How to Secure DNS Configuration
Checks DNS configuration and security settings.
infrastructure security
Medium fix
30 minutes
What This Check Detects
Checks DNS configuration and security settings.
Full Documentation
What is DNS Security?
DNS security protects your domain from hijacking, spoofing, and other attacks. Proper DNS configuration includes DNSSEC, CAA records, and monitoring.
Security Impact
Severity: High
- Domain hijacking
- DNS spoofing
- Man-in-the-middle attacks
- Email interception
- Phishing attacks
How to Fix
1. Enable DNSSEC
# Check DNSSEC status
dig +dnssec yourdomain.com
# Enable via DNS provider (varies by provider)
# Cloudflare, Route53, etc. have one-click DNSSEC
2. Implement CAA Records
yourdomain.com. CAA 0 issue "letsencrypt.org"
yourdomain.com. CAA 0 issue "digicert.com"
yourdomain.com. CAA 0 issuewild ";"
yourdomain.com. CAA 0 iodef "mailto:security@yourdomain.com"
3. Set Proper TTL Values
# Balance between caching and flexibility
A record: TTL 300-3600 (5 min - 1 hour)
MX record: TTL 3600 (1 hour)
4. Monitor DNS Changes
Use DNS monitoring services:
- DNSViz
- DNSMon
- Cloudflare monitoring
Verification Steps
- Check DNSSEC:
dig +dnssec yourdomain.com - Verify CAA records:
dig yourdomain.com CAA - Test DNS propagation
- Monitor for unauthorized changes
Best Practices
- Enable two-factor authentication on DNS provider
- Use DNS provider with DDoS protection
- Regular DNS audits
- Document all DNS records
- Implement least-privilege access
Related Issues
- Subdomain Takeover
- Email Security
- SSL/TLS Security
How to Fix This Issue
DNS misconfigurations like open zone transfers and missing DNSSEC expose your domain to hijacking and spoofing attacks. Fix them now.
Read the full fix guideRelated Security Checks
Check Your Laravel App for This Vulnerability
StackShield runs this check and 30+ others automatically. No code installation required.
Start Free Trial