It is more common to have routines for adding new functions than for cleaning-up old ones that are not in use anymore.
We see one example of that when we look at data in Hälsoläget.
Through the Hardenize tool, Internetstiftelsen measure regularly the security status of selected Swedish domain names. Focus is on banks, government agencies, municipalities, media and other sectors that are important for a functioning society. The investigation is therefore an important check-up of vital parts of services on Internet in Sweden.
Level of security is measured within web, email and DNS, where the measures show if these actors, important for society, use the important standardized functions and settings to make their web sites, domain names and email system safe.
We have not added any fine details, but only included the standardized, basic parts. It is not about special functions but about security functions that simply should be included.
Since 2020 we have collected and saved data for all measures in every month for the tested domain names to be able to follow the development in the long run. When we in January 2024 compared the test results with those in December 2023, we could see that almost half of the domain names had decreased value of the DNS measurement. That was worrying. At close look we could see that many domain names had got the value WARNING in DNS because there is a DNS record that points at another domain name, and that other name does not exist (DNS lookup of the name gives NXDOMAIN). That could, in worst case, lead to that some evil agent grabs the name and then could direct traffic to its own server.
In this specific case it seems like a service provider has discontinued a service at new year and removed the service name from DNS. Several domain names tested by Hälsoläget have not removed its DNS pointer to the server. Since the service does not exist anymore, or require another configuration, it has become garbage in the zone files for those domain names.
This case gives us the opportunity to remind ourselves and all readers how important it is to clean up to make sure there is no junk polluting. Opportunity makes the thief, and that could be the case here.
Do a yearly review of all services that you are responsible for announcing in DNS and check that the data in DNS is correct. If you find anything that is wrong, correct it. If you find anything in the zone file (DNS) that you do not know anymore what it is, find out what it is.
This is the warning message in Hardenize:
We've detected a dangling DNS configuration that may be vulnerable to takeover. This problem most commonly occurs with CNAME records that point to another name that is subsequently deleted, eating a subdomain takeover vulnerability. Similar problems are possible with other records, for example MX, SRV, and HTTPS.
Error: Dangling DNS record: _sip._tls.example.se./SRV (destination: sipdir.online.lync.com.)