DNS Resolvers

Overview

Evidence: DNS Resolvers Description: Collect DNS Resolvers Category: Network Platform: macos Short Name: dnsr Is Parsed: Yes Sent to Investigation Hub: Yes Collect File(s): No

Background

This collector gathers DNS resolver configuration from macOS. This data is essential for understanding name resolution paths, detecting DNS-based attacks, and investigating connectivity issues.

Data Collected

This collector gathers structured data about dns resolvers.

DNS Resolvers Data

Field

Description

Example

AddressTypeIndex

Address Type Index

123

AddressType

Address Type

Example value

Address

Address

Example value

NetMask

Net Mask

Example value

Options

Options

123

Collection Method

This collector queries the dns_resolvers table via osquery and records results into the dns_resolvers table.

Forensic Value

This evidence is crucial for forensic investigations as it reveals DNS servers, netmask/search configuration, and options that can indicate misconfigurations or malicious redirection.

PreviousDMG File Opened NextDock Items

Last updated 2 months ago

Was this helpful?

hashtagOverview

hashtagBackground

hashtagData Collected

hashtagDNS Resolvers Data

hashtagCollection Method

hashtagForensic Value

Overview

Background

Data Collected

DNS Resolvers Data

Collection Method

Forensic Value