Description

Orca has detected that certain DNS resource record sets under the hosted zone are aliased to resources which may not exist, are present in a different account, or are invalid Alias-Record values. DNS records which resolve to invalid resources may lead to subdomain takeover; a malicious party may create a new resource under their control at that address, and serve their content under your domain.

• 

  Recommended Mitigation

  Make sure alias records are pointing to valid resources. Remediate this by editing the resource record under the {AwsRoute53ResourceRecordSet.HostedZone} hosted zone, or removing the entry altogether.