Farsight DNSDB
Farsight Security DNSDB is the world's largest DNS intelligence database that provides a fact-based view of the configuration of the global Internet infrastructure. DNSDB leverages Farsight's Security Information Exchange (SIE) data-sharing platform and is engineered and operated by leading DNS experts. Farsight collects, filters, and verifies Passive DNS data from its global sensor array. DNSDB is the highest-quality and most comprehensive DNS intelligence data service of its kind.
This connector is available in the following products and regions:
| Service | Class | Regions |
|---|---|---|
| Logic Apps | Standard | All Logic Apps regions except the following: - Azure Government regions - Azure China regions - US Department of Defense (DoD) |
| Power Automate | Premium | All Power Automate regions except the following: - US Government (GCC) - US Government (GCC High) - China Cloud operated by 21Vianet - US Department of Defense (DoD) |
| Power Apps | Premium | All Power Apps regions except the following: - US Government (GCC) - US Government (GCC High) - China Cloud operated by 21Vianet - US Department of Defense (DoD) |
| Contact | |
|---|---|
| Name | Farsight Security Technical Support |
| URL | https://service.farsightsecurity.com/ |
| support@farsightsecurity.com |
| Connector Metadata | |
|---|---|
| Publisher | Farsight Security |
| Website | https://www.farsightsecurity.com/ |
| Privacy policy | https://www.farsightsecurity.com/privacy-policy/ |
| Categories | Security;Data |
Pre-requisites
You will need the following to proceed:
- A Microsoft Power Apps or Power Automate plan with custom connector feature
- An Azure subscription
- Farsight DNSDB API Key
How to get credentials
Register for a free API key at https://www.farsightsecurity.com/solutions/dnsdb/ .
Support:
For all the support requests and general queries you can contact support@farsightsecurity.com or contact us
Creating a connection
The connector supports the following authentication types:
| Default | Parameters for creating connection. | All regions | Not shareable |
Default
Applicable: All regions
Parameters for creating connection.
This is not shareable connection. If the power app is shared with another user, another user will be prompted to create new connection explicitly.
| Name | Type | Description | Required |
|---|---|---|---|
| Farsight DNSDB API Key | securestring | The Farsight DNSDB API Key for this api | True |
Throttling Limits
| Name | Calls | Renewal Period |
|---|---|---|
| API calls per connection | 100 | 60 seconds |
Actions
| Flexible Search |
Flexible Search adds both Regular Expressions and Globbing support to the DNSDB API to expand the types of search queries and add more control to searches. |
| Ping |
This request is for end to end connectivity tests to the DNSDB API endpoint, letting you know that there are no firewall blockages. This request does not require an API key. It returns just a JSON object {'ping': 'ok'}. |
| RData Lookup |
The RData lookup queries DNSDB's Rdata index, which supports inverse lookups based on Rdata record values. |
| RData Lookup with RRType |
The RData lookup queries DNSDB's Rdata index, which supports inverse lookups based on Rdata record values. |
| RRSet Lookup |
The RRSet lookup queries DNSDB's RRset index, which supports forward lookups based on the owner name of an RRset. |
| RRSet Lookup with RRType |
The RRSet lookup queries DNSDB's RRset index, which supports forward lookups based on the owner name of an RRset. |
| RRSet Lookup with RRType and Bailiwick |
The RRSet lookup queries DNSDB's RRset index, which supports forward lookups based on the owner name of an RRset. |
| Service Limits |
Retrieve service limits |
Flexible Search
Flexible Search adds both Regular Expressions and Globbing support to the DNSDB API to expand the types of search queries and add more control to searches.
