Why does Subdomain Discovery matter for Laravel security?

Failing to address subdomain discovery can leave your Laravel application vulnerable to attacks. StackShield continuously monitors for this issue so you can catch it before attackers do.

How do I fix a Subdomain Discovery issue?

This is rated as an medium fix, typically taking 30 minutes. See the full documentation above for step-by-step instructions.

How to Protect Against Subdomain Discovery Attacks

What This Check Detects

DNS reconnaissance and subdomain discovery using Fierce.

Full Documentation

What is Subdomain Discovery?

Fierce performs DNS reconnaissance by brute forcing subdomains and checking for misconfigured DNS entries. It discovers subdomains that may be running vulnerable or forgotten services, which are prime targets for subdomain takeover attacks.

Security Impact

Severity: Medium

Discovery of forgotten or unmaintained services
Subdomain takeover opportunities
Exposure of internal staging or development environments
Mapping of infrastructure for targeted attacks
Discovery of shadow IT services

How to Fix

1. Audit and Clean Up Subdomains

Regularly review all DNS records and remove unused subdomains:

# List all subdomains using your DNS provider's API or dashboard
# Remove any subdomains that:
# - Point to decommissioned services
# - Are no longer in active use
# - Point to third-party services you no longer use

2. Protect Against Subdomain Takeover

Ensure all subdomains point to active, claimed resources:

# Check for dangling CNAME records
dig CNAME old-app.yourdomain.com

# If it points to a service you no longer use (e.g., Heroku, S3, GitHub Pages),
# either reclaim the resource or remove the DNS record

3. Use Wildcard DNS Carefully

; Avoid wildcard DNS records in production
; They can mask dangling subdomains
; *.yourdomain.com.  IN  A  1.2.3.4  ; Avoid this

; Instead, explicitly define each subdomain
www.yourdomain.com.   IN  A  1.2.3.4
app.yourdomain.com.   IN  A  1.2.3.4

4. Restrict Development/Staging Subdomains

# Protect staging subdomains with authentication
server {
    server_name staging.yourdomain.com;

    # IP restriction
    allow 10.0.0.0/8;
    allow YOUR_OFFICE_IP;
    deny all;

    # Or use basic auth
    auth_basic "Restricted";
    auth_basic_user_file /etc/nginx/.htpasswd;
}

5. Monitor for New Subdomains

Set up monitoring to detect unauthorized subdomain creation:

Use Certificate Transparency logs to monitor new certificates
Set up alerts for DNS record changes
Regularly scan your own domains to catch drift

Verification

After cleanup, Fierce should discover fewer subdomains. All discovered subdomains should point to active, properly secured services.

Related Issues

DNS Reconnaissance
Subdomain Takeover
DNS Security