Identify Stale DNS
Old DNS records do not often get cleaned up, particularly records pointing to test instances, short-lived initiatives, or discontinued use of third-party applications.
Use the Censys ASM platform to identify these records and make a plan to get them removed.
Investigate Hosts with No Services
Assemble a list of hosts with no services that were found via DNS.
-
Filter the Hosts by Name page for hosts with port "is not Any Port."
Figure 1. Hosts by Name page with ports filter invoked -
Expand the subdomains list.
Figure 2. Hosts by Name page expanded -
Evaluate each name to determine whether the DNS record connecting the name to the IP should be removed and tag or comment to keep track of pending removals.
|
Tip
|
If the list is very long or the domains belong to disparate business units or IT groups, download a CSV to group related domains and organize efforts. |
Investigate Hosts in Outlier Data Centers
Assemble a list of hosts in outlier data centers.
-
Use the Dashboard to find clouds with a small hosts and filter the Hosts by IP page by these cloud providers.
Figure 3. Use dashboard to filter to outlier clouds -
Use the Reports page to find non-cloud data centers with only one or a few hosts. Filter the Hosts by IP page by these providers.
Figure 4. Use report to find to outlier data centers -
Look at the names of these hosts in the Hosts by IP list page and evaluate whether they should still be in use.
Remove Old DNS Records
Use the registrar and name server information in the ASM platform to find the location of stale records you want to remove.
-
Visit the Domains page and use the column selector to display name servers.
Figure 5. Use domains page find where DNS records are kept -
Visit the DNS provider for the zone where your state records are hosted. Remove old records.
More Reading
Learn more about domains in the Censys ASM platform.
Comments
0 comments
Please sign in to leave a comment.