Is there a way to check A records?

[oldesec]

Hi.

Is there a way to check A records?

or Only CNAME check?

Thanks.

[jakejarvis]

Hi there!

For subdomain takeovers specifically, it really only makes sense to check for stale CNAME records. I think I understand what you're saying about subdomains pointing to IP addresses they no longer control/own, but taking those over is usually improbable due to providers assigning IPs somewhat randomly.

Is that what you're asking?

[oldesec]

@jakejarvis Thank you for your kind reply.

Sometimes, can take over subdomains if use A records.
I want to detect it.

Here's a case.
Ref : https://blog.initd.sh/others-attacks/mis-configuration/subdomain-takeover-explained/ (Only Tilda page)

[jakejarvis]

Ah, thanks for the link. I see what you're saying about services providing the same IPs for users that can't use CNAMEs. I think Tumblr, GitHub Pages, and Bitly do the same. This should be doable, I'll definitely take a look!

[oldesec]

@jakejarvis Good.
exactly. hmm.. Many tools do not support this feature.
I do not know why.