You want to investigate one of these. What do YOU do? What tools and/or techniques do you find helpful? I'll start with an example. A DNS scenario one might encounter during an OCSP check at ocsp.verisign.com: ocsp.verisign.com. CNAME ocsp-ds.ws.symantec.com.edgekey.net. ocsp-ds.ws.symantec.com.edgekey.net. CNAME e8218.dscb1.akamaiedge.net. e8218.dscb1.akamaiedge.net. A 220.127.116.11 18.104.22.168.in-addr.arpa. PTR a23-4-187-27.deploy.static.akamaitechnologies.com. Which would frustrate users if they want to investigate a firewall report containing limited info about the remote server. Such as: 22.214.171.124 126.96.36.199 (a23-4-187-27.deploy.static.akamaitechnologies.com) e8218.dscb1.akamaiedge.net [188.8.131.52] Edit: I looked over my own, probably lagging, list of links and here are a few that may be of use to someone: https://centralops.net/co/ https://www.robtex.com/ https://www.virustotal.com/en/#search https://www.digwebinterface.com/ https://www.nexcess.net/resources/tools/global-dns-checker/ http://viewdns.info/ https://whoisology.com/ https://www.senderbase.org I also took DNSQuerySniffer (NirSoft) for a spin. First impression was positive. It looks like a convenient way to focus on DNS activity. Be it for short-duration testing or longer-duration capture & save (in multiple formats). I didn't see a way to configure it to perform its own reverse lookups on the IP Addresses it sees. Which would help users to spot IP Addresses associated with parties of interest. However, it would be easy enough to script extract the addresses from one of the save file formats, do your own PTR lookups, then append your results so that they too could be found when searching the save file.