The goal of this document is to describe the difference in the DNS lookup feature in the UI and Console.
DNS Lookup in the UI
In the UI, the DNS Lookup aim is to identifying the IP address and the DNS name linked to the IP address. When adding a target using its DNS name, a query is sent to the DNS server to identify the IP address linked to that DNS name. This is called DNS lookup.
If you add a target using its IP address, then a query is sent to the DNS server to identify the DNS name linked to this IP address. This called a reverse DNS lookup. It also performs a DNS lookup to check that the DNS name received from the DNS server is linked to the IP address. The scan then use the IP address to scan the target and the DNS name that have been found is used as a virtual host for Web Application scanning.
DNS Lookup in the Console
In the Console, the DNS Lookup aim is to identifying the link between IP address and DNS name. For example, when checking an IP address, the tool queries the DNS server for the DNS name called reverse DNS lookup. On the opposite, if you enter the DNS name as a Fully Qualified Domain Name (FQDN), then the tool queries the DNS server for the IP address that is called DNS lookup.
DNS Server Configuration Issues
Ensure your DNS server is properly configured, and that all IP address that resolves to DNS name can be checked for both DNS lookup and reverse DNS lookup.
See Reverse DNS lookup: https://en.wikipedia.org/wiki/Reverse_DNS_lookup for more information.
The DNS lookup provided in the console helps to troubleshoot/debug DNS server configuration issue, if a DNS lookup in the UI cannot be performed successfully.
After checking the DNS configuration system, the DNS servers can resolve the hostname through the Main Menu > (T) Tools > (d) DNS Lookup function on the console and through a command prompt on the host system but not through the UI.
Why would this be the case?
The DNS lookup in the UI, performs BOTH a DNS lookup AND a reverse DNS lookup, so that it tries to find matches between the DNS names and the IP addresses according to what IP address or DNS name that have been entered.
The DNS lookup in the Console on the other hand, perform only ONE operation, either a DNS lookup OR a reverse DNS lookup according to what IP address or DNS name that have been entered.
For example, if the DNS server is misconfigured and only returned an IP address that are linked to a DNS name, but not properly return the DNS name linked to the IP address.
Example 1: In this example the host name and the IP is properly configured in the DNS.
Example 2: In this example the DNS is NOT properly configured for the given IP address. The DNS is point to the wrong host name.
Example 3: In this example the host name and the IP is properly configured in the DNS.
Example 4: In this example the host name and the IP is properly configured in the DNS.
DNS lookup using DNS name
If a target is added using the DNS name
mytarget.localdomain.com in the UI Manage target panel (for instance) and try a DNS lookup in the UI, then the UI queries the DNS server for the IP address linked to this DNS name and then the DNS server will answer an IP address
If you enter the DNS name
mytarget.localdomain.com, the DNS lookup in the Console queries the DNS server for the IP address matching this DNS name. Then the DNS server will answer with the IP address
192.168.0.6 as shown in Example 1.
In this case, everything is working fine for DNS lookup in both UI and Console.
DNS lookup using IP address
If a target is added using the IP address
192.168.0.6 in the UI Manage target panel and try a DNS lookup in the UI, then the UI queries the DNS server for the DNS name linked to this IP address and then the DNS server will answer another DNS name
Then the DNS lookup in the UI queries the DNS server for the IP address matching this DNS name
notmytarget.localdomain.com and the DNS server answers with the other IP address
Then the DNS lookup in the UI cannot make a link between the IP address and the DNS name because two different IP addresses are linked to the DNS name:
If you enter the IP address
192.168.0.6, the DNS lookup in the Console, it then queries the DNS server for the DNS name matching this IP address. Then the DNS server answer with the DNS name
notmytarget.localdomain.com as shown in Example 2.
As a matter of fact, you think that the DNS lookup in the Console is working correctly, whereas the DNS lookup in the UI is NOT working correctly, but this is just because these features are different and not performing the same tasks. In the Console you should issue a DNS lookup using the DNS name as shown in Example 1, and reverse DNS lookup using the IP address as shown in Example 2 and then you will have different results showing that the DNS server is NOT properly configured.
The DNS lookup in the UI is done using Outpost24 internal software in order to ensure the following is true:
- <ip> ptr points at <ptr>
- <a/aaaa> points at <ip>
The DNS lookup in the Console is done using Linux software using Name Service Switch libraries as follow:
- /usr/bin/getent hosts <input>
DNS: Domain Name System: https://en.wikipedia.org/wiki/Domain_Name_System
FQDN: Fully Qualified Domain Name: https://en.wikipedia.org/wiki/Fully_qualified_domain_name
Reverse DNS Lookup: https://en.wikipedia.org/wiki/Reverse_DNS_lookup
© 2021 Outpost24® All rights reserved. This document may only be redistributed unedited and unaltered. This document may be cited and referenced only if clearly crediting Outpost24® and this document as the source. Any other reproduction and redistribution in print or electronically is strictly prohibited without explicit permission.
Outpost24® and OUTSCAN™ are trademarks of Outpost24® in Sweden and other countries.