DEV Community

Cover image for What is Dangling DNS? (And How It Can Lead to Domain Takeovers)
davinceleecode
davinceleecode Subscriber

Posted on

What is Dangling DNS? (And How It Can Lead to Domain Takeovers)

#dns #cybersecurity #webdev #devops

Ever deleted a cloud app and forgot to clean up your DNS?
You might be leaving the door open for attackers.

๐Ÿ‘€ What is a Dangling DNS?

A dangling DNS record occurs when:

  • A DNS record (like a CNAME or A record) still points to a cloud service (e.g. Azure App Service, AWS S3, GitHub Pages)
  • But the resource has already been deleted

This leaves the DNS record โ€œdanglingโ€ โ€” pointing to a hostname that no longer exists, but could be claimed by someone else.

๐Ÿงจ Why is it Dangerous?

An attacker can:

  1. Identify the orphaned DNS entry (e.g. blog.yoursite.com โ†’ yourapp.azurewebsites.net)
  2. Claim the deleted resource name (e.g. create a new App Service with that exact name)
  3. Host malicious content under your subdomain

This allows them to:

  • Impersonate your brand
  • Steal user data
  • Inject phishing pages
  • Break your site's security reputation (e.g. email domain spoofing)

๐Ÿ” Real Example

Letโ€™s say you had:
CNAME blog.yourdomain.com โ†’ yourblog.azurewebsites.net

Then you:

  • Deleted the App Service yourblog on Azure
  • But forgot to remove the CNAME from your DNS provider

Now an attacker registers yourblog.azurewebsites.net (if available), and your blog.yourdomain.com will start pointing to them!

๐Ÿ›ก๏ธ How to Prevent Dangling DNS

โœ… Always do these:

  1. Clean up DNS records when deleting cloud services
  2. Audit your DNS regularly for unused entries
  3. Use DNS monitoring tools to detect dangling links
  4. Enable ownership validation on platforms that support it (e.g. GitHub, Netlify)

๐Ÿ’ก On Azure:

  • If you delete an App Service and used a custom domain, remove the A/CNAME/TXT records immediately

๐Ÿ“Œ TL;DR

Term Meaning
Dangling DNS A DNS record pointing to a deleted or unowned cloud resource
Risk Subdomain takeover, phishing, brand impersonation
Fix Delete unused DNS entries after decommissioning services

Have you ever found a dangling DNS record in your project? Let me know in the comments โ€” and donโ€™t forget to audit your DNS zones today!

If you found this helpful, consider supporting my work at โ˜• Buy Me a Coffee.

Top comments (0)