Domain and vulnerability knowledge base
This knowledge base helps you understand and fix vulnerabilities that could expose your organisation to cyber attacks. It’s designed for public sector teams managing DNS, subdomains, and internet-facing services.
What are name server and zone vulnerabilities?
Domain Name System, known as DNS, plays an important role by translating human-readable domain names such as security.gov.uk into IP addresses.
DNS name server and zone vulnerabilities are weaknesses in the systems that manage internet traffic. Attackers can exploit these flaws to target critical parts of the internet’s infrastructure, especially by taking advantage of how DNS works.
Remediation guidance:
- Name servers that don’t provide A record for target domain name
- Name servers with invalid domain names
- Glue is required but not provided. No IPv4/IPv6 glue found on some authoritative or parent name servers
- Name servers not allowing TCP connections to be found
- Domain’s name server number doesn’t meet recommendations
What are dangling resource vulnerabilities?
Dangling resource vulnerabilities occur when system components, like DNS records, subdomains, or storage buckets, are not properly removed. These leftover elements can be hijacked by attackers to impersonate services or access sensitive data.
The most frequent issues involve DNS records that still point to services no longer in use. Attackers can register new services at those addresses and redirect traffic.
Subdomains are another high risk, if they’re not properly decommissioned, they can be reused to host fake websites that look legitimate, tricking users into sharing credentials or downloading malware.
Storage buckets and databases may also remain accessible after deletion, exposing sensitive files, backups, or configuration data that attackers can exploit.