DNS reconnaissance is fundamental to understanding the infrastructure behind any domain or IP address. Active DNS enumeration directly queries name servers to discover records, while passive DNS databases collect and archive DNS responses observed over time across large sensor networks — revealing historical records, infrastructure pivots, and hosting relationships without sending a single packet to the target. Passive DNS is especially powerful for threat intelligence: it can reveal when a malicious domain was first registered, what IP addresses it pointed to historically, and which other malicious domains shared the same infrastructure. Together, active and passive DNS techniques provide a comprehensive view of an organization’s — or adversary’s — internet footprint.Documentation Index
Fetch the complete documentation index at: https://mintlify.com/edoardottt/awesome-hacker-search-engines/llms.txt
Use this file to discover all available pages before exploring further.
DNSDumpster
DNS recon & research, find & lookup dns records — free and comprehensive.
Chaos
Enhance research and analyse changes around DNS for better insights — from ProjectDiscovery.
RapidDNS
DNS query tool which make querying subdomains or sites of a same IP easy.
DNSdb
Passive DNS historical database — the gold standard for passive DNS research by Farsight Security.
Omnisint
Reverse DNS lookup powered by a large passive DNS dataset.
HackerTarget
Collect information about IP Addresses, Networks, Web Pages and DNS records.
passivedns.mnemonic.no
Web interface for querying passive DNS data collected in Mnemonic’s malware lab.
ptrarchive.com
Over 230 billion reverse DNS entries from 2008 to the present.
dnshistory.org
Domain Name System Historical Record Archive.
DNSTwister
The anti-phishing domain name search engine and DNS monitoring service.
DNSviz
Tool for visualizing the status of a DNS zone — great for DNSSEC analysis.
C99.nl
Over 57 quality API’s and growing — includes DNS lookup tools.
wannabe1337.xyz
Online Tools including DNS research utilities.
DNSlytics
Find out everything about a domain name, IP address or provider.
dnsrepo.noc.org
DNS Database Repository Search.
DNSSpy
Monitor, validate and verify your DNS configurations.
ZETAlytics
Unrivalled geographic diversity and exclusive global network visibility in searchable datasets for cyber security analysts.
AskDNS
Lookup Connected Domain Names and IP Addresses.
360 PassiveDNS.CN
Biggest public available passive DNS database in China designed for security and research purposes.
MXtoolbox
All of your MX record, DNS, blacklist and SMTP diagnostics in one integrated tool.
NSLookup.io
Find all DNS records for a domain name using this online tool.
Robtex DNS Lookup
Get detailed information on the nameservers associated with a domain name.
DNSMap
Worldwide DNS Propagation Checker.
Validin
Massive collection of DNS records with free DNS history search.
dnslookup.pro
Advanced DNS Record Analysis & Troubleshooting.
ViewDNS.info
A web-based toolkit offering over 25 DNS and network intelligence tools for reconnaissance, diagnostics, and research.
dnsaudit.io
Find DNS misconfigurations, risks and security gaps.
DNS Enumeration Techniques & Passive DNS
Active DNS enumeration involves directly querying resolvers or performing zone transfers to discover all records associated with a domain — A, AAAA, MX, TXT, CNAME, NS, and SOA records each reveal different infrastructure details. DNS brute-forcing against common subdomain wordlists and permutation-based discovery can uncover hundreds of subdomains that would otherwise remain hidden. Passive DNS takes a fundamentally different approach: rather than querying targets directly, it collects DNS responses observed passively at large sensor networks — ISP resolvers, DNS sinkholes, and security research infrastructure. The result is a historical archive of who resolved what, when. This is invaluable for:- Threat investigation: tracing a malicious domain’s hosting history to find related infrastructure and pivot to new indicators
- Incident response: reconstructing what domains communicated with internal hosts during a breach window
- Typosquatting detection: monitoring for newly registered domains that impersonate your brand
- Infrastructure mapping: seeing all domains that have ever resolved to a given IP address