DNS

Historically, PassiveTotal has focused on displaying “A” records, which dictate the IP address a given domain should resolve to when querying DNS. These records are immensely useful but are only one of the types of DNS record that can provide analysts with interesting leads.

The most recent platform update, however, also brings support for more of the DNS records RiskIQ has been collecting over the years. The DNS Tab provides analsts with insight into:

  • MX (mail exchanger)
  • NS (nameserver), 
  • TXT (text)
  • SOA (start of authority)
  • CNAME (canonical name) records

For additional information on this capability check out our blog post here.