DNS Servers

Overview

Evidence: DNS Servers Description: Collect DNS Server addresses Category: Network Platform: windows Short Name: dnss Is Parsed: Yes Sent to Investigation Hub: Yes Collect File(s): No

Background

DNS servers configured on the system are used to resolve domain names to IP addresses. The configured DNS servers can reveal normal network infrastructure or indicate DNS hijacking if unauthorized servers are present.

DNS server configuration is typically obtained via DHCP or configured statically.

Data Collected

This collector gathers structured data about dns servers.

DNS Servers Data

Field

Description

Example

DNSServers

Comma-separated DNS server IPs

8.8.8.8,8.8.4.4

Collection Method

This evidence is collected as part of the System collector using:

DnsQueryConfig with DnsConfigDnsServerList flag
Extracts IP addresses of all configured DNS servers
Returns comma-separated list

Forensic Value

DNS server configuration can reveal network infrastructure or DNS hijacking. Investigators use this data to verify legitimate DNS servers, detect DNS hijacking, identify rogue DNS servers, correlate with DHCP configuration, and detect DNS redirection attacks.

PreviousDNS Server Logs NextDocker Changes

Last updated 3 days ago

Was this helpful?