1. DNS/floating_domains/route53

Floating Domains – Taking Over 20K DigitalOcean Domains via a Lax Domain Import System

August 25, 2016

1.1. The Route53 Set Up Process

Amazon Web Services, or AWS, also offers cloud DNS hosting in the form of its product line known as Route53. As a test, we’ll try the set up process for the domain thehackerblog.com.

You can see AWS’s official documentation here if you’d like to try this yourself.

The first step is to click the Create Hosted Zone button in the top left corner of the Route53 control panel. 

We’ll now fill in the domain we wish to use along with a short comment and whether or not we wish for this DNS zone to be public. 

Finally we hit create and are brought to the DNS management panel for our newly created zone.

The NS record type has been pre-populated with a few randomly generated nameservers.
 For example, the nameserver list I received after trying this is as follows:
    ns-624.awsdns-14.net.
    ns-39.awsdns-04.com.
    ns-1651.awsdns-14.co.uk.
    ns-1067.awsdns-05.org.

The above is very important – if I created a zone for thehackerblog.com and 
you did the same we’d both get different nameservers. 

ここまではこの通り。以下は誤解するひともいそう。(あるいは部分的にしか理解しないか)

1.2. lame delegation

This ensures that nobody could takeover my domain if I deleted the zone file from my AWS account because the nameservers are specific to my account. 

So, if I deleted my domain and you wanted to take it over, 
you’d have to keep trying until you get the same nameserver set as above in order to do so.

Otherwise my domain would be pointed to other nameservers than the ones you control.

これでは十分に保護されていないことはすぐ分かる。本当に乗取れるかは示されていないが。-- ToshinoriMaeno 2020-09-24 00:25:28

MoinQ: DNS/脅威/共用ゾーンサービス/floating_domains/route53 (last edited 2022-10-22 23:53:34 by ToshinoriMaeno)