Parameters
| Name | Key | Required | Type | Description |
|---|---|---|---|---|
|
method
|
method | True | string |
flex search method (regex - regular expression search, glob - full wildcarding) |
|
key
|
key | True | string |
search key |
|
value
|
value | True | string |
Query value |
|
time_first_before (Unix/Epoch time)
|
time_first_before | number |
Provide results before the defined timestamp for when the DNS record was first observed. For example, the URL parameter 'time_first_before=1420070400' will only provide matching DNS records that were first observed before (or older than) January 1, 2015. |
|
|
time_first_after (Unix/Epoch time)
|
time_first_after | number |
Provide results after the defined timestamp for when the DNS record was first observed. For example, the URL parameter 'time_first_after=-31536000' will only provide results that were first observed within the last year. |
|
|
time_last_before (Unix/Epoch time)
|
time_last_before | number |
Provide results before the defined timestamp for when the DNS record was last observed. For example, the URL parameter 'time_last_before=1356998400' will only provide results for DNS records that were last observed before 2013. |
|
|
time_last_after (Unix/Epoch time)
|
time_last_after | number |
Provide results after the defined timestamp for when the DNS record was last observed. For example, the URL parameter 'time_last_after=-2678400' will only provide results that were last observed after 31 days ago. |
|
|
limit
|
limit | number |
Limit for the number of results returned via these lookup methods. There is a built-in limit to the number of results that are returned via these lookup methods. The default limit is set at 10,000. This limit can be raised or lowered by setting the 'limit' query parameter. There is also a maximum number of results allowed; requesting a limit greater than the maximum will only return the maximum. See results_max below for information on that maximum. If '?limit=0' is used then DNSDB will return the maximum number of results allowed. If there are less results for the query than the requested limit, only the actual amount can be returned. |
|
|
exclude
|
exclude | string |
The 'exclude' parameter is used to exclude (i.e. filter-out) results that match it. It is described below this table. |
|
|
offset
|
offset | number |
How many rows to offset (e.g. skip) in the results. This implements an incremental result transfer feature, allowing you to view more of the available results for a single query. The rows are offset prior to the limit parameter being applied, therefore offset allows seeing additional results past a limit that matches the maximum number of results. Note that DNSDB recalculates the results for each query and the order of results might not be preserved. Therefore, this capability is not a valid way to walk all results over multiple queries - some results might be missing and some might be duplicated. The actual offset that can be used is limited or for certain API keys, offset is not allowed - see the offset_max rate_limit key below. The offset value must be a positive integer. The default is 0, which means do not offset the rows. |
Returns
- response
- array of Flex_Results
Ping
This request is for end to end connectivity tests to the DNSDB API endpoint, letting you know that there are no firewall blockages. This request does not require an API key. It returns just a JSON object {'ping': 'ok'}.
Returns
| Name | Path | Type | Description |
|---|---|---|---|
|
ping
|
ping | string |
ping |
RData Lookup
The RData lookup queries DNSDB's Rdata index, which supports inverse lookups based on Rdata record values.
