Discover Dangling Domains that point to your cloud assets to prevent subdomain takeover

Dangling domains are DNS records that point to a domain or subdomain that no longer exists or is not configured properly. It occurs when a domain or subdomain has been deleted, but the DNS record that resolves the domain or subdomain still exists in the DNS server. A dangling domain can occur for several reasons, including if the owner of the domain or subdomain forgets to remove the DNS record, or if the service associated with the domain or subdomain is discontinued or moved to a different location. Dangling domains can become problematic as they can be exploited by attackers for malicious activities such as phishing attacks, spamming, and distributing malware. 
 
To fully understand how this security misconfiguration can result in a complete attack path, we first need to understand what DNS server and DNS records are and how they correlate. 
 
What is DNS? 
 
DNS stands for Domain Name System. It is a hierarchical decentralized naming system used to translate domain names into IP addresses, essentially acting as a phone book for the internet. For example, if we open our web browser and type “lightspintest.net”, a request is sent to the DNS server asking for the IP address behind “lightspintest.net”. The response to this request exists in a DNS resource record (RR) in the zone file of the DNS server which is responsible for the “lightspintest.net” domain. There are various types of DNS resource records where each contains different types of information, depending on its purpose. For example, an “A” record maps a domain name to an IPV4 address, while a “MX” record specifies the mail server responsible for accepting email messages for the domain. Another common type of DNS resource record is “CNAME” (canonical name), which acts as an alias and maps one domain name to another. 

The post Discover Dangling Domains that point to your cloud assets to prevent subdomain takeover appeared first on Security Boulevard.