Dynamic DNS Leakage Tester


Wiz research team announced a new class of vulnerabilities on BlackHat & Defcon (for more information go to our blog). Check if your organization is leaking Dynamic DNS updates to DNS providers or malicious actors. To use the checker, input your top level domain or a sample FQDN of your endpoints

For any question please contact us at dynamic-dns-leak@wiz.io or join our slack group, we are happy to help.

Enter full computer name with DNS suffix (e.g. shir-pc.corp.wiz.io) or just a regular domain.
Phase 1: Dynamic DNS Server check

Our checker first checks to see if the SOA record is properly configured.

Event Reason

Phase 2: Risk for Dynamic DNS hijack check

If the SOA record is misconfigured, our checker continues the assessment by simulating the Microsoft algorithm behavior and querying the SOA server for its own name. The checker tries to estimate your risk of exposure to the vulnerability.

Event