Parameters
| Name | Key | Required | Type | Description |
|---|---|---|---|---|
|
type
|
type | True | string |
Query type(name, raw) name: The VALUE is a DNS domain name in presentation format, or a left-hand ('c.example.com') or right-hand ('www.example.') wildcard domain name. Note that left-hand wildcard queries are somewhat more expensive than right-hand wildcard queries.,ip: The VALUE is one of an IPv4 or IPv6 single address, with a prefix length, or with an address range. If a prefix is provided, the delimiter between the network address and prefix length is a single comma (',') character rather than the usual slash ('/') character to avoid clashing with the HTTP URI path name separator., raw: The VALUE is an even number of hexadecimal digits specifying a raw octet string. |
|
value
|
value | True | string |
Query value |
|
time_first_before (Unix/Epoch time)
|
time_first_before | number |
Provide results before the defined timestamp for when the DNS record was first observed. For example, the URL parameter 'time_first_before=1420070400' will only provide matching DNS records that were first observed before (or older than) January 1, 2015. |
|
|
time_first_after (Unix/Epoch time)
|
time_first_after | number |
Provide results after the defined timestamp for when the DNS record was first observed. For example, the URL parameter 'time_first_after=-31536000' will only provide results that were first observed within the last year. |
|
|
time_last_before (Unix/Epoch time)
|
time_last_before | number |
Provide results before the defined timestamp for when the DNS record was last observed. For example, the URL parameter 'time_last_before=1356998400' will only provide results for DNS records that were last observed before 2013. |
|
|
time_last_after (Unix/Epoch time)
|
time_last_after | number |
Provide results after the defined timestamp for when the DNS record was last observed. For example, the URL parameter 'time_last_after=-2678400' will only provide results that were last observed after 31 days ago. |
|
|
limit
|
limit | number |
Limit for the number of results returned via these lookup methods. There is a built-in limit to the number of results that are returned via these lookup methods. The default limit is set at 10,000. This limit can be raised or lowered by setting the 'limit' query parameter. There is also a maximum number of results allowed; requesting a limit greater than the maximum will only return the maximum. See results_max below for information on that maximum. If '?limit=0' is used then DNSDB will return the maximum number of results allowed. If there are less results for the query than the requested limit, only the actual amount can be returned. |
|
|
aggr
|
aggr | boolean |
Aggregated results group identical rrsets across all time periods and is the classic behavior from querying the DNSDB. This means you could get the total number of times an rrset has been observed, but not when it was observed. Unaggregated results ungroup identical rrsets, allowing you to see how the domain name was resolved in the DNS across the full-time range covered in DNSDB (subject to time fencing). This can give a more accurate impression of record request volume across time because it will reveal the distinct timestamps of records whose values are repeated. You can answer questions like, 'Was a domain parked for a long time, mostly unused, until it was repurposed for serving malware or relaying spam, but then was abandoned again?' It allows you to see if a record was observed heavily in the last week vs. having been observed constantly for years. This is a boolean value. Use True, the default, for the aggregated results or False for unaggregated results. |
|
|
humantime
|
humantime | boolean |
A boolean value that is True if time values (in time_first, time_last, zone_time_first, zone_time_last) should be returned in human readable (RFC3339 compliant) format or False if Unix-style time values in seconds since the epoch should be returned. False is the classic behavior from querying the DNSDB and is the default value for this option. |
|
|
offset
|
offset | number |
How many rows to offset (e.g. skip) in the results. This implements an incremental result transfer feature, allowing you to view more of the available results for a single query. The rows are offset prior to the limit parameter being applied, therefore offset allows seeing additional results past a limit that matches the maximum number of results. Note that DNSDB recalculates the results for each query and the order of results might not be preserved. Therefore, this capability is not a valid way to walk all results over multiple queries - some results might be missing and some might be duplicated. The actual offset that can be used is limited or for certain API keys, offset is not allowed - see the offset_max rate_limit key below. The offset value must be a positive integer. The default is 0, which means do not offset the rows. |
Returns
- response
- array of RData_Results
RData Lookup with RRType
The RData lookup queries DNSDB's Rdata index, which supports inverse lookups based on Rdata record values.
