Neglected assets
Route53 Record Pointing to Invalid Resource
Risk Level
Hazardous (3)
Platform(s)
Compliance Frameworks
- HITRUST ,
- NIST 800-53
Description
Orca has detected that certain DNS resource record sets under the hosted zone are aliased to resources which may not exist, are present in a different account, or are invalid Alias-Record values. DNS records which resolve to invalid resources may lead to subdomain takeover; a malicious party may create a new resource under their control at that address, and serve their content under your domain.-
Recommended Mitigation
Make sure alias records are pointing to valid resources. Remediate this by editing the resource record under the {AwsRoute53ResourceRecordSet.HostedZone} hosted zone, or removing the entry altogether.