1. DNS/hijacking/danglingDNSrecords

../danglingCNAMEs /BestPractices /awsdns

Dangling DNS Records are a Real Vulnerability Nabeel Yoosuf

Jan 2, 2017 ยท 7 min read https://medium.com/@nabeelxy/dangling-dns-records-are-a-real-vulnerability-361f2a29d37f

Dangling DNS is no laughing matter

Brett Carr headshot


Remove AWS Route 53 Dangling DNS Records https://www.cloudconformity.com/knowledge-base/aws/Route53/dangling-dns-records.html

Tool to tackle problematic dangling domains in Amazon Web Services. https://github.com/tacticaljmp/danglingaws

Fishing the AWS IP Pool for Dangling https://know.bishopfox.com/blog/2015/10/fishing-the-aws-ip-pool-for-dangling-domains

All Your DNS Records Point to UsUnderstanding the Security Threats of Dangling DNS Record

https://www.eecis.udel.edu/~hnw/paper/ccs16a.pdf (2016)


In a dangling DNS record (Dare), the resources pointed to by theDNS record are invalid, but the record itself has not yet been purged from DNS.

In this paper, we shed light on a largely overlookedthreat in DNS posed by dangling DNS records. Our work reveals that Dare can be easily manipulated by adversaries for domain hijacking.

In particular, we identify three attack vectors that an adversary can harness to exploit Dares.

In a large-scale measurementstudy, we uncover 467 exploitable Dares in 277 Alexa top 10,000domains and 52edu zones, showing that Dare is a real, preva-lent threat.

By exploiting these Dares, an adversary can take fullcontrol of the (sub)domains and can even have them signed with aCertificate Authority (CA).

It is evident that the underlying causeof exploitable Dares is the lack of authenticity checking for theresources to which that DNS record points.

We then propose three defense

Getting the Alexa top 1 million sites directly from the server, unzipping it, parsing the csv and getting each line as an array.


Moin2Qmail: DNS/danglingDNSrecords (last edited 2020-11-10 00:30:19 by ToshinoriMaeno)