{"_id":"581a1a0f0c65b20f00247fac","__v":0,"category":{"_id":"5615790d0f5ed00d00483dd5","__v":19,"pages":["5615790e0f5ed00d00483dd7","561d48e46386060d00e06003","561d48fe31d9630d001eb5bd","561d49b657165b0d00aa5d8b","561d4a879463520d00cd11e2","561d67f48ca8b90d00210234","561d6a0bf0cff80d00ca22c3","561d6c5b071cd60d000d3221","562f9c2543c5570d001fe6bd","56311c99eae7ef0d00270e3d","56311d6702aff217007dba23","56311f96f1c0580d00fac719","563120b7242cda1900198b79","5631229bf1c0580d00fac721","563131559ead230d00a188f6","563134a324014b0d00bd9a4f","5631392082d96a0d00b0fb1d","56313c584b36120d00fdebfb","5642658ef424a10d00118360"],"project":"5615790c0f5ed00d00483dd1","version":"5615790d0f5ed00d00483dd4","sync":{"url":"","isSync":false},"reference":false,"createdAt":"2015-10-07T19:57:01.871Z","from_sync":false,"order":0,"slug":"opendns-investigate-rest-api","title":"Umbrella Investigate REST API"},"project":"5615790c0f5ed00d00483dd1","parentDoc":null,"version":{"_id":"5615790d0f5ed00d00483dd4","__v":6,"project":"5615790c0f5ed00d00483dd1","createdAt":"2015-10-07T19:57:01.307Z","releaseDate":"2015-10-07T19:57:01.307Z","categories":["5615790d0f5ed00d00483dd5","56157b2af432910d0000f9fe","56157cfb0f5ed00d00483ddb","562684d95db46b1700fd4f48","573b7ea9ef164e2900a2b8ff","582e285d8373c20f00810608"],"is_deprecated":false,"is_hidden":false,"is_beta":false,"is_stable":true,"codename":"","version_clean":"1.0.0","version":"1.0"},"user":"560b40145148ba0d009bd0b5","updates":[],"next":{"pages":[],"description":""},"createdAt":"2016-11-02T16:53:35.422Z","link_external":false,"link_url":"","githubsync":"","sync_unique":"","hidden":false,"api":{"settings":"","results":{"codes":[]},"auth":"required","params":[],"url":""},"isReference":false,"order":14,"body":"The DNS database can be used to query the history that Umbrella has seen for a given IP address.\n\nThe most common use case is to obtain the DNS Resource Record (RR) history for a given IP, passing in the record query type as a parameter, to help build intelligence around an IP or a range of IPs. The information provided is from within the last 90 days.\n\nThis API method can be used to get RR (Resource Record) history for a given IP address, passing in the resource record type (A, MX, etc) as a parameter. This API method returns the history of records that mapped to an IP's servers. Queries against name servers should be specified as an IP address. The input must be specified as IP addresses.\n\nTo return the domains that the IP is a name server for, specify the DNS query type as NS.\n\nSample query:\n[block:code]\n{\n  \"codes\": [\n    {\n      \"code\": \"curl -H \\\"Authorization: Bearer %YourToken%\\\" \\\"https://investigate.api.umbrella.com/dnsdb/ip/a/93.184.216.119.json\\\"\",\n      \"language\": \"text\"\n    }\n  ]\n}\n[/block]\n### Parameter for input ###\n[block:parameters]\n{\n  \"data\": {\n    \"h-0\": \"Field\",\n    \"h-1\": \"Type\",\n    \"h-2\": \"Description\",\n    \"0-0\": \"type\",\n    \"0-1\": \"string\",\n    \"1-0\": \"ip\",\n    \"1-1\": \"string\",\n    \"1-2\": \"IP Address\",\n    \"0-2\": \"IP DNS resource record type (A, NS are supported)\"\n  },\n  \"cols\": 3,\n  \"rows\": 2\n}\n[/block]\n### Returned value for output if Success 200 ###\n\n__Response Class:__\nResource Records\n[block:parameters]\n{\n  \"data\": {\n    \"h-0\": \"Field\",\n    \"h-1\": \"Type\",\n    \"h-2\": \"Description\",\n    \"0-0\": \"rr\",\n    \"1-0\": \"ttl\",\n    \"2-0\": \"class\",\n    \"3-0\": \"type\",\n    \"4-0\": \"name\",\n    \"4-1\": \"string\",\n    \"0-1\": \"string\",\n    \"1-1\": \"integer\",\n    \"2-1\": \"string\",\n    \"3-1\": \"string\",\n    \"0-2\": \"Resource record owner.\",\n    \"1-2\": \"Time to live for this record.\",\n    \"2-2\": \"DNS class type.\",\n    \"3-2\": \"Query type.\",\n    \"4-2\": \"The looked up IP address.