DNS History: Exploring Your Domain's Past by inspecting DNS trails

What insights can DNS history reveal about domain names? As the term suggests, this record tracks all modifications to a domain’s DNS settings over time, offering invaluable information for both security and strategy.

That’s why today we will explore the concept of DNS history, the type of DNS records involved, and the various tools you can use to access this information. With a focus on practical application, you’ll learn how to leverage DNS historical data to enhance domain management and competitive positioning.

Key Takeaways

• Examining DNS history can provide valuable insights into a domain’s evolution, user traffic, security risks, and can aid in troubleshooting potential disruptions.
• A variety of free and premium tools such as SecurityTrails, DNS Spy, and other tools offer detailed DNS record history and analytical capabilities useful for domain owners, IT professionals, and security experts.
• Historical DNS data is crucial for optimizing network performance, identifying security risks and emerging threats, conducting competitive analysis, and making informed decisions regarding domain infrastructure and investments.

What is DNS History?

DNS History catalogs and stores the evolution of domain names within the DNS, including their changes in IP addresses and settings, which is essential for cybersecurity analysis and domain tracking.

Benefits of historical DNS records

Examining DNS history provides a record of the changes and modifications made to a domain’s DNS settings over time. Web administrators and owners can leverage this insight to:

• Track their website’s traffic flow
• Ensure proper traffic direction after changes such as hosting service migrations
• Unmask patterns that signal security risks or unauthorized changes in domain ownership
• Tie previous configurations to malicious activities

The history of the domain name system (DNS) is akin to taking a journey through the lifespan of your domain and can provide valuable information for website management and security.

Several databases house a treasure trove of DNS changes, with some recording as far back as 2002. For instance, SecurityTrails has been diligently recording and has been at the top of the DNS information gathering game since mid-2008 and WhoISrequest since 2002. Together, these databases contain billions of DNS and WHOIS records, waiting to be explored.

The Importance of DNS Records

DNS records, the silent workhorses of the internet, quietly map domain names to IP addresses and aid in the resolution process for a multitude of services. The A records, for instance, map hostnames to a 32-bit IPv4 address and are the most commonly used DNS records, whereas AAAA records serve a similar purpose for the 128-bit IPv6 address space.

Other records like MX records list mail exchange servers that accept email for a domain, crucial for email routing. NS records delegate a DNS zone to use specific authoritative name servers for domain name resolution, and CNAME records alias one domain name to another, facilitating domain redirection. PTR records, on the other hand, map IP addresses back to domain names for verification or troubleshooting.

The analysis of these historical DNS records plays a significant role in DNS forensics, particularly in tracking the movements of cybercriminals.

Top Free Tools for Viewing DNS History

Having grasped the significance of DNS history, how can we gain access to it? Thankfully, several free tools facilitate researching new domains, checking for suspicious activities, and understanding your domain’s nameserver history. Some of these include:

• DNS Trails (now SecurityTrails)
• DNS Spy
• WhoISrequest
• Whoxy

Each of these tools offers unique features to retrieve and analyze historical DNS data, making them invaluable resources for any domain owner.

DNS Trails

DNS Trails (now owned by SecurityTrails), a top-tier tool for accessing DNS history, offers users:

• Access to a vast database of DNS records
• 50 API queries with a free account
• Historical DNS records with daily updates on domain data
• Custom data feeds for downloading both current and historical domain information

This tool is especially useful for those needing to track changes over time, such as monitoring updates in txt records.

Complete DNS

Complete DNS is yet another powerful tool that aids in comprehending domain history and monitoring changes over time. Its standout feature is the ability to offer a timeline of domain changes, which can be crucial for historical analysis. Users are provided with 100 free queries each month under Complete DNS’s free tier, allowing them to perform basic domain history checks without any cost.

For amplified user experience, they also offer a subscription plan with additional features.

WhoISrequest

WhoISrequest streamlines the task of evaluating DNS history. It allows users to access the service without the need to create an account, offering convenience at your fingertips. However, do note that the service is limited to 5 lookups within a certain timeframe, restricting the volume of data that can be retrieved in a short period.

ViewDNS .info

Rounding off the list of top free dns history tools for viewing DNS history is ViewDNS .info. It is a simple online tool that offers the following features:

• DNS history viewing
• Reverse IP Lookup
• IP History
• DNS and Whois lookups

Its user-friendly interface allows you to perform these tasks without needing to log in.

Besides, it also provides a Port Scanner, Traceroute tool, and DNSSEC Test for comprehensive network information queries, all without requiring an account.

Paid DNS History Services

SecurityTrails DNS History API

The SecurityTrails DNS History API endpoint is a part of the SecurityTrails API , designed to offer comprehensive historical information on DNS records for a given hostname. This service enables the retrieval of past DNS data for various record types, along with statistics such as the count of specific resources compared to current data.

