Scan by DNS Name (External Scans)

Check the hostname to IP resolution performed by the DNS servers on your network to be sure the hostnames to be scanned resolve to IP addresses in your account. Also keep in mind that your DNS servers must be publicly accessible in order for our External scanners to be able to process scans.

Check the Host Assets in your account (Assets > Host Assets) to be sure the IP addresses (full IP ranges) that the hostnames will resolve to are in your account. If the external scanners cannot resolve a hostname to an IP address, vulnerability assessment of the host will not occur. And if any resolved IP address is not in your account no scan results will be reported.

Go to Assets > Asset Groups > New > Asset Group, and add the DNS names to the DNS section. Once added, you can think of these as Scan by Hostname asset groups.

Which users have permission to do this?Which users have permission to do this?

Can I also add IPs to the group?Can I also add IPs to the group?

Do not add NetBIOS hostnamesDo not add NetBIOS hostnames

Now scan your new asset groups that have the DNS names. Make sure the Scanner Appliance option is set to External. When you start the scan, all DNS hostnames and IPs in the group will be scanned. When you scan a host by hostname, the scanner appliance resolves the hostname to an IP address in your account and reports the results by IP address. If a hostname cannot be resolved to an IP address in your account, then scan results are not returned for the host.

Run reports on the IP addresses resolved from the scanned DNS names.

To quickly identify the resolved IP addresses perform an asset search. Go to Assets > Asset Search. Enter the "All" group for your search target and then enter the DNS name that you're interested in. Click Search. The Asset Search Report appears with a list of IP addresses that match the hostname provided.