1. DNS/ManagedDNS
日本語だと「DNS運用サービス」というあたりか。DNS/共用DNSサービスもだいぶ定着した。
https://en.wikipedia.org/wiki/List_of_managed_DNS_providers
Managed DNS Services Overview https://www.trustradius.com/managed-dns
1.1. 任意のゾーンを作らせる
かつてのさくらや現在のRoute53のように、サブドメインのゾーンを作らせるサービスもある。
- これらに対するNSに委譲すると、乗取られる危険性がある。
委譲を残したまま、ゾーンを抹消しているものも多い。(awsdnsに多い。)-- ToshinoriMaeno 2023-01-18 00:30:14
1.2. Can I Take Over DNS?
A list of DNS providers and whether their zones are vulnerable to DNS takeover! Maintained by
https://github.com/indianajson/can-i-take-over-dns
DNS/floating_domains で名前の上がっている危険なサービス
DigitalOcean, Route53,
GoDaddy: https://arstechnica.com/information-technology/2019/01/godaddy-weakness-let-bomb-threat-scammers-hijack-thousands-of-big-name-domains/
Cloudflare
Subdomain Takeover: Going beyond CNAME https://0xpatrik.com/subdomain-takeover-ns/ ns_automation-2.png https://github.com/indianajson/can-i-take-over-dns
マネージドサービス時代のDNSの運用管理について考える 2021年7月9日 Internet Week ショーケース オンライン 2021 株式会社日本レジストリサービス(JPRS) 森下 泰宏 Copyright © 2021 株式会社日本レジストリサービス 1 ~ DNSテイクオーバーを題材に ~ ランチのおともにDNS https://www.nic.ad.jp/sc-2021/program/sc-2021-day2-0.pdf
1.3. orphaned
DNS/lame_delegationの危うさに改めて気付いた
The Hacker Blog
December 05, 2016
1.4. Vulnerability
The Managed DNS Vulnerability
The root of this vulnerability occurs when a managed DNS provider allows someone to add a domain to their account without any verification of ownership of the domain name itself.
This is actually an incredibly common flow (flaw?) and is used in cloud services such as AWS, Google Cloud, Rackspace and of course, Digital Ocean. The issue occurs when a domain name is used with one of these cloud services and the zone is later deleted without also changing the domain’s nameservers.
サービス利用を取りやめたにもかかわらず、ドメイン名のサーバ(登録)を変更し忘れていると危ない。w (他人がそのサーバにゾーンを作成する可能性がある。怖い状況になる。)
This means that the domain is still fully set up for use in the cloud service but has no account with a zone file to control it.
In many cloud providers this means that anyone can create a DNS zone for that domain and take full control over the domain.
This allows an attacker to take full control over the domain to set up a website, issue SSL/TLS certificates, host email, etc.
Worse yet, after combining the results from the various providers affected by this problem over 120,000 domains were vulnerable (likely many more).