Glossary

Dangling DNS Record — Subdomain Takeover Risk

A dangling DNS record is a DNS entry — usually a CNAME — that points to an external service that no longer exists or has been deleted. The DNS record remains published but the resource it references is gone, leaving an unclaimed endpoint that an attacker can register to serve content under your domain.

Why Dangling Records Are Dangerous

When the target service is gone, the name is available for anyone to claim. An attacker who registers it can serve content under your subdomain — phishing pages, malware, or credential harvesting forms — all appearing to come from your domain.

Most Common Sources

Deleted Heroku apps
Deleted GitHub Pages repos
Unclaimed S3 buckets
Deleted Netlify/Vercel deployments
Deprovisioned Azure web apps

How to Find Them

Run DomainPreflight Dangling Records — discovers your subdomains via certificate logs and checks each CNAME against known takeover fingerprints.

Scan for takeover risk

Open Dangling Records →

Also read: Subdomain takeover · CNAME record

FAQ

What is a dangling DNS record?

A DNS entry pointing to an external service that no longer exists. An attacker can claim the deleted resource and serve content under your subdomain.

How do I find dangling DNS records?

Run DomainPreflight Dangling Records — it discovers your subdomains via certificate transparency logs and checks each one for takeover risk.

How do I fix a dangling DNS record?

Delete the DNS record. If you still need the subdomain, recreate the service first so the CNAME points to something you control.

← All glossary terms