DNS Resolvers

Overview

Evidence: DNS Resolvers
Description: Collect DNS Resolvers
Category: Network
Platform: macos
Short Name: dnsr
Is Parsed: Yes
Sent to Investigation Hub: Yes
Collect File(s): No

Background

This collector gathers DNS resolver configuration from macOS. This data is essential for understanding name resolution paths, detecting DNS-based attacks, and investigating connectivity issues.

Data Collected

This collector gathers structured data about dns resolvers.

DNS Resolvers Data

Field	Description	Example
AddressTypeIndex	Address Type Index	123
AddressType	Address Type	Example value
Address	Address	Example value
NetMask	Net Mask	Example value
Options	Options	123

Collection Method

This collector queries the dns_resolvers table via osquery and records results into the dns_resolvers table.

Forensic Value

This evidence is crucial for forensic investigations as it reveals DNS servers, netmask/search configuration, and options that can indicate misconfigurations or malicious redirection.