Returned data¶
Each search on the Spamhaus Passive DNS API returns a structured object like the following:
{
"error": false,
"elapsed-ms": 1,
"hits": 2,
"records": [
{
"id": "76B92A16A9DD74A0BE1B1EFCDA6DD9B7",
"rrname": "deteque.com",
"rrclass": "IN",
"rrtype": "A",
"rdata": "199.168.88.50",
"time_first": 1522330452,
"time_last": 1522330722
},
{
"id": "564274624602A0A87ABF9EA68909C940",
"rrname": "deteque.com",
"rrclass": "IN",
"rrtype": "NS",
"rdata": "auth1.deteque.com",
"time_first": 1522330452,
"time_last": 1522330722
}
],
"status": 200,
"verbose": 0
}
the
error
field can be true or false. If the query was successful, it is alwaysfalse
the
elapsed-ms
is proportional to the speed of the query. This information is provided to enable a rate limit method to slow the query rate if it becomes to frequent.the
hits
is an integer value indicating how many entries have been found, if anyThe
records
field is an array containing all the entries found.status
mirrors the same value returned by the HTTP Status Code of the response.verbose
shows if the “verbose” parameter was used in the request.
Each entry representing a DNS record contains the following information:
id
is a unique identifier for the record.rrname
,rrtype
,rrclass
,rdata
represent the single DNS record entry.time_last
is the unix timestamp of the last time that this record was seentime_first
(by default not shown) is the unix timestamp of the first time this record was first seen.