Contents
https://github.com/indianajson/can-i-take-over-dns/issues/6#
Nameserver Managed DNS ns1.dnsmadeeasy.com ns2.dnsmadeeasy.com ns3.dnsmadeeasy.com ns4.dnsmadeeasy.com
1. history
Explanation Head over to the registration page on DNSMadeEasy. Since accounts are only active for 30 days I recommend you use an alteration to your primary email (e.g. hacker+dns@wearehackerone.com). Now, the number in the nameservers in your vulnerable domain will determine which service you use. If the number is ns1-ns4 use Managed DNS to create the zone. After you enter your domain and submit the form it will assign you several nameservers. At least one of your assigned nameservers must match with your vulnerable domain. Theoretically, they all will match, but sometimes they don't. If the number is ns5-ns7 things get a bit more complicated. First, use Secondary DNS to create the zone. You will need to add a Secondary IP Set before you can configure the zone. Add 192.135.223.10 as the IP address. For the takeover to work, you need to set up a primary DNS first, which will push records to the secondary DNS provided by DNSMadeEasy. I recommend you use NS1 as the primary in this instance, its free and easily configurable. This article will explain the steps to configure your NS1 zone. It will take a minute for everything to get in sync, but afterward you should receive a NOERROR response from the vulnerable server. Now configure the DNS records for the takeover on NS1. If the number is ns10-ns15 you're probably not going to get this takeover. According to comments by DNSMadeEasy staff these nameservers are only delegated to a zone if the primary nameservers (ns1-ns4) are bogged down at that particular moment. There is no known reliable way to get the ns10-ns15 nameservers. Additionally, it has been discovered that these zones are used for whitelabel DNS services provided by DNSMadeEasy.