Whenever you enter a subnet or IP range as your scan target, ensure that the DNS server(s) which is configured in your scanner have "PTR" records. Otherwise, scanner will not be able to resolve IP addresses and associated DNS names will be blank. Same is the case when you enter DNS names as your scan targets, ensure that the DNS server(s) which is configured in your scanner have "A" records. Otherwise, scanner will not be able to resolve DNS addresses and your scan will come with empty results (maybe few info. findings).
Why the first scenario mentioned above was important ? Whenever you will discuss/share scan reports with/to platform teams, they will not be having any clue (just by looking at IP addresses) regarding devices present in those scan reports. Because, in most of the cases, DNS names are formed in a very informative and elegant manner (standard nomenclature), so that just by looking at them, you will get to know what that device is and belongs to what region.
So, coordinate with Windows and Enterprise Tech. teams and ask them to properly update DNS records especially "PTR" records.
There is one more naming system which has become legacy now, but still provides a bit of help in such scenarios. Can you tell which one ?
Happy Learning !!
No comments:
Post a Comment