Skip to content
Get started
DNS Governance - Cyber Risk in Plain Sight
Cyber security Managed Service Provider Business Practices

DNS Governance - The Cyber Risk Hiding in Plain Sight

Dale Jenkins
Dale Jenkins |

Recent research into the “Sitting Ducks” DNS attack technique has revealed that more than 35,000 domains have been hijacked since 2018, with up to 800,000 domains potentially vulnerable worldwide. Attackers have successfully abused weaknesses at DNS providers and registrars to take over domains from well-known brands, non‑profits and government entities.

Crucially, they often do this without accessing the legitimate owner’s account.

In a Sitting Duck attack, cyber criminals claim a domain at an authoritative DNS provider where configuration is either incomplete or misconfigured, and the provider fails to validate true ownership.

Once the cyber criminal controls the DNS for that domain, they can point it anywhere – often to phishing sites, malware, or covert infrastructure that appears to be trusted traffic.

CYBER SECURITY SERVICES

The Pattern Behind the Breaches

Investigations into this type of domain hijacking reveal a similar pattern:

  • Forgotten or legacy domains that no one actively owns internally
  • DNS delegations left pointing at services that are no longer in use
  • Weak or absent registrar-level security and access controls
  • No monitoring or alerting for critical DNS or NS record changes

These are not exotic zero-day technical failures. They are basic IT governance gaps.

For SMEs and mid‑market organisations, these attacks are particularly risky. With limited internal teams and a history of changing suppliers, it is easy to lose track of who controls what and in some situations, what domains have been registered and for what purpose.

A Practical DNS Governance Framework

Microsolve applies a straightforward framework to bring DNS and domain management under control:

  1. Discover and document
    • Build a complete inventory of all domains, registrars, and DNS providers in use.
    • Identify purpose, business owner and risk level for each domain (e.g. primary brand, email, payments, marketing campaign).
  2. Secure access and ownership
    • Enforce MFA, domain locks and role‑based access at registrar and DNS providers for high‑value domains.
    • Replace shared logins with delegated access where third parties (marketing agencies, web developers) need to make changes.
    • Ensure off‑boarding processes include removal of access to DNS and registrar accounts.
  3. Eliminate lame delegations and orphaned DNS
    • Audit NS records and DNS delegations to detect domains pointing at providers where the zone is not configured or is no longer maintained.
    • Correct those delegations or move the domain to a managed, secure DNS platform.
  4. Harden the DNS platform
    • Use resilient, cloud-based DNS with Anycast and redundancy for performance and availability.
    • Separate public authoritative DNS from internal or recursive services, and restrict access to primary name servers.
    • Apply structured change control and logging for all DNS and zone changes.

Book a short call to find your IT pressure points

How Microsolve Implements This for Clients

Microsolve’s DNS hosting and management service is designed to address these exact risks:

  • High-maturity, cloud-based DNS platform (AWS Route53): Anycast architecture to improve resilience and reduce latency for users across regions.
  • Security by default: DNSSEC enabled by default, registrar transfer locks, auto-renewal, and pre‑deployment inspection of DNS changes.
  • Integrated governance: DNS forms part of a broader managed network solution including inventory, configuration, documentation and formal change management.

By choosing carefully where DNS is hosted and which domains are on which platforms, the blast radius of any incident is significantly reduced.

Actions for Business Leaders

If you are a CEO, Managing Director, or board member, you do not need to become a DNS expert. You do, however, need to insist on clarity and accountability.

Here are three questions to put to your IT manager or managed services provider:

  1. Can you show me a current inventory of every domain we own, who the registrar is, where DNS is hosted, and who has access?
  2. Which of our domains have been reviewed for Sitting Ducks–style risks such as lame delegations or abandoned DNS configurations?
  3. What processes ensure that DNS and domain ownership remain correct and secure when staff, agencies or providers change?

If you would like help answering those questions, learn more about Microsolve’s DNS hosting and management services.

Book a Quick Review

Share this post

Keep reading