Brownbag: I've Gotten Some Results from DNSDB: Now What?

You've successfully made a DNSDB query and gotten results -- but where do you go from there?

We know that DNSDB can at times be hard for new users to work with there may be tons of results, esoteric DNS record types, or users may simply wonder what to do with the answers they've received.

This session focuses on interpreting and postprocessing your results, summarizing and enhancing what you've found, translating DNSDB results into operational insights, and planning your next steps.

Learn about chasing CNAMEs, bailiwicks, dealing with wildcards, pivoting, effective 2nd-level domains, and much more. Examples will be provided in dnsdbq and dnsdbflex, DNSDB Scout, and using various Un*x command line tools. Time will be reserved at end of the session for Q&A.

Joe St Sauver, PhD is Distinguished Scientist and Director of Research for Farsight Security, Inc.

Before joining Farsight in 2014, St Sauver worked for 28 years with the University of Oregon Computing Center, including working under contract with higher education's high performance network, Internet2, as their Nationwide Security Programs Manager.

Joe's active in a number of community cyber security activities: he serves as a senior technical advisor for M3AAWG, he sits on higher education's REN-ISAC Technical Advisory Group, and he serves as a Board Member for the Coalition against Unsolicited Commercial Email (CAUCE).

Some recent publicly-released reports include a pair of reports looking at a decade's worth of passive DNS traffic across all top level domains, and another report looking at select domain names during the during the first twelve months of the Covid-19 pandemic. See https://www.stsauver.com/joe/ for additional publicly available presentations and papers.

I've Gotten Some Results from DNSDB: Now What?

Get Registered

PRESENTER

Joe St Sauver, PhD