During a penetration test, if unexpected DNS records are found, what should the team do next?

When unexpected DNS records are discovered during a penetration test, the most appropriate next step is to conduct edge discovery. This process involves identifying and analyzing the boundaries of the network, which can help to uncover the presence of unaccounted systems or services that may be exposed to the internet.

Edge discovery allows the team to map out the network's extremities where potential vulnerabilities could exist. This is particularly relevant following the discovery of unusual DNS records, as these may indicate rogue devices, misconfigured services, or other potential security risks at the network edge. By examining the edge, the penetration testing team can gather critical information that supports further investigation into these unexpected records and enhances their understanding of the attack surface.

While network, host, and passive discoveries provide valuable information about the overall environment, edge discovery specifically targets the aspects of the network that might be exhibiting irregularities due to those unexpected DNS records. This makes it the most suitable next step in such a scenario.