version: 1 ATT&CK version: 8.2 creation date: 03/24/2021 name: Azure DNS Alias Records contact: ctid@mitre-engenuity.org organization: Center for Threat Informed Defense (CTID) platform: Azure tags: - DNS - Network description: >+ Azure DNS alias records are qualifications on a DNS record set. They can reference other Azure resources from within your DNS zone. For example, you can create an alias record set that references an Azure public IP address instead of an A record. Your alias record set points to an Azure public IP address service instance dynamically. As a result, the alias record set seamlessly updates itself during DNS resolution. techniques: - id: T1584 name: Compromise Infrastructure technique-scores: - category: Protect value: Minimal comments: >- This control only provides protection for one of this technique's sub-techniques while not providing any protection for the remaining and therefore its coverage score factor is Minimal, resulting in a Minimal score. sub-techniques-scores: - sub-techniques: - id: T1584.001 name: Domains scores: - category: Protect value: Partial comments: >- Alias records prevent dangling references by tightly coupling the life cycle of a DNS record with an Azure resource. For example, consider a DNS record that's qualified as an alias record to point to a public IP address or a Traffic Manager profile. If you delete those underlying resources, the DNS alias record becomes an empty record set. It no longer references the deleted resource. This control is effective for protecting DNS records that resolve to Azure resources but does not offer protection for records pointing to non-Azure resources, resulting in a Partial score. references: - 'https://docs.microsoft.com/en-us/azure/dns/dns-alias#prevent-dangling-dns-records'