Catch dangling subdomains, exposed databases, expiring certificates, and broken email authentication before they make the news. Continuous attack-surface management for every record across every provider.
What gets scanned · every record, every day
Every one of these incidents started with a DNS record no one remembered to clean up. Attackers scan for them automatically. The question isn't whether you have any - it's whether you'll find them first.
An ongoing threat-actor campaign tracked by Infoblox has taken control of forgotten subdomains at Bose, Panasonic, Deloitte, and the US Centers for Disease Control - plus 34+ universities including Berkeley, Columbia, and Washington University in St. Louis - serving malware, fake antivirus warnings, and tech-support scams from domains users already trust.
TechRadar · Infoblox researchResearchers at Vullnerability.com identified 670+ abandoned Microsoft subdomains that attackers could claim, including identityhelp.microsoft.com and data.teams.microsoft.com. A separate researcher found another 280 over the following two years. Microsoft fixed only a handful.
Sophos · Naked SecurityA single forgotten DNS record (saostatic.uber.com pointing to an unregistered CloudFront distribution) put Uber's single sign-on at risk. Because cookies were shared across *.uber.com, one subdomain takeover would have unlocked session hijack on every Uber property. Caught by a researcher - and still took Uber two months to patch.
ZDNet · Arne Swinnen disclosureConnect once. Every zone is continuously scanned for exposed ports, invalid records, and dangling subdomains. Investigate, remediate, and monitor - without leaving the platform.
Create scoped API credentials at your DNS provider and paste them in. We provide step-by-step guides for each - read-only by default, controlled remediation when you're ready.
Records are port-scanned, certificate-checked, HTTP-probed, and screenshotted as they stream in. First findings start landing within a couple of minutes - no waiting for a full sync to finish.
Every record carries screenshots, ISP info, open ports, and certificate details. Add notes, assign status, and suppress accepted risks with a full audit trail.
Daily re-scans open new findings and auto-close resolved ones. Route alerts to Slack, Teams, email, or a webhook - real-time or scheduled.
Continuous detection, investigation, remediation, and workflow orchestration - for the entire domain portfolio, across every provider you operate.
Securely connect and govern your entire DNS estate across providers.
One source of truth for zones, records, certificates, IPs, screenshots and forwards.
Reconcile drift across the estate without lifting a finger.
Every hostname screenshotted automatically. Spot takeover pages, brand misuse, and unexpected applications at a glance - then jump straight to the originating record.
Headless Chromium renders the real page - same TLS, same redirects, same JavaScript. Full-size screenshots, not HTML scrapes.
We fingerprint each screenshot with a perceptual hash so identical or near-identical pages collapse into a single finding. One parked-domain template, reviewed once.
Hostnames that redirect to the same destination are grouped together. Investigate distinct surfaces, not hundreds of rows of the same WordPress landing page.
Cleaning up DNS is risky work. Delete the wrong record and you take down production. That's why every destructive action in DNS Watchdog is reversible - by design.
Every change is tracked and reversible, so your team can clean up DNS without the fear of breaking production.
Before any deletion, DNS Watchdog captures the exact record configuration - type, value, TTL, priority, and provider-specific metadata - so nothing is lost.
If a record was removed in error, restore it with a single click. The original configuration is re-created at your provider exactly as it was, typically in seconds.
Every delete, restore, and status change is logged with who did it and when. Use the change log for incident review, team handover, or tracking what changed.
Transparent per-zone pricing. No seats, no per-scan metering, no tiers hiding features behind a sales call.
£500/month minimum
Pay only for the zones you monitor. The minimum keeps us focused on customers who have enough DNS estate to make continuous monitoring worthwhile.
For teams with 5,000+ zones, custom compliance requirements, or procurement processes that need more than a credit card.
Everything buyers ask us before they book a demo. Missing something? Drop us a note.
DNS Watchdog has native integrations for AWS Route 53, Cloudflare, Google Cloud DNS, Azure DNS, CSC Domain Manager, and Neustar UltraDNS. The integration framework is extensible - get in touch if you need another provider and we'll scope it.
No. Read-only is the default. With read-only credentials, DNS Watchdog detects and reports every issue and auto-closes findings when you remediate in your provider directly. Write access only enables one-click deletion and rollback for teams that want remediation inside the platform.
Under ten minutes for most customers. Connect a provider (paste IAM or API credentials), zones auto-discover in a couple of minutes, and your first scan completes in another few. You'll usually have your first finding in Slack within 15 minutes.
DNS Watchdog snapshots every record before deletion. If a record was removed in error, you can restore it with a single click - the original configuration is re-created at your provider.
Every record in every connected zone is scanned daily by default. You can trigger an on-demand rescan at any time. Records are re-checked the moment you make a change via the platform so findings close without waiting for the next daily cycle.
DNS Watchdog runs on AWS in the UK. DNS provider credentials are encrypted at rest with AWS KMS in SSM Parameter Store, accessed only to perform the scans you've configured. Full details are in our Data Protection Policy.
DNS Watchdog finds it first. Connect your providers in minutes and get continuous scanning, instant alerts, and one-click remediation across every record.
DNS Watchdog is built by Neil Saunders, an infrastructure and operations leader who spent years managing large DNS portfolios across multiple providers and watched the same problem play out everywhere: records accumulating, ownership unclear, and security exposure growing silently in the background.
DNS Watchdog is the platform he wished he'd had. We're a UK-based team focused on turning DNS from an unmanaged blind spot into a governed, continuously monitored security domain.
DNS Watchdog Ltd.Insights on DNS security, portfolio management, and best practices for operations teams.
A complete reference to the 37 high-risk ports we check on every resolved IP, grouped by what an attacker does with them - and how each one lands in a real-world breach.
An SPF record ending in `+all` means any server on the internet can send mail claiming to be you. Here's why it's still on production domains in 2026, and how DNS Watchdog catches it.
A walkthrough of a real dangling CNAME - how to spot one manually, why they're so easy to miss in a large estate, and what attackers do with them once they find one.
How years of DNS drift create hidden security exposure - and why continuous monitoring is critical to preventing subdomain takeover and misconfiguration breaches.