Creative Data Mining with

Your DNS records reveal more about your company than you think, especially if you’re using cloud services.  To verify your identity, Microsoft, Google, Cisco, Atlassian, Docusign, Dropbox, SalesForce, and more use a TXT record to make sure you’re an administrator on a company domain.

As a sales engineer, you can use this information for those meetings where you’re headed in blind.  It happens!  Sometimes you don’t have enough discovery to really have a quality conversation with a customer.  Here’s some tricks to use (from the folks at DNSimple) to see what DNS is announcing to the world.Full disclosure: Just because I don’t get paid for plugging DNSimple doesn’t mean that you shouldn’t check out their site for automated domain name management. 🙂

Some Examples

Let’s take a look at the records for a big guy like Above the TXT we have some normal things that we would expect for a major company with its own /8 worth of IP addresses – they have their own DNS servers, they have their own MX mail servers.  And down in the TXT files, we’ve got some more interesting things….

Facebook Domain Verification – Someone in Marketing asked for this one – verifies that the Facebook pages are only controlled by someone at Apple.
Adobe IDP Site Verification – Used for Adobe Creative Cloud customers
v=spf1 Records – This is a Sender Policy Framework – Makes it harder for spammers to spoof your email domain.  Pretty smart.

Another company…

Let’s try another domain with a bit more information – I’m going to blank out the company name just in case, but hey, it’s in their public domain name record, so…

Much more interesting.  We see they have an MX record going through – This company is using Office 365 for their email.  The MS=ms81… is a verification for companies using Microsoft Azure AD.  Atlassian text record in there, we’ve got a Confluence / JIRA user.  Cisco Domain Verification – Possibly a Cisco Webex user, a possible Cisco AMP customer.  Our next line, Docusign, this is for setting up Single Sign-On (SSO) for a Docusign account.  Dropbox – Verifies invites for accounts only come from a valid company domain for Dropbox and Paper.

So from one quick search, we’ve got a pretty forward thinking cloud first company using Azure AD, Atlassian tools, some sort of SSO provider, Docusign, DropBox, and Cisco tools and possible networks.

But what about nefarious purposes?

This could be used as classic social hack to find out what systems a company uses and use some social manipulation to get in.  But the silly part is that you usually do NOT need to keep the info in your record once it’s verified.  After Azure AD says you own the domain, you own it.  Feel free to remove TXT records to keep this info out of the public.