Returned data

Each search on the Spamhaus Passive DNS API returns a structured object like the following:

{
    "error": false,
    "elapsed-ms": 1,
    "hits": 2,
    "records": [
        {
            "id": "76B92A16A9DD74A0BE1B1EFCDA6DD9B7",
            "rrname": "deteque.com",
            "rrclass": "IN",
            "rrtype": "A",
            "rdata": "199.168.88.50",
            "time_first": 1522330452,
            "time_last": 1522330722
        },
        {
            "id": "564274624602A0A87ABF9EA68909C940",
            "rrname": "deteque.com",
            "rrclass": "IN",
            "rrtype": "NS",
            "rdata": "auth1.deteque.com",
            "time_first": 1522330452,
            "time_last": 1522330722
        }
    ],
    "status": 200,
    "verbose": 0
}

• the error field can be true or false. If the query was successful, it is always false

• the elapsed-ms is proportional to the speed of the query. This information is provided to enable a rate limit method to slow the query rate if it becomes to frequent.

• the hits is an integer value indicating how many entries have been found, if any

• The records field is an array containing all the entries found.

• status mirrors the same value returned by the HTTP Status Code of the response.

• verbose shows if the “verbose” parameter was used in the request.

Each entry representing a DNS record contains the following information:

• id is a unique identifier for the record.

• rrname, rrtype, rrclass, rdata represent the single DNS record entry.

• time_last is the unix timestamp of the last time that this record was seen

• time_first (by default not shown) is the unix timestamp of the first time this record was first seen.