MoinQ:

1. DNS/lame_delegation/危険性

1.1. もし発生させたら

ドメインまたはサブドメインが乗取られる可能性があります。

DNSを利用する上ではこれ以上の危険性はありません。 DNS/乗取/演習

ドメインが詐称されるときの影響についてはJPRSの解説などをご覧ください。DNS/なりすまし

https://securitytrails.com/blog/blast-radius-dns-takeovers Blast Radius: DNS Takeovers

1.2. 乗取の手段

登録不備につけいる乗取

-- ToshinoriMaeno 2020-05-19 02:28:05

1.3. さくらでの制限

2012年に公表された。(サブドメイン乗取脆弱性が発覚後)

1.4. value-domain

「他社登録のドメイン」に対応するゾーン作成の条件に問題がある。

DNS/サービス業者/value-domain/他社取得ドメイン管理

1.5. awsdnsでの警告

責任逃れの警告です。(やるべきことをやっていない)

https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/DeleteHostedZone.html

Important

If you delete a hosted zone, you can't undelete it. You must create a new hosted zone and update the name servers for your domain registration, which can require up to 48 hours to take effect.

'''In addition, if you delete a hosted zone, someone could hijack the domain and route traffic to their own resources using your domain name.'''

If you delegated responsibility for a subdomain to a hosted zone and you want to delete the child hosted zone, you must also update the parent hosted zone by deleting the NS record that has the same name as the child hosted zone. For example, if you want to delete the hosted zone acme.example.com, you must also delete the NS record acme.example.com in the example.com hosted zone. We recommend that you delete the NS record first, and wait for the duration of the TTL on the NS record before you delete the child hosted zone. This ensures that someone can't hijack the child hosted zone during the period that DNS resolvers still have the name servers for the child hosted zone cached.

MoinQ: DNS/登録不備/危険性 (last edited 2022-03-16 03:13:30 by ToshinoriMaeno)