribution was traced back to the APT organization Ocean Lotus, which launched attacks against China. This information sharing helps to enhance the global level of cybersecurity and protect different countries and regions from the threats of network attacks.
Secondly, the sharing of pDNS database brings about technological innovation. Security vendors, enterprises, and researchers can better utilize cutting-edge technologies such as big data and artificial intelligence to respond to network threats, thereby promoting development and innovation in related fields. Malicious activities often utilize new domains, but by filtering newly registered and activated domains through DNSDB®, malicious domains used in these activities can be quickly located, purifying the network environment. In order to help relevant organizations quickly discover illegal websites such as gambling and pornography, the technical team of Fuxi Institution has used DNSDB® to quickly locate newly activated domains and intercept them, effectively curbing the proliferation of illegal websites from the source.
Lastly, infrastructure data sharing significantly enhances enterprise competitiveness. Improving the level of network security enables better protection of internal information and customer data, enhancing customer trust in the enterprise. At the same time efficient handling of network threats can avoid losses caused by network attacks and enhance business continuity for enterprises.
In the future, DomainTools will collaborate with more global institutions and enterprises, striving to develop more data services and products to contribute to the construction of a secure, stable, and prosperous cyberspace.
The World Internet Conference (WIC) was established as an international organization on July 12, 2022, headquartered in Beijing, China. It was jointly initiated by Global System for Mobile Communication Association (GSMA), National Computer Network Emergency Response Technical Team/Coordination Center of China (CNCERT), China Internet Network Information Center (CNNIC), Alibaba Group, Tencent, and Zhijiang Lab.