Historically PassiveTotal has focused on displaying “A” records, which dictate the IP address a given domain should resolve to when querying DNS. These records are immensely useful but are only one of the types of DNS records that can provide analysts with interesting leads.
The most recent platform update, however, also brings support for more of the DNS records RiskIQ has been collecting over the years. The DNS Tab provides analysts with insight into:
- MX (mail exchanger)
- NS (nameserver),
- TXT (text)
- SOA (start of authority)
- CNAME (canonical name) records
A quick overview can be found on our RiskIQ youtube.
For additional information on this capability check out our RiskIQ Blog.