Essential DNS Security Tactics

Updated
  • Updated on Aug 27, 2025
  • Published on Aug 11, 2025
  • 2 minute(s) read
Prev Next

This guide outlines five critical DNS threat management techniques: subdomain enumeration, expired certificate detection, open directory scanning, favicon searches, and unauthorized email server monitoring, utilizing advanced tools like Silent Push to safeguard your organization’s digital footprint.

Enumerate subdomains

Subdomains are prime targets for cybercriminals who exploit misconfigurations to launch impersonation campaigns or subdomain takeovers. Mapping your subdomain landscape provides a top-down view of your public DNS presence, enabling you to identify potential vulnerabilities.

  1. From the left navigation menu, select Attack Surface Mapping > Digital Footprint for Domain > Subdomain Finder.

  2. Enter a domain (e.g., example.com).

  3. Specify a Sorting Order (e.g., alphabetical or by date).

  4. Click Search to list all subdomains and trusted infrastructure.

  5. To monitor changes, click Monitor on the Explore screen, specify a Monitor Name and Description, and then click Save. Monitors run every 24 hours, sending email alerts for new results.

Locate expired certificates to maintain trust

Expired SSL certificates can disrupt secure transactions, cause website downtime, and damage your brand’s reputation. Worse, threat actors create fake certificates mimicking your brand to host malicious content.

  1. From the left navigation menu, select Advanced Query Builder > IPv4 Queries > Scan Data - Certificates.

  2. Enter an IPv4 address and an optional netmask to scan a range.

  3. Specify a certificate fingerprint or domain name (wildcards supported).

  4. Check Expired Certs Only and set a time window (e.g., 30 days).

  5. Limit results and click Search.

Scan for open directories to secure data

Open directories—publicly accessible file folders on web servers—can expose sensitive data, such as configuration files or phishing kits, if not properly secured.

  1. From the left navigation menu, select Advanced Query Builder > IPv4 Queries > Scan Data - Open Directories.

  2. Enter an IPv4 address and an optional netmask to scan a range.

  3. Use the filename field (wildcards supported) to search for phishing kits or malicious files.

  4. Set a time window for scan results.

  5. Optionally, click Copy API URL to integrate with your security stack or Save Query to store parameters for later use.

Favicon searches to detect fake websites

Favicons—small icons in browser address bars or tabs—are often replicated by attackers to make fake websites appear legitimate, tricking users into sharing credentials or downloading malware.

  1. From the left navigation menu, select Advanced Query Builder > IPv4 Queries > Scan Data - Favicon.

  2. Enter an IPv4 address and optional netmask.

  3. Specify whether the IP is “In” or “Not In” a subnet.

  4. Provide an MD5 or MurmurHash, or calculate an mmh3 hash from a URL.

  5. Limit results and click Search.

  6. Optionally, click Copy Raw Data or Copy API URL for integration, or Save Query for future use.

Scan for unauthorized email servers

Unauthorized TXT records can enable email spoofing, allowing attackers to bypass authentication protocols like DKIM and DMARC, often in business email compromise (BEC) scams.

  1. From the left navigation menu, select Attack Surface Mapping > Name in TXT Record > Create New.

  2. Enter your domain name.

  3. Specify a Last Seen period and optional sorting order.

  4. Click Search to locate TXT records associated with your domain.

Regular audits, employee training, and customer education are critical to staying ahead.