diff --git a/dns/dead-host-with-cname.yaml b/dns/dead-host-with-cname.yaml
deleted file mode 100644
index d5e8fa1392..0000000000
--- a/dns/dead-host-with-cname.yaml
+++ /dev/null
@@ -1,29 +0,0 @@
-id: dead-host-with-cname
-
-info:
-  name: Detect Dangling cnames
-  author: pdteam,nytr0gen
-  severity: info
-  tags: dns
-
-dns:
-  - name: "{{FQDN}}"
-    type: A
-    class: inet
-    recursion: true
-    retries: 5
-    matchers-condition: and
-    matchers:
-      - type: word
-        words:
-          - "NXDOMAIN"
-
-      - type: word
-        words:
-          - "IN\tCNAME"
-
-    extractors:
-      - type: regex
-        group: 1
-        regex:
-          - "IN\tCNAME\t(.+)"
diff --git a/dns/detect-dangling-cname.yaml b/dns/detect-dangling-cname.yaml
new file mode 100644
index 0000000000..b9989c7ad7
--- /dev/null
+++ b/dns/detect-dangling-cname.yaml
@@ -0,0 +1,34 @@
+id: detect-dangling-cname
+
+info:
+  name: Detect Dangling cname
+  author: pdteam,nytr0gen
+  severity: info
+  tags: dns,takeover
+  reference: |
+        - https://securitytrails.com/blog/subdomain-takeover-tips
+        - https://nominetcyber.com/dangling-dns-is-no-laughing-matter/
+        - https://nabeelxy.medium.com/dangling-dns-records-are-a-real-vulnerability-361f2a29d37f
+        - https://docs.microsoft.com/en-us/azure/security/fundamentals/subdomain-takeover
+
+dns:
+  - name: "{{FQDN}}"
+    type: A
+    class: inet
+    recursion: true
+    retries: 5
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "NXDOMAIN"
+
+      - type: word
+        words:
+          - "IN\tCNAME"
+
+    extractors:
+      - type: regex
+        group: 1
+        regex:
+          - "IN\tCNAME\t(.+)"