DNS data
Learn aboout how Validin collects and delivers gloal DNS data.
Validin’s DNS dataset provides internet-wide visibility into domain resolution state and change over time.
DNS data is collected using first-party, active resolution infrastructure operated by Validin and stored as historical, queryable records.
The dataset is designed to support analysis of infrastructure relationships, DNS changes, and long-term domain behaviour across the global DNS namespace.
Data collection model
Validin collects DNS data using first-party, active DNS resolution. Validin operates its own DNS infrastructure and does not rely on third-party resolvers, ISP telemetry, or passive traffic feeds.
For each query:
- Validin generates the DNS request
- Validin performs the resolution
- Validin records the response directly
NoteValidin functions as the requester, resolver, and observer. This avoids resolver caching artifacts and sampling bias introduced by customer-driven or ISP-based passive DNS sources.
Coverage scope
Validin maintains DNS visibility across a large portion of the global DNS namespace.
| Attribute | Value |
|---|---|
| Tracked FQDNs | ~5.9 billion |
| Collection model | Internet-wide enumeration |
| Resolver dependency | None |
| Traffic dependency | None |
Domain discovery is driven by continuous enumeration rather than observed query volume.
DNS record types collected
Validin enumerates and stores the following DNS record types:
| Record type | Description |
|---|---|
| A | IPv4 address mapping |
| AAAA | IPv6 address mapping |
| NS | Authoritative nameservers |
| PTR | Reverse DNS |
| MX | Mail exchange servers |
| TXT | Arbitrary text records |
| SOA | Zone authority metadata |
| SRV | Service location |
| CNAME | Canonical name aliases |
| CAA | Certificate authority authorization |
| HTTPS | HTTPS service bindings |
Each record is stored with timestamped state information.
Refresh cadence
DNS data is refreshed on a recurring schedule designed to capture both rapid infrastructure changes and longer-term configuration updates.
Refresh frequency varies by record type and observed activity to ensure consistent coverage across the dataset.
Forward DNS records
Forward resolution records are refreshed frequently to capture short-lived infrastructure.
| Record types | Refresh frequency |
|---|---|
| A, AAAA, NS (high-activity domains) | Up to 4 times per day |
| A, AAAA, NS (remaining domains) | At least once per day |
Approximately 350–400 million domains are refreshed four times daily based on activity and popularity signals.
Other DNS records
| Record types | Refresh frequency |
|---|---|
| MX, TXT, SOA, SRV, CNAME, CAA, HTTPS | Weekly |
NoteWeekly enumeration captures configuration changes that do not immediately affect resolution targets but are relevant for infrastructure analysis.
Historical DNS state
Validin maintains historical DNS state dating back to 2019 for forward DNS records.
Historical data includes:
- Previous record values
- First seen and last seen timestamps
- Concurrent changes across related records
This allows reconstruction of DNS state at a specific point in time.
Change tracking
DNS changes are recorded as individual observations over time:
| Change type | Description |
|---|---|
| Record added | New DNS value observed |
| Record removed | Previously observed value no longer present |
| Record updated | Value modification |
| Delegation changed | Nameserver changes |
Changes can be correlated across domains, IP addresses, and nameservers within defined time windows.
NoteTracking concurrent changes helps identify coordinated infrastructure updates.
Data access in the platform
DNS data is exposed as queryable historical data, including:
- Current DNS state
- Historical DNS timelines
- Change events
- Cross-domain infrastructure relationships
Although collection is active, data is accessed as a historical dataset.
Updated 27 days ago