\"\n  },\n  \"cols\": 3,\n  \"rows\": 5\n}\n[/block]\n__Response Class:__\nFeatures\n[block:parameters]\n{\n  \"data\": {\n    \"h-0\": \"Field\",\n    \"h-1\": \"Type\",\n    \"h-2\": \"Description\",\n    \"0-0\": \"rr_count\",\n    \"0-1\": \"integer\",\n    \"1-1\": \"integer\",\n    \"2-1\": \"integer\",\n    \"3-1\": \"integer\",\n    \"4-1\": \"integer\",\n    \"1-0\": \"ld2_count\",\n    \"2-0\": \"ld3_count\",\n    \"3-0\": \"ld2_1_count\",\n    \"4-0\": \"ld2_2_count\",\n    \"5-0\": \"div_ld2\",\n    \"6-0\": \"div_ld3\",\n    \"7-0\": \"div_ld2_1\",\n    \"8-0\": \"div_ld2_2\",\n    \"5-1\": \"float\",\n    \"6-1\": \"float\",\n    \"7-1\": \"float\",\n    \"8-1\": \"float\",\n    \"8-2\": \"ld2_2_count divided by the number of records.\",\n    \"7-2\": \"ld2_1_count divided by the number of records.\",\n    \"6-2\": \"ld3_count divided by the number of records.\",\n    \"5-2\": \"ld2_count divided by the number of records\",\n    \"4-2\": \"Number of 3-level names, without the TLD, mapping to a given IP (for www.example.com, this considers www.example).\",\n    \"3-2\": \"Number of 2-level names, without the TLD, mapping to the given IP (for www.example.com, this considers example).\",\n    \"2-2\": \"Number of 3-level names mapping to the given IP (for www.example.com, this considers www.example.com).\",\n    \"1-2\": \"Number of 2-level names mapping to the given IP (for www.example.com, this considers example.com).\",\n    \"0-2\": \"Number of records of that type mapping to the given IP.\"\n  },\n  \"cols\": 3,\n  \"rows\": 9\n}\n[/block]\n\n[block:html]\n{\n  \"html\": \"<div class=\\\"api-code-block\\\">\\n  <div class=\\\"api-code-block__header\\\">\\n    <span class=\\\"api-code-block__header__label\\\">GET</span> https://investigate.api.umbrella.com/dnsdb/ip/type/ip.json\\n  </div>\\n  <div class=\\\"api-code-block__section\\\">\\n    <div class=\\\"api-code-block__section__header\\\">REQUEST</div>\\n    <pre>curl --include \\\\\\n     --header \\\"Authorization: Bearer %YourToken%\\\" \\\\\\nhttps://investigate.api.umbrella.com/dnsdb/ip/{type}/{ip}.json\\n    </pre>\\n  </div>\\n  <div class=\\\"api-code-block__section\\\">\\n    <div class=\\\"api-code-block__section__header\\\">RESPONSE <em>(HTTP 200, Content-Type: application/json)</em>\\n    </div>\\n    <pre>\\n{\\n  \\\"rrs\\\": [\\n    {\\n      \\\"rr\\\": \\\"www.example.com.\\\",\\n      \\\"ttl\\\": 86400,\\n      \\\"class\\\": \\\"IN\\\",\\n      \\\"type\\\": \\\"A\\\",\\n      \\\"name\\\": \\\"93.184.216.119\\\"\\n    },\\n    {\\n      \\\"rr\\\": \\\"www.example.net.\\\",\\n      \\\"ttl\\\": 86400,\\n      \\\"class\\\": \\\"IN\\\",\\n      \\\"type\\\": \\\"A\\\",\\n      \\\"name\\\": \\\"93.184.216.119\\\"\\n    },\\n    {\\n      \\\"rr\\\": \\\"www.example.org.\\\",\\n      \\\"ttl\\\": 86400,\\n      \\\"class\\\": \\\"IN\\\",\\n      \\\"type\\\": \\\"A\\\",\\n      \\\"name\\\": \\\"93.184.216.119\\\"\\n    },\\n    {\\n      \\\"rr\\\": \\\"examplewww.vip.icann.org.\\\",\\n      \\\"ttl\\\": 30,\\n      \\\"class\\\": \\\"IN\\\",\\n      \\\"type\\\": \\\"A\\\",\\n      \\\"name\\\": \\\"93.184.216.119\\\"\\n    }\\n  ],\\n  \\\"features\\\": {\\n    \\\"rr_count\\\": 19,\\n    \\\"ld2_count\\\": 10,\\n    \\\"ld3_count\\\": 14,\\n    \\\"ld2_1_count\\\": 7,\\n    \\\"ld2_2_count\\\": 11,\\n    \\\"div_ld2\\\": 0.5263157894736842,\\n    \\\"div_ld3\\\": 0.7368421052631579,\\n    \\\"div_ld2_1\\\": 0.3684210526315789,\\n    \\\"div_ld2_2\\\": 0.5789473684210527\\n  }\\n}\\n    </pre>\\n  </div>\\n</div>\"\n}\n[/block]\n---\n[DNS RR History for a Type and Domain Name](https://docs.umbrella.com/developer/investigate-api/dns-rr-history-for-a-type-and-domain-name-1/) < DNS RR History for an IP Address > [AS Information for a Domain](https://docs.umbrella.com/developer/investigate-api/as-information-for-a-domain-1/)","excerpt":"","slug":"dns-rr-history-for-an-ip-address-1","type":"basic","title":"DNS RR History for an IP Address"}