Manage Dangling DNS Records

Updated
  • Updated on Aug 13, 2025
  • Published on Aug 11, 2025
  • 1 minute(s) read
Prev Next

Dangling DNS records pose a significant security risk, particularly for organizations with extensive domain and DNS portfolios. These records, which point to deprovisioned or non-existent resources, can enable subdomain takeovers, allowing threat actors to redirect traffic to malicious sites.

Dangling DNS Records

Subdomain takeovers occur when a DNS record, such as a CNAME, MX, or NS record, references a resource that no longer exists. CNAME records are especially critical due to their ability to map hostnames and delegate IP resolution. Silent Push pre-aggregates global DNS data weekly, flagging dangling records by subtracting current A and AAAA records from CNAME, MX, and NS records. An optional live check, enabled by default, confirms the dangling status of identified records, ensuring accurate results.

Get a Dangling DNS Record Count

The Dangling DNS Record Count query provides a fast way to determine the exact number of dangling records for a domain, offering a high-level overview of potential risks.

  1. Navigate to Attack Surface Mapping > Digital Footprint for Domain > Dangling DNS Records Count.

  2. Specify a Domain Name.

  3. Click Search. This process delivers a precise count, helping security teams prioritize further investigation based on the volume of dangling records.

Search for Dangling DNS Records

For a deeper analysis, the Dangling DNS Detection tool allows users to search and validate specific dangling records, integrating with existing security stacks.

  1. Navigate to Attack Surface Mapping > Potential Vulnerabilities > Dangling DNS Detection.

  2. Select a record type to search for (CNAME, MX, or NS).

  3. Specify a domain name in Source (wildcards are supported).

  4. Specify a domain name in Target (wildcards are supported).

  5. (Optional) Check Foreign Targets Only to focus on records outside the source domain.

  6. (Optional) Check Validate Danglers to perform a live DNS lookup and confirm dangling status.

  7. Click Search.

  8. (Optional) Once results are populated, click Copy API URL to integrate findings into your security stack.

Practical Applications and Benefits

  • Risk Assessment: The count feature offers a quick snapshot to gauge exposure, while the search tool provides detailed insights into specific dangling records.

  • Threat Mitigation: Identifying and validating dangling CNAME, MX, or NS records helps prevent subdomain takeovers and traffic redirection.

  • Automation: The API URL option enables seamless integration with other security tools for ongoing monitoring.