Articles in this section

How to Provide Hostname Resolution Without Using Public DNS

Avatar
Sam Illingworth
  • Updated
Follow

When a scan is run targeting a hostname, by default AppCheck resolves the hostname to an IP address using public DNS.

There may be times when you cannot or do not wish to use the IP address returned by public DNS. In such situations there are two possible solutions:

  1. Use a Private Scan Hub with Internal DNS
  2. Use a Private Scan Hub With A Hosts File
  3. Specify Address Mappings In Scan Configurations

Use a Private Scan Hub with Internal DNS

If you have purchased an AppCheck Private Scan Hub you can configure it to use your organisation's internal DNS.

This is set in the hub's netplan configuration file.  If you did not set this during the hub's setup wizard, you can edit the netplan configuration file in /etc/netplan/ (the exact file name will depend on your VM platform) using nano, eg sudo nano /etc/netplan/01-netcfg.yaml.  Simply change the nameservers entry to your own DNS servers:

Screenshot 2025-05-30 at 09.36.57.png

In the above example the internal address 10.0.0.2 has been added as the first DNS server, with Google's 8.8.8.8 remaining as the second DNS server.

Use a Private Scan Hub With Host Entries

If you have purchased an AppCheck Private Scan Hub you can configure its equivalent of a hosts file via the interface within the main AppCheck Dashboard (not the Scan Hub's local dashboard):

  1. Scan Hubs
    1. [your private scan hub]
      1. Host Entries

Example

Screenshot 2024-10-22 at 12.36.33.png

Specify Address Mappings in Scan Configurations

You can specify hostname/IP address mappings in individual scan configurations, which will be used instead of any entries in DNS or in private scan hubs' hosts files.

Adding a custom mapping to a scan configuration is done in the following location:

  1. Scan Settings
    1. Advanced Config Settings
      1. Config Flags

You will need to add a line of JSON, in this format:

DNS:{"example.com": "203.0.113.69"}

There should only be one line, but it can contain multiple hostname/IP address pairs, eg

DNS:{"example.com": "203.0.113.69", "www.example.com": "203.0.113.69", "api.example.com": "203.0.113.45"}

Remember to include mappings for subdomains when required, as they will not automatically use the mapping provided for the parent domain.

Related articles

Comments

0 comments

Article is closed for comments.