Scan PADNS data for dangling DNS records

  • Updated on May 16, 2023
  • Published on Apr 12, 2023
  • 1 minute(s) read
Prev Next

Subdomain takeovers are a common threat for any organization with extensive domain and DNS holdings. On a basic level, they enable threat actors to redirect traffic intended for an organization’s domain, to a site performing malicious activity.

Takeovers occur when a DNS record points to a deprovisioned resource - such DNS records are also known as "dangling" DNS entries.

CNAME records are of particular importance in subdomain takeovers, given their ability to map hostnames together, and delegate IP resolution.

Silent Push pre-aggregates global DNS data, and flags any records that are considered to be dangling, on a weekly basis. We achieve this by collecting all current CNAME, MX or NS records and subtracting all current A and AAAA records – the remaining CNAME, MX and NS records are then searchable on the platform.

As well as a more comprehensive lookup, Silent Push also provides a quick PADNS search that identifies dangling DNS records for a given domain.

  1. Navigate to Advanced Query Builder > Xperimental Queries > PADNS Report On Dangling Records

  2. Specify a domain

  3. (Optional) Choose a DNS record type to focus on:

    1. CNAME
    2. MX
    3. NS
    4. ALL

  4. (Optional) Select counts_only to only output a count of records

  5. (Optional) Select changes_only to only show changed records

  6. Click Search

Saving queries

Organizational users are able to save individual queries ran from Advanced Query Builder, and store them in the Private Queries menu for future analysis, or to share with their organization.

  1. Specify the query parameters

  2. Click Save Query

  3. Give your query a Name

  4. Specify a Description to add more context

  5. Click Save