Having misconfigured domain can lead to sensitive information leakage or expose to security risk where an attacker can take advantage of it.

When we talk about securing a web application, mostly we focus on layer 3, 4 & 7 protection and ignore doing anything on a domain level.

One should consider doing everything it takes to secure online business at every layer to protect brands, business reputation & financial loss. In my previous post, I mentioned tools to check DNS health for troubleshooting, and some of you asked about testing security, so here you go.

How do you ensure your DNS/domain is secure from online threats?

There are multiple ways.

  • Using registrar which provide the highest level of security but it comes with the price.
  • Using cloud-based security provider which provides web securing including domain.
  • You can test your domain with the following tools to find out the security state and take necessary action if any vulnerability found.

Let’s explore the available tools…

Cloudflare

Domain security check by cloudflare works with .com, .net and .org and test the following five checks.

  • Registry Lock
  • Registrar Lock
  • Role accounts
  • Expiration
  • DNSSEC

They are essential to prevent from domain hijacking and configuration is done at the domain registrar.

DNS Zone Transfer

A quick way to find out if the respective name server is vulnerable to DNS zone transfer. Here is how test result looks like.

Searching for name servers of domain geekflare.com ...
Found name server: olga.ns.cloudflare.com.
Found name server: todd.ns.cloudflare.com.

Attempting zone transfer against name server: olga.ns.cloudflare.com....
Trying "geekflare.com"
Using domain server:
Name: olga.ns.cloudflare.com.
Address: 2400:cb00:2049:1::adf5:3a89#53
Aliases: 

Host geekflare.com not found: 1(FORMERR)
; Transfer failed.

Attempting zone transfer against name server: todd.ns.cloudflare.com....
Trying "geekflare.com"
Using domain server:
Name: todd.ns.cloudflare.com.
Address: 2400:cb00:2049:1::adf5:3b92#53
Aliases: 

Host geekflare.com not found: 1(FORMERR)
; Transfer failed.

As you can see “Transfer failed” that means it’s not vulnerable. Having zone details exposed can help an attacker to gather sub-domains and other information.

You may also try Zone transfer online test by Hacker Target.

DNSSEC Analyzer

Most of the online tool test if a domain is compliant with DNSSEC or not. However, if you need to analyze in details for debugging purpose, then this analyzer by Verisign will be useful.

Recursive DNS Resolver Test

Detect if IP or domain is vulnerable to DNS amplification attacks.

Acunetix

Acunetix is all-in-one vulnerabilities testing platform which covers web and network.

Under network security scan, it covers many risk checks including the following DNS related.

  • Cache poisoning attacks
  • Open recursive
  • Zone transfer

If you are looking for comprehensive security scanning solution for your web applications, then Acunetix seems promising. Give a try; they offer 14-days FREE trial.

I hope this quick blog post gives you an idea of testing DNS for security risk.