Updates: October 7th, 2022

Highlights include a new CNAME column that provides visibility into dangling DNS records helping you to prevent subdomain takeover

Francesca Runger-Field avatar
Written by Francesca Runger-Field
Updated over a week ago

New features

New subdomains counter column on Domains page

When you add your active domain assets to the Domains page, OnDOMAIN will search for lookalike domains as well as subdomains of any of your domain assets.

In order to make it clear when OnDOMAIN has detected any subdomains, a new column has been added to the Domains page table, with a numeric indicator of the number of currently detected subdomains for each of your added domain assets.

With this information, you can delve into a given domain details page and scroll to the bottom in order to see a table with all the detected subdomains. Each subdomain row can be expanded to get better insights into different information, such as CNAME, SPF, and MX records, as well as IP reputation.

New dangling CNAME column on Domains page to help prevent subdomain takeover

A dangling DNS record is when a CNAME record points to a domain that no longer exists. These records can be exploited and lead to subdomain takeovers.

To help avoid these types of attacks, OnDOMAIN detects dangling records and displays this information in the Domains table, as shown in the screenshot below:

  • A red circle indicates that at least one subdomain with a potentially dangling CNAME record exists.

  • A green circle indicates no dangling CNAME records were found.

  • A grey circle indicates that no information could be retrieved on a dangling CNAME as no subdomains were detected yet, or because no CNAME records were found for any of the detected subdomains.

Improvements

Bulk actions button on Domains page

From now on, you are able to carry out actions on multiple domains you select from the Domains page, including deleting multiple domains at once, but also activating or deactivating them for monitoring in bulk.

Visual indicator of selected predefined filter

For the sake of visual consistency, OnDOMAIN will now show the button of the currently selected predefined filter with a new label, and the button will be disabled.

The combination of these two small changes will let you know upfront which predefined filter is currently selected.

Better lookalike detection engine

OnDOMAIN uses a lookalike detection engine and a set of algorithms to find matches against any of your domain assets.

We made a couple of improvements that mean OnDOMAIN will find a higher amount of matching lookalike domains while keeping the number of false positives to a minimum.

Fixes

Consistent lookalike data sources

New potential lookalike domains are received by OnDOMAIN from multiple data sources, which then get analyzed and processed for matching against any of your domain assets.

There was an issue with one of these data sources, which is based on the DNS activity across the internet and can be thought of as a semi-real-time lookalike detection flow.

It has been fixed now, so the stream of newly detected lookalikes for this particular flow should be more constant now.

Corrected CSV export of Category column in Activity

When exporting a table to a CSV using the export button, we identified a problem in the Activity table, specifically in the Category column.

The column value was being exported incorrectly with a yes/no value, instead of the correct set of tags that were being displayed on the table (Asset, Parked, etc…). The issue has been resolved.

Did this answer your question?