You clean up your office, archive old projects, and delete unnecessary files. But have you also checked your DNS settings? In the digital world, "ghost records" often remain: the so-called Dangling DNS records.

At Mediawax, we see that this is one of the most underestimated security risks for modern organizations. In this blog, we explain what it is and how to prevent hackers from taking over your domain name.

What is a Dangling DNS record?

DNS (Domain Name System) acts as the phone book of the internet. A DNS record tells the internet: "If you go to subdomain.yourcompany.be, you must go to this server or cloud service."

A record becomes 'dangling' when it refers to a resource that no longer exists.

Example: You have set up a temporary campaign website on a platform like Azure, Heroku, or Zendesk. After the campaign, you remove the website from the provider, but you forget to remove the reference (the CNAME record) in your DNS settings.

Why is this dangerous? (Subdomain Takeover)

This is where it becomes dangerous. Because your DNS still says that the subdomain must point to that specific external service, a hacker can use that same service to "claim" the spot you left behind.

This process is called a Subdomain Takeover. With this, the hacker gains full control over your subdomain, with all the consequences that entails:

High-level phishing: A hacker can create a fake login page on portal.yourcompany.be. Because it is an official subdomain, it looks 100% trustworthy to customers and employees.

Security bypass: Many cookies and security settings (such as Content Security Policies) rely blindly on subdomains of your own brand. A hacker can exploit this to steal data. Reputational damage: Your official domain can be used to host illegal content or send spam, causing you to end up on blacklists.

How do you prevent dangling records?

Security is a process of constant monitoring. Here are three steps to protect your organization:

Cleanup protocol: Make the removal of DNS records a standard part of "offboarding" a project or service. Are you stopping using a tool? Immediately delete the corresponding record.
Regular audits: Regularly scan your DNS zone for records pointing to external cloud providers and check if those services are still active.
Use of 'Alias' records: Where possible, use specific records that are more closely linked to the status of the source, although this is not always technically possible with every provider.

The role of Mediawax

Managing a complex DNS environment can be overwhelming. At Mediawax, we help organizations keep their digital footprint clean and secure. We perform periodic checks and ensure that no "backdoors" remain open for malicious actors.

Conclusion

A dangling DNS record is an open invitation to hackers. It may seem like a minor administrative detail, but the impact of a subdomain takeover can be enormous. Be proactive and keep your digital records in order.

Do you want to know if your DNS environment is secure?