Add-On for DNS Lookup - Splunk Add-On by Deductiv 

Enrich your Splunk searches with DNS query results for any record type from any DNS server.   For additional use cases, see our blog post on DNS-Based Threat Intelligence at https://www.deductiv.net/blog/dns-based-threat-intelligence/.

Lookups (Fields)  
- dnslookup_a (hostname, ip, dns_error)
- dnslookup_mx (hostname, mx, dns_error)
- dnslookup_reverse (hostname, ip, dns_error)
- dnslookup_ptr (Same as _reverse but here for conventions)
- dnslookup_ns (hostname, ns, dns_error)
- dnslookup_aaaa (hostname, aaaa, dns_error)
- dnslookup_txt (hostname, txt, dns_error)
- dnslookup_cname (hostname, cname, dns_error)
- dnslookup_alias (hostname, alias, dns_error)
- dnslookup_soa (hostname, soa, dns_error)
- dnslookup_srv (hostname, srv, dns_error)  

These are also available as dns_[resolver]_* lookups for Google (google), CloudFlare (cf), and OpenDNS (opendns).  For example, dnslookup_google_a.  See the README or Details tab for more information.

Customization  
Users have the ability to customize the lookups to use their own dns server or another request type. Use the examples in default/transforms.conf to create your own version.

If you find this free app useful, please give it a rating.