What is Dangling DNS? (And How It Can Lead to Domain Takeovers)

#dns #cybersecurity #webdev #devops

Ever deleted a cloud app and forgot to clean up your DNS?
You might be leaving the door open for attackers.

👀 What is a Dangling DNS?

A dangling DNS record occurs when:

A DNS record (like a CNAME or A record) still points to a cloud service (e.g. Azure App Service, AWS S3, GitHub Pages)
But the resource has already been deleted

This leaves the DNS record “dangling” — pointing to a hostname that no longer exists, but could be claimed by someone else.

An attacker can:

Identify the orphaned DNS entry (e.g. blog.yoursite.com → yourapp.azurewebsites.net)
Claim the deleted resource name (e.g. create a new App Service with that exact name)
Host malicious content under your subdomain

This allows them to:

Let’s say you had:
CNAME blog.yourdomain.com → yourblog.azurewebsites.net

Then you:

Now an attacker registers yourblog.azurewebsites.net (if available), and your blog.yourdomain.com will start pointing to them!

✅ Always do these:

Clean up DNS records when deleting cloud services
Audit your DNS regularly for unused entries
Use DNS monitoring tools to detect dangling links
Enable ownership validation on platforms that support it (e.g. GitHub, Netlify)

💡 On Azure:

If you delete an App Service and used a custom domain, remove the A/CNAME/TXT records immediately

Term	Meaning
Dangling DNS	A DNS record pointing to a deleted or unowned cloud resource
Risk	Subdomain takeover, phishing, brand impersonation
Fix	Delete unused DNS entries after decommissioning services