Hi,
I am bit confused. Because "forcing AEM to perform a hostname lookup" (especially in the context of a security finding) is a completely different topic than performing a hostname lookup as part of normal operation (or in a customization).
Based on your initial posting the question "The payload uge************l5oipzq7ejwa71du1nzbt5hv4lsa.burpcollaborator.net was submitted in the HTTP Host header.'" suggests that an attacker can submit an arbitrary host name in the "Host" header of a request.
This header (as part of HTTP/1.1) specifies the hostname your client wants to address (as it is possible to host multiple hostnames on a single endpoint, speak: you can host a multitude of sites on a single site using distinct hostnames). And from I read your question, this hostname is resolved somewhere, causing a DNS lookup. And the security audit marks this as a security problem. Is that correct? If yes, you should create a AEM support ticket. And please also include the assessment, why this is a security problem at all. (My personal understanding is that this is not a security issue, and I am quite sure, that our security team is interested in the understanding of the security auditor as well.)
The other question "How do I do a hostname lookup in AEM" is not really specific to AEM. AEM is a java-based application and it uses the standard java APIs to resolve hostnames (e.g. using the class InetAddress) or one of the many other libraries which offer more highlevel services and do hostname lookups as part of this. There is nothing specific to AEM.
HTH,
Jörg
