Guide
  1. Monitor and report
  2. Set up infrastructure security analytics

Dangling CNAME detection

Dangling CNAME detection allows you to find whether a CNAME record points to a domain that does not exist. You can have administrators receive email alert notifications whenever dangling CNAME records are detected. As an administrator, you can also do the following:

  • View and download a list of detected CNAMEs
  • Snooze detection on a particular CNAME for 30 days
  • Hide a detected CNAME from the list of results

Enable dangling CNAME detection

Complete this procedure to enable dangling CNAME detection.

Before you begin:

Make sure you apply general settings. For instructions, see Apply general settings.

To enable dangling CNAME detection:

  1. In Control Center, go to > DNS SOLUTIONS > Infrastructure Security Analytics. The dashboard for Infrastructure Security Analytics appears.
  2. Go to the zone where you want to enable dangling CNAME detection. If you need to filter the list of zones, see Filter list of zones.
  3. In the Actions menu, select Zone Settings.
  4. Click the Dangling CNAMEs tab, and enable Dangling CNAME Detection.
  5. Set an expiration date for this setting. Click the date and select an expiration date from the calendar. Make sure you also set a time of day and a time zone.
    You can set a date up to one year in the future. If you also enabled NXDOMAIN spike detection or DNS hijacking detection, this expiration date also applies to those settings.
  6. Click Apply.
  7. Click Confirm.

View and download list of dangling CNAME records

You can view and download a list of dangling CNAME records that were detected for a zone.

Before you begin:

Make sure you enable dangling CNAMEs. See Enable dangling CNAME detection.

To view and download a list of dangling CNAMES:

  1. In Control Center, go to > DNS SOLUTIONS > Infrastructure Security Analytics. The dashboard for Infrastructure Security Analytics appears.
  2. If you need to filter the list of zones, see Filter list of zones. You can also sort the Dangling CNAME Detection column of the table to show zones where Dangling CNAME detection is enabled.
  3. If dangling CNAMES were detected, do one of the following:
    • In the Actions for the zone, select Dangling CNAMEs.
    • Click the View button in the Dangling CNAME Detection column of the table.
      📘

      Neither of these options are available if no CNAMEs were detected in the zone.

  4. A window appears with dangling CNAME records. Click the download icon to download a CSV that contains CNAME record names and their corresponding aliases.

View date and time of last CNAME scan

Complete this procedure to view the date and time of the last CNAME scan.

To view the timestamp of last CNAME scan:

  1. In Control Center, go to > DNS SOLUTIONS > Infrastructure Security Analytics. The dashboard for Infrastructure Security Analytics appears.
  2. Go to the zone where CNAME detection is enabled. If you need to filter the list of zones, see Filter list of zones. You can also sort the Dangling CNAME Detection column of the table to show zones where Dangling CNAME detection is enabled.
  3. Expand the zone. A date and time of the last dangling CNAME scan is shown.

Receive alert notifications for dangling CNAMEs

You can notify users in your organization to dangling CNAMEs by providing their email address. The users you register for alert notifications receive an email that contains information about the dangling CNAMEs, including when the last CNAME was detected.

To receive alert notifications for dangling CNAMES:

  1. In Control Center, go to > DNS SOLUTIONS > Infrastructure Security Analytics. The dashboard for Infrastructure Security Analytics appears.
  2. Click Settings.
  3. Go to the General Tab.
  4. In the Alerting Emails field, enter the email addresses of users you want to notify.
  5. Enable Dangling CNAME Alerting.
  6. Click Confirm.

Snooze a CNAME from detected results

Complete this procedure to temporarily snooze or hide a CNAME from the detected results. This action hides the CNAME for 30 days.

After you snooze a CNAME, you can return to the list of dangling CNAMEs to show snoozed dangling CNAMES. You can also extend the snooze action to 30 more days.

To snooze a CNAME:

  1. In Control Center, go to > DNS SOLUTIONS > Infrastructure Security Analytics. The dashboard for Infrastructure Security Analytics appears.
  2. In the Zones tab, sort the Dangling CNAME Detection column to show zones where dangling CNAMEs were detected.
  3. If CNAMES are detected, click View to see detected CNAME results. Dangling CNAMEs are listed in a separate window.
  4. Go to the CNAME you want to snooze, and from the action menu, select Snooze (30 Days).
  5. Click Close.

Hide a CNAME from detected results

Complete this procedure to hide a CNAME from the detected results.

If you want to show this CNAME in the list of results again, you need to show hidden CNAMEs and specifically select the CNAME you hid.

To hide a CNAME:

  1. In Control Center, go to > DNS SOLUTIONS > Infrastructure Security Analytics. The dashboard for Infrastructure Security Analytics appears.
  2. In the Zones tab, sort the Dangling CNAME Detection column to show zones where dangling CNAMEs were detected.
  3. If dangling CNAMES were detected, click View to see detected CNAME results. Dangling CNAMEs are listed in a separate window.
  4. Go to the CNAME you want to hide, and from the action menu, select Hide.
  5. Click Close.

Updated 15 days ago