Hi all. I’m looking to find any information regarding the assigned DNS servers to a client’s network adapter. I would be looking for the IPs of DNS servers assigned to physical adapter(s) on each host. I don’t need to look up DNS events. I just want to collect any/all DNS servers per machine per adapter. I tried dumping the table “dns_resolvers” but that doesn’t seem to break it down by network adapter. Is this data available in osquery/fleet somewhere else I’m missing? Thanks

Hi, Jesse. Did you try "interface_details" table? You you also try file carving to gather your network adapters conf.

Thanks. Yes. interface_details doesn’t have the DNS resolver information, though it does list the interfaces. I’m trying to collate the bindings. Yeah, we can go through all the machines to collect the files, but I was really hoping given the two tables “dns_resolvers” and “interface_details” I might be able to get the info. Thanks.

Hi folks. Indeed. Looks like DNS columns of

interface_details

are only present on Windows: https://github.com/osquery/osquery/blob/22d9de19a348cdcc9dfdf51ae3db22895fe315a2/specs/interface_details.table#L30-L48 Another option is to look for a configuration file that could be parsed with the

augeas

table.