Welcome to Farsight Security, Inc.

Find out more About Us.

Farsight Security, Inc. Acquisition of Farsight Security business assets

On July 1, 2013, Farsight Security, Inc. acquired the ISC Security business assets of Internet Systems Consortium including all DNSDB and SIE and related technologies and customer contracts. At that time the ISC Security team consisting of Paul Vixie, Eric Ziegast, Robert Edmonds, and Leo Bicknell joined Farsight Security full time where they will continue to innovate and execute in the field of network observability. Existing subscribers to DNSDB and SIE should continue to use their existing support channels until further notice. Information concerning Farsight Security, Inc. can be obtained on the Farsight Security web site.


Farsight SIE is a trusted, private framework for information sharing in the Internet Security field. Participants can operate real time sensors that upload and/or inject live data to SIE, and other participants can subscribe to this data either in real time, or by query access, or by limited and anonymized download.

Participants are network operators (including ISPs, enterprise, academic, and research), law enforcement (internationally), security companies (including anti-virus, intrusion detection, &etc), and research (including academic, Internet do-gooder, government, and commercial). All access and use, either commercial or noncommercial, must be in the public interest.


SIE data feeds are separated into channels. The SIE_Channel_Guide maintains a list of the active channels, along with details about the formatting of data in the channel.

Server Guide

Connections to the SIE switch require a presence in the same building. There is a list of SIE Prefered Colo providers who can offer colocations space for commercial users. Participants who colocate servers with the SIE exchange should review the SIE System Requirements along with the Security Information Exchange (SIE) User Guide procedures.


SIE uses the NMSG library for passing messages. Participants should conform to the NMSG Data Types maintained on this site. There is also a presentation and video explaining NMSG. We also collect tips and tricks for using nmsgtool at the command line.

Passive DNS

"Passive DNS" or "passive DNS replication" is a technique invented by Florian Weimer in 2004 to opportunistically reconstruct a partial view of the data available in the global Domain Name System into a central database where it can be indexed and queried.

Passive DNS databases are extremely useful for a variety of purposes. Malware and e-crime rely heavily on the DNS, and so-called "fast flux botnets" abuse the DNS with frequent updates and low TTLs. Passive DNS databases can answer questions that are difficult or impossible to answer with the standard DNS protocol, such as:

  • Where did this domain name point to in the past?
  • What domain names are hosted by a given nameserver?
  • What domain names point into a given IP network?
  • What subdomains exist below a certain domain name?

More information on Farsight SIE's implementation see Passive_DNS.


Farsight processes the Passive DNS data and creates a database of past and present DNS information called DNSDB. Qualified public benefit uses are provided free access, commercial access is available for a fee. Participants may also use an HTTP API to query the database. DNSDB protects users privacy, the passive DNS scheme and DNSDB are both careful to discard any Personally Identifiable Information.

Please also see the DNSDB FAQ, and the DNSDB Getting Started guide.

Farsight software

Source code for Farsight SIE and parts of DNSDB infrastructure is available at https://dl.farsightsecurity.com/dist/ and https://github.com/farsightsec.


Archived material from past Presentations is available.

Upcoming Events

See Events.