Foreign Subdomains

Any ideas on how we might have sub domains appearing on a Attack Surface and DNS reports that do not belong to our organization. I have checked all DNS entries and looked for dangling CNAMES etc but…nothing stands out. For example: gateway.region10.org

HTTP: nginx
HTTPS: nginx
HTTP TECH: nginx
HTTPS TECH: nginx 54.86.103.22
ec2-54-86-103-22.compute-1.amazonaws.com AMAZON-AES
United States

If region10.org is your domain then you have a wildcard so any subdomain, regardless if you have it specifically defined, will exist.

;; QUESTION SECTION:
;thistotallydoesntexist.region10.org. IN	A

;; ANSWER SECTION:
thistotallydoesntexist.region10.org. 300 IN A	54.86.103.22
1 Like

What would be the best way to mitigate this? And thank you so much for this. This makes sense.

You have a wildcard record (aka one for *) which you’ll need to remove.

I’d recommend making sure you do have the specific records for all the subdomains you do actually want to point to that IP first.

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.