Essential DNS Security Tactics

Updated
  • Updated on Aug 12, 2025
  • Published on Aug 11, 2025
  • 2 minute(s) read
Prev Next

This guide outlines five critical DNS threat management techniques—subdomain enumeration, expired certificate detection, open directory scanning, favicon searches, and unauthorized email server monitoring—using advanced tools like Silent Push to safeguard your organization’s digital footprint.

Enumerate subdomains

Subdomains are prime targets for cybercriminals who exploit misconfigurations to launch impersonation campaigns or subdomain takeovers. Mapping your subdomain landscape provides a top-down view of your public DNS presence, helping you identify vulnerabilities.

  1. Navigate to Attack Surface Mapping > Digital Footprint for Domain > Subdomain Finder.

  2. Enter a domain (e.g., example.com).

  3. Specify a Sorting Order (e.g., alphabetical or by date).

  4. Click Search to list all subdomains and trusted infrastructure.

  5. To monitor changes, click Monitor on the Explore screen, specify a Monitor Name and Description, and save. Monitors run every 24 hours, sending email alerts for new results.

Locate expired certificates to maintain trust

Expired SSL certificates can disrupt secure transactions, cause website downtime, and damage your brand’s reputation. Worse, threat actors create fake certificates mimicking your brand to host malicious content.

  1. Navigate to Advanced Query Builder > IPv4 Queries > Scan Data - Certificates.

  2. Enter an IPv4 address and an optional netmask to scan a range.

  3. Specify a certificate fingerprint or domain name (wildcards supported).

  4. Check Expired Certs Only and set a time window (e.g., 30 days).

  5. Limit results and click Search.

Scan for open directories to secure data

Open directories—publicly accessible file folders on webservers—can expose sensitive data like configuration files or phishing kits if not properly secured.

  1. Navigate to Advanced Query Builder > IPv4 Queries > Scan Data - Open Directories.

  2. Enter an IPv4 address and an optional netmask to scan a range.

  3. Use the filename field (wildcards supported) to search for phishing kits or malicious files.

  4. Set a time window for scan results.

  5. Optionally, click Copy API URL to integrate with your security stack or Save Query to store parameters for later use.

Favicon searches to detect fake websites

Favicons—small icons in browser address bars or tabs—are often replicated by attackers to make fake websites appear legitimate, tricking users into sharing credentials or downloading malware.

  1. Navigate to Advanced Query Builder > IPv4 Queries > Scan Data - Favicon.

  2. Enter an IPv4 address and optional netmask.

  3. Specify whether the IP is “In” or “Not In” a subnet.

  4. Provide an MD5 or MurmurHash, or calculate an mmh3 hash from a URL.

  5. Limit results and click Search.

  6. Optionally, click Copy Raw Data or Copy API URL for integration, or Save Query for future use.

Scan for unauthorized email servers

Unauthorized TXT records can enable email spoofing, allowing attackers to bypass authentication protocols like DKIM and DMARC, often in business email compromise (BEC) scams.

  1. Navigate to Attack Surface Mapping > Name in TXT Record > Create New.

  2. Enter your domain name.

  3. Specify a “Last Seen” period and optional sorting order.

  4. Click Search to locate TXT records associated with your domain.

Regular audits, employee training, and customer education are critical to staying ahead. Protect your organization’s reputation and revenue—start securing your DNS infrastructure today.