Internet-Draft summary · Passive DNS · Common Output Format
This summary explains the Passive DNS Common Output Format Internet-Draft for teams integrating Miwakeru Passive DNS with existing investigation, enrichment, and data-processing workflows.
Why it matters
Purpose
The draft describes a common, line-oriented JSON output format and shared field semantics for Passive DNS servers. Its goal is interoperability: when multiple Passive DNS systems expose the same field names and meanings, clients can query more than one system and merge result sets more easily.
The document focuses on output records. It does not define the query protocol, the query format, or every possible Passive DNS deployment model.
Implementations must support rrname, rrtype, rdata, time_first, and time_last. Together, rrname, rrtype, and rdata identify the observed DNS answer tuple, while the time fields describe when it was first and last seen.
The draft defines count for the number of matching authoritative answers seen by collectors and bailiwick for the best estimate of the authoritative zone apex for the data.
Additional fields include sensor_id, zone_time_first, zone_time_last, origin, time_first_ms, and time_last_ms. These fields support richer provenance and millisecond-resolution timestamps where implementations need them.
Each answer is represented as a JSON object on a single line so clients can process the response as a stream. The draft suggests serving the format with the application/x-ndjson MIME type.
Operational context
The draft highlights that Passive DNS answers can differ between providers because systems may have different collection points, filtering rules, cache-poisoning protections, retention policies, and query-time snapshots. Clients should therefore treat each result set as provider-specific evidence rather than assuming every Passive DNS server will return identical answers.
Work with us
Miwakeru Passive DNS can support API-compatible output for collection, enrichment, and intelligence workflows. info@miwakeru.com