We’ve supported scanning by DNS hostname for some time. Recently we’ve added support for reporting by DNS name using scan report templates. This capability is useful for customers that have DNS tracked hosts.
The following 2 features must be enabled for your subscription. Contact your Technical Account Manager or Support to get these features.
- Scan by Hostname
- Report by DNS Hostname
When enabled you’ll see DNS section in your asset groups. Here's where you'll add the DNS names of the assets you want to scan and report on.
When enabled you’ll see the “Resolve DNS association … “ option in your scan report templates. You’ll notice it is not enabled by default.
These same steps are used to perform scans by DNS hostname. For the reporting step there’s an option to resolve IP addresses (as returned in scan results) to DNS names (as defined in asset groups).
- Add DNS hostnames you want to scan/report on in your asset groups (see sample above).
- Keep in mind you can add IP addresses and hostnames to the same asset group.
- Managers have permissions to add/edit DNS hostnames in asset groups.
- You can use existing scanner appliances in your account.
- Check your scanner appliances to be sure the DNS servers defined for their configuration match the DNS servers to be used for hostname to IP resolution.
- Use familiar scan workflows (Scans > New > Scan and Schedule Scan)
- Choose a scanner appliance option from the menu (Internal and External scanning is supported). For internal scanning the scanner appliances you pick must be able to resolve the DNS hostnames in the asset group(s) to IP addresses in your account.
How it works - When you scan a host by DNS hostname, the scanner appliance resolves the hostname to an IP address in your account and you’ll see scan results by IP address. If a DNS name cannot be resolved to an IP address in your account, then scan results are not returned for the host.
Create a scan template. Go to Templates > New > Scan Template.
On the Findings tab choose Host Based Findings
Select target asset groups, the same asset groups used for scan by DNS name. We’ll always report on scanned assets by IP address. Want to report on scanned assets by DNS name? Use the checkboxes shown.
Good to know - These checkboxes appear only when the Report by DNS Hostname feature is enabled for your subscription.
(This is used to report on assets you've scanned by DNS hostname following the steps above)
When checked, assets with DNS names in scan results are compared against the DNS entries in asset groups. When a DNS name match is found assets are included in the scan report. By default we’ll include all DNS hostnames, i,e. all assets resolved from each DNS name.
(This option is available only when Resolve DNS association is checked)
When checked, only the last scanned asset is included in the report. This is useful in cases where you might have multiple asset entries in your account for the same DNS name.
Why you might want to enable this option
- Lets say we have AG1 asset group which has abc123.dev.qualys.com hostname assigned to it.
- The customer environment is DHCP but the customer has not specified the IP ranges to be tracked by DNS in the subscription.
- If the asset with abc123.dev.qualys.com hostname is scanned daily and the DHCP lease is just for 1 day, then in 1 week time frame there will be 7 asset entries for the 1 machine
- Choosing this option will make sure that we include only 1 asset entry (which was scanned last) in the report.