In this more technical episode, we dive deep into the complexities of DNS and DNS resolution in the context of Attack Surface Management (ASM). Join us as we explore the unseen challenges that arise when scaling asset discovery, particularly when dealing with DNS wildcards and their implications for security scanning solutions. Our hosts, Michael and Shubs, share their extensive experiences in managing DNS resolution at scale, discussing the importance of accurate asset discovery and the pitfalls of relying solely on IP-centric approaches. They highlight the significance of DNS data in understanding attack surfaces and the need for robust wildcard detection to filter out junk assets effectively. We also touch on the technical challenges faced when building a reliable DNS resolution infrastructure, the limitations of popular cloud providers like AWS, and the importance of observability in ensuring accurate results. Additionally, we share insights from a recent presentation on DNS poisoning at scale, revealing how unexpected patterns can lead to significant security implications. Topics Covered: The importance of DNS resolution in ASMChallenges with DNS wildcards and asset discoveryIP-centric vs. DNS-centric approachesBuilding a reliable DNS resolution infrastructureInsights on DNS poisoning and its implications