Passive DNS (pDNS) is a historical record of DNS resolutions observed across the internet — which domains resolved to which IP addresses, and when. Rather than querying live DNS, you query a database of what resolutions have actually been seen over time.
For brand protection, passive DNS supports two things. First, history: you can see what a lookalike domain resolved to in the past, even if it is now parked or dark. Second, pivoting: if several impersonation domains share an IP or name server, passive DNS reveals the cluster, helping attribute a campaign to common infrastructure.
Passive DNS complements Certificate Transparency and newly-registered-domain feeds as an enrichment source for confirming and correlating lookalike domains.