1. takeovers




奪取というのがふさわしい状況を指す名詞らしいので、lame delegation を利用したなりすましとは共存する状況はない。


/guide A Guide to DNS Takeovers: The Misunderstood Cousin of Subdomain Takeovers https://blog.projectdiscovery.io/guide-to-dns-takeovers/

Currently known vulnerable DNS services

EdOverflow / can-i-take-over-xyz https://github.com/EdOverflow/can-i-take-over-xyz?ref=projectdiscovery-io-blog

5 Ways to Exploit a Domain Takeover Vulnerability



1.1. cloudflare


1.2. Google

How to take over a subdomain in Google Cloud DNS Mark van Holsteijn on Jan 27, 2022 /


detect and resolve DNS dangling / sub-domain takeover in GCP Posted on 07-18-2022 05:24 AM https://www.googlecloudcommunity.com/gc/Security/detect-and-resolve-DNS-dangling-sub-domain-takeover-in-GCP/m-p/446094


1.3. Marzano

Mining Takeovers for Fun and Profit

Artur Marzano 2023-03-02


1.3.1. Introduction

This article describes an experiment aimed at finding domains likely vulnerable to DNS takeover, a well-known technique that can be used to steal decomissioned, but active domains.

In this experiment I will show how I was able to find with little effort more than 200 domains that could be theoretically taken over across different providers and parent domains by using data from a public search tool (SecurityTrails) and an open-source repository (can-i-take-over-dns).

Please note that I did not find any new vulnerabilities nor develop any sort of attack tools or techniques during this research. I just analyzed what was already there, not being responsible in any way for whatever damages could be caused by the usage of the methods described below.

cloudflare は除外したとある。awsdnsは vulnerableではないとの扱いだ。:ー)

1.4. 2020


1.5. 2018

もし、ドメイン名が他人にハイジャックされたら? 平成の記憶から学ぶ、その手口と対策


DNSテイクオーバーを題材に~ ランチのおともにDNS

1.5.1. 対策案

Lame Delegation Cleanup. Registrars

Nameserver Segregation. Providers

Detection & Response. Providers

Developing Awareness.

Vulnerable providers can warn customers explicitly when they try to remove a zone, 
informing them that they must remove the NS record at their registrar prior to removing the delegated zone.

Finally, about the title of the article -
 I did have lots of fun doing this, but I didn't really profit anything, 
so for now I just hope this article was instructive for readers and that this will inspire researchers, 
registrars and providers to think about the problem =)

CategoryDns CategoryWatch CategoryTemplate

MoinQ: DNS/takeovers (last edited 2023-04-24 08:27:30 by ToshinoriMaeno)