Parameters
| Name | Key | Required | Type | Description |
|---|---|---|---|---|
|
type
|
type | True | string |
Query type(name, raw) name: The VALUE is a DNS domain name in presentation format, or a left-hand ('c.example.com') or right-hand ('www.example.') wildcard domain name. Note that left-hand wildcard queries are somewhat more expensive than right-hand wildcard queries.,ip: The VALUE is one of an IPv4 or IPv6 single address, with a prefix length, or with an address range. If a prefix is provided, the delimiter between the network address and prefix length is a single comma (',') character rather than the usual slash ('/') character to avoid clashing with the HTTP URI path name separator., raw: The VALUE is an even number of hexadecimal digits specifying a raw octet string. |
|
value
|
value | True | string |
Query value |
|
rrtype
|
rrtype | True | string |
Query rrtype |
|
time_first_before (Unix/Epoch time)
|
time_first_before | number |
Provide results before the defined timestamp for when the DNS record was first observed. For example, the URL parameter 'time_first_before=1420070400' will only provide matching DNS records that were first observed before (or older than) January 1, 2015. |
|
|
time_first_after (Unix/Epoch time)
|
time_first_after | number |
Provide results after the defined timestamp for when the DNS record was first observed. For example, the URL parameter 'time_first_after=-31536000' will only provide results that were first observed within the last year. |
|
|
time_last_before (Unix/Epoch time)
|
time_last_before | number |
Provide results before the defined timestamp for when the DNS record was last observed. For example, the URL parameter 'time_last_before=1356998400' will only provide results for DNS records that were last observed before 2013. |
|
|
time_last_after (Unix/Epoch time)
|
time_last_after | number |
Provide results after the defined timestamp for when the DNS record was last observed. For example, the URL parameter 'time_last_after=-2678400' will only provide results that were last observed after 31 days ago. |
|
|
limit
|
limit | number |
Limit for the number of results returned via these lookup methods. There is a built-in limit to the number of results that are returned via these lookup methods. The default limit is set at 10,000. This limit can be raised or lowered by setting the 'limit' query parameter. There is also a maximum number of results allowed; requesting a limit greater than the maximum will only return the maximum. See results_max below for information on that maximum. If '?limit=0' is used then DNSDB will return the maximum number of results allowed. If there are less results for the query than the requested limit, only the actual amount can be returned. |
|
|
aggr
|
aggr | boolean |
Aggregated results group identical rrsets across all time periods and is the classic behavior from querying the DNSDB. This means you could get the total number of times an rrset has been observed, but not when it was observed. Unaggregated results ungroup identical rrsets, allowing you to see how the domain name was resolved in the DNS across the full-time range covered in DNSDB (subject to time fencing). This can give a more accurate impression of record request volume across time because it will reveal the distinct timestamps of records whose values are repeated. You can answer questions like, 'Was a domain parked for a long time, mostly unused, until it was repurposed for serving malware or relaying spam, but then was abandoned again?' It allows you to see if a record was observed heavily in the last week vs. having been observed constantly for years. This is a boolean value. Use True, the default, for the aggregated results or False for unaggregated results. |
|
|
humantime
|
humantime | boolean |
A boolean value that is True if time values (in time_first, time_last, zone_time_first, zone_time_last) should be returned in human readable (RFC3339 compliant) format or False if Unix-style time values in seconds since the epoch should be returned. False is the classic behavior from querying the DNSDB and is the default value for this option. |
|
|
offset
|
offset | number |
How many rows to offset (e.g. skip) in the results. This implements an incremental result transfer feature, allowing you to view more of the available results for a single query. The rows are offset prior to the limit parameter being applied, therefore offset allows seeing additional results past a limit that matches the maximum number of results. Note that DNSDB recalculates the results for each query and the order of results might not be preserved. Therefore, this capability is not a valid way to walk all results over multiple queries - some results might be missing and some might be duplicated. The actual offset that can be used is limited or for certain API keys, offset is not allowed - see the offset_max rate_limit key below. The offset value must be a positive integer. The default is 0, which means do not offset the rows. |
Returns
- response
- array of RData_Results
RRSet Lookup
The RRSet lookup queries DNSDB's RRset index, which supports forward lookups based on the owner name of an RRset.
