Some embodiments provide a technique for detecting highly-vulnerable domain names and remediating associated problems. The technique can include collecting DNS data representing a requests to the DNS over a period of time and determining a subset of the DNS data representing DNS-based service discovery requests to unregistered domains over the period of time. The technique can also include, for each of the unregistered domains, determining a query ratio and a persistence ratio. The technique can also include ranking the unregistered domains according to a metric that includes the query ratios and the persistence ratios, such that a ranked list of domain names is produced and outputting an initial segment of the ranked list of domain names as the highly-vulnerable domain names. The technique can also include remediating attacks on at least one of the highly-vulnerable domain names.