Departed vendor still has records in our zone, nobody knows if any are still in use
TXT verifications, CNAMEs for SaaS tools and old DKIM keys often linger after a vendor switch. Harmless until they are not: a forgotten CNAME to an expired Heroku app or S3 bucket is direct takeover material.
Try this first
- 1List departed vendors by category (mail tool, marketing, helpdesk, analytics) and look up their verification patterns.
- 2Filter the zone for CNAMEs and TXT records that reference those vendors, plus old DKIM selectors no longer in use.
- 3Check each CNAME target: is it alive, who owns it? CNAME to e.g. heroku-app.herokudns.com where the app is gone = takeover risk.
- 4Remove or set TTL 60 with a 30-day observation window, watch for complaints.
- 5Log in your DNS changelog who removed what when, so you can trace back if something does break.
When to bring us in
If you have many vendor records and no overview, we can run a takeover scan and clean the zone without disrupting active integrations.
See also
- Domain expires tomorrow and nobody saw the emailAn expired domain doesn't transfer instantly. There's a redemption window, but you pay extra.
- Unsure whether to enable auto-renewDisabling auto-renew only makes sense for domains you'll truly drop. For anything live, just keep it on.
- New registrar asks for auth code, can't find itEPP code or transfer code is the password to move a domain from registrar A to B.
None of the above fits?
Describe your situation below. We pass your input plus the steps you already saw to our AI and return tailored next-step advice. If it's too risky to DIY, we'll say so.
Or skip the DIY entirely
Our Managed IT clients do not look these things up. One point of contact, a fixed monthly price, resolved within working hours.