Parameters
| Name | Key | Required | Type | Description |
|---|---|---|---|---|
|
type
|
type | True | string |
Query type(name, raw) name: The VALUE is a DNS owner name in presentation format or wildcards as described below. We sometimes call this just an rrset search, raw: The VALUE is an even number of hexadecimal digits specifying a raw octet string. |
|
value
|
value | True | string |
Query value |
|
time_first_before (Unix/Epoch time)
|
time_first_before | number |
Provide results before the defined timestamp for when the DNS record was first observed. For example, the URL parameter 'time_first_before=1420070400' will only provide matching DNS records that were first observed before (or older than) January 1, 2015. |
|
|
time_first_after (Unix/Epoch time)
|
time_first_after | number |
Provide results after the defined timestamp for when the DNS record was first observed. For example, the URL parameter 'time_first_after=-31536000' will only provide results that were first observed within the last year. |
|
|
time_last_before (Unix/Epoch time)
|
time_last_before | number |
Provide results before the defined timestamp for when the DNS record was last observed. For example, the URL parameter 'time_last_before=1356998400' will only provide results for DNS records that were last observed before 2013. |
|
|
time_last_after (Unix/Epoch time)
|
time_last_after | number |
Provide results after the defined timestamp for when the DNS record was last observed. For example, the URL parameter 'time_last_after=-2678400' will only provide results that were last observed after 31 days ago. |
|
|
limit
|
limit | number |
Limit for the number of results returned via these lookup methods. There is a built-in limit to the number of results that are returned via these lookup methods. The default limit is set at 10,000. This limit can be raised or lowered by setting the 'limit' query parameter. There is also a maximum number of results allowed; requesting a limit greater than the maximum will only return the maximum. See results_max below for information on that maximum. If '?limit=0' is used then DNSDB will return the maximum number of results allowed. If there are less results for the query than the requested limit, only the actual amount can be returned. |
|
|
aggr
|
aggr | boolean |
Aggregated results group identical rrsets across all time periods and is the classic behavior from querying the DNSDB. This means you could get the total number of times an rrset has been observed, but not when it was observed. Unaggregated results ungroup identical rrsets, allowing you to see how the domain name was resolved in the DNS across the full-time range covered in DNSDB (subject to time fencing). This can give a more accurate impression of record request volume across time because it will reveal the distinct timestamps of records whose values are repeated. You can answer questions like, 'Was a domain parked for a long time, mostly unused, until it was repurposed for serving malware or relaying spam, but then was abandoned again?' It allows you to see if a record was observed heavily in the last week vs. having been observed constantly for years. This is a boolean value. Use True, the default, for the aggregated results or False for unaggregated results. |
|
|
humantime
|
humantime | boolean |
A boolean value that is True if time values (in time_first, time_last, zone_time_first, zone_time_last) should be returned in human readable (RFC3339 compliant) format or False if Unix-style time values in seconds since the epoch should be returned. False is the classic behavior from querying the DNSDB and is the default value for this option. |
|
|
offset
|
offset | number |
How many rows to offset (e.g. skip) in the results. This implements an incremental result transfer feature, allowing you to view more of the available results for a single query. The rows are offset prior to the limit parameter being applied, therefore offset allows seeing additional results past a limit that matches the maximum number of results. Note that DNSDB recalculates the results for each query and the order of results might not be preserved. Therefore, this capability is not a valid way to walk all results over multiple queries - some results might be missing and some might be duplicated. The actual offset that can be used is limited or for certain API keys, offset is not allowed - see the offset_max rate_limit key below. The offset value must be a positive integer. The default is 0, which means do not offset the rows. |
Returns
- response
- array of RRSet_Results
RRSet Lookup with RRType
The RRSet lookup queries DNSDB's RRset index, which supports forward lookups based on the owner name of an RRset.
