DNSDB Scout Updates: Streamlined Interoperability with Iris Investigate
We’ve released DNSDB Scout v2.5.9, bringing you improvements designed to make your investigative workflows smoother and more efficient; specifically:
- Improving interoperability between Scout and Iris Investigate
- Streamlining copy/paste/export of data from Scout for use in other tools
Seamless Pivoting to Iris Investigate
For those who use DNSDB Scout together with Iris Investigate, we’ve added a new pivot option. You’ll now find an “Iris Investigate Inspect” tooltip option for all domain pivots in Scout.
Clicking this option will open a new browser tab directly to the Iris Investigate Inspect modal window, allowing you to quickly gather more information about a domain and initiate a new investigation. This is an effort to reduce friction and promote seamless interoperability between your security tools.
As Iris Investigate does not fully support subdomains in all contexts, the platform will typically fall back to the apex domain (e.g., sub.domain.com will pivot to domain.com). If you do not have an Iris Investigate subscription, you will be directed to the login page.
Improved Copy-Pasting from Scout’s Search Results Table
To improve data handling—especially from Scout to Iris Investigate—we’ve enhanced single-click copying from the Search Results table. Previously, copying data often included extra quotes and trailing dots, requiring manual editing of the copied results when pasting into other tools. With v2.5.9, this process is more streamlined.
What’s changed?
- Default Formatting: When you single-click to copy an RRName, Bailiwick, or RData cell, the data will now be “bracket defanged” (e.g., domain.com becomes domain[.]com) and root dots will be removed by default (e.g., domain.com. becomes domain.com). The extra quotes for the RRType column are now also removed by default. This formatting aims to make the copied data immediately usable in many other tools like spreadsheets and investigation platforms.
- Customization Option: If you prefer the old behavior, or no extra formatting at all, you can easily adjust your Copy-Cell-to-Clipboard settings in a new section on the Options page.
This change aims to minimize manual data cleanup and expedite investigations, particularly when pasting data into tools such as Iris Investigate.
The following table gives examples of how copying-to-clipboard works now, and how it worked before:
| Raw Data From Cell | Copy Cell to Clipboard (New v2.5.9 Default: Defang) | Copy Cell to Clipboard (v.2.5.8 & v2.5.9 Option: Quotes) |
| domain.com. | domain[.]com | “domain.com.” |
| 1.2.3.4 | 1.2.3[.]4 | “1.2.3.4” |
| a. | a | “a.” |
| abcd::1234 | abcd:[:]1234 | “abcd::1234” |
| 1 aspmx.l.google.com.,5 alt1.aspmx.l.google.com. | 1 aspmx.l.google[.]com,5 alt1.aspmx.l.google[.]com | “1 aspmx.l.google.com.,5 alt1.aspmx.l.google.com.” |
Note: there are a few limitations for the new default defanging behavior:
- IPv4 and IPv6 CIDR notation are not defanged.
- To avoid ambiguity or false positives, deep defanging and root dot removals are not applied to FQDN or IP address substrings, or to reversed RRNames.
Streamlined Exports: Adjustments for Trailing Root Dots
We’ve also introduced a new option to simplify your exported files. You can now opt into removing the root dot from fully qualified domain names (FQDNs) in RRName, Bailiwick, and RData columns for all exported file types.
This option was added to improve compatibility with other tools that may not expect trailing root dots. Our goal is to provide cleaner, more directly usable data without altering the fundamental meaning of your exported RData, maintaining consistency with the DNSDB API response for replicability.
You’ll find this new setting on the Options page.
Here are a few examples of how the export behavior still works by default, and the optional new export behavior:
| Raw Data From Cell | Default (v2.5.8 & v2.5.9) | Opt Into ‘Remove Trailing Root Dot’ (v2.5.9) |
| domain.com. | domain.com. | domain.com. |
| sub.domain.com. | sub.domain.com. | sub.domain.com |
| a. | a. | a |
| 1 aspmx.l.google.com.,5 alt1.aspmx.l.google.com. | 1 aspmx.l.google.com.,5 alt1.aspmx.l.google.com. | 1 aspmx.l.google.com,5 alt1.aspmx.l.google.com |
Note: There are a few limitations for the new opt-in export formatting behavior:
- To avoid ambiguity or false positives, deep removal of the root dot is not applied to all FQDN substrings (such as in SPF/TXT records), or to reversed RRNames.
- Removing the root dot in data exports may impact Regex Highlighting (e.g., in PDFs) if your original query included a root dot (\.$).
Removing the root dot in data exports may impact Regex Highlighting (e.g., in PDFs) if your original query included a root dot (\.$).
Conclusion
We believe these updates will enhance your experience with DNSDB Scout by improving interoperability and data handling. If you’re curious to learn more about how DNSDB and Iris Investigate complement each other by blending active and passive DNS intelligence, check out this blog post to follow a sample investigation utilizing both solutions.
Request a demo today if you’d like to learn more about DomainTools solutions!
