Security Performance Management
Continuous Monitoring
Cyber Insurance
National Cybersecurity

Articles in this section

Stale DNS Records

Avatar
Ingrid
Follow
  • November 23, 2020: Updated requirements to clarify its flexibility.

We report on company-specific assets that are under direct and indirect control of an organization. The liability of a legal entity, within a company’s internal network, can extend beyond cyber assets. Assets are attributed to a company through active or recently active DNS records. Indirect assets are publicly visible and searchable assets that belong to a company.

How to remove stale DNS records:

The location of DNS records is identified by looking up DNS servers that are being used by the domain. The underlying DNS record, which could result in a record of a DNS incident, must be removed to remove a stale record.

Log in to your service provider's (such as an ISP) DNS Records Management panel to remove or edit the DNS record in question. If the management panel is no longer available, you may need to work with your service provider to have the records removed.

Example Scenario:

Today is June 2020. A company “B Inc.” had an office in city Zed between 2015 and 2017. They used to subscribe to the Internet and phone service via “D LLC” as their service provider. During the subscription period, the office was assigned a /24 of IP addresses (1.0.0.0/24). The company used to run a Virtual Private Network (VPN) service in the office. It allows remote employees to connect and access the internal infrastructure. The VPN gateway had a DNS address of “vpn1.example.com.”

After the office in Zed city was shut down in late 2017, the internet service was disabled, but the “vpn1.example.com” DNS record has a hostname that’s associated with an IP address and the record was not removed.

After the removal of the record, the DNS A record change is captured through an automated process. To expedite this or request a manual update, please contact Bitsight Support to inform us of the changes.

The effectiveness of the change is based on the “end date” (Bitsight End Date), as outlined below.

  • The later option is assigned as the “end date”:
    • The last observation date or
    • The date when the DNS A record was last updated.
  • If the date when the DNS A record was updated or removed is unspecified, the notification date is assigned as the “end date,” provided it is after the last observation date and the relevant DNS A record has been removed at the time of the notification.

If you wish to set the end date to a predated value for the DNS A record change, please reach out to Bitsight Support. A date (or time period), around which you stopped using that IP, is required. Provide as much evidence and context as possible to help us verify that your company is no longer using the IP in question.

Evidence and context can include, but is not limited to, the following sources:

  • If an ISP was involved, any communication (email or letter) that states:
    • Correction date
    • Effective date
    • Associated IP address
  • A contract letter that states the start date and end date of the service contract.
  • Audit logs.

Related articles