DNS Resolvers

Overview

Evidence: DNS Resolvers Description: Collect DNS Resolvers Category: Network Platform: macos Short Name: dnsr Is Parsed: Yes Sent to Investigation Hub: Yes Collect File(s): No

Background

This collector gathers DNS resolver configuration from macOS. This data is essential for understanding name resolution paths, detecting DNS-based attacks, and investigating connectivity issues.

Data Collected

This collector gathers structured data about dns resolvers.

DNS Resolvers Data

Collection Method

This collector queries the dns_resolvers table via osquery and records results into the dns_resolvers table.

Forensic Value

This evidence is crucial for forensic investigations as it reveals DNS servers, netmask/search configuration, and options that can indicate misconfigurations or malicious redirection.