1. DNS/lame delegation
1.1. lame delegation は乗取の危険があります
DNS/lame_delegationを見てください。 Bard は 「ラメ委任」と呼んでいる。
xserver も危ない。 https://x.com/beyondDNS/status/1622838426461687808?s=20
Risky BIZness: risks derived from registrar name management https://dl.acm.org/doi/10.1145/3487552.3487816
ABSTRACT In this paper, we explore a domain hijacking risk that is an accidental byproduct of undocumented operational practices between domain registrars and registries. We show how over the last nine years over 512K domains have been implicitly exposed to the risk of hijacking, affecting names in most popular TLDs (including .com and .net) as well as legacy TLDs with tight registration control (such as .edu and .gov). Moreover, we show that this weakness has been actively exploited by multiple parties who, over the years, have assumed control over 163K domains without having any ownership interest in those names. In addition to characterizing the nature and size of this problem, we also report on the efficacy of the remediation in response to our outreach with registrars.
Gautam Akiwate, Mattijs Jonker, Raffaele Sommese, Ian Foster, Geoffrey M. Voelker, Stefan Savage, and KC Claffy. 2020. Unresolved Issues: Prevalence, Persistence, and Perils of Lame Delegations. In Proceedings of the ACM Internet Measurement Conference (IMC). Virtual Event.Google ScholarDigital Library Eihal Alowaisheq, Siyuan Tang, Zhihao Wang, Fatemah Alharbi, Xiaojing Liao, and XiaoFeng Wang. 2020. Zombie Awakening: Stealthy Hijacking of Active Domains through DNS Hosting Referral. In Proceedings of the ACM SIGSAC Conference on Computer and Communications Security (CCS). Virtual Event.Google Scholar
Zhang M, Li X, Liu B, Lu J, Zhang Y, Chen J, Duan H, Hao S and Zheng X. (2023). Detecting and Measuring Security Risks of Hosting-Based Dangling Domains. Proceedings of the ACM on Measurement and Analysis of Computing Systems. 7:1. (1-28). Online publication date: 27-Feb-2023.
Akiwate G, Sommese R, Jonker M, Durumeric Z, Claffy K, Voelker G and Savage S. Retroactive identification of targeted DNS infrastructure hijacking. Proceedings of the 22nd ACM Internet Measurement Conference. (14-32).
1.2. サブドメインゾーンのNSを上位登録するのも危険です
状況: 親ドメイン名の問い合わせに対しては委譲登録されているNSはREFUSEDを返す。
- しかしwwwつきの名前を問い合わせると返事をする。wwwゾーンが存在する。
登録の間違いの可能性はあるが、乗取を疑う。-- ToshinoriMaeno 2020-06-07 23:42:15
- com下のドメインでawsdnsを登録しているもののうち300件ほどが該当する。
-- ToshinoriMaeno 2020-06-07 23:42:15