Glossary

Dangling CNAME

Q: What does Dangling CNAME mean in cybersecurity?

Dangling CNAME is a security term used to describe part of an organisation's external risk, exposure, or vulnerability management process.

Q: Why does Dangling CNAME matter for external attack surface monitoring?

It matters because attackers evaluate internet-facing assets continuously, and unmanaged exposure can become an exploitable path into customer data, infrastructure, or business operations.

Q: How does VeilScan help with Dangling CNAME?

VeilScan discovers public assets, checks them for verified issues, prioritises findings by business impact, and produces reports that explain remediation clearly.

A DNS record pointing to a hostname that no longer exists

Quick Answer: A dangling CNAME is a DNS CNAME (Canonical Name) record that points to a target hostname that no longer exists, is no longer registered, or points to an unclaimed namespace on a third-party service. The CNAME "dangles" because the target it points to is gone — creating a potential subdomain takeover vulnerability if the target namespace can be claimed.

What causes a dangling CNAME to appear?

Dangling CNAMEs typically appear when:

A third-party service deployment is removed (Heroku app deleted, GitHub Pages repository removed, Vercel project deleted) but the DNS CNAME record is not cleaned up alongside it
A subdomain was set up for a service that was later cancelled, but DNS records were not audited during offboarding
An internal hostname is removed from DNS but external CNAME records that pointed to it are not updated

How do dangling CNAMEs differ from normal CNAME records?

A normal CNAME record: blog.yourcompany.com CNAME yourcompany.github.io — works because yourcompany.github.io is an active GitHub Pages site controlled by you.

A dangling CNAME: blog.yourcompany.com CNAME yourcompany.github.io — is dangling if yourcompany.github.io has been deleted from GitHub. The CNAME record exists; the target does not.

If the GitHub Pages namespace yourcompany.github.io is claimable by an attacker (by creating a new GitHub account or repository with that name), the CNAME now points to an attacker-controlled site — making it a subdomain takeover vulnerability.

How is a dangling CNAME fixed?

Remove the dangling CNAME record from your DNS. If the service is still needed, restore the underlying service first before removing the CNAME record. Audit all CNAME records in your DNS zone against the external services they point to — particularly for services like Heroku, GitHub Pages, Netlify, Vercel, and S3 where namespace is claimable.

What are common questions about Dangling CNAME?

What does Dangling CNAME mean in cybersecurity?

Dangling CNAME describes a security concept that affects how teams understand, monitor, and reduce external exposure across internet-facing assets.

Why does Dangling CNAME matter for external attack surface monitoring?

It matters because attackers continuously inspect public assets. Tracking this concept helps teams reduce exploitable exposure before it becomes a breach path.

How does VeilScan help with Dangling CNAME?

VeilScan discovers public assets, validates findings with proof, prioritises issues by business impact, and explains remediation in reports built for engineering and leadership.

What related terms should you read next?

Find dangling CNAMEs in your DNS. VeilScan checks all discovered subdomains for dangling CNAME vulnerabilities. Start your free scan → · Back to glossary