- 16 May 2023
- 2 Minutes to read
- Print
- DarkLight
Scan for SOA records
- Updated on 16 May 2023
- 2 Minutes to read
- Print
- DarkLight
Start of Authority (SOA) records are a type of DNS record that provides information about the DNS zone in which a particular domain is located.
The SOA record contains administrative information about the domain, including the primary nameserver for the zone, the email address of the responsible person, and various timing parameters that control how often DNS information is refreshed and updated.
SOA records provide a way to track changes and updates to DNS information. When a change is made to a DNS zone, the SOA serial number is incremented, indicating that a change has occurred. This allows other DNS servers to detect and propagate the change, ensuring that all DNS information is consistent and up-to-date.
By monitoring SOA records, security teams can detect changes to DNS information that may indicate malicious activity, such as the creation of new subdomains or changes to the IP addresses associated with a domain.
Silent Push provides a facility for organizations to search SOA records by individual components, including (but not limited to):
- Serial number
- Refresh value
- Timestamps
- Expiry values
- Retry values
Navigate to
Advanced Query Builder > PADNS Queries > Search SOA Records
Specify a
domain
(wildcards are supported)Specify an re2 regular expression (this overrides
domain
parameter)Select
with_metadata
to include metadata in the responseUse
ns
to specify a name or wildcard pattern of a nameserver component- Self: Only show results where domain of nameserver component matches name of the record's domain
Use
mbox
to specify a name or wildcard pattern of an mbox componentSelf
: Only show results where the domain of the mbox component matches name of the record's domain
Specify a
serial number
(exact match)Specify a serial number's
minimum
andmaximum
valuesSpecify a
refresh
valueSpecify a refresh value's
minimum
andmaximum
valuesSpecify a
retry
valueSpecify a retry value's
minimum
andmaximum
valuesSpecify an
expire
valueSpecify an expire value's
minimum
andmaximum
valuesSpecify a minimum and maximum
TTL
valueSpecify a series of timestamps (yyyy-mm-dd):
first_seen_after
first_seen_before
last_seen_after
last_seen_before
Specify a date in
as_of
to only return records where the as_of timestamp equivalent is between thefirst_seen
and thelast_seen
timestampUse
sort
to order results in a specific order (column/order)- Columns:
last_seen
,first_seen
,query
,answer
- Order:
asc
,desc
- Separate multiple values with semi-colon
- This functions may be repeated with different column names to produce a nested sorting effect
- Columns:
Choose to
limit
the number of results returnedChoose to
skip
a specified number of resultsSpecify a value in
limit_by_n
to restrict the number of results to return for each domain. This parameter can be used in combination with thesort
field to order results by domain name.Click
Search
Saving queries
Organizational users are able to save individual queries ran from Advanced Query Builder
, and store them in the Private Queries
menu for future analysis, or to share with their organization.
Specify the query parameters
Click
Save Query
Give your query a
Name
Specify a
Description
to add more contextClick
Save