Parameters
| Name | Key | Required | Type | Description |
|---|---|---|---|---|
|
type
|
type | True | string |
Query type(name, raw) name: The VALUE is a DNS owner name in presentation format or wildcards as described below. We sometimes call this just an rrset search, raw: The VALUE is an even number of hexadecimal digits specifying a raw octet string. |
|
value
|
value | True | string |
Query value |
|
rrtype
|
rrtype | True | string |
Query rrtype |
|
time_first_before (Unix/Epoch time)
|
time_first_before | number |
Provide results before the defined timestamp for when the DNS record was first observed. For example, the URL parameter 'time_first_before=1420070400' will only provide matching DNS records that were first observed before (or older than) January 1, 2015. |
|
|
time_first_after (Unix/Epoch time)
|
time_first_after | number |
Provide results after the defined timestamp for when the DNS record was first observed. For example, the URL parameter 'time_first_after=-31536000' will only provide results that were first observed within the last year. |
|
|
time_last_before (Unix/Epoch time)
|
time_last_before | number |
Provide results before the defined timestamp for when the DNS record was last observed. For example, the URL parameter 'time_last_before=1356998400' will only provide results for DNS records that were last observed before 2013. |
|
|
time_last_after (Unix/Epoch time)
|
time_last_after | number |
Provide results after the defined timestamp for when the DNS record was last observed. For example, the URL parameter 'time_last_after=-2678400' will only provide results that were last observed after 31 days ago. |
|
|
limit
|
limit | number |
Limit for the number of results returned via these lookup methods. There is a built-in limit to the number of results that are returned via these lookup methods. The default limit is set at 10,000. This limit can be raised or lowered by setting the 'limit' query parameter. There is also a maximum number of results allowed; requesting a limit greater than the maximum will only return the maximum. See results_max below for information on that maximum. If '?limit=0' is used then DNSDB will return the maximum number of results allowed. If there are less results for the query than the requested limit, only the actual amount can be returned. |
|
|
aggr
|
aggr | boolean |
Aggregated results group identical rrsets across all time periods and is the classic behavior from querying the DNSDB. This means you could get the total number of times an rrset has been observed, but not when it was observed. Unaggregated results ungroup identical rrsets, allowing you to see how the domain name was resolved in the DNS across the full-time range covered in DNSDB (subject to time fencing). This can give a more accurate impression of record request volume across time because it will reveal the distinct timestamps of records whose values are repeated. You can answer questions like, 'Was a domain parked for a long time, mostly unused, until it was repurposed for serving malware or relaying spam, but then was abandoned again?' It allows you to see if a record was observed heavily in the last week vs. having been observed constantly for years. This is a boolean value. Use True, the default, for the aggregated results or False for unaggregated results. |
|
|
humantime
|
humantime | boolean |
A boolean value that is True if time values (in time_first, time_last, zone_time_first, zone_time_last) should be returned in human readable (RFC3339 compliant) format or False if Unix-style time values in seconds since the epoch should be returned. False is the classic behavior from querying the DNSDB and is the default value for this option. |
|
|
offset
|
offset | number |
How many rows to offset (e.g. skip) in the results. This implements an incremental result transfer feature, allowing you to view more of the available results for a single query. The rows are offset prior to the limit parameter being applied, therefore offset allows seeing additional results past a limit that matches the maximum number of results. Note that DNSDB recalculates the results for each query and the order of results might not be preserved. Therefore, this capability is not a valid way to walk all results over multiple queries - some results might be missing and some might be duplicated. The actual offset that can be used is limited or for certain API keys, offset is not allowed - see the offset_max rate_limit key below. The offset value must be a positive integer. The default is 0, which means do not offset the rows. |
Returns
- response
- array of RRSet_Results
RRSet Lookup with RRType and Bailiwick
The RRSet lookup queries DNSDB's RRset index, which supports forward lookups based on the owner name of an RRset.
