---
title: Kubernetes DNS enumeration
description: Datadog, the leading service for cloud-scale monitoring.
breadcrumbs: Docs > Datadog Security > OOTB Rules > Kubernetes DNS enumeration
---

# Kubernetes DNS enumeration
Classification:attackTactic:[TA0007-discovery](https://attack.mitre.org/tactics/TA0007)Technique:[T1046-network-service-discovery](https://attack.mitre.org/techniques/T1046) 
## What happened{% #what-happened %}

The process `{{ @process.comm }}` made a DNS request for `{{ @dns.question.name }}`, potentially for enumeration.

## Goal{% #goal %}

Detect the use of an internal DNS query to `any.any.svc.cluster.local`.

## Strategy{% #strategy %}

This detection triggers when a DNS query is requested for `any.any.svc.cluster.local`, which returns all Service DNS records and the corresponding IP. The information can be further leveraged for additional discovery and enumeration.

## Triage and response{% #triage-and-response %}

1. Identify the purpose of the container using tags, such as the image and service tags.
1. Determine if any of the targets of the enumeration have additional discovery performed.
1. Initiate the incident response process.
1. Remediate compromised resources and repair the root cause.

*Requires Agent version 7.36 or greater*