{"id":40151,"date":"2021-03-23T00:04:24","date_gmt":"2021-03-23T07:04:24","guid":{"rendered":"https:\/\/devblogs.microsoft.com\/premier-developer\/?p=40151"},"modified":"2021-03-18T09:12:41","modified_gmt":"2021-03-18T16:12:41","slug":"dangling-dns-and-subdomain-takeovers","status":"publish","type":"post","link":"https:\/\/devblogs.microsoft.com\/premier-developer\/dangling-dns-and-subdomain-takeovers\/","title":{"rendered":"Dangling DNS and Subdomain Takeovers"},"content":{"rendered":"<p><a href=\"https:\/\/www.linkedin.com\/in\/andrewkanieski\/\" target=\"_blank\" rel=\"noopener\">Andrew Kanieski<\/a> takes a look at what\u2019s known as a \u201cDangling DNS Subdomain Takeover\u201d.\u00a0 It&#8217;s a common way for bad actors to gain unintended access to hosting a site in <strong>your<\/strong>\u00a0subdomain.<\/p>\n<hr \/>\n<p>It\u2019s a busy work week, your backlog seems never-ending, you\u2019re rushing to get things pushed out to production. You think I\u2019ve got a new configuration for my Frontdoor that I want to deploy, I\u2019ll just tear down the old one and push that ARM template to deploy it\u2019s replacement. You fire off the delete command. Once it\u2019s done you push the latest scripts for deployment and go get coffee. You comeback to find that although the delete was successful the deployment failed. You check the error logs, \u201cName already in use\u201d.<\/p>\n<p>You think, meh, no problem, I\u2019ll just run the deployment, maybe the delete hadn\u2019t fully committed before the replacement was deployed with the same name. You run it again, \u201cName already in use\u201d. You triple check. Same. You go to your resource explorer looking for the Frontdoor with the same name. It\u2019s not there. What\u2019s going on??<\/p>\n<p>You go to visit your application to see if it\u2019s running, you swing over to\u00a0<code>app.sample.com<\/code>\u00a0which should, by way of a CNAME entry on your domain, route you directly to your Frontdoor. You find that the website takes you to some other website. Another website, being hosted under\u00a0<strong>your<\/strong>\u00a0subdomain. Have I been hacked?<\/p>\n<p>The scenario I describe above is what\u2019s known as a \u201cDangling DNS Subdomain Takeover\u201d, and is a common way for bad actors to gain unintended access to hosting a site in\u00a0<strong>your<\/strong>\u00a0subdomain. Let\u2019s break down how it works!<\/p>\n<p><a href=\"https:\/\/www.andrewkanieski.com\/post\/dangling-dns-and-subdomain-takeovers-oh-my\/\">Check out the full story on Andrew&#8217;s blog<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>This post explores what is commonly referred to as a \u201cDangling DNS Subdomain Takeover\u201d and why you never delete a resource that backs a CNAME entry in your DNS without first redirecting or removing the CNAME record first.<\/p>\n","protected":false},"author":582,"featured_media":38586,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[25],"tags":[24,592],"class_list":["post-40151","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-azure","tag-azure","tag-azure-dns"],"acf":[],"blog_post_summary":"<p>This post explores what is commonly referred to as a \u201cDangling DNS Subdomain Takeover\u201d and why you never delete a resource that backs a CNAME entry in your DNS without first redirecting or removing the CNAME record first.<\/p>\n","_links":{"self":[{"href":"https:\/\/devblogs.microsoft.com\/premier-developer\/wp-json\/wp\/v2\/posts\/40151","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/devblogs.microsoft.com\/premier-developer\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/devblogs.microsoft.com\/premier-developer\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/premier-developer\/wp-json\/wp\/v2\/users\/582"}],"replies":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/premier-developer\/wp-json\/wp\/v2\/comments?post=40151"}],"version-history":[{"count":0,"href":"https:\/\/devblogs.microsoft.com\/premier-developer\/wp-json\/wp\/v2\/posts\/40151\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/premier-developer\/wp-json\/wp\/v2\/media\/38586"}],"wp:attachment":[{"href":"https:\/\/devblogs.microsoft.com\/premier-developer\/wp-json\/wp\/v2\/media?parent=40151"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/premier-developer\/wp-json\/wp\/v2\/categories?post=40151"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/premier-developer\/wp-json\/wp\/v2\/tags?post=40151"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}