# PassiveDNS

## Documentation

- Docs: https://www.circl.lu/services/passive-dns/
- API Reference: https://pypdns.readthedocs.io/en/latest/api_reference.html

## Exercises

#### Requests bootstrap


In [None]:
import pypdns
import json
import getpass

PASSIVE_DNS_USER = getpass.getpass("Enter your PassiveDNS User:")
PASSIVE_DNS_KEY = getpass.getpass("Enter your PassiveDNS API Password:")

pdns = pypdns.PyPDNS(basic_auth=(PASSIVE_DNS_USER, PASSIVE_DNS_KEY))

#### 1.0. Get your information of a host
- *Hint*: related API endpoint: `https://www.circl.lu/pdns/query/[host]`

In [None]:
records = pdns.iter_query(q='circl.lu')
for record in records:
    print(json.dumps(record.record, indent=2))

#### 1.1. Get only `A` records of a host:
- *Hint*: related API endpoint: `https://www.circl.lu/pdns/query/[host]`

In [None]:
records = pdns.iter_query(q='circl.lu', filter_rrtype='A')
for record in records:
    print(json.dumps(record.record, indent=2))

#### 1.2. Reverse lookup (IP â†’ domains)
- *Hint*: related API endpoint: `https://www.circl.lu/pdns/query/[ip]`

In [None]:
records = pdns.iter_query(q='185.194.93.14')
for record in records:
    print(json.dumps(record.record, indent=2))

#### 1.3. Count record types per domain

In [None]:
from collections import Counter
records = list(pdns.iter_query(q='circl.lu'))
counts = Counter([r.rrtype for r in records])
print(counts)

#### 1.4. List all unique IPs (A/AAAA records)

In [None]:
records = list(pdns.iter_query(q='circl.lu'))
ips = {r.rrname for r in records if r.rrtype in ('A', 'AAAA')}
print(ips)

#### 1.5. Convert timestamps to readable form

In [None]:
import pandas as pd
import matplotlib.pyplot as plt

ip = "185.194.93.14"
records = pdns.iter_query(q=ip)
df = pd.DataFrame([r.record for r in records])

df["time_first_dt"] = pd.to_datetime(df["time_first"], unit="s")
df["time_last_dt"]  = pd.to_datetime(df["time_last"], unit="s")

# Optional: Keep only unique rrname/rdata pairs
df = df.drop_duplicates(subset=["rrname", "rdata"])

# Sort and index
df = df.sort_values("time_first_dt").reset_index(drop=True)

# Plot timeline
plt.figure(figsize=(12, 6))

for i, row in df.iterrows():
    plt.plot([row["time_first_dt"], row["time_last_dt"]], [i, i], 'o-', lw=2)
    
# Label each Y tick with rrname or rdata
plt.yticks(range(len(df)), df["rdata"], fontsize=8)
plt.xlabel("Time")
plt.title(f"PassiveDNS Activity Timeline for {ip}")
plt.tight_layout()
plt.show()