Parameters
| Name | Key | Required | Type | Description |
|---|---|---|---|---|
|
type
|
type | True | string |
Query type(name, raw) name: The VALUE is a DNS owner name in presentation format or wildcards as described below. We sometimes call this just an rrset search, raw: The VALUE is an even number of hexadecimal digits specifying a raw octet string. |
|
value
|
value | True | string |
Query value |
|
rrtype
|
rrtype | True | string |
Query rrtype |
|
bailiwick
|
bailiwick | True | string |
Query bailiwick |
|
time_first_before (Unix/Epoch time)
|
time_first_before | number |
Provide results before the defined timestamp for when the DNS record was first observed. For example, the URL parameter 'time_first_before=1420070400' will only provide matching DNS records that were first observed before (or older than) January 1, 2015. |
|
|
time_first_after (Unix/Epoch time)
|
time_first_after | number |
Provide results after the defined timestamp for when the DNS record was first observed. For example, the URL parameter 'time_first_after=-31536000' will only provide results that were first observed within the last year. |
|
|
time_last_before (Unix/Epoch time)
|
time_last_before | number |
Provide results before the defined timestamp for when the DNS record was last observed. For example, the URL parameter 'time_last_before=1356998400' will only provide results for DNS records that were last observed before 2013. |
|
|
time_last_after (Unix/Epoch time)
|
time_last_after | number |
Provide results after the defined timestamp for when the DNS record was last observed. For example, the URL parameter 'time_last_after=-2678400' will only provide results that were last observed after 31 days ago. |
|
|
limit
|
limit | number |
Limit for the number of results returned via these lookup methods. There is a built-in limit to the number of results that are returned via these lookup methods. The default limit is set at 10,000. This limit can be raised or lowered by setting the 'limit' query parameter. There is also a maximum number of results allowed; requesting a limit greater than the maximum will only return the maximum. See results_max below for information on that maximum. If '?limit=0' is used then DNSDB will return the maximum number of results allowed. If there are less results for the query than the requested limit, only the actual amount can be returned. |
|
|
aggr
|
aggr | boolean |
Aggregated results group identical rrsets across all time periods and is the classic behavior from querying the DNSDB. This means you could get the total number of times an rrset has been observed, but not when it was observed. Unaggregated results ungroup identical rrsets, allowing you to see how the domain name was resolved in the DNS across the full-time range covered in DNSDB (subject to time fencing). This can give a more accurate impression of record request volume across time because it will reveal the distinct timestamps of records whose values are repeated. You can answer questions like, 'Was a domain parked for a long time, mostly unused, until it was repurposed for serving malware or relaying spam, but then was abandoned again?' It allows you to see if a record was observed heavily in the last week vs. having been observed constantly for years. This is a boolean value. Use True, the default, for the aggregated results or False for unaggregated results. |
|
|
humantime
|
humantime | boolean |
A boolean value that is True if time values (in time_first, time_last, zone_time_first, zone_time_last) should be returned in human readable (RFC3339 compliant) format or False if Unix-style time values in seconds since the epoch should be returned. False is the classic behavior from querying the DNSDB and is the default value for this option. |
|
|
offset
|
offset | number |
How many rows to offset (e.g. skip) in the results. This implements an incremental result transfer feature, allowing you to view more of the available results for a single query. The rows are offset prior to the limit parameter being applied, therefore offset allows seeing additional results past a limit that matches the maximum number of results. Note that DNSDB recalculates the results for each query and the order of results might not be preserved. Therefore, this capability is not a valid way to walk all results over multiple queries - some results might be missing and some might be duplicated. The actual offset that can be used is limited or for certain API keys, offset is not allowed - see the offset_max rate_limit key below. The offset value must be a positive integer. The default is 0, which means do not offset the rows. |
Returns
- response
- array of RRSet_Results
Service Limits
Definitions
RRSet_Results
| Name | Path | Type | Description |
|---|---|---|---|
|
Count
|
count | number |
