# Connor -- Continuous Internet Telemetry Index > Built by DRM3 Labs. Monitors 10,000+ domains across 40+ categories. Every scan is cryptographically signed with Ed25519 provenance receipts. Connor is an internet telemetry index that continuously scans domains for DNS records (A, AAAA, MX, NS, TXT, CNAME, SOA, CAA, SRV), MCP TXT records, TLS certificates (CN, issuer, SANs, validity), WHOIS/RDAP, HTTPS probes with verdict classification, DNSSEC, robots.txt analysis, and ASN data. It stores time-series snapshots with content-hash change detection and cryptographic provenance chains. ## Demo Access API key (read-only demo): cnnr_demo_2f8a4c6e9b1d Pass via header: X-Connor-Key: cnnr_demo_2f8a4c6e9b1d ## Quick Start curl -H "X-Connor-Key: cnnr_demo_2f8a4c6e9b1d" https://connor.dns.drm3.network/connor/v1/domains/google.com curl -H "X-Connor-Key: cnnr_demo_2f8a4c6e9b1d" https://connor.dns.drm3.network/connor/v1/domains?category=big_tech&limit=10 ## Provenance Every scan is signed with Ed25519. Each domain has a provenance chain -- receipts linked by parent_receipt_id. Verify any receipt by checking the Ed25519 signature against the public key in the receipt JSON. Provenance proves this data was observed by a specific scanner at a specific time. Multi-plane provenance: the fast scan (DNS + TLS + HTTPS) gets its own receipt, and each enrichment plane (whois, asn, robots, dnssec) gets a separate receipt. A composite receipt wraps all planes for a given scan cycle. --- ## API Endpoints All /connor/v1/ endpoints require X-Connor-Key header. Rate limits apply per key (demo: 100/min, service: 10,000/min). ### Public (no auth required) - GET /health -- service health (domains tracked, snapshots, scan rate) - GET /llms.txt -- LLM-friendly summary (this file's short version) - GET /llms-full.txt -- LLM-friendly full reference (this file) - GET /robots.txt -- crawler directives - GET /sitemap.xml -- sitemap - GET /connor/v1/openapi.json -- OpenAPI 3.1 specification - GET /probe?domain=example.com -- diagnostic DNS probe (rate limited, 10/min) ### Domain Queries - GET /connor/v1/domains -- list tracked domains Query params: category, source, active (0|1), page, limit - GET /connor/v1/domains/{domain} -- latest full signal snapshot Returns: DNS records, WHOIS, certificates, subdomains, HTTPS probe, robots.txt analysis, ASN, DNSSEC, enrichment data - GET /connor/v1/domains/{domain}/history -- time-series snapshots Query params: limit (default 20) - GET /connor/v1/domains/{domain}/provenance -- provenance receipt chain Query params: limit (default 20) ### Per-Plane Observations - GET /connor/v1/domains/{domain}/planes -- latest observation per plane + completeness summary Planes: fast, whois, asn, robots, dnssec, composite - GET /connor/v1/domains/{domain}/planes/{plane}/history -- paginated per-plane history ### Change Feed - GET /connor/v1/changes -- global delta feed of DNS changes Query params: limit, domain - GET /connor/v1/stream -- SSE event stream (changes, scans, provenance) - GET /connor/v1/stream/json -- JSON fallback for event stream ### Write (scanner service key required) - POST /connor/v1/domains -- add domain(s) to catalog Body: { domain, domains[], category } - POST /connor/v1/scan/{domain} -- push complete scan result Body: { signal, receipt } -- both required, unsigned pushes rejected ### Enrichment - POST /connor/v1/enrich-batch?batch=N -- trigger enrichment (RDAP, DNSSEC, robots.txt, ASN) - POST /connor/v1/rehash-batch -- recompute output hashes - POST /connor/v1/enqueue -- enqueue domains for async enrichment - GET /connor/v1/queue/depth -- enrichment queue depth - GET /connor/v1/queue/errors -- enrichment errors - GET /connor/v1/queue/done -- completed enrichment jobs - GET /connor/v1/queue/enriched -- enriched domain count ### BigQuery - POST /connor/v1/bq/backfill -- backfill BigQuery from D1 (500 rows/batch) - GET /connor/v1/bq/status -- BigQuery connection status --- ## Data Per Domain Each scan signal contains: - DNS records: A, AAAA, CNAME, MX, TXT, NS, SOA, CAA, SRV - MCP TXT records: _mcp._tcp.