Left-to-Right Query Modes
- Input: Fully-Qualified Domain Name (FQDN)
- Example: www.mydomain.com
- Response: DNS configuration and content data for that domain in time series form
- Use Cases:
- Review current and historical DNS configuration for a single domain, understanding the evolution of the infrastructure supporting that domain since 2010
- 3rd party audit of organizational DNS records providing process control for change management
- Input: Wildcard expression of a domain name space
- Example: *.mydomain.com
- Response: DNS configuration and content information for every subdomain in that name space
- Use Case:
- Discovery of all subdomains within an opponent's control
- Input: Wildcard expression of a domain name across
Top Level Domains (TLDs)
- Example: www.mydomain.*
- Response: List of Fully Qualified Domain Names matching that pattern across the full range of TLDs
- Use Cases:
- Discovery of possible brand abuse in obscure TLDs
- Assessment of the breadth of an opponent's use of a given domain name substring
Right-to-Left Query Modes
- Input: IPv4 or IPv6 host address
- Example: 204.152.187.5 or 2001:500:2f::f
- Response: DNS configuration and content data for every domain ever configured on that IP address in time series form
- Use Case:
- Discovery of an opponent's historical domain names operated on a single IP host
- Input: IPv4 or IPv6 network address
- Example: 204.152.187.0/28 or 2001:4f8:3:200::/64
- Response: DNS configuration and content data for every domain ever configured on any IP host within that network, all in time series form
- Use Case:
- Assess the possible association of domains to a single Internet counterparty across a range of IP addresses, presumably coexisting on common physical infrastructure
Common DNS Resource Query Modes
- Input: Mail exchange (MX) identifier
- Example: mx.mydomain.com
- Response: Unabridged list of Fully Qualified Domain Names (FQDNs) that share that mail exchange in their configuration
- Use Cases:
- Assess the scope of deployment of disparate domain names that share common email infrastructure
- Amplification of a spam threat feed
- Input: Authoritative name server identifier
- Example: ns.mydomain.com
- Response: Unabridged list of Fully Qualified Domain Names (FQDNs) that are delegated to that name server in the global DNS
- Use Case:
- Discover the inventory of domains names operated by opponents assuming they are operating they own authoritative name server