
The Orphaned Internet – Taking Over 120K Domains via a DNS Vulnerability - mandatory
https://thehackerblog.com/the-orphaned-internet-taking-over-120k-domains-via-a-dns-vulnerability-in-aws-google-cloud-rackspace-and-digital-ocean/index.html
======
tyingq
This is an interesting article, but it keeps using the phrase "taking over
domains", which isn't really what's happening.

It's really "squatting on the domain ONLY in the space of a specific
provider".

And, this isn't new. For example, you can do this on most shared hosting
plans...add a domain, and they don't ask for any kind of verification.

The only thing this seems to accomplish is lock you, the legitimate domain
owner, from using a specific service until you open a support ticket and hash
it out with them. You still control the domain, so it's fairly easy to prove
control/ownership.

That's not good, of course, but it's not the same thing as "taking over a
domain". Your WHOIS records still point at your DNS servers, which still
return the correct records.

Edit: It could, I suppose, be used to take over a mostly "abandoned" domain,
where the WHOIS records still point at a provider with this issue, but the
underlying account is gone. Again, an issue, but if the domain is abandoned,
it's not the same thing as taking over arbitrary, in-use domains.

~~~
jlgaddis
Imagine _Foo, Inc._ , a hot new startup disrupting $industry. DNS for
_foo.com_ (which was paid up for several more years) is hosted on Route 53.

One day, they run out of money and close up shop. Their Amazon AWS accounts
get shut down. The domain gets wiped from Route 53.

You come along and add _foo.com_ as a hosted zone in Route 53. You point MX
RRs towards a machine you control and begin reading the mail sent to
$users@foo.com that will continue to arrive for the next several years.
Perhaps you even use your new access to all @foo.com addresses to do some
password resets on long forgotten accounts.

~~~
BillinghamJ
The combination of this being fairly unlikely to be attempted, along with Foo
Inc no longer existing, I really don't think this is a significant issue.

~~~
jlgaddis
I manage some mail servers for an ISP. There have been times when I've came
across domains that we still have control over but the companies are long
gone. Many times I'll "recycle" domains (old ones of mine, "donated" domains,
or some of these "forgotten" domains) and use them for spam traps.

Typically, I wait until a domain hasn't been used legitimately for e-mail for
at least one year (i.e. I'll set "null" MX records or point them to a non-
existent host) before I repurpose them. You might be surprised at the types of
e-mails that start flowing right back in after pointing the MX RR back to a
real host: lots of it is crap (spam), but I've received travel itineraries,
notifications from AmEx, appointment reminders from medical facilities, and
all kinds of good stuff.

------
tedunangst
This should be fairly obvious to anyone who has ever moved DNS from one
provider to another. Or even from one account to another. Anybody can stand up
a server that's "authoritative" for a domain. It doesn't matter until the
registrar points the domain's NS there. In fact, how else would you move from
your registrar's nameserver to something like route53? Nobody is going to
point their NS at an empty zone and populate it after the fact.

~~~
creeble
Indeed, "Taking Over.." is a misleading, click-baity heading. "Resuming
Abandoned..." would be a better title.

------
strictnein
> "Rackspace (~44K Domains Affected, Won’t Fix)"

Remember when Rackspace was a premium host that you happily paid more money to
because they handled things the right way?

------
homero
So what did Google do

