Advanced DNS Security Powered by Precision AI®
Manage Misconfiguration Domains
Table of Contents
Manage Misconfiguration Domains
| Where Can I Use This? | What Do I Need? |
|---|---|
|
|
Misconfigured domains are inadvertently created by domain owners who point alias
records to third party domains using CNAME, MX, NS record types, using entries that
are no longer valid, allowing an attacker to take over the domain by registering the
expired or unused domains.
Specify any public-facing parent domains within your organization that you want Advanced DNS Security Resolver to analyze and monitor for the presence of misconfigured
domains. Keep in mind, you must have a dnsmisconfig-zone
policy configured in your DNS Security profile before setting has any effect.
- Select and then go to the DNS Misconfiguration Domains tab.
![]()
Add Domain to the DNS zone misconfiguration monitoring list.![]()
Add a public-facing parent domain with an optional description to assist you in identifying domain usage or ownership within your organization and Save when finished. Repeat for additional domain entries.- Entries must have a "." contained in the domain using the following format (e.g. paloaltonetworks.com), otherwise it gets parsed as a hostname, which is considered a private domain.
- TLDs (top-level domains) and root level domains cannot be added to the DNS Zone Misconfigurations Monitoring list.
![]()
You can also delete the DNS Zone Misconfiguration Domains List entries as necessary. If you select multiple entries, use the Delete option to remove them as a group. Alternatively, you can simply click the trash icon to remove singular entries.![]()
