= DNS/orphaned_internet = <> [[DNS/lame_delegation]] https://thehackerblog.com/the-orphaned-internet-taking-over-120k-domains-via-a-dns-vulnerability-in-aws-google-cloud-rackspace-and-digital-ocean/ December 05, 2016 The Orphaned Internet – Taking Over 120K Domains via a DNS Vulnerability in AWS, Google Cloud, Rackspace and Digital Ocean {{{ It turns out this vulnerability affects just about every popular managed DNS provider on the web. If you run a managed DNS service, it likely affects you too. }}} == The Managed DNS Vulnerability == === The root of this vulnerability === ドメイン名の権利確認をすることなしにゾーンを作成することを認めている。(2012年に指摘したのだが。) The root of this vulnerability occurs when a managed DNS provider allows someone to add a domain to their account ___'''without any verification of ownership of the domain name itself.'''___ This is actually an incredibly common flow and is used in cloud services such as AWS, Google Cloud, Rackspace and of course, Digital Ocean. "AWS responded quickly and fixed the problem." とあるが、今も乗取可能である。-- ToshinoriMaeno <> == 日本 == 日本では2012年に話題になった。  lame delegationが乗取りにつながることはDNS専門家には常識らしいが、警告はみたことがなかった。-- ToshinoriMaeno <> [[DNS/共用ゾーンサービス/さくら]] [[DNS/domain_owner]] ---- Here’s how one guy found out how to hack 120,000 domain names by Morgan on December 6, 2016 https://morganlinton.com/heres-how-one-guy-found-out-how-to-hack-120000-domain-names/