Skip to content

Runbook: DNS Hijack

Security SpecialistOperations & StrategyDevops

Stub runbook. Customize with your DNS provider details and procedures.

Quick Reference

FieldValue
Typical SeverityP1
Primary ResponderInfrastructure SME
Last Updated[Date]
Owner[Name]

Identification

Symptoms

  • Domain pointing to wrong IP
  • Users redirected to malicious site
  • SSL certificate errors (attacker using different cert)

Confirm DNS Hijack

dig yourdomain.com
# Compare output to expected IP

Immediate Actions

  1. Regain access to DNS provider account
  2. Enable 2FA if not already enabled
  3. Point DNS to known good infrastructure or maintenance page
  4. Enable DNS lock / registrar lock

Mitigation

[Document your specific DNS provider procedures here]

Prevention

  • Enable registrar lock
  • Use DNSSEC
  • Enable 2FA on DNS provider
  • Limit DNS admin access
  • Monitor DNS records for changes

Related

Help us improve!

Spotted an error or have ideas to enhance this content?

Your contributions are valuable to us. Learn more

✏️ Contribute today!