DNS Zone Takeover - shop.example.com

A DNS Zone Takeover vulnerability was detected on shop.example.com. This subdomain is configured to use Name Server (NS) records pointing to Azure DNS, but the DNS zone has been deleted or abandoned in Azure DNS, allowing an attacker to potentially take control of the subdomain.

The subdomain currently has 1 NS record pointing to Azure DNS:

• •ns1-05.azure-dns.com

If an attacker claims the abandoned DNS zone in Azure DNS:

• •Host malicious content on your subdomain (shop.example.com)
• •Steal cookies and session tokens from users visiting the subdomain
• •Phish users by hosting fake login pages on a trusted domain
• •Bypass security policies that allowlist your domain
• •Damage your brand reputation by hosting inappropriate or malicious content
• •Intercept sensitive data if users submit forms or credentials

This is a high-severity vulnerability because it allows complete control over a subdomain under your domain name.

Check DNS Records:

Verify the NS records for shop.example.com:

dig shop.example.com @1.1.1.1 +trace | grep shop.example.com

You should see 1 NS record: ns1-05.azure-dns.com

Verify Zone Status:

• •Log into Azure DNS and verify if the DNS zone for this subdomain exists
• •If the zone is missing or deleted, the takeover vulnerability is confirmed

• •Remove the NS Records (if subdomain is not needed): Delete the subdomain or remove the NS record configuration from your DNS.
• •Recreate the DNS Zone (if subdomain is needed): Log into Azure DNS, recreate the DNS zone for this subdomain, and configure proper DNS records.