- 26 Jul 2024
- 1 Minute to read
- Print
- DarkLight
Locate IPs associated with a specific domain name (forward A)
- Updated on 26 Jul 2024
- 1 Minute to read
- Print
- DarkLight
A "forward A" lookup is a DNS query that maps a domain name to its corresponding IP address.
By using a forward A lookup to locate IPs associated with a specific domain name, security teams can identify the servers or hosts associated with the domain, and identify other domains or IPs that are associated with the same infrastructure or threat activity.
By verifying the accuracy and completeness of DNS information for a particular domain, security teams can identify potential instances of DNS hijacking or spoofing, where a malicious actor may have taken control of a domain and redirected traffic to a different IP address or domain.
Navigate to Explore DNS Data > IPs Hosting a Domain
Enter the server's
domain name
Select the
type of record
to output (A/AAAA)(Optional) Specify the time frame when the A record was
first seen
(Optional) Set the time frame when the A record was
last seen
(Optional) Tick
Last 24 Hours
to only show A records first observed in the last 24 hoursSpecify a
Sort Order
that applies itself to outputted resultsClick
Search
Monitoring forward A lookup data
You can monitor results populated on the Explore
screen for any changes, saving you time and resources by automating key queries across a range of internal workflows.
Monitors run once every 24 hours. You'll be alerted when Silent Push detects new results via email (filtering/sorting options are not applied)
Once you've received a set of results, click the
Monitor
button on the top rightSpecify a
Monitor name
Enter a
Description
Click
Save
Your monitored query is now visible in
Monitors > Monitored Queries
Read this article for information on how to share a monitor