Sign in Get a demo

Every DNS observation for a domain, across years.

Pass a domain and a record type. Get back every DNS observation Deepinfo has on file. A, AAAA, MX, NS, TXT, CNAME, and SOA across the full historical window.

Talk to us Browse API docs
WHAT THIS API RETURNS

Multi-snapshot DNS state, for one FQDN.

The DNS History API returns every DNS observation Deepinfo has on file for a given FQDN and record type. Sources include passive DNS partnerships, active scanning, and certificate transparency cross-reference.

Each observation carries the record value, TTL, the observation timestamp, and the source surface. Pass the type parameter to scope to a single record type, or omit for all types.

Use this when one FQDN matters and the question is about how its DNS state moved over time. For corpus-scale historical analysis, use the Historical DNS Records bulk feed instead.

REQUEST

One endpoint, one required parameter.

Endpoint:

GET https://api.deepinfo.com/v1/analyze/dns-history/?domain={domain}&type={type}

Parameters:

Name In Type Required Description
domain query string Yes A fully qualified domain name such as www.acme.com.
type query string No DNS record type to scope: A, AAAA, MX, NS, TXT, CNAME, or SOA. Omit for all types.

Authentication is by API token in the request header. See docs.deepinfo.com for the full request reference.

SAMPLE RESPONSE

See what the API returns.

Real response structure for the Every DNS observation for a domain, across years endpoint. Field coverage may vary based on query parameters and data availability.

JSON RESPONSE
{
  "fqdn": "www.acme.com",
  "dn": "acme.com",
  "subdomain": "www",
  "records": [
    {"type": "A", "value": "203.0.113.42", "ttl": 3600, "observed_at": "2018-03-12T08:14:00Z", "source": "passive_dns"},
    {"type": "A", "value": "198.51.100.91", "ttl": 300, "observed_at": "2021-04-08T16:22:00Z", "source": "active_scan"},
    {"type": "A", "value": "192.0.2.18", "ttl": 300, "observed_at": "2024-09-14T04:00:00Z", "source": "passive_dns"}
  ]
}
STRUCTURED VIEW
Fields
Fqdn
www.acme.com
Dn
acme.com
Subdomain
www
Records
Count
3
First type
A
First value
203.0.113.42
First ttl
3600
First observed at
2018-03-12T08:14:00Z
First source
passive_dns

Sample response shown. Real responses depend on query parameters, data availability, and API version. Talk to us for full schema documentation.

USE CASES

Workflows this API plugs into directly.

Incident Investigation and Response

Resolve the IP that the FQDN pointed at on the day of the incident, not just today.

Read the use case

Threat Hunting

Trace adversary-infrastructure rotation across IPs, MX targets, or name servers over time.

Read the use case

Threat Intelligence Operations

Build CTI artifacts on the historical record, not just current state.

Read the use case

“Reconstructing a domain's DNS history during incident response now takes one query instead of cross-referencing two passive-DNS providers. The full record-type coverage including TXT and SOA lands in our IR runbooks directly.”

— IR Lead, Major Financial Services Firm
CONTINUE EXPLORING

Other history APIs.

API

Every Whois snapshot for a domain, across years.

Pass a domain.

See API
GET STARTED

Pull the full DNS history, for any FQDN.

We'll set up token access and walk through how teams plug this into IR and CTI workflows.

Talk to us Browse API docs