Skip to main content
Security Performance Management
Continuous Monitoring
Vendor Risk Management
Trust Management Hub
Cyber Insurance
National Cybersecurity

Stale DNS Records

Ingrid

We report on company-specific assets that are under direct and indirect control of an organization. The liability of a legal entity, within a company’s internal network, can extend beyond cyber assets. Assets are attributed to a company through active or recently active DNS records. Indirect assets are publicly visible and searchable assets that belong to a company.

Removing Stale DNS Records

The location of DNS records is identified by looking up DNS servers that are being used by the domain. The underlying DNS record, which could result in a record of a DNS incident, must be removed to remove a stale record.

Log in to your service provider's (such as an ISP) DNS Records Management panel to remove or edit the DNS record in question. If the management panel is no longer available, you may need to work with your service provider to have the records removed.

Example Scenario:

Today is June 2020. A company “B Inc.” had an office in city Zed between 2015 and 2017. They used to subscribe to the Internet and phone service via “D LLC” as their service provider. During the subscription period, the office was assigned a /24 of IP addresses (1.0.0.0/24). The company used to run a Virtual Private Network (VPN) service in the office. It allows remote employees to connect and access the internal infrastructure. The VPN gateway had a DNS address of “vpn1.example.com.”

After the office in Zed city was shut down in late 2017, the internet service was disabled, but the “vpn1.example.com” DNS record has a hostname that’s associated with an IP address and the record was not removed.

About the End Date

After the removal of the record, the DNS A record change is captured through an automated process. To expedite this or request a manual update, please contact Bitsight Support to inform us of the changes.

The effectiveness of the change is based on the end date (Bitsight End Date), as outlined below.

  • The later option is assigned as the end date:
    • The last observation date or
    • The date when the DNS A record was last updated.
  • If the date when the DNS A record was updated or removed is unspecified, the notification date is assigned as the “end date,” provided it is after the last observation date and the relevant DNS A record has been removed at the time of the notification.

Setting a Predated End Date

To set a predated end date for the change in DNS A record and DNS incident, reach out to Bitsight Support. Provide a date (or time period) when you stopped using that IP and as much evidence and context as possible so we can verify that your company is no longer using the IP in question.

  • January 29, 2024: Predated end date no longer requires evidence and context.
  • November 23, 2020: Updated requirements to clarify its flexibility.
Was this article helpful?
2 out of 5 found this helpful
Return to top

Related articles

Feedback

0 comments

Please sign in to leave a comment.