Discovery of A Records - Githubissues

MicrosoftDocs / azure-docs

Open source documentation of Microsoft Azure

https://docs.microsoft.com/azure

Creative Commons Attribution 4.0 International

10.09k stars 21.14k forks source link

Discovery of A Records #115518

Closed cv-anthony closed 3 weeks ago

cv-anthony commented 9 months ago

This page and logic seems to help users discover Subdomain Takeover using CNAME records. However, it's still possible to take over a subdomain with A Records as well. One can provision a public IP address from Azure and create an A Record to it, then later decommission the public IP address. Can we update the script/documentation to check against A Records as well?

Document Details

⚠ Do not edit this section. It is required for learn.microsoft.com ➟ GitHub issue linking.

ID: 647e9a22-fedf-a3d6-5bb3-54b635bdfba4
Version Independent ID: a35040bc-5e45-0514-fd49-e4b97813ed98
Content: Prevent subdomain takeovers with Azure DNS alias records and Azure App Service's custom domain verification
Content Source: articles/security/fundamentals/subdomain-takeover.md
Service: security
Sub-service: security-fundamentals
GitHub Login: @TerryLanfear
Microsoft Alias: terrylan

SaibabaBalapur-MSFT commented 9 months ago

@cv-anthony Thanks for your feedback! We will investigate and update as appropriate.

ManoharLakkoju-MSFT commented 9 months ago

@cv-anthony I'm going to assign this to the document author so they can take a look at it accordingly

@TerryLanfear Can you please check and add your comments on this doc update request as applicable.

TerryLanfear commented 9 months ago

@cv-anthony, @ManoharLakkoju-MSFT - Thanks for forwarding. I'll look into this and reply back soon.

cv-anthony commented 9 months ago

I would like to add, for extra detail, that I have written a similar script that I run daily that looks at Azure A-Records. Using this graph query:

resources | where type contains 'publicIPAddresses' and isnotempty(properties.ipAddress) | project properties.ipAddress

I then check that against all A-Records in our DNS that contain azure IP addresses. I use this endpoint to determine if the IP address is an Azure IP Address: https://www.azurespeed.com/api/ipinfo?ipAddressOrUrl={ip-addr}

From there I am able to detect any dangling A-Records in Azure. This works quite well and I imagine it can be added to the Get-DanglingDnsRecords Powershell script.

TerryLanfear commented 3 weeks ago

@cv-anthony - Thanks for your dedication to our documentation. Unfortunately, at this time we have been unable to review your issue in a timely manner and we sincerely apologize for the delayed response. We are closing this issue for now, but if you feel that it's still a concern, please respond and let us know within two weeks. #please-close

UUF-Stale-Not Planned