DNSDB Query Modes

Left-to-Right Query Modes

• Input: Fully-Qualified Domain Name (FQDN)
  • Example: www.mydomain.com
  • Response: DNS configuration and content data for that domain in time series form
  • Use Cases:
    • Review current and historical DNS configuration for a single domain, understanding the evolution of the infrastructure supporting that domain since 2010
    • 3rd party audit of organizational DNS records providing process control for change management
• Input: Wildcard expression of a domain name space
  • Example: *.mydomain.com
  • Response: DNS configuration and content information for every subdomain in that name space
  • Use Case:
    • Discovery of all subdomains within an opponent’s control
• Input: Wildcard expression of a domain name across Top Level Domains (TLDs)
  • Example: www.mydomain.*
  • Response: List of Fully Qualified Domain Names matching that pattern across the full range of TLDs
  • Use Cases:
    • Discovery of possible brand abuse in obscure TLDs
    • Assessment of the breadth of an opponent’s use of a given domain name substring

Right-to-Left Query Modes

• Input: IPv4 or IPv6 host address
  • Example: 204.152.187.5 or 2001:500:2f::f
  • Response: DNS configuration and content data for every domain ever configured on that IP address in time series form
  • Use Case:
    • Discovery of an opponent’s historical domain names operated on a single IP host
• Input: IPv4 or IPv6 network address
  • Example: 204.152.187.0/28 or 2001:4f8:3:200::/64
  • Response: DNS configuration and content data for every domain ever configured on any IP host within that network, all in time series form
  • Use Case:
    • Assess the possible association of domains to a single Internet counterparty across a range of IP addresses, presumably coexisting on common physical infrastructure

Common DNS Resource Query Modes

• Input: Mail exchange (MX) identifier
  • Example: mx.mydomain.com
  • Response: Unabridged list of Fully Qualified Domain Names (FQDNs) that share that mail exchange in their configuration
  • Use Cases:
    • Assess the scope of deployment of disparate domain names that share common email infrastructure
    • Amplification of a spam threat feed
• Input: Authoritative name server identifier
  • Example: ns.mydomain.com
  • Response: Unabridged list of Fully Qualified Domain Names (FQDNs) that are delegated to that name server in the global DNS
  • Use Case:
    • Discover the inventory of domains names operated by opponents assuming they are operating they own authoritative name server