{domain} for AI service discovery - TLS certificates: CN, issuer org/country/locality, SANs, validity dates (via crt.sh CT logs) - WHOIS/RDAP: registrar, creation/expiration dates, org, country, name servers - HTTPS probe with verdict: ok, redirect, bot_blocked, timeout, tls_error, connection_refused, server_error, not_found, rate_limited, cf_blocked, network_error, dns_failed - Subdomains: discovered from certificate SAN names - robots.txt: raw content, parsed rules, AI crawler blocking detection - ASN: autonomous system number and organization - DNSSEC: validation status - Traceroute: hop-by-hop with IPs and RTTs - DNS conflicts: CNAME+A coexistence, CNAME+MX, orphaned delegations - Content hash: SHA-256 of canonicalized stable signal - Provenance receipt: Ed25519 signed, chained to previous scan --- ## Domain Categories 40+ categories: your_domains, big_tech, dev_tools_platforms, cloud_hosting, programming_languages_ecosystems, ai_ml, crypto_web3, fintech, cybersecurity, devops_observability, email_comms, cms_content, media_publishing, ecommerce, data_analytics, design_creative, search_discovery, testing, api_docs, infrastructure, gaming_metaverse, health_biotech, education, legal_compliance, hr_recruiting, real_estate_proptech, travel, food_agriculture, logistics, misc_notable, saas_tools, blockchain_infra, developer, open_source, fintech_extras, enterprise, deep_tech, banks, fortune_500, government, aerospace, automotive, user_added --- ## Scan Signal JSON Structure ```json { "domain": "example.com", "scanned_at": "2026-03-24T12:00:00.000Z", "public_key": "connor-fly-v0.3.1", "probe_status": { "dns": { "status": "ok", "duration_ms": 45 }, "whois": { "status": "ok", "duration_ms": 1200 }, "certificates": { "status": "ok", "duration_ms": 800 }, "https_probe": { "status": "ok", "duration_ms": 150 } }, "dns": { "a": ["93.184.216.34"], "aaaa": ["2606:2800:220:1:248:1893:25c8:1946"], "mx": [{ "priority": 10, "exchange": "mail.example.com" }], "txt": ["v=spf1 -all"], "ns": ["ns1.example.com", "ns2.example.com"], "cname": [], "soa": { "mname": "ns1.example.com", "rname": "admin.example.com", "serial": 2024031201 }, "caa": [{ "flags": 0, "tag": "issue", "value": "letsencrypt.org" }], "srv": [] }, "whois": { "registrar": "Example Registrar", "creation_date": "1995-08-14", "expiration_date": "2027-08-13", "registrant_org": "Example Inc.", "registrant_country": "US" }, "certificates": [ { "common_name": "example.com", "issuer": "R3", "subject_org": "Example Inc.", "not_after": "2025-01-01T00:00:00Z", "san_names": ["example.com", "www.example.com"] } ], "output_hash": "sha256:abc123..." } ``` --- ## Delta (Change Detection) Structure ```json { "domain": "example.com", "detected_at": "2026-03-24T18:00:00.000Z", "changes": [ { "field": "dns.a", "action": "changed", "old_value": "93.184.216.34", "new_value": "93.184.216.35" }, { "field": "dns.txt", "action": "added", "old_value": null, "new_value": "v=DMARC1; p=reject" } ], "change_count": 2, "change_summary": "A record changed, TXT record added" } ``` --- ## Provenance Receipt Structure ```json { "id": "receipt-uuid", "domain": "example.com", "scanned_at": "2026-03-24T12:00:00.000Z", "public_key": "connor-fly-v0.3.1", "output_hash": "sha256:abc123...", "public_key": "ed25519-public-key-hex", "signature": "ed25519-signature-hex", "parent_receipt_id": "previous-receipt-uuid-or-null" } ``` Verify: check that Ed25519 signature over output_hash matches the public_key. Chain integrity: follow parent_receipt_id links back to the genesis receipt (parent_receipt_id = null). --- ## Links - Connor: https://connor.dns.drm3.network - OpenAPI spec: https://connor.dns.drm3.network/connor/v1/openapi.json - DRM3: https://drm3.network