DNS Dangling Record

medium Web App Scanning Plugin ID 114572

Language:

Synopsis

DNS Dangling Record

Description

Deploying web applications often require developers or system administrators to configure DNS records to target a third party service. Most common scenarios include to either configure a canonical name record (CNAME) or to declare specific name server records (NS) to delegate a specific DNS zone management. DNS dangling records exist because they target external services which do not exist anymore. When this is directly exploitable, a remote and unauthenticated attacker can perform a DNS takeover.

The plugin currently supports the following services:
- Gitbook
- Hubspot
- Intercom
- JazzHR
- Kinsta
- Lemlist
- Netlify
- Smugsmug
- Teamwork
- Tilda
- UserVoice

Solution

As a first step, remove the DNS record from your DNS zone. Even if the target does not allow directly to escaladate the issue to subdomain takeover, having records targeting external services out of your organization control is not a good practice and can lead to such issue depending on how this third party evolves. Review the web application provisioning process to ensure that DNS records are created only when the target service is up and running as expected. When deprovisioning a service, first remove the DNS record before deactivating the service on the third party service.