StackShield

DNS Security

Medium

Checks DNS configuration and security settings.

Estimated fix time: 30 minutes

What is DNS Security?

DNS security protects your domain from hijacking, spoofing, and other attacks. Proper DNS configuration includes DNSSEC, CAA records, and monitoring.

Security Impact

Severity: High

  • Domain hijacking
  • DNS spoofing
  • Man-in-the-middle attacks
  • Email interception
  • Phishing attacks

How to Fix

1. Enable DNSSEC

# Check DNSSEC status
dig +dnssec yourdomain.com

# Enable via DNS provider (varies by provider)
# Cloudflare, Route53, etc. have one-click DNSSEC

2. Implement CAA Records

yourdomain.com. CAA 0 issue "letsencrypt.org"
yourdomain.com. CAA 0 issue "digicert.com"
yourdomain.com. CAA 0 issuewild ";"
yourdomain.com. CAA 0 iodef "mailto:security@yourdomain.com"

3. Set Proper TTL Values

# Balance between caching and flexibility
A record: TTL 300-3600 (5 min - 1 hour)
MX record: TTL 3600 (1 hour)

4. Monitor DNS Changes

Use DNS monitoring services:

  • DNSViz
  • DNSMon
  • Cloudflare monitoring

Verification Steps

  1. Check DNSSEC: dig +dnssec yourdomain.com
  2. Verify CAA records: dig yourdomain.com CAA
  3. Test DNS propagation
  4. Monitor for unauthorized changes

Best Practices

  • Enable two-factor authentication on DNS provider
  • Use DNS provider with DDoS protection
  • Regular DNS audits
  • Document all DNS records
  • Implement least-privilege access
  • Subdomain Takeover
  • Email Security
  • SSL/TLS Security

Automatically detect this issue

StackShield can automatically scan your Laravel application for this security issue and alert you when it's detected.

Start Free Trial
Was this guide helpful?

Related Security Issues

Subdomain Takeover

Detects unclaimed subdomains pointing to external services.

Medium

Email Security

Checks email configuration for security best practices.

Medium

Learn More

Related Security Terms

DNS Security