SecurityTrails provides the following features:

• Comprehensive Historical Data: Access detailed historical DNS information for any hostname, including record types and statistics.
• Rich Data Enrichment: Offers data enrichment for applications requiring IP, DNS, WHOIS, and company data, perfect for SIEM systems and security products.
• REST-based Access: Utilizes REST principles for data access, primarily through HTTP GET and POST methods, ensuring easy integration with various systems.
• Read-only API: Designed for fetching data without the capability to save information, ensuring data integrity and security.
• JSON Data Format: Exchanges data in JSON format for both requests and responses, facilitating easy data handling and integration​

The best thing about the SecurityTrails API, is that it can be used from almost any environment, with a simple curl request:

curl --request GET \

     --url https://api.securitytrails.com/v1/history/oracle.com/dns/a \
     --header 'accept: application/json'

DNS Spy

DNS Spy, an elite DNS monitoring service, offers the following features:

• Automates the detection and monitoring of DNS record changes
• Supports AXFR zone transfers for extensive DNS record coverage
• Focuses on preventing DNS-related downtime
• Maintains domain integrity through its backup capabilities allowing restoration from various formats.

DNS Spy provides the following features:

• Notifications for invalid or non-compliant DNS configurations
• Customizable alerts via email or Slack for specific changes in DNS records
• Assistance with monitoring DNS migrations to ensure smooth transitions with providers
• A dashboard for an overview of all monitored domains and their DNS health status.

Historical DNS Data Analysis Tips

Conducting regular audits of DNS configurations is vital to maintain their accuracy and currency, thereby helping to ward off potential performance and security issues.

Recovering lost DNS records with DNS Trails

Modern DevOps are not only responsible for developing and debugging your app, but also to manage your IT infrastructure and services, like the DNS servers along with their dns zones and records.

Managing domain names and their dns zones can be tricky sometimes, once you edit the DNS zone and changes are propagated there is no way back to know what value they had.

Let’s suppose you just needed to know the old IP, and the dns propagation was already made hours or days ago. You try to ping the DNS record and it already resolves to the new IP, same from all over the world… of course, it was changed yesterday and it is now fully propagated.

There is a fast way to know your old DNS Records using DNS Trails historical data, exactly the same as @jamesfmackenzie did for his site. He lost his DNS records and by simply using DNSTrails historical dns data, he was able to recover the records in just seconds:

How to perform a DNS History Lookup

No matter if you are investigating a potentially malicious domain, or if you need to recover your lost DNS records, the SecurityTrails DNS historical database can help. Just follow these steps:

• Open up securitytrails.com
• Enter your domain name
• Login with your username and password (get free account if you don’t have one)
• Move to the Historical Data block.

• Choose your DNS record type.

Your old and current DNS records values should be displayed and ordered by date on the right side, as you see below:

Identifying Security Risks

Having access to historical DNS data can be instrumental not only in finding DNS security issues, but also on the rest of your infrastructure, apps and services. Some of the key things you can use it for include:

• Evaluating cybersecurity threats
• Settling legal disputes
• Preventing disruptions to online services
• Conducting due diligence during mergers and acquisitions
• Visualize your past DNS attack surface

Another area where DNS intelligence proves essential is in monitoring emerging assets on your cloud infrastructure and the challenges companies face in keeping track of them. We covered this topic in our blog post 'The Cloud Has a Complicated Attack Surface Management'.

Investigating cyber crime

Cyber Crime Investigation uses historical DNS records to track down the path of domain names across different hosting providers and servers.

One of the best examples of this, are top leading investigations from private and public agencies, such as Krebsonsecurity, which in 2019 uncovered a series of Widespread DNS Hijacking Attacks with the help of DNS historical data.

Tracking Competitors

Keeping an eye on competitors’ DNS changes can reveal:

• Their new projects
• Possible updates to their technology infrastructure
• Changes in their subdomain structure, which can be indicative of their growth or the introduction of new products or services
• Investigating the IP addresses associated with their domain, which can reveal their hosting strategy and other entities they may be connected to.

Historical DNS data can unveil a competitor’s past hosting decisions, domain acquisition patterns, and SEO tactics which have contributed to their current market standing. By analyzing historical DNS information, businesses can gain valuable insights to inform their own strategies.

Summary

In this article we've explored what is DNS history, its benefits and main use cases, along with top free tools and paid services. From understanding the importance of regular DNS audits to uncovering security risks and competitor strategies, we have grasped the power that DNS history holds.

Taking DNS History to the Next Level

Recorded Future’s Attack Surface Intelligence offers the most comprehensive DNS historical database on the planet. Not only does it use this information to alert you about new domains and assets emerging in your cloud infrastructure, but it also notifies you when any new critical vulnerabilities and risks appear on any of them. Book your demo today!