Realtime Stream

The realtime stream allows authorized subscription accounts to receive a real time stream of records of the newly observed passive dns records.

The flow is the source of the files that you can grab through the Download API, so using this access method or the other provides the same results, but the real time stream zeroes the latency.

Accessing the Stream

The real time stream is simply a TCP channel protected by a TLS layer. You can connect to the stream, in any language of your choice, with a few lines of code.

With bash, you can use the openssl ´s_client´ command to connect to the remote host, like this:

$ openssl s_client -connect $IP:$PORT -quiet

The IP address and the PORT will be disclosed to customers with the proper access levels and partners only.

The socket will then present a greeting and you will have to authenticate by sending the following string:

Authorization: Bearer <AUTH TOKEN>

Where <AUTH TOKEN> will be replaced by the proper Authentication token retrieved by the Authentication API.

Note that you need to refresh the authentication before it expires by requesting another token to the API and sending it on the real time stream socket.

Output format

The output flow is a stream of JSON ojbects, one per line (Separated by the ASCII newline char) which will look as follows:


Each JSON field has the following meaning:

  • ts is the Unix timestamp of the record

  • rname, rdata, rclass and rtype are the fields found in the DNS record analyzed.

In particular, rclass and rtype are integer numbers and should be decoded according to RFC1035#3.2 and sub-chapters For example: 1 corresponds to an A Record, 6 is a SOA record and 15 is an MX record.