The number of times the RRset was observed via passive DNS replication. |
|
Time First
|
time_first | number |
The first time that the RRset was observed. |
|
Time Last
|
time_last | number |
The most recent time that the RRset was observed. |
|
Zone Time First
|
zone_time_first | number |
The first time that the RRset was observed via zone file import. |
|
Zone Time Last
|
zone_time_last | number |
The last time that the RRset was observed via zone file import. |
|
RRName
|
rrname | string |
The owner name of the RRset in DNS presentation format. |
|
RRType
|
rrtype | string |
The resource record type of the RRset, either using the standard DNS type mnemonic, or an RFC 3597 generic type, i.e. the string TYPE immediately followed by the decimal RRtype number. |
|
Bailiwick
|
bailiwick | string |
The closest enclosing zone delegated to a nameserver which served the RRset, or the name of the zone containing the RRset if FromZoneFile is True. |
|
RData
|
rdata | array of string |
An array of one or more Rdata values. The Rdata values are converted to the standard presentation format based on the rrtype value. If the encoder lacks a type-specific presentation format for the RRset's rrtype, then the RFC 3597 generic Rdata encoding will be used. |
RData_Results
| Name | Path | Type | Description |
|---|---|---|---|
|
Count
|
count | number |
The number of times the resource record was observed via passive DNS replication. |
|
Time First
|
time_first | number |
The first time that the resource record was observed. |
|
Time Last
|
time_last | number |
The most recent time that the resource record was observed. |
|
Zone Time First
|
zone_time_first | number |
The first time that the resource record was observed via zone file import. |
|
Zone Time Last
|
zone_time_last | number |
The last time that the resource record was observed via zone file import. |
|
RRName
|
rrname | string |
The owner name of the resource record in DNS presentation format. |
|
RRType
|
rrtype | string |
The resource record type of the resource record, either using the standard DNS type mnemonic, or an RFC 3597 generic type, i.e. the string TYPE immediately followed by the decimal RRtype number. |
|
RData
|
rdata | array of string |
The record data value. The Rdata value is converted to the standard presentation format based on the rrtype value. If the encoder lacks a type-specific presentation format for the resource record's type, then the RFC 3597 generic Rdata encoding will be used. |
Flex_Results
| Name | Path | Type | Description |
|---|---|---|---|
|
RData
|
rdata | string |
The record data value. |
|
RRName
|
rrname | string |
The owner name of the RRset in DNS presentation format. |
|
RRType
|
rrtype | string |
The resource record type of the RRset/resource record, either using the standard DNS type mnemonic, or an RFC 3597 generic type, i.e. the string TYPE immediately followed by the decimal RRtype number. |
|
RAW_RDATA
|
raw_rdata | string |
The record data value as pairs of hex digits specifying a raw octet string. This value is used for pivoting from flexible search into standard search to get more details on rdata. |
RateLimit_Results
| Name | Path | Type | Description |
|---|---|---|---|
|
Limit
|
limit | number |
The maximum number of API lookups that may be performed. This is the initial quota. |
|
Remaining
|
remaining | number |
For time-based quotas: the remaining number of API lookups that may be performed until the reset time.For block-based quotas: the remaining number of API lookups in the block quota. |
|
Reset
|
reset | number |
For time-based quotas: UNIX epoch timestamp with second granularity indicating the next point in time when the quota limit will be reset. Usually this is at 00:00 (midnight) UTC.For block-based quotas: the value will be 'n/a' |
|
Expires
|
expires | number |
Only present for block-based quota: UNIX epoch timestamp with second granularity indicating when the quota will expire. |
|
ResultsMax
|
results_max | number |
Returns the maximum number of results that can be returned by these lookup methods. This overrides a 'limit' query parameter if provided. For example, if '?limit=20000' is appended to the URL path but results_max=1000 then only up to 1000 results will be returned. |
|
OffsetMax
|
offset_max | number |
The maximum value that the offset query parameter can be. If it is higher then an HTTP 416 'Requested Range Not Satisfiable' response code will be returned with message 'Error: offset value greater than maximum allowed.' If the value is 'n/a' then the offset parameter is not allowed for this API key, and similar 416 error will be generated. |
|
BurstSize
|
burst_size | number |
The maximum number of API lookups that may be performed within this burst_window number of seconds. |
|
BurstWindow
|
burst_window | number |
The number of seconds over which a burst of queries is measured. |