NIST Elevated DNS Security. Censys Active DNS Connects Names to Live Internet Infrastructure.

Active DNS

DNS has always been a critical part of security operations. It tells you what a name points to, where traffic is headed, what infrastructure changed, and which systems may be tied together.

Now NIST has made the importance of DNS harder to ignore.

With SP 800-81r3 mapped to the NIST Cybersecurity Framework 2.0, DNS security now has a clearer place inside the framework many organizations already use to structure risk, governance, and security operations.

DNS intelligence, one could argue, is now a more defensible inclusion for CTI and Exposure Management teams. It helps power the work they’re already expected to do: identify assets, monitor change, investigate incidents, respond to threats, and prove progress.

Censys Launches Active DNS

Censys Active DNS gives defenders a fresh, evidence-backed view of how domain names map to Internet infrastructure.

This is not passive DNS repackaged. Censys actively resolves names by querying authoritative infrastructure, then connects those results to the broader Internet Map. That means a domain is not just a string in a ticket or alert. It becomes a path into the hosts, services, certificates, threats, software, and exposure behind it.

Security teams can use Censys Active DNS to answer the questions that usually come next:

  • Is the domain resolving right now, or does Live Resolution contradict that?
  • Where does it resolve across A, AAAA, CNAME, MX, NS, SOA, and TXT records?
  • What changed in its DNS history, and when were those records first and last seen by Censys?
  • What other domains have resolved to the same IP, and during what time window?
  • What is actually exposed on the resolved hosts: ports, protocols, services, software, TLS certificates, HTTP content, vulnerabilities, screenshots?
  • What evidence changes the call: Censys ARC threat labels, host reputation, vulnerable services, suspicious content, certificate reuse, or infrastructure shared with other domains?

That is the difference between DNS as a lookup, and DNS as investigation infrastructure.

DNS Intelligence Across CSF Functions

Identify: Censys Active DNS helps teams understand how domain names map to Internet infrastructure. Teams can view current and historical A, AAAA, CNAME, MX, NS, SOA, and TXT records, see when records were first and last observed, and pivot from a domain into related hosts, web properties, and certificates.

Detect: Censys helps surface meaningful DNS and infrastructure changes: domains resolving to new IPs, FQDNs that appear or disappear from resolution history, IPs that have hosted multiple related domains, or resolved hosts that expose suspicious services, certificates, software, vulnerabilities, or threat context.

Respond: Censys gives analysts a faster path from domain indicator to supporting evidence. A suspicious domain can be expanded into DNS history, resolved hosts, open ports, running services, certificates, CVEs, host reputation, and Censys threat context to support the decision to block, escalate, scope, or keep investigating.

Recover: Censys helps teams reconstruct what was visible during the relevant window. Analysts can review DNS resolution history, identify which domains resolved to which IPs over time, and use host history to understand what services or certificates were present when the activity occurred. No other provider maintains this degree of history across hosts, DNS, threats, and certs.

DNS Security Is the Control. DNS Intelligence Is the Evidence.

NIST is right to elevate DNS. But DNS security cannot stop at the resolver, the firewall, or the SIEM log.

Defenders need to understand how names connect to the live Internet.

That is where Censys is different. Active DNS is tied directly to the Internet Map, so every name can become a pivot into what is actually running, exposed, and changing online.

For security teams aligning to CSF 2.0, this creates a practical way to operationalize DNS visibility across exposure management, threat hunting, detection engineering, incident response, and SOC triage.

DNS tells part of the story.

Censys connects it to the rest of the Internet.

Learn More about Censys Active DNS

Censys now brings together domains, DNS records, IPs, hosts, services, and certificates in a single unified view.

Already a Censys user? Log in to start connecting names to infrastructure.