What it is
A dangling DNS record appears when infrastructure is removed but the DNS entry survives—think deleted cloud instances, abandoned SaaS integrations, or decommissioned servers. The record continues to resolve to a hostname or IP that no longer belongs to you, leaving an orphaned pointer attackers can claim.
Why it matters
Adversaries actively scan for abandoned DNS records because they enable:
- Subdomain takeovers that let attackers serve content under your domain
- Phishing and malware distribution that impersonates your brand
- Traffic hijacking or data interception for APIs, email, or CDN endpoints
- Persistent damage to trust and compliance posture
These exposures often persist unnoticed for months, making them a reliable foothold for opportunistic attacks.
How to reduce risk
- Inventory and monitor all domains, subdomains, and third-party integrations
- Remove DNS records that point to inactive cloud services or deprecated tools
- Validate ownership of SaaS resources before deleting them, ensuring DNS updates happen first
- Use automated attack surface discovery or DNS monitoring to catch new dangling entries quickly