Skip to main content

Beta What do you think of this service? Your feedback will help us to improve it.

  5. Domain pointing to non-existing page on a third-party service

Author: Government Security Group

Domain pointing to non-existing page on a third-party service

What this means

A domain is configured to redirect to a page on a third-party service such as Akamai or Azure Front Door, but the page does not exist. 

This situation usually occurs when an A or CNAME record points to a service that is no longer active or has been decommissioned.

This is most likely because:

  • the service was decommissioned but the DNS records were not updated
  • there was an error or typo in the configuration of the DNS records
  • the service was never properly set up or has been moved to a different address without updating the DNS configuration

Why this is a problem

When a domain points to a non-existing page, a malicious actor could potentially exploit this by creating a page on the third-party service using the same host name.

This can lead to an attacker gaining control over the site and serving malicious content or phishing pages such as:

  • redirecting users to fraudulent websites
  • distributing malware
  • conducting phishing attacks by mimicking legitimate services
  • compromising user data and privacy through session hijacking or cookie theft

This can severely damage the reputation of the affected domain and lead to further security breaches.

How to check if the problem is still there

You will need to perform multiple checks to determine if there is a problem.

Browse to the affected domain in a web browser to see if the page exists.

If the page returns a 404 error or similar, then it suggests that the page does not exist and is vulnerable to being registered on the third-party service by a malicious actor.

Use dig to query the CNAME record for the subdomain.

Example

dig cname subdomain.example.gov.uk +short

subdomain.examplesupplier.co.uk

Check if the CNAME record resolves to a non-existing page. Take the output of the previous command and check for a further CNAME record.

dig CNAME subdomain.example.gov.uk +short

subomain.examplesupplier2.co.uk

Keep following the CNAME chain until you don’t get a response for the CNAME query. When you reach a domain without a CNAME check for an A record.

dig a subdomain.examplesupplier2.co.uk

If the response is NXDOMAIN (Non-Existent Domain), it indicates that the page does not exist on the third-party service.

How to fix it

Update the DNS records:

  • remove or correct any CNAME records that point to non-existing pages
  • ensure that all DNS records are pointing to valid and active services
  • decommission unused subdomains. If the subdomain is no longer needed, remove the DNS records to prevent potential misuse
  • implement change control policies to manage the lifecycle of creation and removal of DNS records, so that when third-party services are removed or decommissioned, that corresponding DNS records are tidied up

By keeping your DNS records properly configured and pointing to valid services, you can mitigate the risk of subdomain takeover and ensure that your domain’s users are directed to the intended destinations.

Sign up to UK Government Security

Subscribe to our newsletters to receive notifications when changes to strategy, policy, standards, and guidance are published on the website.

Sign up now